From 6b44b6f9c564a3f608ee1b9b60fdae77f4d0f20e Mon Sep 17 00:00:00 2001 From: yiannistri <8741709+yiannistri@users.noreply.github.com> Date: Wed, 11 Dec 2024 14:39:57 +0000 Subject: [PATCH 1/4] Add prerequisite for AKS import --- .../register-existing-clusters.md | 16 ++++++++++++++++ .../register-existing-clusters.md | 16 ++++++++++++++++ .../register-existing-clusters.md | 16 ++++++++++++++++ 3 files changed, 48 insertions(+) diff --git a/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md b/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md index df17bb26d225..758cab7fac38 100644 --- a/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md +++ b/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md @@ -35,6 +35,8 @@ Since, by default, Google Kubernetes Engine (GKE) doesn't grant the `cluster-adm To successfully import or provision EKS, AKS, and GKE clusters from Rancher, the cluster must have at least one managed node group. +AKS clusters can be imported only if local accounts are enabled. If a cluster is configured to use Microsoft Entra ID for authentication, then Rancher will not be able to import it and report an error. + EKS Anywhere clusters can be imported/registered into Rancher with an API address and credentials, as with any downstream cluster. EKS Anywhere clusters are treated as imported clusters and do not have full lifecycle support from Rancher. GKE Autopilot clusters aren't supported. See [Compare GKE Autopilot and Standard](https://cloud.google.com/kubernetes-engine/docs/resources/autopilot-standard-feature-comparison) for more information about the differences between GKE modes. @@ -286,3 +288,17 @@ To annotate a registered cluster, 6. Click **Save**. **Result:** The annotation does not give the capabilities to the cluster, but it does indicate to Rancher that the cluster has those capabilities. + +## Troubleshooting + +This section lists some of the most common errors that may occur when importing a cluster, along with steps to troubleshoot them. + +### AKS + +#### Error: Getting static credential is not allowed because this cluster is set to disable local accounts. + +* This may occur if your cluster has disabled local accounts. Enable local accounts before attempting to import the cluster again: + + ``` + az aks update --resource-group --name --enable-local-accounts + ``` \ No newline at end of file diff --git a/versioned_docs/version-2.10/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md b/versioned_docs/version-2.10/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md index df17bb26d225..758cab7fac38 100644 --- a/versioned_docs/version-2.10/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md +++ b/versioned_docs/version-2.10/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md @@ -35,6 +35,8 @@ Since, by default, Google Kubernetes Engine (GKE) doesn't grant the `cluster-adm To successfully import or provision EKS, AKS, and GKE clusters from Rancher, the cluster must have at least one managed node group. +AKS clusters can be imported only if local accounts are enabled. If a cluster is configured to use Microsoft Entra ID for authentication, then Rancher will not be able to import it and report an error. + EKS Anywhere clusters can be imported/registered into Rancher with an API address and credentials, as with any downstream cluster. EKS Anywhere clusters are treated as imported clusters and do not have full lifecycle support from Rancher. GKE Autopilot clusters aren't supported. See [Compare GKE Autopilot and Standard](https://cloud.google.com/kubernetes-engine/docs/resources/autopilot-standard-feature-comparison) for more information about the differences between GKE modes. @@ -286,3 +288,17 @@ To annotate a registered cluster, 6. Click **Save**. **Result:** The annotation does not give the capabilities to the cluster, but it does indicate to Rancher that the cluster has those capabilities. + +## Troubleshooting + +This section lists some of the most common errors that may occur when importing a cluster, along with steps to troubleshoot them. + +### AKS + +#### Error: Getting static credential is not allowed because this cluster is set to disable local accounts. + +* This may occur if your cluster has disabled local accounts. Enable local accounts before attempting to import the cluster again: + + ``` + az aks update --resource-group --name --enable-local-accounts + ``` \ No newline at end of file diff --git a/versioned_docs/version-2.9/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md b/versioned_docs/version-2.9/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md index df17bb26d225..758cab7fac38 100644 --- a/versioned_docs/version-2.9/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md +++ b/versioned_docs/version-2.9/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md @@ -35,6 +35,8 @@ Since, by default, Google Kubernetes Engine (GKE) doesn't grant the `cluster-adm To successfully import or provision EKS, AKS, and GKE clusters from Rancher, the cluster must have at least one managed node group. +AKS clusters can be imported only if local accounts are enabled. If a cluster is configured to use Microsoft Entra ID for authentication, then Rancher will not be able to import it and report an error. + EKS Anywhere clusters can be imported/registered into Rancher with an API address and credentials, as with any downstream cluster. EKS Anywhere clusters are treated as imported clusters and do not have full lifecycle support from Rancher. GKE Autopilot clusters aren't supported. See [Compare GKE Autopilot and Standard](https://cloud.google.com/kubernetes-engine/docs/resources/autopilot-standard-feature-comparison) for more information about the differences between GKE modes. @@ -286,3 +288,17 @@ To annotate a registered cluster, 6. Click **Save**. **Result:** The annotation does not give the capabilities to the cluster, but it does indicate to Rancher that the cluster has those capabilities. + +## Troubleshooting + +This section lists some of the most common errors that may occur when importing a cluster, along with steps to troubleshoot them. + +### AKS + +#### Error: Getting static credential is not allowed because this cluster is set to disable local accounts. + +* This may occur if your cluster has disabled local accounts. Enable local accounts before attempting to import the cluster again: + + ``` + az aks update --resource-group --name --enable-local-accounts + ``` \ No newline at end of file From b9602b9af256e6d20861e4f3861cb8ff62e82f2f Mon Sep 17 00:00:00 2001 From: yiannistri <8741709+yiannistri@users.noreply.github.com> Date: Wed, 11 Dec 2024 14:54:35 +0000 Subject: [PATCH 2/4] Add note regarding local accounts prerequisite --- .../rancher-server-configuration/aks-cluster-configuration.md | 2 +- .../rancher-server-configuration/aks-cluster-configuration.md | 2 +- .../rancher-server-configuration/aks-cluster-configuration.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/reference-guides/cluster-configuration/rancher-server-configuration/aks-cluster-configuration.md b/docs/reference-guides/cluster-configuration/rancher-server-configuration/aks-cluster-configuration.md index 9fac68fb5a87..c53badc191c6 100644 --- a/docs/reference-guides/cluster-configuration/rancher-server-configuration/aks-cluster-configuration.md +++ b/docs/reference-guides/cluster-configuration/rancher-server-configuration/aks-cluster-configuration.md @@ -8,7 +8,7 @@ title: AKS Cluster Configuration Reference ## Role-based Access Control -When provisioning an AKS cluster in the Rancher UI, RBAC cannot be disabled. If role-based access control is disabled for the cluster in AKS, the cluster cannot be registered or imported into Rancher. +When provisioning an AKS cluster in the Rancher UI, RBAC cannot be disabled. If role-based access control is disabled for the cluster in AKS, the cluster cannot be registered or imported into Rancher. In practice, this means that local accounts must be enabled in order to register an AKS cluster. Rancher can configure member roles for AKS clusters in the same way as any other cluster. For more information, see the section on [role-based access control.](../../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md) diff --git a/versioned_docs/version-2.10/reference-guides/cluster-configuration/rancher-server-configuration/aks-cluster-configuration.md b/versioned_docs/version-2.10/reference-guides/cluster-configuration/rancher-server-configuration/aks-cluster-configuration.md index 9fac68fb5a87..86470cce7f2f 100644 --- a/versioned_docs/version-2.10/reference-guides/cluster-configuration/rancher-server-configuration/aks-cluster-configuration.md +++ b/versioned_docs/version-2.10/reference-guides/cluster-configuration/rancher-server-configuration/aks-cluster-configuration.md @@ -8,7 +8,7 @@ title: AKS Cluster Configuration Reference ## Role-based Access Control -When provisioning an AKS cluster in the Rancher UI, RBAC cannot be disabled. If role-based access control is disabled for the cluster in AKS, the cluster cannot be registered or imported into Rancher. +When provisioning an AKS cluster in the Rancher UI, RBAC cannot be disabled. If role-based access control is disabled for the cluster in AKS, the cluster cannot be registered or imported into Rancher. In practice, this means that local accounts must be enabled in order to register an AKS cluster. Rancher can configure member roles for AKS clusters in the same way as any other cluster. For more information, see the section on [role-based access control.](../../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md) diff --git a/versioned_docs/version-2.9/reference-guides/cluster-configuration/rancher-server-configuration/aks-cluster-configuration.md b/versioned_docs/version-2.9/reference-guides/cluster-configuration/rancher-server-configuration/aks-cluster-configuration.md index 9fac68fb5a87..86470cce7f2f 100644 --- a/versioned_docs/version-2.9/reference-guides/cluster-configuration/rancher-server-configuration/aks-cluster-configuration.md +++ b/versioned_docs/version-2.9/reference-guides/cluster-configuration/rancher-server-configuration/aks-cluster-configuration.md @@ -8,7 +8,7 @@ title: AKS Cluster Configuration Reference ## Role-based Access Control -When provisioning an AKS cluster in the Rancher UI, RBAC cannot be disabled. If role-based access control is disabled for the cluster in AKS, the cluster cannot be registered or imported into Rancher. +When provisioning an AKS cluster in the Rancher UI, RBAC cannot be disabled. If role-based access control is disabled for the cluster in AKS, the cluster cannot be registered or imported into Rancher. In practice, this means that local accounts must be enabled in order to register an AKS cluster. Rancher can configure member roles for AKS clusters in the same way as any other cluster. For more information, see the section on [role-based access control.](../../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md) From 4dd65ee2a22b49e1289428711050dde9c8bf25cd Mon Sep 17 00:00:00 2001 From: Yiannis Triantafyllopoulos <8741709+yiannistri@users.noreply.github.com> Date: Wed, 18 Dec 2024 09:55:21 +0000 Subject: [PATCH 3/4] Update docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md Co-authored-by: Lucas Saintarbor --- .../register-existing-clusters.md | 15 ++++++++------- .../aks-cluster-configuration.md | 2 +- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md b/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md index 758cab7fac38..99a909ccb085 100644 --- a/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md +++ b/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md @@ -35,7 +35,7 @@ Since, by default, Google Kubernetes Engine (GKE) doesn't grant the `cluster-adm To successfully import or provision EKS, AKS, and GKE clusters from Rancher, the cluster must have at least one managed node group. -AKS clusters can be imported only if local accounts are enabled. If a cluster is configured to use Microsoft Entra ID for authentication, then Rancher will not be able to import it and report an error. +AKS clusters can only be imported if local accounts are enabled. If a cluster is configured to use Microsoft Entra ID for authentication, Rancher will not be able to import the cluster and report an error. EKS Anywhere clusters can be imported/registered into Rancher with an API address and credentials, as with any downstream cluster. EKS Anywhere clusters are treated as imported clusters and do not have full lifecycle support from Rancher. @@ -295,10 +295,11 @@ This section lists some of the most common errors that may occur when importing ### AKS -#### Error: Getting static credential is not allowed because this cluster is set to disable local accounts. +- The following error may occur if local accounts are disabled in your cluster. + ```sh + Error: Getting static credential is not allowed because this cluster is set to disable local accounts. + To resolve this issue, enable local accounts before attempting to [import the cluster](#registering-a-cluster) again. -* This may occur if your cluster has disabled local accounts. Enable local accounts before attempting to import the cluster again: - - ``` - az aks update --resource-group --name --enable-local-accounts - ``` \ No newline at end of file + ```sh + az aks update --resource-group --name --enable-local-accounts + ``` \ No newline at end of file diff --git a/docs/reference-guides/cluster-configuration/rancher-server-configuration/aks-cluster-configuration.md b/docs/reference-guides/cluster-configuration/rancher-server-configuration/aks-cluster-configuration.md index c53badc191c6..2e479ae02481 100644 --- a/docs/reference-guides/cluster-configuration/rancher-server-configuration/aks-cluster-configuration.md +++ b/docs/reference-guides/cluster-configuration/rancher-server-configuration/aks-cluster-configuration.md @@ -8,7 +8,7 @@ title: AKS Cluster Configuration Reference ## Role-based Access Control -When provisioning an AKS cluster in the Rancher UI, RBAC cannot be disabled. If role-based access control is disabled for the cluster in AKS, the cluster cannot be registered or imported into Rancher. In practice, this means that local accounts must be enabled in order to register an AKS cluster. +When provisioning an AKS cluster in the Rancher UI, RBAC cannot be disabled. If RBAC is disabled in the AKS cluster, the cluster cannot be registered or imported into Rancher. In practice, this means that local accounts must be enabled in order to register or import an AKS cluster. Rancher can configure member roles for AKS clusters in the same way as any other cluster. For more information, see the section on [role-based access control.](../../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/manage-role-based-access-control-rbac.md) From e5176e033b8e8728adde6478552107c47c16176d Mon Sep 17 00:00:00 2001 From: yiannistri <8741709+yiannistri@users.noreply.github.com> Date: Wed, 8 Jan 2025 14:26:01 +0000 Subject: [PATCH 4/4] docs: Improve troubleshooting instructions --- .../register-existing-clusters.md | 6 ++++-- .../register-existing-clusters.md | 9 ++++++--- .../register-existing-clusters.md | 11 +++++++---- 3 files changed, 17 insertions(+), 9 deletions(-) diff --git a/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md b/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md index 99a909ccb085..b38111027d0c 100644 --- a/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md +++ b/docs/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md @@ -291,13 +291,15 @@ To annotate a registered cluster, ## Troubleshooting -This section lists some of the most common errors that may occur when importing a cluster, along with steps to troubleshoot them. +This section lists some of the most common errors that may occur when importing a cluster and provides steps to troubleshoot them. ### AKS -- The following error may occur if local accounts are disabled in your cluster. +- The following error may occur if local accounts are disabled in your cluster. ```sh Error: Getting static credential is not allowed because this cluster is set to disable local accounts. + ``` + To resolve this issue, enable local accounts before attempting to [import the cluster](#registering-a-cluster) again. ```sh diff --git a/versioned_docs/version-2.10/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md b/versioned_docs/version-2.10/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md index 758cab7fac38..bf066ba56019 100644 --- a/versioned_docs/version-2.10/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md +++ b/versioned_docs/version-2.10/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md @@ -295,10 +295,13 @@ This section lists some of the most common errors that may occur when importing ### AKS -#### Error: Getting static credential is not allowed because this cluster is set to disable local accounts. +- The following error may occur if local accounts are disabled in your cluster. + ```sh + Error: Getting static credential is not allowed because this cluster is set to disable local accounts. + ``` -* This may occur if your cluster has disabled local accounts. Enable local accounts before attempting to import the cluster again: + To resolve this issue, enable local accounts before attempting to [import the cluster](#registering-a-cluster) again. - ``` + ```sh az aks update --resource-group --name --enable-local-accounts ``` \ No newline at end of file diff --git a/versioned_docs/version-2.9/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md b/versioned_docs/version-2.9/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md index 758cab7fac38..f3cfcc06cbaa 100644 --- a/versioned_docs/version-2.9/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md +++ b/versioned_docs/version-2.9/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters.md @@ -291,14 +291,17 @@ To annotate a registered cluster, ## Troubleshooting -This section lists some of the most common errors that may occur when importing a cluster, along with steps to troubleshoot them. +This section lists some of the most common errors that may occur when importing a cluster and provides steps to troubleshoot them. ### AKS -#### Error: Getting static credential is not allowed because this cluster is set to disable local accounts. +- The following error may occur if local accounts are disabled in your cluster. + ```sh + Error: Getting static credential is not allowed because this cluster is set to disable local accounts. + ``` -* This may occur if your cluster has disabled local accounts. Enable local accounts before attempting to import the cluster again: + To resolve this issue, enable local accounts before attempting to [import the cluster](#registering-a-cluster) again. - ``` + ```sh az aks update --resource-group --name --enable-local-accounts ``` \ No newline at end of file