Skip to Content

Changes for page Rancher 2

Last modified by Diana Strebkova on 2026/04/20 09:21
From version 27.1
edited by Diana Strebkova
on 2026/04/20 09:20
Change comment: There is no comment for this version
To version 10.13
edited by Diana Strebkova
on 2025/12/12 12:06
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -158,6 +158,10 @@
158 158  
159 159  == Add public helm chart ==
160 160  
161 +{{warning width="70" title="Chartmuseum Deprecation"}}
162 +Chartmuseum is deprecated in new Harbor versions, we are migrating all helm charts to oci-compatible repositories in Harbor with "PKEY-helm" naming convention. For internal harbor repos, use new approach to add OCI chart repositories in rancher.
163 +{{/warning}}
164 +
161 161  In this section, we describe (% style="color:#172b4d" %)how to add public helm charts like the one of DevOps-as-a-Service to a cluster to allow manual deployments.
162 162  
163 163  (% id="HCreateAppRepositoryinRancher" class="p1" %)
... ... @@ -173,6 +173,49 @@
173 173  (% class="p1" %)
174 174  [[image:attach:Screenshot 2023-04-25 at 13.30.33.png||data-xwiki-image-style-border="true" queryparams="effects=drop-shadow" height="127" width="1100"]]
175 175  
180 +(% id="H" class="p1" %)
181 +==== Target: http(s) URL ====
182 +
183 +{{warning}}
184 +This example is being deprecated, you can still add other external repositories in that way, but all internal harbor-hosted repositories should be added as Target: OCI Repository
185 +{{/warning}}
186 +
187 +(% class="p1" %)
188 +In the "Repository: Create" dialog, simply fill in the following fields. Authentication is not required.
189 +
190 +(% class="wrapped" %)
191 +|=(((
192 +Field
193 +)))|=(((
194 +Value
195 +)))
196 +|=(((
197 +Name
198 +)))|(((
199 +devops-as-a-service
200 +)))
201 +|=(((
202 +Description
203 +)))|(((
204 +Public Helm charts as documented at [[https:~~/~~/docs.devops.t-systems.net>>url:https://docs.devops.t-systems.net||shape="rect"]]
205 +)))
206 +|=(((
207 +Index URL
208 +)))|(((
209 +[[https:~~/~~/registry.sdc.t-systems.net/chartrepo/devopsaas/>>url:https://registry.sdc.t-systems.net/chartrepo/devopsaas/||shape="rect"]]
210 +)))
211 +
212 +[[image:attach:image-2024-2-27_14-29-17.png||data-xwiki-image-style-border="true" queryparams="effects=drop-shadow" width="540"]]
213 +
214 +(% class="p1" %)
215 +Finally, click Create.
216 +
217 +The repository is now listed:
218 +
219 +[[image:Screenshot 2024-07-03 at 15.13.55.png||data-xwiki-image-style-border="true" height="149" width="785"]]
220 +
221 +==== Target: OCI Repository ====
222 +
176 176  To add public oci-repository, navigate to repository create button and click it. For target, use OCI Repository like shown below:
177 177  
178 178  [[image:1765207154466-828.png||height="298" width="821"]]
... ... @@ -200,11 +200,11 @@
200 200  )))|(((
201 201  oci:~/~/registry.sdc.t-systems.net/devopsaas-helm/**<chartname>**, for example:
202 202  
203 -oci:~/~/registry.sdc.t-systems.net/devopsaas-helm/jenkins-auto-agent
250 +oci:~/~/registry.sdc.t-systems.net/devopsaas-helm/jenkins-lib
204 204  
205 -{{box}}
206 -Take into account, that all internal harbor repositories with helm charts have PKEY-helm naming convention, adding repo with both docker images and helm charts is not supported in rancher.
207 -{{/box}}
252 +{{info}}
253 +Take into account, that all internal harbor repositories with helm charts have PKEY-helm naming convention, adding repo with both docker images and helm charts may not be supported in rancher.
254 +{{/info}}
208 208  )))
209 209  
210 210  {{info}}
... ... @@ -225,7 +225,7 @@
225 225  
226 226  To add project specific helm charts to Rancher, a Harbor robot account is needed, that is able to read helm charts and pull repositories. If you don't have such an account yet, please follow the instructions given in the [[Create Robot Account section of the Harbor documentation>>doc:Harbor.Harbor 2\.7 Robot Accounts.WebHome||anchor="create_robot_account"]] and make sure to grant at least the following permissions:
227 227  
228 -* Read Artifact
275 +* Read Helm Chart
229 229  * Pull Repository
230 230  
231 231  (% id="HCreateAppRepositoryinRancher-1" class="p1" %)
... ... @@ -234,17 +234,40 @@
234 234  (% class="p1" %)
235 235  In Rancher UI, switch to the intended cluster and go to Apps/Repositories using the left side menu.
236 236  
284 +(% class="p1" %)
285 +
237 237  [[image:attach:Screenshot 2023-04-25 at 13.11.48.png||data-xwiki-image-style-border="true" queryparams="effects=drop-shadow" height="400" width="209"]]
238 238  
239 239  (% class="p1" %)
240 240  Create a new Repository by pressing the Create button.
241 241  
242 -(% class="p1" id="HTarget:http28s29URL-1" %)
243 -[[image:attach:Screenshot 2023-04-25 at 13.30.33.png||data-xwiki-image-style-border="true" queryparams="effects=drop-shadow" height="127" width="1100"]]
291 +(% id="HTarget:http28s29URL-1" class="p1" %)
292 +==== [[image:attach:Screenshot 2023-04-25 at 13.30.33.png||data-xwiki-image-style-border="true" queryparams="effects=drop-shadow" height="127" width="1100"]] ====
244 244  
245 245  (% id="HTarget:http28s29URL-1" class="p1" %)
246 -==== ====
295 +==== Target: http(s) URL ====
247 247  
297 +{{warning title="Chartmuseum Deprecation"}}
298 +Chartmuseum in Harbor is deprecated, meaning we won't be able to add internal harbor repositories to Rancher that way anymore. Instead use Target: OCI repository.
299 +{{/warning}}
300 +
301 +(% class="p1" %)
302 +A name for the Repository has to be set. In the screenshot, the project name CITEST is used, which corresponds to our example from above.
303 +Choose http(s) URL to an index generated by Helm and provide the Index URL ##https:~/~/registry-<domain>.devops.t-systems.net/chartrepo/<project>/##
304 +
305 +(% class="p1" %)
306 +Replace ##<domain>## and ##<project>## as necessary to match your set-up.
307 +
308 +(% class="p1" %)
309 +For Authentication, select "Create a HTTP Basic Auth Secret" and provide the Username and Password of the Harbor robot account from the previous section.
310 +[[image:attach:Screenshot 2023-04-26 at 18.10.15.png||data-xwiki-image-style-border="true" queryparams="effects=drop-shadow" height="468" width="1100"]]
311 +
312 +(% class="p1" %)
313 +Click Create.
314 +
315 +(% id="HTarget:OCIRepository-1" class="p1" %)
316 +==== Target: OCI Repository ====
317 +
248 248  {{info}}
249 249  Now all internal helm charts are stored in harbor folders with -helm suffix. Adding the whole public project doesn't work natively anymore, so each separate chart should be added as a separate repo.//** If you have a real need to add the whole project, please contact support for finding a possible solution.**//
250 250  {{/info}}
... ... @@ -266,6 +266,7 @@
266 266  (% class="wikigeneratedid" %)
267 267  Click Create.
268 268  
339 +
269 269  (% class="wrapped" %)
270 270  |=(((
271 271  Field
... ... @@ -292,86 +292,10 @@
292 292  {{/info}}
293 293  )))
294 294  
295 -== Migrating chart repositories in rancher to new OCI Repository format ==
366 +=== Migrating chart repositories in rancher to new OCI Repository format ===
296 296  
297 -(% class="box warningmessage" %)
298 -(((
299 -ChartMuseum is deprecated. **All harbor charts are removed from ChartMuseum**, and **old HTTP(S)-based chart repositories no longer work in Rancher (for internal harbor charts)**.
300 -)))
368 +As chartmuseum is getting deprecated, after the full migration the charts will be deleted from chartmuseum and old repositories won't be working in rancher anymore. For smooth migration, we recommend adding an OCI Repository along with the olf http(s) based one during migration process, as we will make the charts available in the new <pkey>-helm projects for you. If you deployed the apps using the previous chart repo, the app contains chart repo name in its labels, so transition process need few steps. First, create <chart-repo-name> OCI repo in rancher. Then disable the old repo for some time in your repositories. After that, go the the application which was deployed using the chart from older repo anf click upgrade, there you will see all available chart repository in your cluster. Scroöö till the end till you find the new repo, choose the chart with the same or different version, and click update. Now you app is connected to new oci repositories and will show upgrade sign when a new version is available. Enable the old repo if you still use it. After this process, even if a new version for the app is availalbe in old repository, you won't see it as its not connected to it anymore. To change it, repeat the previous procees in revet.
301 301  
302 -(% class="box" %)
303 -(((
304 -**All your charts are available in the corresponding  `<pkey>-helm` OCI project.**
305 -)))
306 -
307 -There are two ways to migrate your repositories:
308 -
309 -1. ##Direct Transition (Editing the Existing Repository)##
310 -1*. Change the target to “OCI Repository”.
311 -1*. Update the URL as required (the repository name cannot be changed) and add a new robot account for helm project, check documentation above
312 -1*. After saving, installed apps will automatically start using the updated repository.
313 -1*. (% class="box" %)
314 -(((
315 -Important limitation: OCI repositories must point directly to a single chart repository, not to a parent folder.
316 -If your old repository included several charts (for example “bitbucket” and “jira”), then after switching to OCI you can only target one chart (e.g. “bitbucket”).
317 -The other charts will no longer receive updates through this repo, and you will still need to create additional repositories for each individual chart.
318 -)))
319 -1. Add New Repositories One by One (Recommended), preserve the old one till the end. This approach allows a smooth transition while the old ChartMuseum repository continues to function. You can:
320 -1*. Create a new OCI repository for each chart,
321 -1*. Keep the old ChartMuseum repo enabled during the migration,
322 -1*. Migrate applications gradually following the steps described here.
323 -1*. This avoids disruptions and allows controlled migration.
324 -
325 -1. //Special Case: Old Repo Targeting Multiple Chart Repos//
326 -If your existing repository targets multiple chart repositories and you need the new OCI setup to behave the same way, please **contact support.**
327 -
328 -| Term | Meaning
329 -| **Old Repository** | The existing HTTP/HTTPS Harbor ChartMuseum repository.
330 -| **New Repository** | The new OCI-based Helm chart repository created for your project (e.g. `<chart-repo-name>` in `<pkey>-helm`).
331 -
332 -##__**Why This Migration Is Required:**__##
333 -
334 -* ##ChartMuseum is deprecated.##
335 -* ##Applications deployed from old repos keep a reference to that repo inside their labels.##
336 -* ##Without updating the application to point to the new OCI repo, **Rancher will not detect new chart versions from new repository**.##
337 -
338 -## Migration Steps:##
339 -
340 -1. ##Create the New OCI Repository in Rancher##
341 -11. Go to **Apps → Repositories**.
342 -11. Add a new repository of type **OCI**.
343 -11. Name it similarly to your old repo name (e.g. `<chart-repo-name>-oci`). __**You can't name it the same and can't rename it later.**__
344 -11. Point it to the new OCI endpoint.
345 -1. ##Disable the Old ChartMuseum Repository Temporarily## 
346 -##This step ensures that Rancher resolves charts from the new OCI repo.##
347 -11. Go to **Apps → Repositories**.
348 -11. Disable the old HTTP(S)-based repository.
349 -11. Keep it disabled until the migration is done.
350 -[[image:1765548124989-482.59.06.png||height="152" width="485"]]
351 -1. ##Update Existing Applications to Use the New OCI Repo##
352 -Applications deployed with the old repository still contain the old repo name in their metadata. You must upgrade them once to transition.
353 -11. Go to **Apps → Installed Apps**.
354 -11. Open the application that was deployed using the old repo.
355 -11. Click **Edit/Upgrade**.
356 -[[image:1765548598644-830.png||height="138" width="811"]]
357 -11. In the list of available chart repositories (scroll to the bottom), select the **new OCI repository**. Or enter the chart name in search bar:
358 -[[image:1765548750604-334.png||height="293" width="308"]]
359 -11. Choose the chart version you want to deploy (same or newer).
360 -11. Click **Upgrade**.
361 -1. ##Re-enable the Old Repository (Optional) ##
362 -If you still need the old repo for other apps, re-enable it after the migration steps above.
363 -**Note:** Even if a newer chart version exists in the old repository, your migrated app **will not see it**, because it is no longer connected to that repo
364 -
365 -##If you want to move an app back to the old repository:##
366 -
367 -1. Temporarily disable the new OCI repo.
368 -1. Enable the old ChartMuseum repo.
369 -1. Open the application → **Upgrade**.
370 -1. Select the chart from the old repo.
371 -1. Save.
372 -
373 -This will reconnect the app to the old repository.
374 -
375 375  = Automated deployments with Jenkins =
376 376  
377 377  In this section, we describe(% style="color:#172b4d" %) how to set-up **automated builds, tests and deployments** for Jenkins.
1765548124989-482.59.06.png
Author
... ... @@ -1,1 +1,0 @@
1 -xwiki:XWiki.dianastrebkovat-systemscom
Size
... ... @@ -1,1 +1,0 @@
1 -64.4 KB
Content
1765548598644-830.png
Author
... ... @@ -1,1 +1,0 @@
1 -xwiki:XWiki.dianastrebkovat-systemscom
Size
... ... @@ -1,1 +1,0 @@
1 -153.4 KB
Content
1765548750604-334.png
Author
... ... @@ -1,1 +1,0 @@
1 -xwiki:XWiki.dianastrebkovat-systemscom
Size
... ... @@ -1,1 +1,0 @@
1 -103.0 KB
Content
© 2018-2026 T-Systems International GmbH