automation-suite
2021.10
false
- Overview
- Requirements
- Installation
- Post-installation
- Cluster administration
- Monitoring and alerting
- Migration and upgrade
- Product-specific configuration
- Best practices and maintenance
- Installation best practices
- Performing database maintenance
- Performing yearly certificate maintenance
- Setting up directory roles and permissions
- Troubleshooting
- How to Troubleshoot Services During Installation
- How to Uninstall the Cluster
- How to clean up offline artifacts to improve disk space
- How to disable TLS 1.0 and 1.1
- How to enable Istio logging
- How to manually clean up logs
- How to clean up old logs stored in the sf-logs bucket
- How to debug failed Automation Suite installations
- How to disable TX checksum offloading
- Unable to run an offline installation on RHEL 8.4 OS
- Error in Downloading the Bundle
- Offline installation fails because of missing binary
- Certificate issue in offline installation
- SQL connection string validation error
- Failure After Certificate Update
- Automation Suite Requires Backlog_wait_time to Be Set 1
- Cannot Log in After Migration
- Setting a timeout interval for the management portals
- Update the underlying directory connections
- Kinit: Cannot Find KDC for Realm <AD Domain> While Getting Initial Credentials
- Kinit: Keytab Contains No Suitable Keys for *** While Getting Initial Credentials
- GSSAPI Operation Failed With Error: An Invalid Status Code Was Supplied (Client's Credentials Have Been Revoked).
- Login Failed for User <ADDOMAIN><aduser>. Reason: The Account Is Disabled.
- Alarm Received for Failed Kerberos-tgt-update Job
- SSPI Provider: Server Not Found in Kerberos Database
- Failure to get the sandbox image
- Pods not showing in ArgoCD UI
- Redis Probe Failure
- RKE2 Server Fails to Start
- Secret Not Found in UiPath Namespace
- ArgoCD goes into progressing state after first installation
- Unexpected Inconsistency; Run Fsck Manually
- Missing Self-heal-operator and Sf-k8-utils Repo
- Degraded MongoDB or Business Applications After Cluster Restore
- Unhealthy Services After Cluster Restore or Rollback
- Using the Automation Suite Diagnostics Tool
- Using the Automation Suite support bundle
- Exploring Logs
OUT OF SUPPORT
Automation Suite installation guide
Last updated Feb 24, 2025
To grant permissions to a specific admin or regular user to access the Kubernetes cluster and RKE2 file, you must update the
sudoers file with the required settings.
The following section provides details on the files to which you must grant access to the admin or regular user.
-
/var/lib/rancher/rke2/bin/kubectlexecutable requires sudo access to operate on cluster resources. To grant the required permissions to the executable without a password, update thesudoersfile accordingly. For details, see the following configuration sample:USERNAME ALL = NOPASSWD: /var/lib/rancher/rke2/bin/kubectlUSERNAME ALL = NOPASSWD: /var/lib/rancher/rke2/bin/kubectl /etc/rancher/rke2/stores the following files required to configure or access the cluster:-
/etc/rancher/rke2/config.yamlfile used to configure the cluster. The default permission for this file is-rw-r--r--. To allow users to modify/etc/rancher/rke2/config.yaml, update thesudoersfile accordingly. For details, see the following configuration sample:USERNAME ALL=NOPASSWD: /usr/local/bin/vim /etc/rancher/rke2/config.yamlUSERNAME ALL=NOPASSWD: /usr/local/bin/vim /etc/rancher/rke2/config.yaml -
/etc/rancher/rke2/rke2.yamlfile used along with thekubectlcommand to operate on the cluster. The default permission for this file is-rw-------.To allow users to operate on the cluster, update thesudoersfile accordingly. For details, see the following configuration sample:Defaults!/var/lib/rancher/rke2/bin/kubectl env_keep += KUBECONFIGDefaults!/var/lib/rancher/rke2/bin/kubectl env_keep += KUBECONFIG -
/etc/rancher/rke2/registries.yamlfile required to configure the registry for the cluster. The default permission for this file is-rw-r--r--.To allow users to modify/etc/rancher/rke2/registries.yaml, update thesudoersfile accordingly. For details, see the following configuration sample:USERNAME ALL=NOPASSWD: /usr/local/bin/vim /etc/rancher/rke2/registries.yamlUSERNAME ALL=NOPASSWD: /usr/local/bin/vim /etc/rancher/rke2/registries.yaml
-
-
/var/lib/rancher/rke2/directory stores the cluster related data, which includes kubelet logs, containerized data, static pod configuration files, RKE2 certificates, and etcd data. Admins may be required to read the file and check the size of the directory. To do this, you must give the required permissions to thels,cat, andducommands. For details, see the following configuration sample:USERNAME ALL=NOPASSWD: /usr/bin/ls /var/lib/rancher/rke2/* USERNAME ALL=NOPASSWD: /usr/bin/cat /var/lib/rancher/rke2/* USERNAME ALL=NOPASSWD: /usr/bin/du /var/lib/rancher/rke2/*USERNAME ALL=NOPASSWD: /usr/bin/ls /var/lib/rancher/rke2/* USERNAME ALL=NOPASSWD: /usr/bin/cat /var/lib/rancher/rke2/* USERNAME ALL=NOPASSWD: /usr/bin/du /var/lib/rancher/rke2/*
Note:
For maintenance purposes, we recommend creating a separate file under the
/etc/sudoers.d/ directory with the configuration described on this page.
