Authentication, Permissions and Global Configuration - 《Rancher 2.5.7-2.5.8 Documentation》

Pod Security Policies

After you log into Rancher for the first time, Rancher will prompt you for a Rancher Server URL.You should set the URL to the main entry point to the Rancher Server. When a load balancer sits in front a Rancher Server cluster, the URL should resolve to the load balancer. The system will automatically try to infer the Rancher Server URL from the IP address or host name of the host running the Rancher Server. This is only correct if you are running a single node Rancher Server installation. In most cases, therefore, you need to set the Rancher Server URL to the correct value yourself.

Authentication

One of the key features that Rancher adds to Kubernetes is centralized user authentication. This feature allows to set up local users and/or connect to an external authentication provider. By connecting to an external authentication provider, you can leverage that provider’s user and groups.

For more information how authentication works and how to configure each provider, see .

For more information how authorization works and how to customize roles, see Roles Based Access Control (RBAC).

Pod Security Policies

Pod Security Policies (or PSPs) are objects that control security-sensitive aspects of pod specification, e.g. root privileges. If a pod does not meet the conditions specified in the PSP, Kubernetes will not allow it to start, and Rancher will display an error message.

For more information how to create and use PSPs, see Pod Security Policies.

Drivers in Rancher allow you to manage which providers can be used to provision or nodes in an infrastructure provider to allow Rancher to deploy and manage Kubernetes.

Adding Kubernetes Versions into Rancher

With this feature, you can upgrade to the latest version of Kubernetes as soon as it is released, without upgrading Rancher. This feature allows you to easily upgrade Kubernetes patch versions (i.e. ), but not intended to upgrade Kubernetes minor versions (i.e. v1.X.0) as Kubernetes tends to deprecate or add APIs between minor versions.

The information that Rancher uses to provision RKE clusters is now located in the Rancher Kubernetes Metadata. For details on metadata configuration and how to change the Kubernetes version used for provisioning RKE clusters, see

Rancher Kubernetes Metadata contains Kubernetes version information which Rancher uses to provision RKE clusters.

For more information on how metadata works and how to configure metadata config, see .