Merge branch 'rancher:main' into k3s-hardening-guide-cis-1.7

docs/contribute-to-rancher.md

@@ -2,7 +2,7 @@
 title: Contributing to Rancher
 ---
 
-This section explains the repositories used for Rancher, how to build the repositories, and what information to include when you file an issue.
+Learn about the repositories used for Rancher and Rancher docs, how to build Rancher repositories, and what information to include when you file an issue.
 
 For more detailed information on how to contribute to the development of Rancher projects, refer to the [Rancher Developer Wiki](https://github.com/rancher/rancher/wiki). The wiki has resources on many topics, including the following:
 
@@ -14,7 +14,15 @@ For more detailed information on how to contribute to the development of Rancher
 
 On the Rancher Users Slack, the channel for developers is **#developer**.
 
-## Repositories
+## Rancher Docs
+
+If you have suggestions for the documentation on this website, [open](https://github.com/rancher/rancher-docs/issues/new/choose) an issue in the main [Rancher docs](https://github.com/rancher/rancher-docs) repository. This repo contains documentation for Rancher v2.0 and later. 
+
+See the [Rancher docs README](https://github.com/rancher/rancher-docs#readme) for more details on contributing to and building the Rancher v2.x docs repo.
+
+For documentation describing Rancher v1.6 and earlier, see the [Rancher 1.x docs](https://github.com/rancher/rancher.github.io) repo, which contains source files for https://rancher.com/docs/rancher/v1.6/en/. 
+
+## Rancher Repositories
 
 All of repositories are located within our main GitHub organization. There are many repositories used for Rancher, but we'll provide descriptions of some of the main ones used in Rancher.
 
@@ -38,19 +46,19 @@ To see all libraries/projects used in Rancher, see the [`go.mod` file](https://g
 ![Rancher diagram](/img/ranchercomponentsdiagram-2.6.svg)<br/>
 <sup>Rancher components used for provisioning/managing Kubernetes clusters.</sup>
 
-## Building
+### Building Rancher Repositories
 
 Every repository should have a Makefile and can be built using the `make` command. The `make` targets are based on the scripts in the `/scripts` directory in the repository, and each target will use [Dapper](https://github.com/rancher/dapper) to run the target in an isolated environment. The `Dockerfile.dapper` will be used for this process, and includes all the necessary build tooling needed.
 
 The default target is `ci`, and will run `./scripts/validate`, `./scripts/build`, `./scripts/test` and `./scripts/package`. The resulting binaries of the build will be in `./build/bin` and are usually also packaged in a Docker image.
 
-## Bugs, Issues or Questions
+### Rancher Bugs, Issues or Questions
 
 If you find any bugs or are having any trouble, please search the [reported issue](https://github.com/rancher/rancher/issues) as someone may have experienced the same issue or we are actively working on a solution.
 
 If you can't find anything related to your issue, contact us by [filing an issue](https://github.com/rancher/rancher/issues/new). Though we have many repositories related to Rancher, we want the bugs filed in the Rancher repository so we won't miss them! If you want to ask a question or ask fellow users about an use case, we suggest creating a post on the [Rancher Forums](https://forums.rancher.com).
 
-### Checklist for Filing Issues
+#### Checklist for Filing Issues
 
 Please follow this checklist when filing an issue which will helps us investigate and fix the issue. More info means more data we can use to determine what is causing the issue or what might be related to the issue.
 
@@ -126,11 +134,3 @@ Please remove any sensitive data as it will be publicly viewable.
     - Docker daemon logging (these might not all exist, depending on operating system)
         - `/var/log/docker.log`
 - **Metrics:** If you are experiencing performance issues, please provide as much of data (files or screenshots) of metrics which can help determining what is going on. If you have an issue related to a machine, it helps to supply output of `top`, `free -m`, `df` which shows processes/memory/disk usage.
-
-## Docs
-
-If you have any updates to our documentation, please make any pull request to our docs repo.
-
-- [Rancher 2.x Docs repository](https://github.com/rancher/docs): This repo is where all the docs for Rancher 2.x are located. They are located in the `content` folder in the repo.
-
-- [Rancher 1.x Docs repository](https://github.com/rancher/rancher.github.io): This repo is where all the docs for Rancher 1.x are located. They are located in the `rancher` folder in the repo.

docs/getting-started/installation-and-upgrade/upgrade-kubernetes-without-upgrading-rancher.md

@@ -84,7 +84,10 @@ To sync Rancher with a local mirror of the RKE metadata, an administrator would
 
 After new Kubernetes versions are loaded into the Rancher setup, additional steps would be required in order to use them for launching clusters. Rancher needs access to updated system images. While the metadata settings can only be changed by administrators, any user can download the Rancher system images and prepare a private container image registry for them.
 
-1. To download the system images for the private registry, click the Rancher server version at the bottom left corner of the Rancher UI.
+To download the system images for the private registry: 
+
+1. Click **☰** in the top left corner.
+1. Click **About** at the bottom of the left navigation.
 1. Download the OS specific image lists for Linux or Windows.
 1. Download `rancher-images.txt`.
 1. Prepare the private registry using the same steps during the [air gap install](other-installation-methods/air-gapped-helm-cli-install/publish-images.md), but instead of using the `rancher-images.txt` from the releases page, use the one obtained from the previous steps.

docs/how-to-guides/advanced-user-guides/cis-scan-guides/configure-alerts-for-periodic-scan-on-a-schedule.md

@@ -2,6 +2,10 @@
 title: Configure Alerts for Periodic Scan on a Schedule
 ---
 
+<head>
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/cis-scan-guides/configure-alerts-for-periodic-scan-on-a-schedule"/>
+</head>
+
 It is possible to run a ClusterScan on a schedule.
 
 A scheduled scan can also specify if you should receive alerts when the scan completes.

docs/how-to-guides/advanced-user-guides/cis-scan-guides/create-a-custom-benchmark-version-to-run.md

@@ -2,6 +2,10 @@
 title: Create a Custom Benchmark Version for Running a Cluster Scan
 ---
 
+<head>
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/cis-scan-guides/create-a-custom-benchmark-version-to-run"/>
+</head>
+
 There could be some Kubernetes cluster setups that require custom configurations of the Benchmark tests. For example, the path to the Kubernetes config files or certs might be different than the standard location where the upstream CIS Benchmarks look for them.
 
 It is now possible to create a custom Benchmark Version for running a cluster scan using the `rancher-cis-benchmark` application.

docs/how-to-guides/advanced-user-guides/cis-scan-guides/enable-alerting-for-rancher-cis-benchmark.md

@@ -2,6 +2,10 @@
 title: Enable Alerting for Rancher CIS Benchmark
 ---
 
+<head>
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/cis-scan-guides/enable-alerting-for-rancher-cis-benchmark"/>
+</head>
+
 Alerts can be configured to be sent out for a scan that runs on a schedule.
 
 :::note Prerequisite:

docs/how-to-guides/advanced-user-guides/cis-scan-guides/install-rancher-cis-benchmark.md

@@ -2,6 +2,10 @@
 title: Install Rancher CIS Benchmark
 ---
 
+<head>
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/cis-scan-guides/install-rancher-cis-benchmark"/>
+</head>
+
 1. In the upper left corner, click **☰ > Cluster Management**.
 1. On the **Clusters** page, go to the cluster where you want to install CIS Benchmark and click **Explore**.
 1. In the left navigation bar, click **Apps > Charts**.
@@ -12,6 +16,6 @@ title: Install Rancher CIS Benchmark
 
 :::note
 
-CIS Benchmark 4.0.0 and above have PSPs disabled by default. To install CIS Benchmark on a hardened cluster, set `global.psp.enabled` to `true` in the values before installing the chart.
+If you are running Kubernetes v1.24 or earlier, and have a [Pod Security Policy](../../new-user-guides/authentication-permissions-and-global-configuration/create-pod-security-policies.md) (PSP) hardened cluster, CIS Benchmark 4.0.0 and later disable PSPs by default. To install CIS Benchmark on a PSP-hardened cluster, set `global.psp.enabled` to `true` in the values before installing the chart. [Pod Security Admission](../../new-user-guides/authentication-permissions-and-global-configuration/pod-security-standards.md) (PSA) hardened clusters aren't affected.
 
 :::

docs/how-to-guides/advanced-user-guides/cis-scan-guides/run-a-scan-periodically-on-a-schedule.md

@@ -2,6 +2,10 @@
 title: Run a Scan Periodically on a Schedule
 ---
 
+<head>
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/cis-scan-guides/run-a-scan-periodically-on-a-schedule"/>
+</head>
+
 To run a ClusterScan on a schedule,
 
 1. In the upper left corner, click **☰ > Cluster Management**.

docs/how-to-guides/advanced-user-guides/cis-scan-guides/run-a-scan.md

@@ -2,6 +2,10 @@
 title: Run a Scan
 ---
 
+<head>
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/cis-scan-guides/run-a-scan"/>
+</head>
+
 When a ClusterScan custom resource is created, it launches a new CIS scan on the cluster for the chosen ClusterScanProfile.
 
 :::note

docs/how-to-guides/advanced-user-guides/cis-scan-guides/skip-tests.md

@@ -2,6 +2,10 @@
 title: Skip Tests
 ---
 
+<head>
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/cis-scan-guides/skip-tests"/>
+</head>
+
 CIS scans can be run using test profiles with user-defined skips.
 
 To skip tests, you will create a custom CIS scan profile. A profile contains the configuration for the CIS scan, which includes the benchmark versions to use and any specific tests to skip in that benchmark.

docs/how-to-guides/advanced-user-guides/cis-scan-guides/uninstall-rancher-cis-benchmark.md

@@ -2,6 +2,10 @@
 title: Uninstall Rancher CIS Benchmark
 ---
 
+<head>
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/cis-scan-guides/uninstall-rancher-cis-benchmark"/>
+</head>
+
 1. From the **Cluster Dashboard,** go to the left navigation bar and click **Apps > Installed Apps**.
 1. Go to the `cis-operator-system` namespace and check the boxes next to `rancher-cis-benchmark-crd` and `rancher-cis-benchmark`.
 1. Click **Delete** and confirm **Delete**.

docs/how-to-guides/advanced-user-guides/cis-scan-guides/view-reports.md

@@ -2,6 +2,10 @@
 title: View Reports
 ---
 
+<head>
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/cis-scan-guides/view-reports"/>
+</head>
+
 To view the generated CIS scan reports,
 
 1. In the upper left corner, click **☰ > Cluster Management**.

docs/how-to-guides/advanced-user-guides/configure-layer-7-nginx-load-balancer.md

@@ -2,6 +2,10 @@
 title: Docker Install with TLS Termination at Layer-7 NGINX Load Balancer
 ---
 
+<head>
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/configure-layer-7-nginx-load-balancer"/>
+</head>
+
 For development and testing environments that have a special requirement to terminate TLS/SSL at a load balancer instead of your Rancher Server container, deploy Rancher and configure a load balancer to work with it conjunction.
 
 A layer-7 load balancer can be beneficial if you want to centralize your TLS termination in your infrastructure. Layer-7 load balancing also offers the capability for your load balancer to make decisions based on HTTP attributes such as cookies, etc. that a layer-4 load balancer is not able to concern itself with.

docs/how-to-guides/advanced-user-guides/enable-api-audit-log.md

@@ -2,6 +2,10 @@
 title: Enabling the API Audit Log to Record System Events
 ---
 
+<head>
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log"/>
+</head>
+
 You can enable the API audit log to record the sequence of system events initiated by individual users. You can know what happened, when it happened, who initiated it, and what cluster it affected. When you enable this feature, all requests to the Rancher API and all responses from it are written to a log.
 
 You can enable API Auditing during Rancher installation or upgrade.

docs/how-to-guides/advanced-user-guides/enable-experimental-features/continuous-delivery.md

@@ -2,6 +2,10 @@
 title: Continuous Delivery
 ---
 
+<head>
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-experimental-features/continuous-delivery"/>
+</head>
+
 [Fleet](../../../how-to-guides/new-user-guides/deploy-apps-across-clusters/fleet.md) comes preinstalled in Rancher can't be fully disabled. However, the Fleet feature for GitOps continuous delivery may be disabled using the `continuous-delivery` feature flag.
 
 To enable or disable this feature, refer to the instructions on [the main page about enabling experimental features.](../../../pages-for-subheaders/enable-experimental-features.md)

docs/how-to-guides/advanced-user-guides/enable-experimental-features/istio-traffic-management-features.md

@@ -2,6 +2,10 @@
 title: UI for Istio Virtual Services and Destination Rules
 ---
 
+<head>
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-experimental-features/istio-traffic-management-features"/>
+</head>
+
 This feature enables a UI that lets you create, read, update and delete virtual services and destination rules, which are traffic management features of Istio.
 
 > **Prerequisite:** Turning on this feature does not enable Istio. A cluster administrator needs to [enable Istio for the cluster](../../../pages-for-subheaders/istio-setup-guide.md) in order to use the feature.

docs/how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64.md

@@ -2,6 +2,10 @@
 title: "Running on ARM64 (Experimental)"
 ---
 
+<head>
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-experimental-features/rancher-on-arm64"/>
+</head>
+
 :::caution
 
 Running on an ARM64 platform is currently an experimental feature and is not yet officially supported in Rancher. Therefore, we do not recommend using ARM64 based nodes in a production environment.

docs/how-to-guides/advanced-user-guides/enable-experimental-features/unsupported-storage-drivers.md

@@ -2,6 +2,10 @@
 title: Allow Unsupported Storage Drivers
 ---
 
+<head>
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-experimental-features/unsupported-storage-drivers"/>
+</head>
+
 This feature allows you to use types for storage providers and provisioners that are not enabled by default.
 
 To enable or disable this feature, refer to the instructions on [the main page about enabling experimental features.](../../../pages-for-subheaders/enable-experimental-features.md)

docs/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster.md

@@ -2,6 +2,10 @@
 title: 1. Enable Istio in the Cluster
 ---
 
+<head>
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-cluster"/>
+</head>
+
 :::note Prerequisites:
 
 - Only a user with the `cluster-admin` [Kubernetes default role](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles) assigned can configure and install Istio in a Kubernetes cluster.

docs/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-namespace.md

@@ -2,6 +2,10 @@
 title: 2. Enable Istio in a Namespace
 ---
 
+<head>
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/istio-setup-guide/enable-istio-in-namespace"/>
+</head>
+
 You will need to manually enable Istio in each namespace that you want to be tracked or controlled by Istio. When Istio is enabled in a namespace, the Envoy sidecar proxy will be automatically injected into all new workloads that are deployed in the namespace.
 
 This namespace setting will only affect new workloads in the namespace. Any preexisting workloads will need to be re-deployed to leverage the sidecar auto injection.

docs/how-to-guides/advanced-user-guides/istio-setup-guide/generate-and-view-traffic.md

@@ -2,6 +2,10 @@
 title: 6. Generate and View Traffic
 ---
 
+<head>
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/istio-setup-guide/generate-and-view-traffic"/>
+</head>
+
 This section describes how to view the traffic that is being managed by Istio.
 
 ## The Kiali Traffic Graph

docs/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-istio-gateway.md

@@ -2,6 +2,10 @@
 title: 4. Set up the Istio Gateway
 ---
 
+<head>
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-istio-gateway"/>
+</head>
+
 The gateway to each cluster can have its own port or load balancer, which is unrelated to a service mesh. By default, each Rancher-provisioned cluster has one NGINX ingress controller allowing traffic into the cluster.
 
 You can use the Nginx Ingress controller with or without Istio installed. If this is the only gateway to your cluster, Istio will be able to route traffic from service to service, but Istio will not be able to receive traffic from outside the cluster.

docs/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-traffic-management.md

@@ -2,6 +2,10 @@
 title: 5. Set up Istio's Components for Traffic Management
 ---
 
+<head>
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/istio-setup-guide/set-up-traffic-management"/>
+</head>
+
 A central advantage of traffic management in Istio is that it allows dynamic request routing. Some common applications for dynamic request routing include canary deployments and blue/green deployments. The two key resources in Istio traffic management are *virtual services* and *destination rules*.
 
 - [Virtual services](https://istio.io/docs/reference/config/networking/v1alpha3/virtual-service/) intercept and direct traffic to your Kubernetes services, allowing you to divide percentages of traffic from a request to different services. You can use them to define a set of routing rules to apply when a host is addressed.

docs/how-to-guides/advanced-user-guides/istio-setup-guide/use-istio-sidecar.md

@@ -2,6 +2,10 @@
 title: 3. Add Deployments and Services with the Istio Sidecar
 ---
 
+<head>
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/istio-setup-guide/use-istio-sidecar"/>
+</head>
+
 :::note Prerequisite:
 
 To enable Istio for a workload, the cluster and namespace must have the Istio app installed.

docs/how-to-guides/advanced-user-guides/manage-projects/manage-pod-security-policies.md

@@ -2,6 +2,10 @@
 title: Pod Security Policies
 ---
 
+<head>
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/manage-projects/manage-pod-security-policies"/>
+</head>
+
 :::note
 
 These cluster options are only available for [clusters in which Rancher has launched Kubernetes](../../../pages-for-subheaders/launch-kubernetes-with-rancher.md).

docs/how-to-guides/advanced-user-guides/manage-projects/manage-project-resource-quotas/about-project-resource-quotas.md

@@ -2,6 +2,10 @@
 title: How Resource Quotas Work in Rancher Projects
 ---
 
+<head>
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/manage-projects/manage-project-resource-quotas/about-project-resource-quotas"/>
+</head>
+
 Resource quotas in Rancher include the same functionality as the [native version of Kubernetes](https://kubernetes.io/docs/concepts/policy/resource-quotas/). However, in Rancher, resource quotas have been extended so that you can apply them to projects.
 
 In a standard Kubernetes deployment, resource quotas are applied to individual namespaces. However, you cannot apply the quota to your namespaces simultaneously with a single action. Instead, the resource quota must be applied multiple times.

docs/how-to-guides/advanced-user-guides/manage-projects/manage-project-resource-quotas/override-default-limit-in-namespaces.md

@@ -2,6 +2,10 @@
 title: Overriding the Default Limit for a Namespace
 ---
 
+<head>
+  <link rel="canonical" href="https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/manage-projects/manage-project-resource-quotas/override-default-limit-in-namespaces"/>
+</head>
+
 Although the **Namespace Default Limit** propagates from the project to each namespace when created, in some cases, you may need to increase (or decrease) the quotas for a specific namespace. In this situation, you can override the default limits by editing the namespace.
 
 In the diagram below, the Rancher administrator has a resource quota in effect for their project. However, the administrator wants to override the namespace limits for `Namespace 3` so that it has more resources available. Therefore, the administrator [raises the namespace limits](../../../new-user-guides/manage-clusters/projects-and-namespaces.md) for `Namespace 3` so that the namespace can access more resources.