SUSE logo
Resources
 SUSE® Rancher Manager
 Report Issue  
SCC (Recommended) GitHub Issue
 Contribute
Language
 English  中文

SUSE® Rancher Manager

    • Release Notes
    • About Rancher
      • What is SUSE® Rancher Prime?
      • Cloud Native
      • Overview
      • SUSE® Rancher Prime Architecture
        • Architecture Recommendations
        • Communicating with Downstream User Clusters
        • SUSE® Rancher Prime Server and Components
      • Kubernetes Concepts
      • Glossary
    • Installation and Upgrades
      • SUSE® Rancher Prime Deployment Quick Start Guides
        • Deploying SUSE® Rancher Prime Server
          • Helm CLI Quick Start
          • Cloud Native AWS Marketplace Quick Start
          • SUSE® Rancher Prime Equinix Metal Quick Start
        • Deploying Workloads
          • Workload with Ingress Quick Start
          • Workload with NodePort Quick Start
      • Installation Requirements
        • Installing Docker
        • Dockershim
        • Port Requirements
        • Helm Version Requirements
      • Best Practices for the SUSE® Rancher Prime Server
        • SUSE® Rancher Prime Deployment Strategy
        • Tips for Running SUSE® Rancher Prime
        • Tuning and Best Practices for SUSE® Rancher Prime at Scale
        • Tuning etcd for Large Installations
        • About High-availability Installations
        • Installing SUSE® Rancher Prime in a VMware vSphere Environment
        • Other Resources
      • Installation References
        • SUSE® Rancher Prime Helm Chart Options
        • TLS Settings
        • Feature Flags
      • Resources
        • Setting up the Bootstrap Password
        • Adding TLS Secrets
        • About Custom CA Root Certificates
        • Updating the SUSE® Rancher Prime Certificate
        • Upgrading Cert-Manager
      • Infrastructure Setup
        • Setting up Infrastructure for a High Availability SUSE® Rancher Prime: K3s Kubernetes Cluster
        • Setting up Infrastructure for a High Availability SUSE® Rancher Prime: RKE2 Kubernetes Cluster
        • Setting up Infrastructure for a High Availability RKE Kubernetes Cluster
        • Setting up Nodes in Amazon EC2
        • Setting up a MySQL Database in Amazon RDS
        • Setting up Amazon ELB Network Load Balancer
        • Docker Install with TLS Termination at Layer-7 NGINX Load Balancer
        • Setting up an NGINX Load Balancer
      • Setting up a Kubernetes Cluster for SUSE® Rancher Prime Server
        • Setting up a High-availability SUSE® Rancher Prime: K3s Kubernetes Cluster for SUSE® Rancher Prime
        • Setting up a High-availability SUSE® Rancher Prime: RKE2 Kubernetes Cluster for SUSE® Rancher Prime
        • Setting up a High-availability RKE Kubernetes Cluster
        • Installing SUSE® Rancher Prime on Azure Kubernetes Service
        • Installing SUSE® Rancher Prime on Amazon EKS
        • Installing SUSE® Rancher Prime on a Google Kubernetes Engine Cluster
        • Cloud Marketplace Integration
          • AWS Marketplace Integration
            • Prerequisites
            • Installing the Adapter
            • Uninstalling The Adapter
            • Common Issues
          • Supportconfig Bundle
      • Other Installation Methods
        • Air-Gapped Helm CLI Install
          • 1. Set up Infrastructure and Private Registry
          • 2. Collect and Publish Images to your Private Registry
          • 3. Install Kubernetes (Skip for Docker Installs)
          • 4. Install SUSE® Rancher Prime
          • Setting up Local System Charts for Air Gapped Installations
          • Upgrading in an Air-Gapped Environment
        • Installing SUSE® Rancher Prime behind an HTTP Proxy
          • 1. Set up Infrastructure
          • 2. Install Kubernetes
          • 3. Install SUSE® Rancher Prime
      • Install/Upgrade SUSE® Rancher Prime on a Kubernetes Cluster
      • Upgrades
      • Rollbacks
      • Troubleshooting the SUSE® Rancher Prime Server Kubernetes Cluster
        • Troubleshooting Certificates
        • SUSE® Rancher Prime HA
    • Rancher Administration
      • User Management
        • Configuring Authentication
          • Users and Groups
          • Local Authentication
          • External Authentication
            • JSON Web Token (JWT) Authentication
            • Configure Generic OIDC
            • Configure Active Directory (AD)
            • Configure Azure AD
            • Configure FreeIPA
            • Configure GitHub
            • Configure Google OAuth
            • Configure Keycloak (OIDC)
            • Configure Keycloak (SAML)
            • Configure Okta (SAML)
            • Configure PingIdentity (SAML)
            • Configuring Microsoft Active Directory Federation Service (SAML)
              • 1. Configuring Microsoft AD FS for SUSE® Rancher Prime
              • 2. Configuring SUSE® Rancher Prime for Microsoft AD FS
            • Configuring OpenLDAP
              • OpenLDAP Configuration Reference
            • Configuring Shibboleth (SAML)
              • Group Permissions with Shibboleth and OpenLDAP
          • Managing Role-Based Access Control (RBAC)
            • Global Permissions
            • Cluster and Project Roles
            • Custom Roles
            • Locked Roles
          • Enabling User Retention
        • User Settings
          • API Keys
          • Managing Node Templates
          • User Preferences
          • Managing Cloud Credentials
      • Global Configuration
        • Custom Branding
        • Configuring a Global Default Private Registry
        • About Provisioning Drivers
          • Cluster Drivers
          • Node Drivers
        • About RKE1 Templates
          • Access and Sharing
          • Applying Templates
          • Template Creator Permissions
          • Enforcing Templates
          • Example Scenarios
          • RKE Templates and Infrastructure
          • Creating and Revising RKE Templates
          • Overriding Template Settings
          • RKE1 Example YAML
      • Backup, Restore, and Disaster Recovery
        • Backup Restore Usage Guide
        • Backing up SUSE® Rancher Prime
          • Backup Configuration
          • Backup Storage Location Configuration
        • Restoring SUSE® Rancher Prime
          • Restore Configuration
        • Migrating SUSE® Rancher Prime to a New Cluster
        • Backup and Restore Examples
      • CLI
        • kubectl Utility
        • SUSE® Rancher Prime CLI
      • Enabling Experimental Features
        • UI Server-Side Pagination
        • Continuous Delivery
        • ClusterRole Aggregation
        • UI for Istio Virtual Services and Destination Rules
        • Running on ARM64 (Experimental)
        • Allowing Unsupported Storage Drivers
    • Cluster Deployment
      • Node Requirements for SUSE® Rancher Prime Managed Clusters
      • Checklist for Production-Ready Clusters
        • Recommended Cluster Architecture
        • Roles for Nodes in Kubernetes
        • Tips for Setting Up Containers
      • Setting up Clusters from Hosted Kubernetes Providers
        • Creating an AKS Cluster
          • AKS Cluster Configuration Reference
        • Creating an EKS Cluster
          • EKS Cluster Configuration Reference
        • Creating a GKE Cluster
          • GKE Cluster Configuration Reference
          • Private Clusters
        • Syncing Hosted Clusters
      • Setting up Cloud Providers
        • Setting up the Amazon Cloud Provider
        • Setting up the Azure Cloud Provider
        • Setting Up an In-tree VMware vSphere Cloud Provider
        • Setting Up an Out-of-tree VMware vSphere Cloud Provider
        • Setting up the Google Compute Engine Cloud Provider
        • Migrating Amazon In-tree to Out-of-tree
        • Migrating Azure In-tree to Out-of-tree
        • Migrating VMware vSphere In-tree to Out-of-tree
      • Launching Kubernetes with SUSE® Rancher Prime
      • SUSE® Rancher Prime Agents
      • Enabling Cluster Agent Scheduling Customization
      • Behavior Differences Between RKE1 and SUSE® Rancher Prime: RKE2
      • Launching Kubernetes on New Nodes in an Infrastructure Provider
        • Creating a DigitalOcean Cluster
          • DigitalOcean Machine Configuration
          • DigitalOcean Node Template Configuration
        • Creating an Amazon EC2 Cluster
          • EC2 Machine Configuration Reference
          • EC2 Node Template Configuration
        • Creating an Azure Cluster
          • Azure Machine Configuration
          • Azure Node Template Configuration
        • Creating a Nutanix AOS Cluster
          • Provisioning Kubernetes Clusters in Nutanix AOS
          • Nutanix Node Template Configuration
        • Creating a VMware vSphere Cluster
          • Best Practices for SUSE® Rancher Prime Managed VMware vSphere Clusters
          • Creating Credentials in the VMware vSphere Console
          • Creating a VMware vSphere Virtual Machine Template
          • Provisioning Kubernetes Clusters in VMware vSphere
          • VMware vSphere Node Template Configuration
          • Graceful Shutdown for VMware vSphere Virtual Machines
      • Launching Kubernetes on Existing Custom Nodes
        • SUSE® Rancher Prime Agent Options
          • Configuring Storage Classes in Azure
          • Networking Requirements for Host Gateway (L2bridge)
          • Launching Kubernetes on Windows Clusters
          • Windows and Linux Cluster Feature Parity
          • RKE1 to SUSE® Rancher Prime: RKE2 Windows Migration Guidance
      • Configuration
        • SUSE® Rancher Prime: K3s Cluster Configuration Reference
        • SUSE® Rancher Prime: RKE2 Cluster Configuration Reference
        • RKE Cluster Configuration Reference
      • Registering Existing Clusters
      • Registered Clusters
    • Cluster Administration
      • Manage Clusters
        • Best Practices for Disconnected Clusters
        • Access Clusters
          • Adding Users to Clusters
          • How the Authorized Cluster Endpoint Works
          • Access a Cluster with Kubectl and kubeconfig
        • Removing Kubernetes Components from Nodes
        • Create Kubernetes Persistent Volumes and Storage Classes
          • GlusterFS Volumes
          • How Persistent Storage Works
          • Dynamically Provisioning New Storage in SUSE® Rancher Prime
          • iSCSI Volumes
          • Setting up Existing Storage
          • Using an External Ceph Driver
            • NFS Storage
            • Creating Persistent Storage in Amazon’s EBS
          • Provisioning Storage Examples
            • VMware vSphere Storage
        • Cluster Autoscaler
          • Cluster Autoscaler with AWS EC2 Auto Scaling Groups
        • Cluster Templates
        • Nodes and Node Pools
        • Projects and Kubernetes Namespaces with SUSE® Rancher Prime
        • Certificate Rotation
        • Encryption Key Rotation
      • Kubernetes Resources Setup
        • Kubernetes Workloads and Pods
          • Deploying Workloads
          • Adding a Sidecar
          • Upgrading Workloads
          • Rolling Back Workloads
        • Horizontal Pod Autoscaler
          • Background Information on HPAs
          • Managing HPAs with the SUSE® Rancher Prime UI
          • Managing HPAs with kubectl
          • Testing HPAs with kubectl
        • Load Balancer and Ingress Controller Setup within SUSE® Rancher Prime
          • Layer 4 and Layer 7 Load Balancing
          • Adding Ingresses
          • Configuring an Ingress
        • Services
        • ConfigMaps
        • Kubernetes Registry and Container Image Registry
      • Upgrading and Rolling Back Kubernetes
        • Upgrading Kubernetes without Upgrading SUSE® Rancher Prime
        • Backing up a Cluster
        • Restoring a Cluster from Backup
      • Namespaces
      • Project Administration
        • Adding Users to Projects
        • Applying Pod Security Policies to Projects
        • Project Resource Quotas
          • How Resource Quotas Work in SUSE® Rancher Prime Projects
          • Overriding the Default Limit for a Namespace
          • Resource Quota Type Reference
          • Setting Container Default Resource Limits
      • Helm Charts and Apps
        • Creating Apps
        • Using OCI-Based Helm Chart Repositories
    • Security
      • SUSE® Rancher Prime Security Guides
      • Security Advisories and CVEs
      • Kubernetes Security Best Practices
      • SUSE® Rancher Prime Security Best Practices
      • SUSE® Rancher Prime Webhook
        • Rotation of Expired Webhook Certificates
        • Hardening the SUSE® Rancher Prime Webhook
        • About rancher-selinux
          • SELinux RPM
        • About rke2-selinux
      • Self-Assessment and Hardening Guides for SUSE® Rancher Prime
        • SUSE® Rancher Prime: K3s Hardening Guides
          • SUSE® Rancher Prime: K3s Self-Assessment Guide - CIS Benchmark v1.23 - K8s v1.23
          • SUSE® Rancher Prime: K3s Self-Assessment Guide - CIS Benchmark v1.24 - K8s v1.24
          • SUSE® Rancher Prime: K3s Self-Assessment Guide - CIS Benchmark v1.7 - K8s v1.25/v1.26/v1.27
        • RKE Hardening Guides
          • RKE Self-Assessment Guide - CIS Benchmark v1.23 - K8s v1.23
          • RKE Self-Assessment Guide - CIS Benchmark v1.24 - K8s v1.24
          • RKE Self-Assessment Guide - CIS Benchmark v1.7 - K8s v1.25/v1.26/v1.27
        • SUSE® Rancher Prime: RKE2 Hardening Guides
          • SUSE® Rancher Prime: RKE2 Self-Assessment Guide - CIS Benchmark v1.23 - K8s v1.23
          • SUSE® Rancher Prime: RKE2 Self-Assessment Guide - CIS Benchmark v1.24 - K8s v1.24
          • SUSE® Rancher Prime: RKE2 Self-Assessment Guide - CIS Benchmark v1.7 - K8s v1.25/v1.26/v1.27
        • Upgrading a Hardened Custom/Imported Cluster to Kubernetes v1.25
      • CIS Scans
        • Roles-based Access Control
        • CIS Scan Guides
        • Install SUSE® Rancher Prime CIS Benchmark
        • Uninstall SUSE® Rancher Prime CIS Benchmark
        • Configuration
        • Creating a Custom Benchmark Version for Running a Cluster Scan
        • Skipped and Not Applicable Tests
        • Run a Scan
        • Run a Scan Periodically on a Schedule
        • Skip Tests
        • View Reports
        • Enable Alerting for SUSE® Rancher Prime CIS Benchmark
        • Configure Alerts for Periodic Scan on a Schedule
        • Create a Custom Benchmark Version for Running a Cluster Scan
        • Adding a Pod Security Policy
        • Assigning Pod Security Policies
        • Creating Pod Security Policies
      • Pod Security Standards (PSS) & Pod Security Admission (PSA)
      • Pod Security Admission (PSA) Configuration Templates
      • Sample PodSecurityConfiguration
      • Secrets
      • Opening Ports with firewalld
      • Encrypting HTTP Communication
    • Integrations
      • Kubernetes Distributions
      • SUSE® Rancher Prime Extensions
      • SUSE® Virtualization
        • Overview
      • SUSE® Storage
        • Overview
      • SUSE® Security
        • Overview
      • SUSE® Rancher Prime: Admission Policy Manager
      • SUSE® Rancher Prime: OS Manager
      • SUSE® Rancher Prime: Continous Delivery
        • Overview
        • SUSE® Rancher Prime: Continous Delivery Architecture
        • Using SUSE® Rancher Prime: Continous Delivery Behind a Proxy
        • Windows Support
      • SUSE Observability
      • Kubernetes on the Desktop with Rancher Desktop
      • SUSE® Rancher Prime: Cluster API
        • Overview
    • Observability
      • Cluster Tools for Logging, Monitoring, and Visibility
      • Project Tools for Logging, Monitoring, and Visibility
      • SUSE® Rancher Prime Integration with Logging Services
        • Logging Architecture
        • Logging Best Practices
        • Role-based Access Control for Logging
        • rancher-logging Helm Chart Options
        • Enabling the API Audit Log to Record System Events
        • Enabling the API Audit Log in Downstream Clusters
        • Working with Taints and Tolerations
        • Custom Resource Configuration
          • Flows and ClusterFlows
          • Outputs and ClusterOutputs
        • Troubleshooting
      • Monitoring and Dashboards
        • Monitoring Best Practices
        • Built-in Dashboards
        • How Monitoring Works
        • PromQL Expression Reference
        • Role-based Access Control
        • Windows Cluster Support for Monitoring V2
        • Enable Monitoring
        • Uninstall Monitoring
        • Setting up Monitoring for a Workload
          • Monitoring Configuration Examples
          • Helm Chart Options
          • Receiver Configuration
          • Route Configuration
          • ServiceMonitor and PodMonitor Configuration
          • Advanced Configuration
            • Alertmanager Configuration
            • Prometheus Configuration
            • Configuring PrometheusRules
        • Monitoring Configuration Guides
          • Debugging High Memory Usage
          • Persistent Grafana Dashboards
          • Customizing Grafana Dashboards
        • Prometheus Federator
          • Role-Based Access Control
          • Enable Prometheus Federator
          • Uninstall Prometheus Federator
          • Setting up Prometheus Federator for a Workload
          • Customizing Grafana Dashboards
          • Installing Project Monitors
      • Istio
        • Role-based Access Control
        • CPU and Memory Allocations
        • Disabling Istio
          • Enable Istio with Pod Security Policies
        • Configuration Options
          • Selectors and Scrape Configs
          • Additional Steps for Project Network Isolation
          • Additional Steps for Installing Istio on SUSE® Rancher Prime: RKE2 and SUSE® Rancher Prime: K3s Clusters
          • Enable Istio in the Cluster
          • Enable Istio in a Namespace
          • Set up Istio’s Components for Traffic Management
        • Istio Setup Guides
          • Generate and View Traffic from Istio
          • Set up the Istio Gateway
          • Add Deployments and Services with the Istio Sidecar
    • API
      • RK-API Quick Start Guide
      • Projects
      • API Reference
      • Using API Tokens
      • Extension API Server
      • Previous v3 SUSE® Rancher Prime API Guide
    • Troubleshooting
      • General Troubleshooting
      • Kubernetes Components
        • Troubleshooting Controlplane Nodes
        • Troubleshooting etcd Nodes
        • Troubleshooting nginx-proxy
        • Troubleshooting Worker Nodes and Generic Components
        • User ID Tracking in Audit Logs
        • Networking
        • Kubernetes Resources
        • DNS
    • FAQ
      • General FAQ
      • Deprecated Features in SUSE® Rancher Prime
      • Installing and Configuring kubectl
      • Dockershim FAQ
      • Technical FAQ
      • Security FAQ
      • Container Network Interface (CNI) Providers
      • SUSE® Rancher Prime is No Longer Needed
    • Contributing to SUSE® Rancher Prime
SUSE® Rancher Manager Latest
  • Cluster API
    • 0.19
    • 0.18
    • 0.17
    • 0.16
    • 0.15
    • 0.14
    • 0.13
    • 0.12
    • 0.11
  • Continuous Delivery
    • 0.12
    • 0.11
    • 0.10
    • 0.9
  • K3s
    • Latest
  • OS Manager
    • 1.6
    • 1.5
  • Policy Manager
    • 1.25-next
    • 1.24
    • 1.23
    • 1.22
    • 1.21
    • 1.20
    • 1.19
    • 1.18
    • 1.17
    • 1.16
  • RKE2
    • Latest
  • SUSE® Rancher Manager
    • Latest
    • v2.11
    • v2.10
    • v2.9
    • v2.8
  • SUSE® Security
    • 5.4
    • 5.3
  • SUSE® Storage
    • 1.9.0 (Dev)
    • 1.8.0 (Latest)
    • 1.7.0
  • SUSE® Virtualization
    • v1.6 (Dev)
    • v1.5 (Latest)
    • v1.4
    • v1.3
  • SUSE® Rancher Manager
  • Observability
  • Monitoring and Dashboards
  • Setting up Monitoring for a Workload
  • Advanced Configuration
Latest v2.11 v2.10 v2.9 v2.8
Edit this Page

Advanced Configuration

Alertmanager

For information on configuring the Alertmanager custom resource, see this page.

Prometheus

For information on configuring the Prometheus custom resource, see this page.

PrometheusRules

For information on configuring the Prometheus custom resource, see this page.

ServiceMonitor and PodMonitor Configuration Alertmanager Configuration