Skip to Content

Changes for page Rancher 2

Last modified by Diana Strebkova on 2026/04/20 09:21
From version 28.1
edited by Diana Strebkova
on 2026/04/20 09:21
Change comment: There is no comment for this version
To version 12.7
edited by Diana Strebkova
on 2025/12/12 13:01
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -158,6 +158,10 @@
158 158  
159 159  == Add public helm chart ==
160 160  
161 +{{warning width="70" title="Chartmuseum Deprecation"}}
162 +Chartmuseum is deprecated in new Harbor versions, we are migrating all helm charts to oci-compatible repositories in Harbor with "PKEY-helm" naming convention. For internal harbor repos, use new approach to add OCI chart repositories in rancher.
163 +{{/warning}}
164 +
161 161  In this section, we describe (% style="color:#172b4d" %)how to add public helm charts like the one of DevOps-as-a-Service to a cluster to allow manual deployments.
162 162  
163 163  (% id="HCreateAppRepositoryinRancher" class="p1" %)
... ... @@ -173,6 +173,49 @@
173 173  (% class="p1" %)
174 174  [[image:attach:Screenshot 2023-04-25 at 13.30.33.png||data-xwiki-image-style-border="true" queryparams="effects=drop-shadow" height="127" width="1100"]]
175 175  
180 +(% id="H" class="p1" %)
181 +==== Target: http(s) URL ====
182 +
183 +{{warning}}
184 +This example is being deprecated, you can still add other external repositories in that way, but all internal harbor-hosted repositories should be added as Target: OCI Repository
185 +{{/warning}}
186 +
187 +(% class="p1" %)
188 +In the "Repository: Create" dialog, simply fill in the following fields. Authentication is not required.
189 +
190 +(% class="wrapped" %)
191 +|=(((
192 +Field
193 +)))|=(((
194 +Value
195 +)))
196 +|=(((
197 +Name
198 +)))|(((
199 +devops-as-a-service
200 +)))
201 +|=(((
202 +Description
203 +)))|(((
204 +Public Helm charts as documented at [[https:~~/~~/docs.devops.t-systems.net>>url:https://docs.devops.t-systems.net||shape="rect"]]
205 +)))
206 +|=(((
207 +Index URL
208 +)))|(((
209 +[[https:~~/~~/registry.sdc.t-systems.net/chartrepo/devopsaas/>>url:https://registry.sdc.t-systems.net/chartrepo/devopsaas/||shape="rect"]]
210 +)))
211 +
212 +[[image:attach:image-2024-2-27_14-29-17.png||data-xwiki-image-style-border="true" queryparams="effects=drop-shadow" width="540"]]
213 +
214 +(% class="p1" %)
215 +Finally, click Create.
216 +
217 +The repository is now listed:
218 +
219 +[[image:Screenshot 2024-07-03 at 15.13.55.png||data-xwiki-image-style-border="true" height="149" width="785"]]
220 +
221 +==== Target: OCI Repository ====
222 +
176 176  To add public oci-repository, navigate to repository create button and click it. For target, use OCI Repository like shown below:
177 177  
178 178  [[image:1765207154466-828.png||height="298" width="821"]]
... ... @@ -200,11 +200,11 @@
200 200  )))|(((
201 201  oci:~/~/registry.sdc.t-systems.net/devopsaas-helm/**<chartname>**, for example:
202 202  
203 -oci:~/~/registry.sdc.t-systems.net/devopsaas-helm/jenkins-auto-agent
250 +oci:~/~/registry.sdc.t-systems.net/devopsaas-helm/jenkins-lib
204 204  
205 -{{box}}
206 -Take into account, that all internal harbor repositories with helm charts have PKEY-helm naming convention, adding repo with both docker images and helm charts is not supported in rancher.
207 -{{/box}}
252 +{{info}}
253 +Take into account, that all internal harbor repositories with helm charts have PKEY-helm naming convention, adding repo with both docker images and helm charts may not be supported in rancher.
254 +{{/info}}
208 208  )))
209 209  
210 210  {{info}}
... ... @@ -225,7 +225,7 @@
225 225  
226 226  To add project specific helm charts to Rancher, a Harbor robot account is needed, that is able to read helm charts and pull repositories. If you don't have such an account yet, please follow the instructions given in the [[Create Robot Account section of the Harbor documentation>>doc:Harbor.Harbor 2\.7 Robot Accounts.WebHome||anchor="create_robot_account"]] and make sure to grant at least the following permissions:
227 227  
228 -* Read Artifact
275 +* Read Helm Chart
229 229  * Pull Repository
230 230  
231 231  (% id="HCreateAppRepositoryinRancher-1" class="p1" %)
... ... @@ -234,16 +234,39 @@
234 234  (% class="p1" %)
235 235  In Rancher UI, switch to the intended cluster and go to Apps/Repositories using the left side menu.
236 236  
284 +
237 237  [[image:attach:Screenshot 2023-04-25 at 13.11.48.png||data-xwiki-image-style-border="true" queryparams="effects=drop-shadow" height="400" width="209"]]
238 238  
239 239  (% class="p1" %)
240 240  Create a new Repository by pressing the Create button.
241 241  
242 -(% class="p1" id="HTarget:http28s29URL-1" %)
243 -[[image:attach:Screenshot 2023-04-25 at 13.30.33.png||data-xwiki-image-style-border="true" queryparams="effects=drop-shadow" height="127" width="1100"]]
290 +(% id="HTarget:http28s29URL-1" class="p1" %)
291 +==== [[image:attach:Screenshot 2023-04-25 at 13.30.33.png||data-xwiki-image-style-border="true" queryparams="effects=drop-shadow" height="127" width="1100"]] ====
244 244  
245 245  (% id="HTarget:http28s29URL-1" class="p1" %)
294 +==== Target: http(s) URL ====
246 246  
296 +{{warning title="Chartmuseum Deprecation"}}
297 +Chartmuseum in Harbor is deprecated, meaning we won't be able to add internal harbor repositories to Rancher that way anymore. Instead use Target: OCI repository.
298 +{{/warning}}
299 +
300 +(% class="p1" %)
301 +A name for the Repository has to be set. In the screenshot, the project name CITEST is used, which corresponds to our example from above.
302 +Choose http(s) URL to an index generated by Helm and provide the Index URL ##https:~/~/registry-<domain>.devops.t-systems.net/chartrepo/<project>/##
303 +
304 +(% class="p1" %)
305 +Replace ##<domain>## and ##<project>## as necessary to match your set-up.
306 +
307 +(% class="p1" %)
308 +For Authentication, select "Create a HTTP Basic Auth Secret" and provide the Username and Password of the Harbor robot account from the previous section.
309 +[[image:attach:Screenshot 2023-04-26 at 18.10.15.png||data-xwiki-image-style-border="true" queryparams="effects=drop-shadow" height="468" width="1100"]]
310 +
311 +(% class="p1" %)
312 +Click Create.
313 +
314 +(% id="HTarget:OCIRepository-1" class="p1" %)
315 +==== Target: OCI Repository ====
316 +
247 247  {{info}}
248 248  Now all internal helm charts are stored in harbor folders with -helm suffix. Adding the whole public project doesn't work natively anymore, so each separate chart should be added as a separate repo.//** If you have a real need to add the whole project, please contact support for finding a possible solution.**//
249 249  {{/info}}
... ... @@ -291,38 +291,23 @@
291 291  {{/info}}
292 292  )))
293 293  
294 -== Migrating chart repositories in rancher to new OCI Repository format ==
364 +=== Migrating chart repositories in rancher to new OCI Repository format ===
295 295  
296 296  (% class="box warningmessage" %)
297 297  (((
298 -ChartMuseum is deprecated. **All harbor charts are removed from ChartMuseum**, and **old HTTP(S)-based chart repositories no longer work in Rancher (for internal harbor charts)**.
368 +ChartMuseum is being deprecated. After the migration is complete, **all harbor charts will be removed from ChartMuseum**, and **old HTTP(S)-based chart repositories will no longer work in Rancher (for internal harbor charts)**.
299 299  )))
300 300  
301 -(% class="box" %)
302 -(((
303 -**All your charts are available in the corresponding  `<pkey>-helm` OCI project.**
304 -)))
371 +There are 2 ways to "migrate" the repos:
305 305  
306 -There are two ways to migrate your repositories:
373 +1. You can do the fast transition - edit already existing repository and ch
307 307  
308 -1. ##Direct Transition (Editing the Existing Repository)##
309 -1*. Change the target to “OCI Repository”.
310 -1*. Update the URL as required (the repository name cannot be changed) and add a new robot account for helm project, check documentation above
311 -1*. After saving, installed apps will automatically start using the updated repository.
312 -1*. (% class="box" %)
375 +To ensure a smooth transition, we recommend to **add an OCI-based repository alongside the existing ChartMuseum repository** during the migration phase. If you don't w
376 +
377 +(% class="box" %)
313 313  (((
314 -Important limitation: OCI repositories must point directly to a single chart repository, not to a parent folder.
315 -If your old repository included several charts (for example “bitbucket” and “jira”), then after switching to OCI you can only target one chart (e.g. “bitbucket”).
316 -The other charts will no longer receive updates through this repo, and you will still need to create additional repositories for each individual chart.
379 +**We will make your charts available in the corresponding new `<pkey>-helm` OCI projects.**
317 317  )))
318 -1. Add New Repositories One by One (Recommended), preserve the old one till the end. This approach allows a smooth transition while the old ChartMuseum repository continues to function. You can:
319 -1*. Create a new OCI repository for each chart,
320 -1*. Keep the old ChartMuseum repo enabled during the migration,
321 -1*. Migrate applications gradually following the steps described here.
322 -1*. This avoids disruptions and allows controlled migration.
323 -
324 -1. //Special Case: Old Repo Targeting Multiple Chart Repos//
325 -If your existing repository targets multiple chart repositories and you need the new OCI setup to behave the same way, please **contact support.**
326 326  
327 327  | Term | Meaning
328 328  | **Old Repository** | The existing HTTP/HTTPS Harbor ChartMuseum repository.
... ... @@ -330,7 +330,7 @@
330 330  
331 331  ##__**Why This Migration Is Required:**__##
332 332  
333 -* ##ChartMuseum is deprecated.##
388 +* ##ChartMuseum is deprecated and will be removed.##
334 334  * ##Applications deployed from old repos keep a reference to that repo inside their labels.##
335 335  * ##Without updating the application to point to the new OCI repo, **Rancher will not detect new chart versions from new repository**.##
336 336  
... ... @@ -339,7 +339,7 @@
339 339  1. ##Create the New OCI Repository in Rancher##
340 340  11. Go to **Apps → Repositories**.
341 341  11. Add a new repository of type **OCI**.
342 -11. Name it similarly to your old repo name (e.g. `<chart-repo-name>-oci`). __**You can't name it the same and can't rename it later.**__
397 +11. Name it similarly to your old repo name (e.g. `<chart-repo-name>-oci`). You can't name it the same.
343 343  11. Point it to the new OCI endpoint.
344 344  1. ##Disable the Old ChartMuseum Repository Temporarily## 
345 345  ##This step ensures that Rancher resolves charts from the new OCI repo.##
... ... @@ -346,15 +346,12 @@
346 346  11. Go to **Apps → Repositories**.
347 347  11. Disable the old HTTP(S)-based repository.
348 348  11. Keep it disabled until the migration is done.
349 -[[image:1765548124989-482.59.06.png||height="152" width="485"]]
350 350  1. ##Update Existing Applications to Use the New OCI Repo##
351 351  Applications deployed with the old repository still contain the old repo name in their metadata. You must upgrade them once to transition.
352 352  11. Go to **Apps → Installed Apps**.
353 353  11. Open the application that was deployed using the old repo.
354 -11. Click **Edit/Upgrade**.
355 -[[image:1765548598644-830.png||height="138" width="811"]]
356 -11. In the list of available chart repositories (scroll to the bottom), select the **new OCI repository**. Or enter the chart name in search bar:
357 -[[image:1765548750604-334.png||height="293" width="308"]]
408 +11. Click **Upgrade**.
409 +11. In the list of available chart repositories (scroll to the bottom), select the **new OCI repository**.
358 358  11. Choose the chart version you want to deploy (same or newer).
359 359  11. Click **Upgrade**.
360 360  1. ##Re-enable the Old Repository (Optional) ##
... ... @@ -361,8 +361,11 @@
361 361  If you still need the old repo for other apps, re-enable it after the migration steps above.
362 362  **Note:** Even if a newer chart version exists in the old repository, your migrated app **will not see it**, because it is no longer connected to that repo
363 363  
364 -##If you want to move an app back to the old repository:##
416 +----
365 365  
418 +## Reverting the Migration (If Needed)
419 +If you want to move an app back to the old repository:##
420 +
366 366  1. Temporarily disable the new OCI repo.
367 367  1. Enable the old ChartMuseum repo.
368 368  1. Open the application → **Upgrade**.
... ... @@ -371,7 +371,8 @@
371 371  
372 372  This will reconnect the app to the old repository.
373 373  
374 -= Automated deployments with Jenkins =
429 +=
430 +Automated deployments with Jenkins =
375 375  
376 376  In this section, we describe(% style="color:#172b4d" %) how to set-up **automated builds, tests and deployments** for Jenkins.
377 377  
1765548124989-482.59.06.png
Author
... ... @@ -1,1 +1,0 @@
1 -xwiki:XWiki.dianastrebkovat-systemscom
Size
... ... @@ -1,1 +1,0 @@
1 -64.4 KB
Content
1765548598644-830.png
Author
... ... @@ -1,1 +1,0 @@
1 -xwiki:XWiki.dianastrebkovat-systemscom
Size
... ... @@ -1,1 +1,0 @@
1 -153.4 KB
Content
1765548750604-334.png
Author
... ... @@ -1,1 +1,0 @@
1 -xwiki:XWiki.dianastrebkovat-systemscom
Size
... ... @@ -1,1 +1,0 @@
1 -103.0 KB
Content
© 2018-2026 T-Systems International GmbH