Authorized Cluster Endpoint for RKE2/K3s

[ashawka]

An authorized cluster endpoint allows users to connect to the Kubernetes API server of a downstream cluster without having to route their requests through the Rancher authentication proxy. The authorized cluster endpoint only works on Rancher-launched Kubernetes clusters. In other words, it only works in clusters where Rancher used RKE to provision the cluster. https://docs.ranchermanager.rancher.io/reference-guides/rancher-manager-architecture/communicating-with-downstream-user-clusters#4-authorized-cluster-endpoint

Feedback:

• docs says that this is only available on RKE.
• It is also available for RKE2, while provisioning RKE2 cluster, you can find that option under networking section, which is disabled by default.

[catherineluse]

I think it should be emphasized what the defaults are because the setting can't be changed after the cluster is created. While ACE is enabled by default for RKE1 and K3s, it is disabled by default for RKE2.

[ghost]

The guide on how to directly access a cluster was also missing the configuration changes which were needed on rke2, so I created a pull request with a small hint pointing at the right documentation.