As you configure a new cluster that’s provisioned using RKE, you can choose custom Kubernetes options.
You can configure Kubernetes options one of two ways:
- Rancher UI: Use the Rancher UI to select options that are commonly customized when setting up a Kubernetes cluster.
- Config File: Alternatively, you can create a RKE config file to customize any option offered by Kubernetes.
When creating a cluster using one of the options described in Rancher Launched Kubernetes, you can configure basic Kubernetes options using the Cluster Options section.
From this section you can choose:
The version of Kubernetes installed on your cluster nodes. Rancher uses its own version of Kubernetes based on hyperkube, but packaged with more utilities.
Whether Rancher should check if the nodes are running a supported or unsupported version of Docker. If you only allow supported versions, the cluster automatically fails to launch if you have an unsupported version of Docker. Each Kubernetes version is tied to specific Docker versions based on what Kubernetes tests against.
Note: After you launch the cluster, you cannot change your network provider. Therefore, choose which network provider you want to use carefully, as Kubernetes doesn’t allow switching between network providers. Once a cluster is created with a network provider, changing network providers would require you tear down the entire cluster and all its applications.
Out of the box, Rancher is compatible with the following network providers:
In v2.0.0 - v2.0.4 and v2.0.6, this was the default option for these clusters was Canal with network isolation. With the network isolation automatically enabled, it prevented any pod communication between projects.
As of release v2.0.7, if you use Canal, you also have the option of using Project Network Isolation, which will enable or disable communication between pods in different projects.
Attention Rancher v2.0.0 - v2.0.6 Users
- In previous Rancher releases, Canal isolates project network communications with no option to disable it. If you are using any of these Rancher releases, be aware that using Canal prevents all communication between pods in different projects.
- If you are have clusters using Canal and are upgrading to v2.0.7, those clusters enable Project Network Isolation by default. If you want to disable Project Network Isolation, edit the cluster and disable the option.
In v2.0.5, this was the default option, which did not prevent any network isolation between projects.
Another network provider option.
Whether or not to use a cloud provider. If you want to use volumes and storage in Kubernetes, typically you must select the specific cloud provider in order to use it. For example, if you want to use Amazon EBS, you would need to select the
Note: If your cloud provider is not listed as an option, you will need to use the config file option to use that cloud provider. Please reference the RKE’s cloud provider documentation on how to configure these other cloud providers.
Whether or not to use a pod security policy. You must have an existing pod security policy configured before you can use this option.
Note: In Rancher v2.0.5 and v2.0.6, the names of services in the Config File (YAML) should contain underscores only:
Instead of using the Rancher UI to choose Kubernetes options for the cluster, advanced users can create an RKE config file. Using a config file allows you to set any of the options available in an RKE installation.
- To edit an RKE config file directly from the Rancher UI, click Edit as YAML.
- To read from an existing RKE file, click Read from File.
For an example of RKE config file syntax, see the RKE documentation.