2 - 更新集群
After you provision a Kubernetes cluster using Rancher, you can still edit options and settings for the cluster. To edit your cluster, open the Global view, make sure the Clusters tab is selected, and then select Ellipsis (…) > Edit for the cluster that you want to edit.
To Edit an Existing Cluster
The options and settings available for an existing cluster change based on the method that you used to provision it. For example, only clusters provisioned by RKE have Cluster Options available for editing.
The following table lists the options and settings available for each cluster type:
|Cluster Type||Member Roles||Cluster Options||Node Pools|
|Hosted Kubernetes Cluster||✓|
Editing Cluster Membership
Cluster administrators can edit the membership for a cluster, controlling which Rancher users can access the cluster and what features they can use.
Ping and MS FS Caveats:
- IdP does not support search or lookup. When adding users to clusters, the exact IDs must be entered correctly.
- When adding users to a cluster, group IDs are not supported unless the admin who turned on access control is a member of the group.
- When adding a group that includes an admin to clusters, add it from the drop-down rather than the search bar. If you add the group using the search bar, the group will not get added.
From the Global view, open the cluster that you want to add members to.
From the main menu, select Members. Then click Add Member.
Search for the user or group that you want to add to the cluster.
If external authentication is configured:
Rancher returns users from your external authentication source as you type.
Using AD but can’t find your users? There may be an issue with your search attribute configuration. See Configuring Active Directory Authentication: Step 5.
A drop-down allows you to add groups instead of individual users. The drop-down only lists groups that you, the logged in user, are part of.
Note: If you are logged in as a local user, external users do not display in your search results. For more information, see External Authentication Configuration and Principal Users.
Assign the user or group Cluster roles.
Tip: For Custom Roles, you can modify the list of individual roles available for assignment.
Result: The chosen users are added to the cluster.
- To revoke cluster membership, select the user and click Delete. This action deletes membership, not the user.
- To modify a user’s roles in the cluster, delete them from the cluster, and then re-add them with modified roles.
When editing clusters, clusters that are launched using RKE feature more options than clusters that are imported or hosted by a Kubernetes provider. The headings that follow document options available only for RKE clusters.
Following an upgrade to the latest version of Rancher, you can update your existing clusters to use the latest supported version of Kubernetes. Before a new version of Rancher is released, it’s tested with the latest versions of Kubernetes to ensure compatibility.
Recommended: Before upgrading Kubernetes, backup your cluster.
From the Global view, find the cluster for which you want to upgrade Kubernetes. Select Vertical Ellipsis (…) > Edit.
Expand Cluster Options.
From the Kubernetes Version drop-down, choose the version of Kubernetes that you want to use for the cluster.
Result: Kubernetes begins upgrading for the cluster. During the upgrade, your cluster is unavailable.
Adding a Pod Security Policy
When your cluster is running pods with security-sensitive configurations, assign it a pod security policy, which is a set of rules that monitors the conditions and settings in your pods. If a pod doesn’t meet the rules specified in your policy, the policy stops it from running.
You can assign a pod security policy when you provision a cluster. However, if you need to relax or restrict security for your pods later, you can update the policy while editing your cluster.
From the Global view, find the cluster to which you want to apply a pod security policy. Select Vertical Ellipsis (…) > Edit.
Expand Cluster Options.
From Pod Security Policy Support, select Enabled.
Note: This option is only available for clusters provisioned by RKE.
From the Default Pod Security Policy drop-down, select the policy you want to apply to the cluster.
Result: The pod security policy is applied to the cluster and any projects within the cluster.
Note: Workloads already running before assignment of a pod security policy are grandfathered in. Even if they don’t meet your pod security policy, workloads running before assignment of the policy continue to run.
To check if a running workload passes your pod security policy, clone or upgrade it.
Editing Other Cluster Options
In clusters launched by RKE, you can edit any of the remaining options that follow.
Note: These options are not available for imported clusters or hosted Kubernetes clusters.
Options for RKE Clusters
|Kubernetes Version||The version of Kubernetes installed on each cluster node. For more detail, see Upgrading Kubernetes.|
|Network Provider||The container networking interface that powers networking for your cluster.
Note: You can only choose this option while provisioning your cluster. It cannot be edited later.
|Project Network Isolation||As of Rancher v2.0.7, if you’re using the Canal network provider, you can choose whether to enable or disable inter-project communication.|
|Nginx Ingress||If you want to publish your applications in a high-availability configuration, and you’re hosting your nodes with a cloud-provider that doesn’t have a native load-balancing feature, enable this option to use Nginx ingress within the cluster.|
|Metrics Server Monitoring||Each cloud provider capable of launching a cluster using RKE can collect metrics and monitor for your cluster nodes. Enable this option to view your node metrics from your cloud provider’s portal.|
|Pod Security Policy Support||Enables pod security policies for the cluster. After enabling this option, choose a policy using the Default Pod Security Policy drop-down.|
|Docker version on nodes||Configures whether nodes are allowed to run versions of Docker that Rancher doesn’t officially support. If you choose to require a supported Docker version, Rancher will stop pods from running on nodes that don’t have a supported Docker version installed.|
|Docker Root Directory||The directory on your cluster nodes where you’ve installed Docker. If you install Docker on your nodes to a non-default directory, update this path.|
|Default Pod Security Policy||If you enable Pod Security Policy Support, use this drop-down to choose the pod security policy that’s applied to the cluster.|
|Cloud Provider||If you’re using a cloud provider to host cluster nodes launched by RKE, enable this option so that you can use the cloud provider’s native features. If you want to store persistent data for your cloud-hosted cluster, this option is required.|
Editing Cluster as YAML
Note: In Rancher v2.0.5 and v2.0.6, the names of services in the Config File (YAML) should contain underscores only:
Instead of using the Rancher UI to choose Kubernetes options for the cluster, advanced users can create an RKE config file. Using a config file allows you to set any of the options available in an RKE installation.
- To edit an RKE config file directly from the Rancher UI, click Edit as YAML.
- To read from an existing RKE file, click Read from File.
For an example of RKE config file syntax, see the RKE documentation.
Managing Node Pools
In clusters launched by RKE, you can:
Click + and follow the directions on screen to create a new template.
You can also reuse existing templates by selecting one from the Template drop-down.
Redistribute Kubernetes roles amongst your node pools by making different checkbox selections
Scale the number of nodes in a pool up or down (although, if you simply want to maintain your node scale, we recommend using the cluster’s Nodes tab instead.)
Note: The Node Pools section is not available for imported clusters or clusters hosted by a Kubernetes provider.