rancher · jmeza-xyz · Apr 9, 2025 · Apr 10, 2025 · Apr 10, 2025 · Apr 11, 2025
@@ -160,7 +160,7 @@ kubectl --namespace p-vwxyz get projectroletemplatebindings
 
 ## Deleting a Member From a Project
 
-Lookup the projectroletemplatebinding IDs containing the member in the project's namespace as decribed in the [Listing Project Members](#listing-project-members) section.
+Lookup the projectroletemplatebinding IDs containing the member in the project's namespace as described in the [Listing Project Members](#listing-project-members) section.
 
 Delete the projectroletemplatebinding from the project's namespace:
 

@@ -40,7 +40,7 @@ The following table shows the availability and default values for some feature f
 
 | Feature Flag Name             | Default Value | Status       | Available As Of | Additional Information |
 | ----------------------------- | ------------- | ------------ | --------------- | ---------------------- |
-| `aggregated-roletemplates` | `false` | Highly experimentatl | v2.11.0 | This flag value is locked on install and can't be changed. |
+| `aggregated-roletemplates` | `false` | Highly experimental | v2.11.0 | This flag value is locked on install and can't be changed. |
 | `clean-stale-secrets` | `true` | GA | v2.10.2 | |
 | `continuous-delivery` | `true` | GA | v2.6.0 | |
 | `external-rules` | v2.7.14: `false`, v2.8.5: `true` | Removed | v2.7.14, v2.8.5 | This flag affected [external `RoleTemplate` behavior](../../../how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/manage-role-based-access-control-rbac/cluster-and-project-roles.md#external-roletemplate-behavior). It is removed in Rancher v2.9.0 and later as the behavior is enabled by default. |

@@ -40,7 +40,7 @@ In Rancher v2.9.0 and later, this setting defaults to `strict` on new installs.
 Each cluster contains a condition in the status field called `AgentTlsStrictCheck`. If `AgentTlsStrictCheck` is set to `"True"`, this indicates that the agents for the cluster are ready to operate in `strict` mode. You can manually inspect each cluster to see if they are ready using the Rancher UI or a kubectl command such as the following:
 
 ```bash
-## the below command skips ouputs $CLUSTER_NAME,$STATUS for all non-local clusters
+## the below command skips outputs $CLUSTER_NAME,$STATUS for all non-local clusters
 kubectl get cluster.management.cattle.io -o jsonpath='{range .items[?(@.metadata.name!="local")]}{.metadata.name},{.status.conditions[?(@.type=="AgentTlsStrictCheck")].status}{"\n"}{end}'
 ```
 

@@ -168,7 +168,7 @@ $ ldapsearch -x -D "acme\jdoe" -w "secret" -p 389 \
 -h ad.acme.com -b "dc=acme,dc=com" -s sub "sAMAccountName=jdoe"
 ```
 
-This command performs an LDAP search with the search base set to the domain root (`-b "dc=acme,dc=com"`) and a filter targeting the user account (`sAMAccountNam=jdoe`), returning the attributes for said user:
+This command performs an LDAP search with the search base set to the domain root (`-b "dc=acme,dc=com"`) and a filter targeting the user account (`sAMAccountName=jdoe`), returning the attributes for said user:
 
 ![](/img/ldapsearch-user.png)
 

@@ -23,7 +23,7 @@ The diagram below illustrates how members of an OpenLDAP group can access resour
 
 For example, a cluster owner could add an OpenLDAP group to a cluster so that they have permissions view most cluster level resources and create new projects. Then the OpenLDAP group members will have access to the cluster as soon as they log in to Rancher.
 
-In this scenario, OpenLDAP allows the cluster owner to search for groups when assigning persmissions. Without OpenLDAP, the functionality to search for groups would not be supported.
+In this scenario, OpenLDAP allows the cluster owner to search for groups when assigning permissions. Without OpenLDAP, the functionality to search for groups would not be supported.
 
 When a member of the OpenLDAP group logs in to Rancher, she is redirected to Shibboleth and enters her username and password.
 

@@ -35,7 +35,7 @@ The global default registry is intended to be used in air-gapped setups, for reg
 
 Most private registries should work, by default, with RKE2 downstream clusters.
 
-However, you'll need to do some additional steps if you're trying to set a namespaced private registry whose URL is formated like this: `website/subdomain:portnumber`.
+However, you'll need to do some additional steps if you're trying to set a namespaced private registry whose URL is formatted like this: `website/subdomain:portnumber`.
 
 1. Select **☰ > Cluster Management**.
 1. Find the RKE2 cluster in the list and click **⋮ >Edit Config**.

@@ -242,7 +242,7 @@ Rancher and Partner charts may have extra configurations available through custo
 
 To view all recent changes, click **Apps > Recent Operations** in the left navigation menu. From there you can view the calls, conditions, events, and logs.
 
-After installing a chart, you can view it by clicking **Apps > Installed Apps** in the left navigation menu. You can upgrade or delete the installation, and see further details. Upgrading uses the same forms and values as you saw during inital installation. 
+After installing a chart, you can view it by clicking **Apps > Installed Apps** in the left navigation menu. You can upgrade or delete the installation, and see further details. Upgrading uses the same forms and values as you saw during initial installation.
 
 Most Rancher tools have additional pages located in the toolbar below the **Apps** section to help manage and use the features. These pages include links to dashboards, forms to easily add Custom Resources, and additional information.
 
@@ -301,4 +301,3 @@ To migrate, follow these steps:
 - When determining the most recent version to display for the **Upgradable** column on the **Apps > Installed Apps** page, rather than only considering versions of the Helm chart from the repository it was installed from, Rancher considers versions of the Helm chart from all repositories on the cluster.
 
   For example, suppose you install `cert-manager` v1.13.0 from repository A, where v1.14.0 is now the most recent version available. In this case, you expect **Upgradable** to display v1.14.0. However, if the cluster also has access to repository B where v1.15.0 of `cert-manager` is available, then **Upgradable** displays v1.15.0 even though the original installation used repository A.
-
@@ -322,7 +322,7 @@ Existing clusters that use an **External** cloud provider will set `--cloud-prov
 
 3. Install the AWS cloud controller manager after the cluster finishes provisioning. Note that the cluster isn't successfully provisioned and nodes are still in an `uninitialized` state until you deploy the cloud controller manager. This can be done manually, or via [Helm charts in UI](#helm-chart-installation-from-ui).
 
-Refer to the offical AWS upstream documentation for the [cloud controller manager](https://kubernetes.github.io/cloud-provider-aws).
+Refer to the official AWS upstream documentation for the [cloud controller manager](https://kubernetes.github.io/cloud-provider-aws).
 
 </TabItem>
 </Tabs>

@@ -47,7 +47,7 @@ When using ingresses in a project, you can program the ingress hostname to an ex
 
 ## Service Discovery
 
-After you expose your cluster to external requests using a load balancer and/or ingress, it's only available by IP address. To create a resolveable hostname, you must create a service record, which is a record that maps an IP address, external hostname, DNS record alias, workload(s), or labelled pods to a specific hostname.
+After you expose your cluster to external requests using a load balancer and/or ingress, it's only available by IP address. To create a resolvable hostname, you must create a service record, which is a record that maps an IP address, external hostname, DNS record alias, workload(s), or labelled pods to a specific hostname.
 
 For more information, see [Service Discovery](create-services.md).
 

@@ -38,7 +38,7 @@ On the **Clusters** page, select **⁝** at the end of each row to view a submen
 
 ### Cluster Dashboard
 
-On the **Clusters** page, select the **Explore** button at the end of each row to view that cluster's **Cluster Dashboard**. You can also view the dashboard by clicking the name of a cluster in the table, then clicking the **Explore** buttton on the **Cluster** page.
+On the **Clusters** page, select the **Explore** button at the end of each row to view that cluster's **Cluster Dashboard**. You can also view the dashboard by clicking the name of a cluster in the table, then clicking the **Explore** button on the **Cluster** page.
 
 The **Cluster Dashboard** is also accessible from the Rancher UI **Home** page, by clicking on the name of a cluster.
 

@@ -229,7 +229,7 @@ On AWS EC2, we should create a few objects to configure our system. We've define
       PUBLIC_IP=$(curl -H "X-aws-ec2-metadata-token: ${TOKEN}" -s http://169.254.169.254/latest/meta-data/public-ipv4)
       K8S_ROLES="--worker"
 
-      sudo docker run -d --privileged --restart=unless-stopped --net=host -v /etc/kubernetes:/etc/kubernetes -v /var/run:/var/run rancher/rancher-agent:<RANCHER_VERSION> --server https://<RANCHER_URL> --token <RANCHER_TOKEN> --ca-checksum <RANCHER_CA_CHECKCSUM> --address ${PUBLIC_IP} --internal-address ${PRIVATE_IP} ${K8S_ROLES}
+      sudo docker run -d --privileged --restart=unless-stopped --net=host -v /etc/kubernetes:/etc/kubernetes -v /var/run:/var/run rancher/rancher-agent:<RANCHER_VERSION> --server https://<RANCHER_URL> --token <RANCHER_TOKEN> --ca-checksum <RANCHER_CA_CHECKSUM> --address ${PUBLIC_IP} --internal-address ${PRIVATE_IP} ${K8S_ROLES}
       ```
 
 More info is at [RKE clusters on AWS](../../../new-user-guides/kubernetes-clusters-in-rancher-setup/set-up-cloud-providers/amazon.md) and [Cluster Autoscaler on AWS.](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/aws/README.md)

@@ -26,7 +26,7 @@ Users can leverage continuous delivery to deploy their applications to the Kuber
 
 Follow the steps below to access Continuous Delivery in the Rancher UI:
 
-1. Click **☰ > Continous Delivery**.
+1. Click **☰ > Continuous Delivery**.
 
 1. Select your namespace at the top of the menu, noting the following:
 

@@ -337,7 +337,7 @@ Alternatives, such as using a HelmChartConfig to customize the system charts via
 
 Specify the values for the system charts installed by K3s.
 
-For more information about how K3s manges packaged components, please refer to [K3s documentation](https://docs.k3s.io/installation/packaged-components).
+For more information about how K3s manages packaged components, please refer to [K3s documentation](https://docs.k3s.io/installation/packaged-components).
 
 Example:
 

@@ -367,7 +367,7 @@ Alternatives, such as using a HelmChartConfig to customize the system charts via
 
 Specify the values for the system charts installed by RKE2.
 
-For more information about how RKE2 manges packaged components, please refer to [RKE2 documentation](https://docs.rke2.io/helm).
+For more information about how RKE2 manages packaged components, please refer to [RKE2 documentation](https://docs.rke2.io/helm).
 
 Example:
 

@@ -9,7 +9,7 @@ description: To create a cluster with custom nodes, you’ll need to access serv
 
 When you create a custom cluster, Rancher uses RKE (the Rancher Kubernetes Engine) to create a Kubernetes cluster in on-prem bare-metal servers, on-prem virtual machines, or in any node hosted by an infrastructure provider.
 
-To use this option you'll need access to servers you intend to use in your Kubernetes cluster. Provision each server according to the [requirements](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md), which includes some hardware specifications and Docker. After you install Docker on each server, you willl also run the command provided in the Rancher UI on each server to turn each one into a Kubernetes node.
+To use this option you'll need access to servers you intend to use in your Kubernetes cluster. Provision each server according to the [requirements](../../../../how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/node-requirements-for-rancher-managed-clusters.md), which includes some hardware specifications and Docker. After you install Docker on each server, you will also run the command provided in the Rancher UI on each server to turn each one into a Kubernetes node.
 
 This section describes how to set up a custom cluster.
 

@@ -339,14 +339,14 @@ route:
  routes:
   - match:
       service: database
-    receiver: 'database-notifcations'
+    receiver: 'database-notifications'
 
 receivers:
 - name: 'pagerduty-notifications'
   pagerduty_configs:
   - service_key: 'primary-integration-key'
 
-- name: 'database-notifcations'
+- name: 'database-notifications'
   pagerduty_configs:
   - service_key: 'database-integration-key'
 ```

@@ -3032,8 +3032,8 @@ it is set to an empty array.
 **Result:** warn
 
 **Remediation:**
-Review the use of capabilites in applications running on your cluster. Where a namespace
-contains applicaions which do not require any Linux capabities to operate consider adding
+Review the use of capabilities in applications running on your cluster. Where a namespace
+contains applications which do not require any Linux capabities to operate consider adding
 a PSP which forbids the admission of containers which do not drop all capabilities.
 
 ### 5.2.11 Minimize the admission of Windows HostProcess containers (Manual)

@@ -3087,8 +3087,8 @@ it is set to an empty array.
 **Result:** warn
 
 **Remediation:**
-Review the use of capabilites in applications running on your cluster. Where a namespace
-contains applicaions which do not require any Linux capabities to operate consider adding
+Review the use of capabilities in applications running on your cluster. Where a namespace
+contains applications which do not require any Linux capabities to operate consider adding
 a PSP which forbids the admission of containers which do not drop all capabilities.
 
 ### 5.2.11 Minimize the admission of Windows HostProcess containers (Manual)

@@ -3094,8 +3094,8 @@ it is set to an empty array.
 **Result:** warn
 
 **Remediation:**
-Review the use of capabilites in applications running on your cluster. Where a namespace
-contains applicaions which do not require any Linux capabities to operate consider adding
+Review the use of capabilities in applications running on your cluster. Where a namespace
+contains applications which do not require any Linux capabities to operate consider adding
 a PSP which forbids the admission of containers which do not drop all capabilities.
 
 ### 5.2.11 Minimize the admission of Windows HostProcess containers (Manual)

@@ -1352,7 +1352,7 @@ In this file, choose aescbc, kms or secretbox as the encryption provider.
 ```bash
 #!/usr/bin/env bash
 
-# This script is used to check the encrption provider config is set to aesbc
+# This script is used to check the encryption provider config is set to aesbc
 #
 # outputs:
 #   true/false
@@ -2884,8 +2884,8 @@ it is set to an empty array.
 **Result:** warn
 
 **Remediation:**
-Review the use of capabilites in applications running on your cluster. Where a namespace
-contains applicaions which do not require any Linux capabities to operate consider adding
+Review the use of capabilities in applications running on your cluster. Where a namespace
+contains applications which do not require any Linux capabilities to operate consider adding
 a PSP which forbids the admission of containers which do not drop all capabilities.
 
 ### 5.2.11 Minimize the admission of Windows HostProcess containers (Manual)

@@ -1298,7 +1298,7 @@ In this file, choose aescbc, kms or secretbox as the encryption provider.
 ```bash
 #!/usr/bin/env bash
 
-# This script is used to check the encrption provider config is set to aesbc
+# This script is used to check the encryption provider config is set to aesbc
 #
 # outputs:
 #   true/false
@@ -2843,8 +2843,8 @@ it is set to an empty array.
 **Result:** warn
 
 **Remediation:**
-Review the use of capabilites in applications running on your cluster. Where a namespace
-contains applicaions which do not require any Linux capabities to operate consider adding
+Review the use of capabilities in applications running on your cluster. Where a namespace
+contains applications which do not require any Linux capabities to operate consider adding
 a PSP which forbids the admission of containers which do not drop all capabilities.
 
 ### 5.2.11 Minimize the admission of Windows HostProcess containers (Manual)

@@ -2744,8 +2744,8 @@ it is set to an empty array.
 **Result:** warn
 
 **Remediation:**
-Review the use of capabilites in applications running on your cluster. Where a namespace
-contains applicaions which do not require any Linux capabities to operate consider adding
+Review the use of capabilities in applications running on your cluster. Where a namespace
+contains applications which do not require any Linux capabities to operate consider adding
 a PSP which forbids the admission of containers which do not drop all capabilities.
 
 ### 5.2.11 Minimize the admission of Windows HostProcess containers (Manual)

@@ -3019,8 +3019,8 @@ it is set to an empty array.
 **Result:** warn
 
 **Remediation:**
-Review the use of capabilites in applications running on your cluster. Where a namespace
-contains applicaions which do not require any Linux capabities to operate consider adding
+Review the use of capabilities in applications running on your cluster. Where a namespace
+contains applications which do not require any Linux capabities to operate consider adding
 a PSP which forbids the admission of containers which do not drop all capabilities.
 
 ### 5.2.11 Minimize the admission of Windows HostProcess containers (Manual)

@@ -3020,8 +3020,8 @@ it is set to an empty array.
 **Result:** warn
 
 **Remediation:**
-Review the use of capabilites in applications running on your cluster. Where a namespace
-contains applicaions which do not require any Linux capabities to operate consider adding
+Review the use of capabilities in applications running on your cluster. Where a namespace
+contains applications which do not require any Linux capabities to operate consider adding
 a PSP which forbids the admission of containers which do not drop all capabilities.
 
 ### 5.2.11 Minimize the admission of Windows HostProcess containers (Manual)

@@ -2846,8 +2846,8 @@ it is set to an empty array.
 **Result:** warn
 
 **Remediation:**
-Review the use of capabilites in applications running on your cluster. Where a namespace
-contains applicaions which do not require any Linux capabities to operate consider adding
+Review the use of capabilities in applications running on your cluster. Where a namespace
+contains applications which do not require any Linux capabities to operate consider adding
 a PSP which forbids the admission of containers which do not drop all capabilities.
 
 ### 5.2.11 Minimize the admission of Windows HostProcess containers (Manual)

@@ -6,7 +6,7 @@ title: User ID Tracking in Audit Logs
   <link rel="canonical" href="https://ranchermanager.docs.rancher.com/troubleshooting/other-troubleshooting-tips/user-id-tracking-in-audit-logs"/>
 </head>
 
-The following audit logs are used in Rancher to track events occuring on the local and downstream clusters:
+The following audit logs are used in Rancher to track events occurring on the local and downstream clusters:
 
 * [Kubernetes Audit Logs](https://rancher.com/docs/rke/latest/en/config-options/audit-log/)
 * [Rancher API Audit Logs](../../how-to-guides/advanced-user-guides/enable-api-audit-log.md)

@@ -160,7 +160,7 @@ kubectl --namespace p-vwxyz get projectroletemplatebindings
 
 ## Deleting a Member From a Project
 
-Lookup the projectroletemplatebinding IDs containing the member in the project's namespace as decribed in the [Listing Project Members](#listing-project-members) section.
+Lookup the projectroletemplatebinding IDs containing the member in the project's namespace as described in the [Listing Project Members](#listing-project-members) section.
 
 Delete the projectroletemplatebinding from the project's namespace: