-
Notifications
You must be signed in to change notification settings - Fork 202
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
#77 Addressing backlog issue about registered AKS clusters #518
Conversation
While going through the repo, I also found an instance of "EKS and GKE" verbiage left on CIS Scans. Since the intro to that page states,
are we safe in updating the following to include AKS?
I think this might be a question for @jiaqiluo. |
@martyav / @jiaqiluo thanks for flagging this. The CIS chart is actually maintained by team/area3 (but is transitioning internally to another team). @mitulshah-suse and @rayandas can you help us with this update, please? If we are going to update the CIS page, we also need to update the profiles to add the 1.20 and 1.23 versions to each distro. |
|
||
Registering an Amazon EKS, Azure AKS or GKE cluster allows Rancher to treat it as though it were created in Rancher. | ||
When you register an Elastic Kubernetes Service (EKS), Azure Kubernetes Service (AKS), or Google Kubernetes Engine (GKE) cluster, Rancher handles the cluster similarly to clusters created in Rancher. However, Rancher doesn't destroy registered clusters when you delete them through the Rancher UI. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The acronyms can be kept here and the acronym expansions should instead be moved earlier in the doc where they're first used.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If your existing Kubernetes cluster already has a `cluster-admin` role defined, you must have this `cluster-admin` privilege to register the cluster in Rancher. | ||
|
||
In order to apply the privilege, you need to run: | ||
To register a cluster in Rancher, you must define a `cluster-admin` role within that cluster. If you haven't defined the role already, run the following: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To register a cluster in Rancher, you must define a `cluster-admin` role within that cluster. If you haven't defined the role already, run the following: | |
To register a cluster in Rancher, you must have `cluster-admin` privileges within that cluster. If you don't, grant these privileges to your user by running the following: |
before running the `kubectl` command to register the cluster. | ||
|
||
By default, GKE users are not given this privilege, so you will need to run the command before registering GKE clusters. To learn more about role-based access control for GKE, please click [here](https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control). | ||
Since, by default, Google Kubernetes Engine (GKE) doesn't define the `cluster-admin` role, you must run these commands on GKE clusters before you can register them. To learn more about role-based access control for GKE, please see [the official Google documentation](https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since, by default, Google Kubernetes Engine (GKE) doesn't define the `cluster-admin` role, you must run these commands on GKE clusters before you can register them. To learn more about role-based access control for GKE, please see [the official Google documentation](https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control). | |
Since, by default, Google Kubernetes Engine (GKE) doesn't grant the `cluster-admin` role, you must run these commands on GKE clusters before you can register them. To learn more about role-based access control for GKE, please see [the official Google documentation](https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control). |
While going through backlog, I did a review of #77. Some, but not all, of the problems mentioned in the issue have been addressed. Rather than creating a PR for the entire issue, I'm going to pick through it to make sure that the problems are still relevant to the current state of the docs.
In #77 (comment) from the thread:
This was answered with #77 (comment):
At the time, this related to Rancher v2.6, but the v2.6 page wasn't updated. v2.7 does mention AKS, but referred to it as "Azure AKS," which is inaccurate. The section also needed a style refresh.
I updated v2.6 and 2.7 to match. v2.5 was left alone as I'm not sure if it was intended to be updated in the original thread.