Skip to Content

Changes for page Rancher 2

Last modified by Diana Strebkova on 2025/12/12 14:23
From version 12.15
edited by Diana Strebkova
on 2025/12/12 13:22
Change comment: There is no comment for this version
To version 10.2
edited by Diana Strebkova
on 2025/12/12 11:41
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -159,7 +159,7 @@
159 159  == Add public helm chart ==
160 160  
161 161  {{warning width="70" title="Chartmuseum Deprecation"}}
162 -Chartmuseum is deprecated in new Harbor versions, we are migrating all helm charts to oci-compatible repositories in Harbor with "PKEY-helm" naming convention. For internal harbor repos, use new approach to add OCI chart repositories in rancher.
162 +Chartmuseum is deprecated in new Harbor versions, we are migrating all helm charts to oci-compatible repositories in Harbor with "PKEY-helm naming convention. For internal harbor repos, use new approach to add OCI chart repositories in rancher.
163 163  {{/warning}}
164 164  
165 165  In this section, we describe (% style="color:#172b4d" %)how to add public helm charts like the one of DevOps-as-a-Service to a cluster to allow manual deployments.
... ... @@ -220,7 +220,7 @@
220 220  
221 221  ==== Target: OCI Repository ====
222 222  
223 -To add public oci-repository, navigate to repository create button and click it. For target, use OCI Repository like shown below:
223 +To add public oci-repository, navigate to repository create button and click it.
224 224  
225 225  [[image:1765207154466-828.png||height="298" width="821"]]
226 226  
... ... @@ -245,17 +245,13 @@
245 245  |=(((
246 246  Index URL
247 247  )))|(((
248 -oci:~/~/registry.sdc.t-systems.net/devopsaas-helm/**<chartname>**, for example:
248 +oci:[[~~/~~/registry.sdc.t-systems.net/chartrepo/devopsaas-helm/>>url:https://registry.sdc.t-systems.net/chartrepo/devopsaas/||shape="rect"]]chartname, for example:
249 249  
250 -oci:~/~/registry.sdc.t-systems.net/devopsaas-helm/jenkins-lib
251 -
252 -{{info}}
253 -Take into account, that all internal harbor repositories with helm charts have PKEY-helm naming convention, adding repo with both docker images and helm charts may not be supported in rancher.
254 -{{/info}}
250 +oci:[[~~/~~/registry.sdc.t-systems.net/>>url:https://registry.sdc.t-systems.net/chartrepo/devopsaas/||shape="rect"]][[devopsaas-helm/jenkins-lib>>url:https://registry-manoni.devops.t-systems.net/harbor/projects/139/repositories/jenkins-lib]]
255 255  )))
256 256  
257 257  {{info}}
258 -Now all internal helm charts are stored in harbor folders with -helm suffix. Adding the whole public project doesn't work natively anymore, so each separate chart should be added as a separate repo. //**If you have a need in adding the whole project with many repositories, please contact support for finding a possible solution.**//
254 +Now all internal helm charts are stored in harbor folders with -helm suffix. Adding the whole public project doesn't work natively anymore, so each separate chart should be added as a separate repo.
259 259  {{/info}}
260 260  
261 261  === Deploy Helm charts ===
... ... @@ -268,6 +268,7 @@
268 268  
269 269  == Add private chart repository ==
270 270  
267 +
271 271  === Create a robot account in Harbor ===
272 272  
273 273  To add project specific helm charts to Rancher, a Harbor robot account is needed, that is able to read helm charts and pull repositories. If you don't have such an account yet, please follow the instructions given in the [[Create Robot Account section of the Harbor documentation>>doc:Harbor.Harbor 2\.7 Robot Accounts.WebHome||anchor="create_robot_account"]] and make sure to grant at least the following permissions:
... ... @@ -280,8 +280,6 @@
280 280  
281 281  (% class="p1" %)
282 282  In Rancher UI, switch to the intended cluster and go to Apps/Repositories using the left side menu.
283 -
284 -
285 285  [[image:attach:Screenshot 2023-04-25 at 13.11.48.png||data-xwiki-image-style-border="true" queryparams="effects=drop-shadow" height="400" width="209"]]
286 286  
287 287  (% class="p1" %)
... ... @@ -294,7 +294,7 @@
294 294  ==== Target: http(s) URL ====
295 295  
296 296  {{warning title="Chartmuseum Deprecation"}}
297 -Chartmuseum in Harbor is deprecated, meaning we won't be able to add internal harbor repositories to Rancher that way anymore. Instead use Target: OCI repository.
292 +Chartmuseum in Harbor is deprecated, meaning we won't be able to add repositories to Rancher that way anymore. Instead use Target: OCI repository.
298 298  {{/warning}}
299 299  
300 300  (% class="p1" %)
... ... @@ -315,16 +315,14 @@
315 315  ==== Target: OCI Repository ====
316 316  
317 317  {{info}}
318 -Now all internal helm charts are stored in harbor folders with -helm suffix. Adding the whole public project doesn't work natively anymore, so each separate chart should be added as a separate repo.//** If you have a real need to add the whole project, please contact support for finding a possible solution.**//
313 +Now all internal helm charts are stored in harbor folders with -helm suffix. Adding the whole public project doesn't work natively anymore, so each separate chart should be added as a separate repo.
319 319  {{/info}}
320 320  
321 321  (% class="p1" %)
322 -Choose OCI repository in Target and for url, use  ##oci:~/~/registry-<domain>.devops.t-systems.net/<project>-helm/<chartname>##
317 +Choose OCI repository in Target and for url, use  ##oci:~/~/registry-<domain>.devops.t-systems.net/<project>-helm/<chatname>##
323 323  
324 -(% class="box" %)
325 -(((
326 -Replace ##<domain>## , ##<project>##  and ##<chartname> ##as necessary to match your set-up. Your charts should be stored in ##<project>-helm ##repository in Harbor, which is created by default when project is created in portal.
327 -)))
319 +(% class="p1" %)
320 +Replace ##<domain>## , ##<project>##  and ##<chatname> ##as necessary to match your set-up.
328 328  
329 329  (% class="p1" %)
330 330  For Authentication, select "Create a HTTP Basic Auth Secret" and provide the Username and Password of the Harbor robot account from the previous section.
... ... @@ -335,125 +335,8 @@
335 335  (% class="wikigeneratedid" %)
336 336  Click Create.
337 337  
338 -(% class="wrapped" %)
339 -|=(((
340 -Field
341 -)))|=(((
342 -Value
343 -)))
344 -|=(((
345 -Name
346 -)))|(((
347 -sdcloud-sdportal
348 -)))
349 -|=(((
350 -Description
351 -)))|(((
352 -Sdportal charts of sdcloud project
353 -)))
354 -|=(((
355 -Index URL
356 -)))|(((
357 -oci:~/~/registry.sdc.t-systems.net/sdcloud-helm/sdportal
331 += Automated deployments with Jenkins =
358 358  
359 -{{info}}
360 -Now we should target a chart repo directly, not the whole project. In you need to reference the whole project with a lot of repos, please contact support to find a possible solution.
361 -{{/info}}
362 -)))
363 -
364 -=== Migrating chart repositories in rancher to new OCI Repository format ===
365 -
366 -(% class="box warningmessage" %)
367 -(((
368 -ChartMuseum is being deprecated. After the migration is complete, **all harbor charts will be removed from ChartMuseum**, and **old HTTP(S)-based chart repositories will no longer work in Rancher (for internal harbor charts)**.
369 -)))
370 -
371 -There are two ways to migrate your repositories:
372 -
373 -1. Direct Transition (Editing the Existing Repository)
374 - You can modify the existing repository directly:
375 -Change the target to “OCI Repository”.
376 -
377 -* Update the URL as required (the repository name cannot be changed).
378 -
379 -After saving, installed apps will automatically start using the updated repository.
380 -
381 -Important limitation: OCI repositories must point directly to a single chart repository, not to a parent folder.
382 -If your old repository included several charts (for example “bitbucket” and “jira”), then after switching to OCI you can only target one chart (e.g. “bitbucket”).
383 -The other charts will no longer receive updates through this repo, and you will still need to create additional repositories for each individual chart.
384 -
385 -1. Add New Repositories One by One (Recommended)
386 -
387 -This approach allows a smooth transition while the old ChartMuseum repository continues to function.
388 -You can:
389 -
390 -* Create a new OCI repository for each chart,
391 -* Keep the old ChartMuseum repo enabled during the migration,
392 -* Migrate applications gradually following the steps described in the main migration guide.
393 -
394 -This avoids disruptions and allows controlled migration.
395 -
396 -Special Case: Old Repo Targeting Multiple Chart Repos
397 -
398 -If your existing repository targets multiple chart repositories and you need the new OCI setup to behave the same way, please contact support. OCI does not support multi-chart endpoints within a single repository, and we can help you find an appropriate solution.
399 -
400 -To ensure a smooth transition, we recommend to **add an OCI-based repository alongside the existing ChartMuseum repository** during the migration phase. If you don't w
401 -
402 -(% class="box" %)
403 -(((
404 -**We will make your charts available in the corresponding new `<pkey>-helm` OCI projects.**
405 -)))
406 -
407 -| Term | Meaning
408 -| **Old Repository** | The existing HTTP/HTTPS Harbor ChartMuseum repository.
409 -| **New Repository** | The new OCI-based Helm chart repository created for your project (e.g. `<chart-repo-name>` in `<pkey>-helm`).
410 -
411 -##__**Why This Migration Is Required:**__##
412 -
413 -* ##ChartMuseum is deprecated and will be removed.##
414 -* ##Applications deployed from old repos keep a reference to that repo inside their labels.##
415 -* ##Without updating the application to point to the new OCI repo, **Rancher will not detect new chart versions from new repository**.##
416 -
417 -## Migration Steps:##
418 -
419 -1. ##Create the New OCI Repository in Rancher##
420 -11. Go to **Apps → Repositories**.
421 -11. Add a new repository of type **OCI**.
422 -11. Name it similarly to your old repo name (e.g. `<chart-repo-name>-oci`). You can't name it the same.
423 -11. Point it to the new OCI endpoint.
424 -1. ##Disable the Old ChartMuseum Repository Temporarily## 
425 -##This step ensures that Rancher resolves charts from the new OCI repo.##
426 -11. Go to **Apps → Repositories**.
427 -11. Disable the old HTTP(S)-based repository.
428 -11. Keep it disabled until the migration is done.
429 -1. ##Update Existing Applications to Use the New OCI Repo##
430 -Applications deployed with the old repository still contain the old repo name in their metadata. You must upgrade them once to transition.
431 -11. Go to **Apps → Installed Apps**.
432 -11. Open the application that was deployed using the old repo.
433 -11. Click **Upgrade**.
434 -11. In the list of available chart repositories (scroll to the bottom), select the **new OCI repository**.
435 -11. Choose the chart version you want to deploy (same or newer).
436 -11. Click **Upgrade**.
437 -1. ##Re-enable the Old Repository (Optional) ##
438 -If you still need the old repo for other apps, re-enable it after the migration steps above.
439 -**Note:** Even if a newer chart version exists in the old repository, your migrated app **will not see it**, because it is no longer connected to that repo
440 -
441 -----
442 -
443 -## Reverting the Migration (If Needed)
444 -If you want to move an app back to the old repository:##
445 -
446 -1. Temporarily disable the new OCI repo.
447 -1. Enable the old ChartMuseum repo.
448 -1. Open the application → **Upgrade**.
449 -1. Select the chart from the old repo.
450 -1. Save.
451 -
452 -This will reconnect the app to the old repository.
453 -
454 -=
455 -Automated deployments with Jenkins =
456 -
457 457  In this section, we describe(% style="color:#172b4d" %) how to set-up **automated builds, tests and deployments** for Jenkins.
458 458  
459 459  == Prerequisites ==
© 2018-2025 T-Systems International GmbH