SUSE® Rancher for AWS

    • Release Notes
    • About Rancher
      • What is SUSE Rancher for AWS?
      • Cloud Native
      • Overview
      • SUSE Rancher for AWS Architecture
        • Architecture Recommendations
        • Communicating with Downstream User Clusters
        • SUSE Rancher for AWS Server and Components
      • Kubernetes Concepts
      • Glossary
    • Rancher Administration
      • User Management
        • Configuring Authentication
          • Users and Groups
          • Local Authentication
          • External Authentication
            • JSON Web Token (JWT) Authentication
            • Configure Generic OIDC
            • Configure Rancher as an OIDC provider
            • Configure Active Directory (AD)
            • Configure Amazon Cognito
            • Configure Azure AD
            • Configure FreeIPA
            • Configure GitHub
            • Configure Google OAuth
            • Configure Keycloak (OIDC)
            • Configure Keycloak (SAML)
            • Configure Okta (SAML)
            • Configure PingIdentity (SAML)
            • Configuring Microsoft Active Directory Federation Service (SAML)
              • 1. Configuring Microsoft AD FS for SUSE Rancher for AWS
              • 2. Configuring SUSE Rancher for AWS for Microsoft AD FS
            • Configuring OpenLDAP
              • OpenLDAP Configuration Reference
            • Configuring Shibboleth (SAML)
              • Group Permissions with Shibboleth and OpenLDAP
          • Managing Role-Based Access Control (RBAC)
            • Global Permissions
            • Cluster and Project Roles
            • Custom Roles
            • Locked Roles
          • Enabling User Retention
        • User Settings
          • API Keys
          • Managing Node Templates
          • User Preferences
          • Managing Cloud Credentials
      • CLI
        • kubectl Utility
        • SUSE Rancher for AWS CLI
    • Cluster Deployment
      • Node Requirements for SUSE Rancher for AWS Managed Clusters
      • Checklist for Production-Ready Clusters
        • Recommended Cluster Architecture
        • Roles for Nodes in Kubernetes
        • Tips for Setting Up Containers
      • Setting up Clusters from Hosted Kubernetes Providers
        • Creating an EKS Cluster
          • EKS Cluster Configuration Reference
        • Syncing Hosted Clusters
      • Launching Kubernetes with SUSE Rancher for AWS
      • SUSE Rancher for AWS Agents
      • Enabling Cluster Agent Scheduling Customization
      • Launching Kubernetes on New Nodes in an Infrastructure Provider
        • Creating an Amazon EC2 Cluster
          • EC2 Machine Configuration Reference
          • EC2 Node Template Configuration
      • Launching Kubernetes on Existing Custom Nodes
        • SUSE Rancher for AWS Agent Options
          • Configuring Storage Classes in Azure
          • Networking Requirements for Host Gateway (L2bridge)
          • Launching Kubernetes on Windows Clusters
          • Windows and Linux Cluster Feature Parity
          • RKE1 to SUSE® Rancher Prime: RKE2 Windows Migration Guidance
      • Configuration
        • SUSE® Rancher Prime: K3s Cluster Configuration Reference
        • SUSE® Rancher Prime: RKE2 Cluster Configuration Reference
        • RKE Cluster Configuration Reference
      • Registering Existing Clusters
      • Registered Clusters
    • Cluster Administration
      • Manage Clusters
        • Best Practices for Disconnected Clusters
        • Access Clusters
          • Adding Users to Clusters
          • How the Authorized Cluster Endpoint Works
          • Access a Cluster with Kubectl and kubeconfig
        • Removing Kubernetes Components from Nodes
        • Create Kubernetes Persistent Volumes and Storage Classes
          • GlusterFS Volumes
          • How Persistent Storage Works
          • Dynamically Provisioning New Storage in SUSE Rancher for AWS
          • iSCSI Volumes
          • Setting up Existing Storage
          • Using an External Ceph Driver
            • NFS Storage
            • Creating Persistent Storage in Amazon’s EBS
          • Provisioning Storage Examples
        • Cluster Autoscaler
          • Cluster Autoscaler with AWS EC2 Auto Scaling Groups
        • Cluster Templates
        • Nodes and Node Pools
        • Projects and Kubernetes Namespaces with SUSE Rancher for AWS
        • Certificate Rotation
        • Encryption Key Rotation
      • Kubernetes Resources Setup
        • Kubernetes Workloads and Pods
          • Deploying Workloads
          • Adding a Sidecar
          • Upgrading Workloads
          • Rolling Back Workloads
        • Horizontal Pod Autoscaler
          • Background Information on HPAs
          • Managing HPAs with the SUSE Rancher for AWS UI
          • Managing HPAs with kubectl
          • Testing HPAs with kubectl
        • Load Balancer and Ingress Controller Setup within SUSE Rancher for AWS
          • Layer 4 and Layer 7 Load Balancing
          • Adding Ingresses
          • Configuring an Ingress
        • Services
        • ConfigMaps
        • Kubernetes Registry and Container Image Registry
      • Upgrading and Rolling Back Kubernetes
        • Upgrading Kubernetes without Upgrading SUSE Rancher for AWS
        • Backing up a Cluster
        • Restoring a Cluster from Backup
      • Namespaces
      • Project Administration
        • Adding Users to Projects
        • Project Resource Quotas
          • How Resource Quotas Work in SUSE Rancher for AWS Projects
          • Overriding the Default Limit for a Namespace
          • Resource Quota Type Reference
          • Setting Container Default Resource Limits
      • Helm Charts and Apps
        • Creating Apps
        • Using OCI-Based Helm Chart Repositories
    • Security
      • SUSE Rancher for AWS Security Guides
      • Security Advisories and CVEs
      • Kubernetes Security Best Practices
      • SUSE Rancher for AWS Security Best Practices
      • SUSE Rancher for AWS Webhook
        • Rotation of Expired Webhook Certificates
        • Hardening the SUSE Rancher for AWS Webhook
        • About rancher-selinux
          • SELinux RPM
        • About rke2-selinux
      • Compliance Scans
        • Roles-based Access Control
        • Compliance Scan Guides
        • Install SUSE Rancher for AWS Compliance
        • Uninstall SUSE Rancher for AWS Compliance
        • Configuration
        • Creating a Custom Benchmark Version for Running a Cluster Scan
        • Run a Scan
        • Run a Scan Periodically on a Schedule
        • View Reports
        • Enable Alerting for SUSE Rancher for AWS Compliance
        • Configure Alerts for Periodic Scan on a Schedule
        • Create a Custom Compliance Version for Running a Cluster Scan
      • Pod Security Standards (PSS) & Pod Security Admission (PSA)
      • Pod Security Admission (PSA) Configuration Templates
      • Sample PodSecurityConfiguration
      • Secrets
      • Opening Ports with firewalld
      • Encrypting HTTP Communication
    • Observability
      • Cluster Tools for Logging, Monitoring, and Visibility
      • Project Tools for Logging, Monitoring, and Visibility
      • SUSE Rancher for AWS Integration with Logging Services
        • Logging Architecture
        • Logging Best Practices
        • Role-based Access Control for Logging
        • rancher-logging Helm Chart Options
        • Enabling the API Audit Log to Record System Events
        • Enabling the API Audit Log in Downstream Clusters
        • Working with Taints and Tolerations
        • Custom Resource Configuration
          • Flows and ClusterFlows
          • Outputs and ClusterOutputs
        • Troubleshooting
      • Monitoring and Dashboards
        • Monitoring Best Practices
        • Built-in Dashboards
        • How Monitoring Works
        • PromQL Expression Reference
        • Role-based Access Control
        • Windows Cluster Support for Monitoring V2
        • Enable Monitoring
        • Uninstall Monitoring
        • Setting up Monitoring for a Workload
          • Monitoring Configuration Examples
          • Helm Chart Options
          • Receiver Configuration
          • Route Configuration
          • ServiceMonitor and PodMonitor Configuration
          • Advanced Configuration
            • Alertmanager Configuration
            • Prometheus Configuration
            • Configuring PrometheusRules
        • Monitoring Configuration Guides
          • Debugging High Memory Usage
          • Persistent Grafana Dashboards
          • Customizing Grafana Dashboards
        • Prometheus Federator
          • Role-Based Access Control
          • Enable Prometheus Federator
          • Uninstall Prometheus Federator
          • Setting up Prometheus Federator for a Workload
          • Customizing Grafana Dashboards
          • Installing Project Monitors
      • Istio
        • Role-based Access Control
        • CPU and Memory Allocations
        • Disabling Istio
        • Configuration Options
          • Selectors and Scrape Configs
          • Additional Steps for Project Network Isolation
          • Additional Steps for Installing Istio on SUSE® Rancher Prime: RKE2 and SUSE® Rancher Prime: K3s Clusters
          • Enable Istio in the Cluster
          • Enable Istio in a Namespace
          • Set up Istio’s Components for Traffic Management
        • Istio Setup Guides
          • Generate and View Traffic from Istio
          • Set up the Istio Gateway
          • Add Deployments and Services with the Istio Sidecar
    • API
      • RK-API Quick Start Guide
      • Workflows
        • Kubeconfigs
        • Projects
        • Tokens
      • API Reference
      • Using API Tokens
      • Extension API Server
      • Previous v3 SUSE Rancher for AWS API Guide
    • Troubleshooting
      • General Troubleshooting
      • Kubernetes Components
        • Troubleshooting Controlplane Nodes
        • Troubleshooting etcd Nodes
        • Troubleshooting nginx-proxy
        • Troubleshooting Worker Nodes and Generic Components
        • User ID Tracking in Audit Logs
        • Networking
        • Kubernetes Resources
        • DNS
    • FAQ
      • General FAQ
      • Deprecated Features in SUSE Rancher for AWS
      • Installing and Configuring kubectl
      • Technical FAQ
      • Security FAQ
      • Container Network Interface (CNI) Providers
      • SUSE Rancher for AWS is No Longer Needed
    • Contributing to SUSE Rancher for AWS
SUSE® Rancher for AWS Latest
  • Admission Controller
    • 1.32-dev
    • 1.31-latest
    • 1.30
    • 1.29
    • 1.28
  • Cluster API
    • 0.25
    • 0.24
    • 0.23
    • 0.22
    • 0.21
    • 0.20
    • 0.19
    • 0.18
    • 0.17
    • 0.16
    • 0.15
    • 0.14
    • 0.13
    • 0.12
    • 0.11
  • Continuous Delivery
    • 0.13
    • 0.12
    • 0.11
    • 0.10
    • 0.9
  • K3s
    • Latest
  • OS Manager
    • 1.8-dev
    • 1.7
    • 1.6
    • 1.5
  • RKE2
    • Latest
  • SUSE Observability
    • Latest
  • SUSE® Rancher for AWS
    • Latest
  • SUSE® Rancher Manager
    • v2.12
    • v2.11
    • v2.10
    • v2.9
    • v2.8
  • SUSE® Security
    • 5.4
    • 5.3
  • SUSE® Storage
    • 1.11 (Dev)
    • 1.10 (Latest)
    • 1.9
    • 1.8
  • SUSE® Virtual Clusters
    • Latest
  • SUSE® Virtualization
    • v1.7 (Dev)
    • v1.6 (Latest)
    • v1.5
    • v1.4
  • SUSE Rancher for AWS
  • Observability
Edit

Advanced Configuration

Alertmanager

For information on configuring the Alertmanager custom resource, see this page.

Prometheus

For information on configuring the Prometheus custom resource, see this page.

PrometheusRules

For information on configuring the Prometheus custom resource, see this page.

ServiceMonitor and PodMonitor Configuration Alertmanager Configuration