From e52555e081c660b20f3033515e98ffc7236ec0db Mon Sep 17 00:00:00 2001 From: Sunil Singh Date: Mon, 29 Sep 2025 15:55:10 -0700 Subject: [PATCH] Removing/updating RKE in adv user guide pages. Signed-off-by: Sunil Singh --- ...le-api-audit-log-in-downstream-clusters.md | 59 ------------------- .../rancher-on-arm64.md | 5 +- .../enable-monitoring.md | 8 --- .../tune-etcd-for-large-installs.md | 10 ++-- ...le-api-audit-log-in-downstream-clusters.md | 58 ------------------ .../rancher-on-arm64.md | 2 +- .../enable-monitoring.md | 8 --- .../tune-etcd-for-large-installs.md | 8 +-- ...le-api-audit-log-in-downstream-clusters.md | 58 ------------------ .../rancher-on-arm64.md | 2 +- .../enable-monitoring.md | 8 --- .../tune-etcd-for-large-installs.md | 8 +-- ...le-api-audit-log-in-downstream-clusters.md | 59 ------------------- .../rancher-on-arm64.md | 5 +- .../enable-monitoring.md | 8 --- .../tune-etcd-for-large-installs.md | 10 ++-- 16 files changed, 24 insertions(+), 292 deletions(-) diff --git a/docs/how-to-guides/advanced-user-guides/enable-api-audit-log-in-downstream-clusters.md b/docs/how-to-guides/advanced-user-guides/enable-api-audit-log-in-downstream-clusters.md index 991d9d9ae3f9..9e94d7e837a2 100644 --- a/docs/how-to-guides/advanced-user-guides/enable-api-audit-log-in-downstream-clusters.md +++ b/docs/how-to-guides/advanced-user-guides/enable-api-audit-log-in-downstream-clusters.md @@ -186,64 +186,5 @@ You can also use the directive `machineSelectorConfig` with proper machineLabelS For more information about cluster configuration, refer to the [K3s cluster configuration reference](../../reference-guides/cluster-configuration/rancher-server-configuration/k3s-cluster-configuration.md) pages. - - - - -The audit log can be enabled and configured by editing the cluster with YAML. - -When the audit log is enabled, RKE1 default values will be applied. - -```yaml -# -# Rancher Config -# -rancher_kubernetes_engine_config: - services: - kube-api: - audit_log: - enabled: true -``` - -You can customize the audit log by using the configuration directive. - -```yaml -# -# Rancher Config -# -rancher_kubernetes_engine_config: - services: - kube-api: - audit_log: - enabled: true - configuration: - max_age: 6 - max_backup: 6 - max_size: 110 - path: /var/log/kube-audit/audit-log.json - format: json - policy: - apiVersion: audit.k8s.io/v1 # This is required. - kind: Policy - omitStages: - - "RequestReceived" - rules: - # Log pod changes at RequestResponse level - - level: RequestResponse - resources: - - group: "" - # Resource "pods" doesn't match requests to any subresource of pods, - # which is consistent with the RBAC policy. - resources: ["pods"] - # Log "pods/log", "pods/status" at Metadata level - - level: Metadata - resources: - - group: "" - resources: ["pods/log", "pods/status"] -``` - -For configuration details, refer to the official [RKE1 documentation](https://rke.docs.rancher.com/config-options/audit-log). - - diff --git a/docs/how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md b/docs/how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md index 4811efbae33c..bb2066421d5a 100644 --- a/docs/how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md +++ b/docs/how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md @@ -27,8 +27,7 @@ The following options are available when using an ARM64 platform: :::note -To check if your specific released version is compatible with the ARM64 architecture, you may navigate to your -version's release notes in the following two ways: +To check if your specific released version is compatible with the ARM64 architecture, you may navigate to your version's release notes in the following two ways: - Manually find your version using https://github.com/rancher/rancher/releases. - Go directly to your version using the tag and the specific version number. If you plan to use v2.5.8, for example, you may navigate to https://github.com/rancher/rancher/releases/tag/v2.5.8. @@ -41,7 +40,7 @@ version's release notes in the following two ways: - Importing clusters that contain ARM64 based nodes - Kubernetes cluster version must be 1.12 or higher -Please see [Cluster Options](../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md) how to configure the cluster options. +Depending on your cluster provisioning refer to [RKE2 cluster configuration options](../../../reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md) or [K3s cluster configuration options](../../../reference-guides/cluster-configuration/rancher-server-configuration/k3s-cluster-configuration.md) for more information. The following features are not tested: diff --git a/docs/how-to-guides/advanced-user-guides/monitoring-alerting-guides/enable-monitoring.md b/docs/how-to-guides/advanced-user-guides/monitoring-alerting-guides/enable-monitoring.md index 6d4b13b4ad47..c1f3f7a1aba1 100644 --- a/docs/how-to-guides/advanced-user-guides/monitoring-alerting-guides/enable-monitoring.md +++ b/docs/how-to-guides/advanced-user-guides/monitoring-alerting-guides/enable-monitoring.md @@ -17,14 +17,6 @@ You can enable monitoring with or without SSL. - Allow traffic on port 9796 for each of your nodes. Prometheus scrapes metrics from these ports. - You may also need to allow traffic on port 10254 for each of your nodes, if [PushProx](../../../integrations-in-rancher/monitoring-and-alerting/how-monitoring-works.md#pushprox) is disabled (`ingressNginx.enabled` set to `false`), or you've upgraded from a previous Rancher version that had v1 monitoring already installed. - Make sure that your cluster fulfills the resource requirements. The cluster should have at least 1950Mi memory available, 2700m CPU, and 50Gi storage. See [Configuring Resource Limits and Requests](../../../reference-guides/monitoring-v2-configuration/helm-chart-options.md#configuring-resource-limits-and-requests) for a breakdown of the resource limits and requests. -- When you install monitoring on an RKE cluster that uses RancherOS or Flatcar Linux nodes, change the etcd node certificate directory to `/opt/rke/etc/kubernetes/ssl`. -- For clusters that have been provisioned with the RKE CLI and that have the address set to a hostname instead of an IP address, set `rkeEtcd.clients.useLocalhost` to `true` when you configure the Values during installation. For example: - -```yaml -rkeEtcd: - clients: - useLocalhost: true -``` :::note diff --git a/docs/how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md b/docs/how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md index 27389737ab63..c4b6177e1b3e 100644 --- a/docs/how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md +++ b/docs/how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md @@ -8,12 +8,12 @@ title: Tuning etcd for Large Installations When Rancher is used to manage [a large infrastructure](../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md) it is recommended to increase the default keyspace for etcd from the default 2 GB. The maximum setting is 8 GB and the host should have enough RAM to keep the entire dataset in memory. When increasing this value you should also increase the size of the host. The keyspace size can also be adjusted in smaller installations if you anticipate a high rate of change of pods during the garbage collection interval. -The etcd data set is automatically cleaned up on a five minute interval by Kubernetes. There are situations, e.g. deployment thrashing, where enough events could be written to etcd and deleted before garbage collection occurs and cleans things up causing the keyspace to fill up. If you see `mvcc: database space exceeded` errors, in the etcd logs or Kubernetes API server logs, you should consider increasing the keyspace size. This can be accomplished by setting the [quota-backend-bytes](https://etcd.io/docs/v3.5/op-guide/maintenance/#space-quota) setting on the etcd servers. +The etcd data set is automatically cleaned up on a five-minute interval by Kubernetes. There are situations, e.g. deployment thrashing, where enough events could be written to etcd and deleted before garbage collection occurs and cleans things up causing the keyspace to fill up. If you see `mvcc: database space exceeded` errors, in the etcd logs or Kubernetes API server logs, you should consider increasing the keyspace size. This can be accomplished by setting the [quota-backend-bytes](https://etcd.io/docs/v3.5/op-guide/maintenance/#space-quota) setting on the etcd servers. -## Example: This Snippet of the RKE Cluster.yml file Increases the Keyspace Size to 5GB +## Example: This Snippet of the RKE2/K3s config.yaml file Increases the Keyspace Size to 5GB ```yaml -# RKE cluster.yml +# RKE2/K3s config.yaml --- services: etcd: @@ -27,10 +27,10 @@ You can follow the recommendations from [the etcd docs](https://etcd.io/docs/v3. Additionally, to reduce IO contention on the disks for etcd, you can use a dedicated device for the data and wal directory. Based on etcd best practices, mirroring RAID configurations are unnecessary because etcd replicates data between the nodes in the cluster. You can use striping RAID configurations to increase available IOPS. -To implement this solution in an RKE cluster, the `/var/lib/etcd/data` and `/var/lib/etcd/wal` directories will need to have disks mounted and formatted on the underlying host. In the `extra_args` directive of the `etcd` service, you must include the `wal_dir` directory. Without specifying the `wal_dir`, etcd process will try to manipulate the underlying `wal` mount with insufficient permissions. +To implement this solution in an RKE2/K3s cluster, the `/var/lib/etcd/data` and `/var/lib/etcd/wal` directories will need to have disks mounted and formatted on the underlying host. In the `extra_args` directive of the `etcd` service, you must include the `wal_dir` directory. Without specifying the `wal_dir`, etcd process will try to manipulate the underlying `wal` mount with insufficient permissions. ```yaml -# RKE cluster.yml +# RKE2/K3s config.yaml --- services: etcd: diff --git a/i18n/zh/docusaurus-plugin-content-docs/current/how-to-guides/advanced-user-guides/enable-api-audit-log-in-downstream-clusters.md b/i18n/zh/docusaurus-plugin-content-docs/current/how-to-guides/advanced-user-guides/enable-api-audit-log-in-downstream-clusters.md index 747f302b79c0..483d881b28e3 100644 --- a/i18n/zh/docusaurus-plugin-content-docs/current/how-to-guides/advanced-user-guides/enable-api-audit-log-in-downstream-clusters.md +++ b/i18n/zh/docusaurus-plugin-content-docs/current/how-to-guides/advanced-user-guides/enable-api-audit-log-in-downstream-clusters.md @@ -185,63 +185,5 @@ spec: 有关集群配置的更多信息,请参阅 [K3s 集群配置参考](../../reference-guides/cluster-configuration/rancher-server-configuration/k3s-cluster-configuration.md) 页面。 - - - - -可通过编辑集群 YAML 来启用和配置审计日志。 - -在启用审计日志后,将使用 RKE1 的默认值。 - -```yaml -# -# Rancher Config -# -rancher_kubernetes_engine_config: - services: - kube-api: - audit_log: - enabled: true -``` - -你还可以自定义审计日志配置。 - -```yaml -# -# Rancher Config -# -rancher_kubernetes_engine_config: - services: - kube-api: - audit_log: - enabled: true - configuration: - max_age: 6 - max_backup: 6 - max_size: 110 - path: /var/log/kube-audit/audit-log.json - format: json - policy: - apiVersion: audit.k8s.io/v1 # 这里必须填写 - kind: Policy - omitStages: - - "RequestReceived" - rules: - # Log pod changes at RequestResponse level - - level: RequestResponse - resources: - - group: "" - # Resource "pods" doesn't match requests to any subresource of pods, - # which is consistent with the RBAC policy. - resources: ["pods"] - # Log "pods/log", "pods/status" at Metadata level - - level: Metadata - resources: - - group: "" - resources: ["pods/log", "pods/status"] -``` - -配置详情请参考 [RKE1 官方文档](https://rke.docs.rancher.com/config-options/audit-log)。 - diff --git a/i18n/zh/docusaurus-plugin-content-docs/current/how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md b/i18n/zh/docusaurus-plugin-content-docs/current/how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md index 2981f8e62a94..3fc9998f1a65 100644 --- a/i18n/zh/docusaurus-plugin-content-docs/current/how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md +++ b/i18n/zh/docusaurus-plugin-content-docs/current/how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md @@ -36,7 +36,7 @@ title: "在 ARM64 上运行 Rancher(实验性)" - 导入包含使用 ARM64 架构的节点的集群 - Kubernetes 集群必须为 1.12 或更高版本 -如需了解如何配置集群选项,请参见[集群选项](../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md)。 +Depending on your cluster provisioning refer to [RKE2 cluster configuration options](../../../reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md) or [K3s cluster configuration options](../../../reference-guides/cluster-configuration/rancher-server-configuration/k3s-cluster-configuration.md) for more information. 以下是未经测试的功能: diff --git a/i18n/zh/docusaurus-plugin-content-docs/current/how-to-guides/advanced-user-guides/monitoring-alerting-guides/enable-monitoring.md b/i18n/zh/docusaurus-plugin-content-docs/current/how-to-guides/advanced-user-guides/monitoring-alerting-guides/enable-monitoring.md index cfb2ebdf3380..d6d6e2797eed 100644 --- a/i18n/zh/docusaurus-plugin-content-docs/current/how-to-guides/advanced-user-guides/monitoring-alerting-guides/enable-monitoring.md +++ b/i18n/zh/docusaurus-plugin-content-docs/current/how-to-guides/advanced-user-guides/monitoring-alerting-guides/enable-monitoring.md @@ -13,14 +13,6 @@ title: 启用 Monitoring - 在每个节点上允许端口 9796 上的流量。Prometheus 将从这些端口抓取指标。 - 如果 [PushProx](../../../integrations-in-rancher/monitoring-and-alerting/how-monitoring-works.md#pushprox) 被禁用(`ingressNginx.enabled` 设置为 `false`),或者你已经升级了安装了 Monitoring V1 的 Rancher 版本,你可能还需要为每个节点允许端口 10254 上的流量。 - 确保你的集群满足资源要求。集群应至少有 1950Mi 可用内存、2700m CPU 和 50Gi 存储。有关资源限制和请求的详细信息,请参阅[配置资源限制和请求](../../../reference-guides/monitoring-v2-configuration/helm-chart-options.md#配置资源限制和请求)。 -- 在使用 RancherOS 或 Flatcar Linux 节点的 RKE 集群上安装 Monitoring 时,请将 etcd 节点证书目录更改为 `/opt/rke/etc/kubernetes/ssl`。 -- 如果集群是使用 RKE CLI 配置的,而且地址设置为主机名而不是 IP 地址,请在安装的 Values 配置步骤中将 `rkeEtcd.clients.useLocalhost` 设置为 `true`。例如: - -```yaml -rkeEtcd: - clients: - useLocalhost: true -``` :::note diff --git a/i18n/zh/docusaurus-plugin-content-docs/current/how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md b/i18n/zh/docusaurus-plugin-content-docs/current/how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md index 755f0837752a..5402c2a14cd4 100644 --- a/i18n/zh/docusaurus-plugin-content-docs/current/how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md +++ b/i18n/zh/docusaurus-plugin-content-docs/current/how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md @@ -6,10 +6,10 @@ title: 为大型安装进行 etcd 调优 Kubernetes 每隔五分钟会自动清理 etcd 数据集。在某些情况下(例如发生部署抖动),在垃圾回收发生并进行清理之前会有大量事件写入 etcd 并删除,从而导致 Keyspace 填满。如果你在 etcd 日志或 Kubernetes API Server 日志中看到 `mvcc: database space exceeded` 错误,你可以在 etcd 服务器上设置 [quota-backend-bytes](https://etcd.io/docs/v3.5/op-guide/maintenance/#space-quota) 来增加 Keyspace 的大小。 -## 示例:此 RKE cluster.yml 文件的代码片段将 Keyspace 的大小增加到 5GB +## 示例:此 RKE2/K3s config.yaml 文件的代码片段将 Keyspace 的大小增加到 5GB ```yaml -# RKE cluster.yml +# RKE2/K3s config.yaml --- services: etcd: @@ -23,10 +23,10 @@ services: 此外,为了减少 etcd 磁盘上的 IO 争用,你可以为 data 和 wal 目录使用专用设备。etcd 最佳实践不建议配置 Mirror RAID(因为 etcd 在集群中的节点之间复制数据)。你可以使用 striping RAID 配置来增加可用的 IOPS。 -要在 RKE 集群中实现此解决方案,你需要在底层主机上为 `/var/lib/etcd/data` 和 `/var/lib/etcd/wal` 目录挂载并格式化磁盘。`etcd` 服务的 `extra_args` 指令中必须包含 `wal_dir` 目录。如果不指定 `wal_dir`,etcd 进程会尝试在权限不足的情况下操作底层的 `wal` 挂载。 +要在 RKE2/K3s 集群中实现此解决方案,你需要在底层主机上为 `/var/lib/etcd/data` 和 `/var/lib/etcd/wal` 目录挂载并格式化磁盘。`etcd` 服务的 `extra_args` 指令中必须包含 `wal_dir` 目录。如果不指定 `wal_dir`,etcd 进程会尝试在权限不足的情况下操作底层的 `wal` 挂载。 ```yaml -# RKE cluster.yml +# RKE2/K3s config.yaml --- services: etcd: diff --git a/i18n/zh/docusaurus-plugin-content-docs/version-2.12/how-to-guides/advanced-user-guides/enable-api-audit-log-in-downstream-clusters.md b/i18n/zh/docusaurus-plugin-content-docs/version-2.12/how-to-guides/advanced-user-guides/enable-api-audit-log-in-downstream-clusters.md index 747f302b79c0..483d881b28e3 100644 --- a/i18n/zh/docusaurus-plugin-content-docs/version-2.12/how-to-guides/advanced-user-guides/enable-api-audit-log-in-downstream-clusters.md +++ b/i18n/zh/docusaurus-plugin-content-docs/version-2.12/how-to-guides/advanced-user-guides/enable-api-audit-log-in-downstream-clusters.md @@ -185,63 +185,5 @@ spec: 有关集群配置的更多信息,请参阅 [K3s 集群配置参考](../../reference-guides/cluster-configuration/rancher-server-configuration/k3s-cluster-configuration.md) 页面。 - - - - -可通过编辑集群 YAML 来启用和配置审计日志。 - -在启用审计日志后,将使用 RKE1 的默认值。 - -```yaml -# -# Rancher Config -# -rancher_kubernetes_engine_config: - services: - kube-api: - audit_log: - enabled: true -``` - -你还可以自定义审计日志配置。 - -```yaml -# -# Rancher Config -# -rancher_kubernetes_engine_config: - services: - kube-api: - audit_log: - enabled: true - configuration: - max_age: 6 - max_backup: 6 - max_size: 110 - path: /var/log/kube-audit/audit-log.json - format: json - policy: - apiVersion: audit.k8s.io/v1 # 这里必须填写 - kind: Policy - omitStages: - - "RequestReceived" - rules: - # Log pod changes at RequestResponse level - - level: RequestResponse - resources: - - group: "" - # Resource "pods" doesn't match requests to any subresource of pods, - # which is consistent with the RBAC policy. - resources: ["pods"] - # Log "pods/log", "pods/status" at Metadata level - - level: Metadata - resources: - - group: "" - resources: ["pods/log", "pods/status"] -``` - -配置详情请参考 [RKE1 官方文档](https://rke.docs.rancher.com/config-options/audit-log)。 - diff --git a/i18n/zh/docusaurus-plugin-content-docs/version-2.12/how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md b/i18n/zh/docusaurus-plugin-content-docs/version-2.12/how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md index 2981f8e62a94..3fc9998f1a65 100644 --- a/i18n/zh/docusaurus-plugin-content-docs/version-2.12/how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md +++ b/i18n/zh/docusaurus-plugin-content-docs/version-2.12/how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md @@ -36,7 +36,7 @@ title: "在 ARM64 上运行 Rancher(实验性)" - 导入包含使用 ARM64 架构的节点的集群 - Kubernetes 集群必须为 1.12 或更高版本 -如需了解如何配置集群选项,请参见[集群选项](../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md)。 +Depending on your cluster provisioning refer to [RKE2 cluster configuration options](../../../reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md) or [K3s cluster configuration options](../../../reference-guides/cluster-configuration/rancher-server-configuration/k3s-cluster-configuration.md) for more information. 以下是未经测试的功能: diff --git a/i18n/zh/docusaurus-plugin-content-docs/version-2.12/how-to-guides/advanced-user-guides/monitoring-alerting-guides/enable-monitoring.md b/i18n/zh/docusaurus-plugin-content-docs/version-2.12/how-to-guides/advanced-user-guides/monitoring-alerting-guides/enable-monitoring.md index cfb2ebdf3380..d6d6e2797eed 100644 --- a/i18n/zh/docusaurus-plugin-content-docs/version-2.12/how-to-guides/advanced-user-guides/monitoring-alerting-guides/enable-monitoring.md +++ b/i18n/zh/docusaurus-plugin-content-docs/version-2.12/how-to-guides/advanced-user-guides/monitoring-alerting-guides/enable-monitoring.md @@ -13,14 +13,6 @@ title: 启用 Monitoring - 在每个节点上允许端口 9796 上的流量。Prometheus 将从这些端口抓取指标。 - 如果 [PushProx](../../../integrations-in-rancher/monitoring-and-alerting/how-monitoring-works.md#pushprox) 被禁用(`ingressNginx.enabled` 设置为 `false`),或者你已经升级了安装了 Monitoring V1 的 Rancher 版本,你可能还需要为每个节点允许端口 10254 上的流量。 - 确保你的集群满足资源要求。集群应至少有 1950Mi 可用内存、2700m CPU 和 50Gi 存储。有关资源限制和请求的详细信息,请参阅[配置资源限制和请求](../../../reference-guides/monitoring-v2-configuration/helm-chart-options.md#配置资源限制和请求)。 -- 在使用 RancherOS 或 Flatcar Linux 节点的 RKE 集群上安装 Monitoring 时,请将 etcd 节点证书目录更改为 `/opt/rke/etc/kubernetes/ssl`。 -- 如果集群是使用 RKE CLI 配置的,而且地址设置为主机名而不是 IP 地址,请在安装的 Values 配置步骤中将 `rkeEtcd.clients.useLocalhost` 设置为 `true`。例如: - -```yaml -rkeEtcd: - clients: - useLocalhost: true -``` :::note diff --git a/i18n/zh/docusaurus-plugin-content-docs/version-2.12/how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md b/i18n/zh/docusaurus-plugin-content-docs/version-2.12/how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md index 755f0837752a..5402c2a14cd4 100644 --- a/i18n/zh/docusaurus-plugin-content-docs/version-2.12/how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md +++ b/i18n/zh/docusaurus-plugin-content-docs/version-2.12/how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md @@ -6,10 +6,10 @@ title: 为大型安装进行 etcd 调优 Kubernetes 每隔五分钟会自动清理 etcd 数据集。在某些情况下(例如发生部署抖动),在垃圾回收发生并进行清理之前会有大量事件写入 etcd 并删除,从而导致 Keyspace 填满。如果你在 etcd 日志或 Kubernetes API Server 日志中看到 `mvcc: database space exceeded` 错误,你可以在 etcd 服务器上设置 [quota-backend-bytes](https://etcd.io/docs/v3.5/op-guide/maintenance/#space-quota) 来增加 Keyspace 的大小。 -## 示例:此 RKE cluster.yml 文件的代码片段将 Keyspace 的大小增加到 5GB +## 示例:此 RKE2/K3s config.yaml 文件的代码片段将 Keyspace 的大小增加到 5GB ```yaml -# RKE cluster.yml +# RKE2/K3s config.yaml --- services: etcd: @@ -23,10 +23,10 @@ services: 此外,为了减少 etcd 磁盘上的 IO 争用,你可以为 data 和 wal 目录使用专用设备。etcd 最佳实践不建议配置 Mirror RAID(因为 etcd 在集群中的节点之间复制数据)。你可以使用 striping RAID 配置来增加可用的 IOPS。 -要在 RKE 集群中实现此解决方案,你需要在底层主机上为 `/var/lib/etcd/data` 和 `/var/lib/etcd/wal` 目录挂载并格式化磁盘。`etcd` 服务的 `extra_args` 指令中必须包含 `wal_dir` 目录。如果不指定 `wal_dir`,etcd 进程会尝试在权限不足的情况下操作底层的 `wal` 挂载。 +要在 RKE2/K3s 集群中实现此解决方案,你需要在底层主机上为 `/var/lib/etcd/data` 和 `/var/lib/etcd/wal` 目录挂载并格式化磁盘。`etcd` 服务的 `extra_args` 指令中必须包含 `wal_dir` 目录。如果不指定 `wal_dir`,etcd 进程会尝试在权限不足的情况下操作底层的 `wal` 挂载。 ```yaml -# RKE cluster.yml +# RKE2/K3s config.yaml --- services: etcd: diff --git a/versioned_docs/version-2.12/how-to-guides/advanced-user-guides/enable-api-audit-log-in-downstream-clusters.md b/versioned_docs/version-2.12/how-to-guides/advanced-user-guides/enable-api-audit-log-in-downstream-clusters.md index 991d9d9ae3f9..9e94d7e837a2 100644 --- a/versioned_docs/version-2.12/how-to-guides/advanced-user-guides/enable-api-audit-log-in-downstream-clusters.md +++ b/versioned_docs/version-2.12/how-to-guides/advanced-user-guides/enable-api-audit-log-in-downstream-clusters.md @@ -186,64 +186,5 @@ You can also use the directive `machineSelectorConfig` with proper machineLabelS For more information about cluster configuration, refer to the [K3s cluster configuration reference](../../reference-guides/cluster-configuration/rancher-server-configuration/k3s-cluster-configuration.md) pages. - - - - -The audit log can be enabled and configured by editing the cluster with YAML. - -When the audit log is enabled, RKE1 default values will be applied. - -```yaml -# -# Rancher Config -# -rancher_kubernetes_engine_config: - services: - kube-api: - audit_log: - enabled: true -``` - -You can customize the audit log by using the configuration directive. - -```yaml -# -# Rancher Config -# -rancher_kubernetes_engine_config: - services: - kube-api: - audit_log: - enabled: true - configuration: - max_age: 6 - max_backup: 6 - max_size: 110 - path: /var/log/kube-audit/audit-log.json - format: json - policy: - apiVersion: audit.k8s.io/v1 # This is required. - kind: Policy - omitStages: - - "RequestReceived" - rules: - # Log pod changes at RequestResponse level - - level: RequestResponse - resources: - - group: "" - # Resource "pods" doesn't match requests to any subresource of pods, - # which is consistent with the RBAC policy. - resources: ["pods"] - # Log "pods/log", "pods/status" at Metadata level - - level: Metadata - resources: - - group: "" - resources: ["pods/log", "pods/status"] -``` - -For configuration details, refer to the official [RKE1 documentation](https://rke.docs.rancher.com/config-options/audit-log). - - diff --git a/versioned_docs/version-2.12/how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md b/versioned_docs/version-2.12/how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md index 4811efbae33c..bb2066421d5a 100644 --- a/versioned_docs/version-2.12/how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md +++ b/versioned_docs/version-2.12/how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md @@ -27,8 +27,7 @@ The following options are available when using an ARM64 platform: :::note -To check if your specific released version is compatible with the ARM64 architecture, you may navigate to your -version's release notes in the following two ways: +To check if your specific released version is compatible with the ARM64 architecture, you may navigate to your version's release notes in the following two ways: - Manually find your version using https://github.com/rancher/rancher/releases. - Go directly to your version using the tag and the specific version number. If you plan to use v2.5.8, for example, you may navigate to https://github.com/rancher/rancher/releases/tag/v2.5.8. @@ -41,7 +40,7 @@ version's release notes in the following two ways: - Importing clusters that contain ARM64 based nodes - Kubernetes cluster version must be 1.12 or higher -Please see [Cluster Options](../../../reference-guides/cluster-configuration/rancher-server-configuration/rke1-cluster-configuration.md) how to configure the cluster options. +Depending on your cluster provisioning refer to [RKE2 cluster configuration options](../../../reference-guides/cluster-configuration/rancher-server-configuration/rke2-cluster-configuration.md) or [K3s cluster configuration options](../../../reference-guides/cluster-configuration/rancher-server-configuration/k3s-cluster-configuration.md) for more information. The following features are not tested: diff --git a/versioned_docs/version-2.12/how-to-guides/advanced-user-guides/monitoring-alerting-guides/enable-monitoring.md b/versioned_docs/version-2.12/how-to-guides/advanced-user-guides/monitoring-alerting-guides/enable-monitoring.md index 6d4b13b4ad47..c1f3f7a1aba1 100644 --- a/versioned_docs/version-2.12/how-to-guides/advanced-user-guides/monitoring-alerting-guides/enable-monitoring.md +++ b/versioned_docs/version-2.12/how-to-guides/advanced-user-guides/monitoring-alerting-guides/enable-monitoring.md @@ -17,14 +17,6 @@ You can enable monitoring with or without SSL. - Allow traffic on port 9796 for each of your nodes. Prometheus scrapes metrics from these ports. - You may also need to allow traffic on port 10254 for each of your nodes, if [PushProx](../../../integrations-in-rancher/monitoring-and-alerting/how-monitoring-works.md#pushprox) is disabled (`ingressNginx.enabled` set to `false`), or you've upgraded from a previous Rancher version that had v1 monitoring already installed. - Make sure that your cluster fulfills the resource requirements. The cluster should have at least 1950Mi memory available, 2700m CPU, and 50Gi storage. See [Configuring Resource Limits and Requests](../../../reference-guides/monitoring-v2-configuration/helm-chart-options.md#configuring-resource-limits-and-requests) for a breakdown of the resource limits and requests. -- When you install monitoring on an RKE cluster that uses RancherOS or Flatcar Linux nodes, change the etcd node certificate directory to `/opt/rke/etc/kubernetes/ssl`. -- For clusters that have been provisioned with the RKE CLI and that have the address set to a hostname instead of an IP address, set `rkeEtcd.clients.useLocalhost` to `true` when you configure the Values during installation. For example: - -```yaml -rkeEtcd: - clients: - useLocalhost: true -``` :::note diff --git a/versioned_docs/version-2.12/how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md b/versioned_docs/version-2.12/how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md index 27389737ab63..c4b6177e1b3e 100644 --- a/versioned_docs/version-2.12/how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md +++ b/versioned_docs/version-2.12/how-to-guides/advanced-user-guides/tune-etcd-for-large-installs.md @@ -8,12 +8,12 @@ title: Tuning etcd for Large Installations When Rancher is used to manage [a large infrastructure](../../getting-started/installation-and-upgrade/installation-requirements/installation-requirements.md) it is recommended to increase the default keyspace for etcd from the default 2 GB. The maximum setting is 8 GB and the host should have enough RAM to keep the entire dataset in memory. When increasing this value you should also increase the size of the host. The keyspace size can also be adjusted in smaller installations if you anticipate a high rate of change of pods during the garbage collection interval. -The etcd data set is automatically cleaned up on a five minute interval by Kubernetes. There are situations, e.g. deployment thrashing, where enough events could be written to etcd and deleted before garbage collection occurs and cleans things up causing the keyspace to fill up. If you see `mvcc: database space exceeded` errors, in the etcd logs or Kubernetes API server logs, you should consider increasing the keyspace size. This can be accomplished by setting the [quota-backend-bytes](https://etcd.io/docs/v3.5/op-guide/maintenance/#space-quota) setting on the etcd servers. +The etcd data set is automatically cleaned up on a five-minute interval by Kubernetes. There are situations, e.g. deployment thrashing, where enough events could be written to etcd and deleted before garbage collection occurs and cleans things up causing the keyspace to fill up. If you see `mvcc: database space exceeded` errors, in the etcd logs or Kubernetes API server logs, you should consider increasing the keyspace size. This can be accomplished by setting the [quota-backend-bytes](https://etcd.io/docs/v3.5/op-guide/maintenance/#space-quota) setting on the etcd servers. -## Example: This Snippet of the RKE Cluster.yml file Increases the Keyspace Size to 5GB +## Example: This Snippet of the RKE2/K3s config.yaml file Increases the Keyspace Size to 5GB ```yaml -# RKE cluster.yml +# RKE2/K3s config.yaml --- services: etcd: @@ -27,10 +27,10 @@ You can follow the recommendations from [the etcd docs](https://etcd.io/docs/v3. Additionally, to reduce IO contention on the disks for etcd, you can use a dedicated device for the data and wal directory. Based on etcd best practices, mirroring RAID configurations are unnecessary because etcd replicates data between the nodes in the cluster. You can use striping RAID configurations to increase available IOPS. -To implement this solution in an RKE cluster, the `/var/lib/etcd/data` and `/var/lib/etcd/wal` directories will need to have disks mounted and formatted on the underlying host. In the `extra_args` directive of the `etcd` service, you must include the `wal_dir` directory. Without specifying the `wal_dir`, etcd process will try to manipulate the underlying `wal` mount with insufficient permissions. +To implement this solution in an RKE2/K3s cluster, the `/var/lib/etcd/data` and `/var/lib/etcd/wal` directories will need to have disks mounted and formatted on the underlying host. In the `extra_args` directive of the `etcd` service, you must include the `wal_dir` directory. Without specifying the `wal_dir`, etcd process will try to manipulate the underlying `wal` mount with insufficient permissions. ```yaml -# RKE cluster.yml +# RKE2/K3s config.yaml --- services: etcd: