Skip to Content

Changes for page Rancher 2

Last modified by Diana Strebkova on 2025/12/12 14:23
From version 10.6
edited by Diana Strebkova
on 2025/12/12 11:48
Change comment: There is no comment for this version
To version 12.9
edited by Diana Strebkova
on 2025/12/12 13:10
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -268,7 +268,7 @@
268 268  
269 269  == Add private chart repository ==
270 270  
271 -Create a robot account in Harbor
271 +=== Create a robot account in Harbor ===
272 272  
273 273  To add project specific helm charts to Rancher, a Harbor robot account is needed, that is able to read helm charts and pull repositories. If you don't have such an account yet, please follow the instructions given in the [[Create Robot Account section of the Harbor documentation>>doc:Harbor.Harbor 2\.7 Robot Accounts.WebHome||anchor="create_robot_account"]] and make sure to grant at least the following permissions:
274 274  
... ... @@ -280,6 +280,8 @@
280 280  
281 281  (% class="p1" %)
282 282  In Rancher UI, switch to the intended cluster and go to Apps/Repositories using the left side menu.
283 +
284 +
283 283  [[image:attach:Screenshot 2023-04-25 at 13.11.48.png||data-xwiki-image-style-border="true" queryparams="effects=drop-shadow" height="400" width="209"]]
284 284  
285 285  (% class="p1" %)
... ... @@ -292,7 +292,7 @@
292 292  ==== Target: http(s) URL ====
293 293  
294 294  {{warning title="Chartmuseum Deprecation"}}
295 -Chartmuseum in Harbor is deprecated, meaning we won't be able to add repositories to Rancher that way anymore. Instead use Target: OCI repository.
297 +Chartmuseum in Harbor is deprecated, meaning we won't be able to add internal harbor repositories to Rancher that way anymore. Instead use Target: OCI repository.
296 296  {{/warning}}
297 297  
298 298  (% class="p1" %)
... ... @@ -313,14 +313,16 @@
313 313  ==== Target: OCI Repository ====
314 314  
315 315  {{info}}
316 -Now all internal helm charts are stored in harbor folders with -helm suffix. Adding the whole public project doesn't work natively anymore, so each separate chart should be added as a separate repo.
318 +Now all internal helm charts are stored in harbor folders with -helm suffix. Adding the whole public project doesn't work natively anymore, so each separate chart should be added as a separate repo.//** If you have a real need to add the whole project, please contact support for finding a possible solution.**//
317 317  {{/info}}
318 318  
319 319  (% class="p1" %)
320 -Choose OCI repository in Target and for url, use  ##oci:~/~/registry-<domain>.devops.t-systems.net/<project>-helm/<chatname>##
322 +Choose OCI repository in Target and for url, use  ##oci:~/~/registry-<domain>.devops.t-systems.net/<project>-helm/<chartname>##
321 321  
322 -(% class="p1" %)
323 -Replace ##<domain>## , ##<project>##  and ##<chatname> ##as necessary to match your set-up.
324 +(% class="box" %)
325 +(((
326 +Replace ##<domain>## , ##<project>##  and ##<chartname> ##as necessary to match your set-up. Your charts should be stored in ##<project>-helm ##repository in Harbor, which is created by default when project is created in portal.
327 +)))
324 324  
325 325  (% class="p1" %)
326 326  For Authentication, select "Create a HTTP Basic Auth Secret" and provide the Username and Password of the Harbor robot account from the previous section.
... ... @@ -331,8 +331,100 @@
331 331  (% class="wikigeneratedid" %)
332 332  Click Create.
333 333  
334 -= Automated deployments with Jenkins =
338 +(% class="wrapped" %)
339 +|=(((
340 +Field
341 +)))|=(((
342 +Value
343 +)))
344 +|=(((
345 +Name
346 +)))|(((
347 +sdcloud-sdportal
348 +)))
349 +|=(((
350 +Description
351 +)))|(((
352 +Sdportal charts of sdcloud project
353 +)))
354 +|=(((
355 +Index URL
356 +)))|(((
357 +oci:~/~/registry.sdc.t-systems.net/sdcloud-helm/sdportal
335 335  
359 +{{info}}
360 +Now we should target a chart repo directly, not the whole project. In you need to reference the whole project with a lot of repos, please contact support to find a possible solution.
361 +{{/info}}
362 +)))
363 +
364 +=== Migrating chart repositories in rancher to new OCI Repository format ===
365 +
366 +(% class="box warningmessage" %)
367 +(((
368 +ChartMuseum is being deprecated. After the migration is complete, **all harbor charts will be removed from ChartMuseum**, and **old HTTP(S)-based chart repositories will no longer work in Rancher (for internal harbor charts)**.
369 +)))
370 +
371 +There are 2 ways to "migrate" the repos:
372 +
373 +1. You can do the fast transition - edit already existing repository – choose //Target: OCI repository //and adapt the url (__repo name can't be changed__), then the installed apps will pick app the repo change automatically. The problem is that the OCI repository recommends to target chart repos in the url, not the whole folder anymore.  That means if you deployed previously different apps using the old repo, for example "bitbucket" and "jira", now you can only target one repo, for example "bitbucket"
374 +
375 +To ensure a smooth transition, we recommend to **add an OCI-based repository alongside the existing ChartMuseum repository** during the migration phase. If you don't w
376 +
377 +(% class="box" %)
378 +(((
379 +**We will make your charts available in the corresponding new `<pkey>-helm` OCI projects.**
380 +)))
381 +
382 +| Term | Meaning
383 +| **Old Repository** | The existing HTTP/HTTPS Harbor ChartMuseum repository.
384 +| **New Repository** | The new OCI-based Helm chart repository created for your project (e.g. `<chart-repo-name>` in `<pkey>-helm`).
385 +
386 +##__**Why This Migration Is Required:**__##
387 +
388 +* ##ChartMuseum is deprecated and will be removed.##
389 +* ##Applications deployed from old repos keep a reference to that repo inside their labels.##
390 +* ##Without updating the application to point to the new OCI repo, **Rancher will not detect new chart versions from new repository**.##
391 +
392 +## Migration Steps:##
393 +
394 +1. ##Create the New OCI Repository in Rancher##
395 +11. Go to **Apps → Repositories**.
396 +11. Add a new repository of type **OCI**.
397 +11. Name it similarly to your old repo name (e.g. `<chart-repo-name>-oci`). You can't name it the same.
398 +11. Point it to the new OCI endpoint.
399 +1. ##Disable the Old ChartMuseum Repository Temporarily## 
400 +##This step ensures that Rancher resolves charts from the new OCI repo.##
401 +11. Go to **Apps → Repositories**.
402 +11. Disable the old HTTP(S)-based repository.
403 +11. Keep it disabled until the migration is done.
404 +1. ##Update Existing Applications to Use the New OCI Repo##
405 +Applications deployed with the old repository still contain the old repo name in their metadata. You must upgrade them once to transition.
406 +11. Go to **Apps → Installed Apps**.
407 +11. Open the application that was deployed using the old repo.
408 +11. Click **Upgrade**.
409 +11. In the list of available chart repositories (scroll to the bottom), select the **new OCI repository**.
410 +11. Choose the chart version you want to deploy (same or newer).
411 +11. Click **Upgrade**.
412 +1. ##Re-enable the Old Repository (Optional) ##
413 +If you still need the old repo for other apps, re-enable it after the migration steps above.
414 +**Note:** Even if a newer chart version exists in the old repository, your migrated app **will not see it**, because it is no longer connected to that repo
415 +
416 +----
417 +
418 +## Reverting the Migration (If Needed)
419 +If you want to move an app back to the old repository:##
420 +
421 +1. Temporarily disable the new OCI repo.
422 +1. Enable the old ChartMuseum repo.
423 +1. Open the application → **Upgrade**.
424 +1. Select the chart from the old repo.
425 +1. Save.
426 +
427 +This will reconnect the app to the old repository.
428 +
429 +=
430 +Automated deployments with Jenkins =
431 +
336 336  In this section, we describe(% style="color:#172b4d" %) how to set-up **automated builds, tests and deployments** for Jenkins.
337 337  
338 338  == Prerequisites ==
© 2018-2025 T-Systems International GmbH