Skip to Content

Changes for page Rancher 2

Last modified by Diana Strebkova on 2026/04/20 09:21
From version 3.1
edited by Diana Strebkova
on 2025/12/08 15:17
Change comment: Uploaded new attachment "1765207032873-684.png", version {1}
To version 24.2
edited by Diana Strebkova
on 2026/04/20 09:12
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -159,7 +159,7 @@
159 159  == Add public helm chart ==
160 160  
161 161  {{warning width="70" title="Chartmuseum Deprecation"}}
162 -Chartmuseum is deprecated in new Harbor versions, we are migrating all helm charts to oci-compatible repositories in Harbor! New approach to add chart repositories in rancher.
162 +Chartmuseum is deprecated in new Harbor versions, we are migrating all helm charts to oci-compatible repositories in Harbor with "PKEY-helm" naming convention. For internal harbor repos, use new approach to add OCI chart repositories in rancher.
163 163  {{/warning}}
164 164  
165 165  In this section, we describe (% style="color:#172b4d" %)how to add public helm charts like the one of DevOps-as-a-Service to a cluster to allow manual deployments.
... ... @@ -177,17 +177,10 @@
177 177  (% class="p1" %)
178 178  [[image:attach:Screenshot 2023-04-25 at 13.30.33.png||data-xwiki-image-style-border="true" queryparams="effects=drop-shadow" height="127" width="1100"]]
179 179  
180 -(% id="H" class="p1" %)
181 -==== ====
180 +To add public oci-repository, navigate to repository create button and click it. For target, use OCI Repository like shown below:
182 182  
183 -(% id="HTarget:http28s29URL" class="p1" %)
184 -==== Target: http(s) URL ====
182 +[[image:1765207154466-828.png||height="298" width="821"]]
185 185  
186 -{{warning}}
187 -This example is being deprecated, you can still add other external repositories in that way, but all internal harbor-hosted repositories should be added as Target: OCI Repository
188 -{{/warning}}
189 -
190 -(% class="p1" %)
191 191  In the "Repository: Create" dialog, simply fill in the following fields. Authentication is not required.
192 192  
193 193  (% class="wrapped" %)
... ... @@ -199,7 +199,7 @@
199 199  |=(((
200 200  Name
201 201  )))|(((
202 -devops-as-a-service
195 +devopsaas-jenkins-auto-agent
203 203  )))
204 204  |=(((
205 205  Description
... ... @@ -209,30 +209,96 @@
209 209  |=(((
210 210  Index URL
211 211  )))|(((
212 -[[https:~~/~~/registry.sdc.t-systems.net/chartrepo/devopsaas/>>url:https://registry.sdc.t-systems.net/chartrepo/devopsaas/||shape="rect"]]
205 +oci:~/~/registry.sdc.t-systems.net/devopsaas-helm/**<chartname>**, for example:
206 +
207 +oci:~/~/registry.sdc.t-systems.net/devopsaas-helm/jenkins-auto-agent
208 +
209 +{{box}}
210 +Take into account, that all internal harbor repositories with helm charts have PKEY-helm naming convention, adding repo with both docker images and helm charts is not supported in rancher.
211 +{{/box}}
213 213  )))
214 214  
215 -[[image:attach:image-2024-2-27_14-29-17.png||data-xwiki-image-style-border="true" queryparams="effects=drop-shadow" width="540"]]
214 +{{info}}
215 +Now all internal helm charts are stored in harbor folders with -helm suffix. Adding the whole public project doesn't work natively anymore, so each separate chart should be added as a separate repo. //**If you have a need in adding the whole project with many repositories, please contact support for finding a possible solution.**//
216 +{{/info}}
216 216  
218 +=== Deploy Helm charts ===
219 +
220 +Now go to Apps>Charts and filter if necessary for the devops-as-a-service Helm chart repository. Like shown below, a list of available charts is displayed. Simply click on one of the tiles to deploy them to your cluster.
221 +
222 +Please note that the jenkins-lib charts are only generated for testing purposes. It doesn't make sense to deploy them. Your Jenkins is automatically retrieving the Jenkinslib directly using [[Git>>url:https://prd.sdc.t-systems.net/bitbucket/projects/DEVOPSAAS/repos/sdcloud-caas-jenkins-libs/browse||shape="rect"]].
223 +
224 +[[image:attach:image-2023-5-19_16-1-52.png||data-xwiki-image-style-border="true" queryparams="effects=drop-shadow" width="1100"]]
225 +
226 +== Add private chart repository ==
227 +
228 +=== Create a robot account in Harbor ===
229 +
230 +To add project specific helm charts to Rancher, a Harbor robot account is needed, that is able to read helm charts and pull repositories. If you don't have such an account yet, please follow the instructions given in the [[Create Robot Account section of the Harbor documentation>>doc:Harbor.Harbor 2\.7 Robot Accounts.WebHome||anchor="create_robot_account"]] and make sure to grant at least the following permissions:
231 +
232 +* Read Helm Chart
233 +* Pull Repository
234 +
235 +(% id="HCreateAppRepositoryinRancher-1" class="p1" %)
236 +=== Create App Repository in Rancher ===
237 +
217 217  (% class="p1" %)
218 -Finally, click Create.
239 +In Rancher UI, switch to the intended cluster and go to Apps/Repositories using the left side menu.
219 219  
220 -The repository is now listed:
221 221  
222 -[[image:Screenshot 2024-07-03 at 15.13.55.png||data-xwiki-image-style-border="true" height="149" width="785"]]
242 +[[image:attach:Screenshot 2023-04-25 at 13.11.48.png||data-xwiki-image-style-border="true" queryparams="effects=drop-shadow" height="400" width="209"]]
223 223  
224 -==== ====
244 +(% class="p1" %)
245 +Create a new Repository by pressing the Create button.
225 225  
247 +(% class="p1" id="HTarget:http28s29URL-1" %)
248 +[[image:attach:Screenshot 2023-04-25 at 13.30.33.png||data-xwiki-image-style-border="true" queryparams="effects=drop-shadow" height="127" width="1100"]]
249 +
250 +(% id="HTarget:http28s29URL-1" class="p1" %)
251 +==== Target: http(s) URL ====
252 +
253 +{{warning title="Chartmuseum Deprecation"}}
254 +Chartmuseum in Harbor is deprecated, meaning we won't be able to add internal harbor repositories to Rancher that way anymore. Instead use Target: OCI repository.
255 +{{/warning}}
256 +
257 +(% class="p1" %)
258 +A name for the Repository has to be set. In the screenshot, the project name CITEST is used, which corresponds to our example from above.
259 +Choose http(s) URL to an index generated by Helm and provide the Index URL ##https:~/~/registry-<domain>.devops.t-systems.net/chartrepo/<project>/##
260 +
261 +(% class="p1" %)
262 +Replace ##<domain>## and ##<project>## as necessary to match your set-up.
263 +
264 +(% class="p1" %)
265 +For Authentication, select "Create a HTTP Basic Auth Secret" and provide the Username and Password of the Harbor robot account from the previous section.
266 +[[image:attach:Screenshot 2023-04-26 at 18.10.15.png||data-xwiki-image-style-border="true" queryparams="effects=drop-shadow" height="468" width="1100"]]
267 +
268 +(% class="p1" %)
269 +Click Create.
270 +
271 +(% id="HTarget:OCIRepository-1" class="p1" %)
226 226  ==== Target: OCI Repository ====
227 227  
228 -To add public oci-repository, navigate to repository create button and click it.
274 +{{info}}
275 +Now all internal helm charts are stored in harbor folders with -helm suffix. Adding the whole public project doesn't work natively anymore, so each separate chart should be added as a separate repo.//** If you have a real need to add the whole project, please contact support for finding a possible solution.**//
276 +{{/info}}
229 229  
230 -[[image:1765206888644-487.png||height="320" width="907"]]
278 +(% class="p1" %)
279 +Choose OCI repository in Target and for url, use  ##oci:~/~/registry-<domain>.devops.t-systems.net/<project>-helm/<chartname>##
231 231  
281 +(% class="box" %)
282 +(((
283 +Replace ##<domain>## , ##<project>##  and ##<chartname> ##as necessary to match your set-up. Your charts should be stored in ##<project>-helm ##repository in Harbor, which is created by default when project is created in portal.
284 +)))
232 232  
233 233  (% class="p1" %)
234 -In the "Repository: Create" dialog, simply fill in the following fields. Authentication is not required.
287 +For Authentication, select "Create a HTTP Basic Auth Secret" and provide the Username and Password of the Harbor robot account from the previous section.
235 235  
289 +(% class="wikigeneratedid" %)
290 +[[image:1765208347952-345.36.18.png||height="449" width="849"]]
291 +
292 +(% class="wikigeneratedid" %)
293 +Click Create.
294 +
236 236  (% class="wrapped" %)
237 237  |=(((
238 238  Field
... ... @@ -242,65 +242,105 @@
242 242  |=(((
243 243  Name
244 244  )))|(((
245 -devops-as-a-service-helm
304 +sdcloud-sdportal
246 246  )))
247 247  |=(((
248 248  Description
249 249  )))|(((
250 -Public Helm charts as documented at [[https:~~/~~/docs.devops.t-systems.net>>url:https://docs.devops.t-systems.net||shape="rect"]]
309 +Sdportal charts of sdcloud project
251 251  )))
252 252  |=(((
253 253  Index URL
254 254  )))|(((
255 -[[https:~~/~~/registry.sdc.t-systems.net/chartrepo/devopsaas/>>url:https://registry.sdc.t-systems.net/chartrepo/devopsaas/||shape="rect"]]
314 +oci:~/~/registry.sdc.t-systems.net/sdcloud-helm/sdportal
315 +
316 +{{info}}
317 +Now we should target a chart repo directly, not the whole project. In you need to reference the whole project with a lot of repos, please contact support to find a possible solution.
318 +{{/info}}
256 256  )))
257 257  
321 +== Migrating chart repositories in rancher to new OCI Repository format ==
258 258  
323 +(% class="box warningmessage" %)
324 +(((
325 +ChartMuseum is being deprecated. After the migration is complete, **all harbor charts will be removed from ChartMuseum**, and **old HTTP(S)-based chart repositories will no longer work in Rancher (for internal harbor charts)**.
326 +)))
259 259  
260 -=== Deploy Helm charts ===
328 +(% class="box" %)
329 +(((
330 +**We will make your charts available in the corresponding new `<pkey>-helm` OCI projects. During migration, please adapt your helm push commands and url's for new oci-compatible repository.**
331 +)))
261 261  
262 -Now go to Apps>Charts and filter if necessary for the devops-as-a-service Helm chart repository. Like shown below, a list of available charts is displayed. Simply click on one of the tiles to deploy them to your cluster.
333 +There are two ways to migrate your repositories:
263 263  
264 -Please note that the jenkins-lib charts are only generated for testing purposes. It doesn't make sense to deploy them. Your Jenkins is automatically retrieving the Jenkinslib directly using [[Git>>url:https://prd.sdc.t-systems.net/bitbucket/projects/DEVOPSAAS/repos/sdcloud-caas-jenkins-libs/browse||shape="rect"]].
335 +1. ##Direct Transition (Editing the Existing Repository)##
336 +1*. Change the target to “OCI Repository”.
337 +1*. Update the URL as required (the repository name cannot be changed), check **Target: OCI Repository** documentation above
338 +1*. After saving, installed apps will automatically start using the updated repository.
339 +1*. (% class="box" %)
340 +(((
341 +Important limitation: OCI repositories must point directly to a single chart repository, not to a parent folder.
342 +If your old repository included several charts (for example “bitbucket” and “jira”), then after switching to OCI you can only target one chart (e.g. “bitbucket”).
343 +The other charts will no longer receive updates through this repo, and you will still need to create additional repositories for each individual chart.
344 +)))
345 +1. Add New Repositories One by One (Recommended), preserve the old one till the end. This approach allows a smooth transition while the old ChartMuseum repository continues to function. You can:
346 +1*. Create a new OCI repository for each chart,
347 +1*. Keep the old ChartMuseum repo enabled during the migration,
348 +1*. Migrate applications gradually following the steps described here.
349 +1*. This avoids disruptions and allows controlled migration.
350 +
351 +1. //Special Case: Old Repo Targeting Multiple Chart Repos//
352 +If your existing repository targets multiple chart repositories and you need the new OCI setup to behave the same way, please **contact support.**
265 265  
266 -[[image:attach:image-2023-5-19_16-1-52.png||data-xwiki-image-style-border="true" queryparams="effects=drop-shadow" width="1100"]]
354 +To ensure a smooth transition, we recommend to **add an OCI-based repository alongside the existing ChartMuseum repository** during the migration phase. If you don't w
267 267  
268 -== Add private chart repository ==
356 +| Term | Meaning
357 +| **Old Repository** | The existing HTTP/HTTPS Harbor ChartMuseum repository.
358 +| **New Repository** | The new OCI-based Helm chart repository created for your project (e.g. `<chart-repo-name>` in `<pkey>-helm`).
269 269  
360 +##__**Why This Migration Is Required:**__##
270 270  
271 -=== Create a robot account in Harbor ===
362 +* ##ChartMuseum is deprecated and will be removed.##
363 +* ##Applications deployed from old repos keep a reference to that repo inside their labels.##
364 +* ##Without updating the application to point to the new OCI repo, **Rancher will not detect new chart versions from new repository**.##
272 272  
273 -To add project specific helm charts to Rancher, a Harbor robot account is needed, that is able to read helm charts and pull repositories. If you don't have such an account yet, please follow the instructions given in the [[Create Robot Account section of the Harbor documentation>>doc:Harbor.Harbor 2\.7 Robot Accounts.WebHome||anchor="create_robot_account"]] and make sure to grant at least the following permissions:
366 +## Migration Steps:##
274 274  
275 -* Read Helm Chart
276 -* Pull Repository
368 +1. ##Create the New OCI Repository in Rancher##
369 +11. Go to **Apps → Repositories**.
370 +11. Add a new repository of type **OCI**.
371 +11. Name it similarly to your old repo name (e.g. `<chart-repo-name>-oci`). __**You can't name it the same and can't rename it later.**__
372 +11. Point it to the new OCI endpoint.
373 +1. ##Disable the Old ChartMuseum Repository Temporarily## 
374 +##This step ensures that Rancher resolves charts from the new OCI repo.##
375 +11. Go to **Apps → Repositories**.
376 +11. Disable the old HTTP(S)-based repository.
377 +11. Keep it disabled until the migration is done.
378 +[[image:1765548124989-482.59.06.png||height="152" width="485"]]
379 +1. ##Update Existing Applications to Use the New OCI Repo##
380 +Applications deployed with the old repository still contain the old repo name in their metadata. You must upgrade them once to transition.
381 +11. Go to **Apps → Installed Apps**.
382 +11. Open the application that was deployed using the old repo.
383 +11. Click **Edit/Upgrade**.
384 +[[image:1765548598644-830.png||height="138" width="811"]]
385 +11. In the list of available chart repositories (scroll to the bottom), select the **new OCI repository**. Or enter the chart name in search bar:
386 +[[image:1765548750604-334.png||height="293" width="308"]]
387 +11. Choose the chart version you want to deploy (same or newer).
388 +11. Click **Upgrade**.
389 +1. ##Re-enable the Old Repository (Optional) ##
390 +If you still need the old repo for other apps, re-enable it after the migration steps above.
391 +**Note:** Even if a newer chart version exists in the old repository, your migrated app **will not see it**, because it is no longer connected to that repo
277 277  
278 -(% id="HCreateAppRepositoryinRancher-1" class="p1" %)
279 -=== Create App Repository in Rancher ===
393 +##If you want to move an app back to the old repository:##
280 280  
281 -(% class="p1" %)
282 -In Rancher UI, switch to the intended cluster and go to Apps/Repositories using the left side menu.
283 -[[image:attach:Screenshot 2023-04-25 at 13.11.48.png||data-xwiki-image-style-border="true" queryparams="effects=drop-shadow" height="400" width="209"]]
395 +1. Temporarily disable the new OCI repo.
396 +1. Enable the old ChartMuseum repo.
397 +1. Open the application → **Upgrade**.
398 +1. Select the chart from the old repo.
399 +1. Save.
284 284  
285 -(% class="p1" %)
286 -Create a new Repository by pressing the Create button.
401 +This will reconnect the app to the old repository.
287 287  
288 -(% class="p1" %)
289 -[[image:attach:Screenshot 2023-04-25 at 13.30.33.png||data-xwiki-image-style-border="true" queryparams="effects=drop-shadow" height="127" width="1100"]]
290 -\\A name for the Repository has to be set. In the screenshot, the project name CITEST is used, which corresponds to our example from above.
291 -Choose http(s) URL to an index generated by Helm and provide the Index URL ##https:~/~/registry-<domain>.devops.t-systems.net/chartrepo/<project>/##
292 -
293 -(% class="p1" %)
294 -Replace ##<domain>## and ##<project>## as necessary to match your set-up.
295 -
296 -(% class="p1" %)
297 -For Authentication, select "Create a HTTP Basic Auth Secret" and provide the Username and Password of the Harbor robot account from the previous section.
298 -[[image:attach:Screenshot 2023-04-26 at 18.10.15.png||data-xwiki-image-style-border="true" queryparams="effects=drop-shadow" height="468" width="1100"]]
299 -
300 -(% class="p1" %)
301 -Click Create.
302 -
303 -
304 304  = Automated deployments with Jenkins =
305 305  
306 306  In this section, we describe(% style="color:#172b4d" %) how to set-up **automated builds, tests and deployments** for Jenkins.
1765207154466-828.png
Author
... ... @@ -1,0 +1,1 @@
1 +xwiki:XWiki.dianastrebkovat-systemscom
Size
... ... @@ -1,0 +1,1 @@
1 +143.6 KB
Content
1765208347952-345.36.18.png
Author
... ... @@ -1,0 +1,1 @@
1 +xwiki:XWiki.dianastrebkovat-systemscom
Size
... ... @@ -1,0 +1,1 @@
1 +199.3 KB
Content
1765548124989-482.59.06.png
Author
... ... @@ -1,0 +1,1 @@
1 +xwiki:XWiki.dianastrebkovat-systemscom
Size
... ... @@ -1,0 +1,1 @@
1 +64.4 KB
Content
1765548598644-830.png
Author
... ... @@ -1,0 +1,1 @@
1 +xwiki:XWiki.dianastrebkovat-systemscom
Size
... ... @@ -1,0 +1,1 @@
1 +153.4 KB
Content
1765548750604-334.png
Author
... ... @@ -1,0 +1,1 @@
1 +xwiki:XWiki.dianastrebkovat-systemscom
Size
... ... @@ -1,0 +1,1 @@
1 +103.0 KB
Content
© 2018-2026 T-Systems International GmbH