Changes for page Rancher 2
Last modified by Diana Strebkova on 2025/12/12 14:23
From version 9.1
edited by Diana Strebkova
on 2025/12/08 15:43
on 2025/12/08 15:43
Change comment:
There is no comment for this version
To version 11.1
edited by Diana Strebkova
on 2025/12/12 12:08
on 2025/12/12 12:08
Change comment:
There is no comment for this version
Summary
-
Page properties (1 modified, 0 added, 0 removed)
Details
- Page properties
-
- Content
-
... ... @@ -159,7 +159,7 @@ 159 159 == Add public helm chart == 160 160 161 161 {{warning width="70" title="Chartmuseum Deprecation"}} 162 -Chartmuseum is deprecated in new Harbor versions, we are migrating all helm charts to oci-compatible repositories in Harbor !New approach to add chart repositories in rancher.162 +Chartmuseum is deprecated in new Harbor versions, we are migrating all helm charts to oci-compatible repositories in Harbor with "PKEY-helm" naming convention. For internal harbor repos, use new approach to add OCI chart repositories in rancher. 163 163 {{/warning}} 164 164 165 165 In this section, we describe (% style="color:#172b4d" %)how to add public helm charts like the one of DevOps-as-a-Service to a cluster to allow manual deployments. ... ... @@ -218,11 +218,9 @@ 218 218 219 219 [[image:Screenshot 2024-07-03 at 15.13.55.png||data-xwiki-image-style-border="true" height="149" width="785"]] 220 220 221 -==== ==== 222 - 223 223 ==== Target: OCI Repository ==== 224 224 225 -To add public oci-repository, navigate to repository create button and click it. 223 +To add public oci-repository, navigate to repository create button and click it. For target, use OCI Repository like shown below: 226 226 227 227 [[image:1765207154466-828.png||height="298" width="821"]] 228 228 ... ... @@ -247,13 +247,17 @@ 247 247 |=((( 248 248 Index URL 249 249 )))|((( 250 -oci: [[~~/~~/registry.sdc.t-systems.net/chartrepo/devopsaas-helm/>>url:https://registry.sdc.t-systems.net/chartrepo/devopsaas/||shape="rect"]]chartname,248 +oci:~/~/registry.sdc.t-systems.net/devopsaas-helm/**<chartname>**, for example: 251 251 252 -oci:[[~~/~~/registry.sdc.t-systems.net/>>url:https://registry.sdc.t-systems.net/chartrepo/devopsaas/||shape="rect"]][[devopsaas-helm/jenkins-lib>>url:https://registry-manoni.devops.t-systems.net/harbor/projects/139/repositories/jenkins-lib]] 250 +oci:~/~/registry.sdc.t-systems.net/devopsaas-helm/jenkins-lib 251 + 252 +{{info}} 253 +Take into account, that all internal harbor repositories with helm charts have PKEY-helm naming convention, adding repo with both docker images and helm charts may not be supported in rancher. 254 +{{/info}} 253 253 ))) 254 254 255 255 {{info}} 256 -Now all internal helm charts are stored in harbor folders with -helm suffix. Adding the whole public project doesn't work natively anymore, so each separate chart should be added as a separate repo. 258 +Now all internal helm charts are stored in harbor folders with -helm suffix. Adding the whole public project doesn't work natively anymore, so each separate chart should be added as a separate repo. //**If you have a need in adding the whole project with many repositories, please contact support for finding a possible solution.**// 257 257 {{/info}} 258 258 259 259 === Deploy Helm charts === ... ... @@ -266,7 +266,6 @@ 266 266 267 267 == Add private chart repository == 268 268 269 - 270 270 === Create a robot account in Harbor === 271 271 272 272 To add project specific helm charts to Rancher, a Harbor robot account is needed, that is able to read helm charts and pull repositories. If you don't have such an account yet, please follow the instructions given in the [[Create Robot Account section of the Harbor documentation>>doc:Harbor.Harbor 2\.7 Robot Accounts.WebHome||anchor="create_robot_account"]] and make sure to grant at least the following permissions: ... ... @@ -279,6 +279,9 @@ 279 279 280 280 (% class="p1" %) 281 281 In Rancher UI, switch to the intended cluster and go to Apps/Repositories using the left side menu. 283 + 284 +(% class="p1" %) 285 + 282 282 [[image:attach:Screenshot 2023-04-25 at 13.11.48.png||data-xwiki-image-style-border="true" queryparams="effects=drop-shadow" height="400" width="209"]] 283 283 284 284 (% class="p1" %) ... ... @@ -288,11 +288,10 @@ 288 288 ==== [[image:attach:Screenshot 2023-04-25 at 13.30.33.png||data-xwiki-image-style-border="true" queryparams="effects=drop-shadow" height="127" width="1100"]] ==== 289 289 290 290 (% id="HTarget:http28s29URL-1" class="p1" %) 291 -==== 292 -Target: http(s) URL ==== 295 +==== Target: http(s) URL ==== 293 293 294 294 {{warning title="Chartmuseum Deprecation"}} 295 -Chartmuseum in Harbor is deprecated, meaning we won't be able to add repositories to Rancher that way anymore. Instead use Target: OCI repository. 298 +Chartmuseum in Harbor is deprecated, meaning we won't be able to add internal harbor repositories to Rancher that way anymore. Instead use Target: OCI repository. 296 296 {{/warning}} 297 297 298 298 (% class="p1" %) ... ... @@ -309,17 +309,20 @@ 309 309 (% class="p1" %) 310 310 Click Create. 311 311 315 +(% id="HTarget:OCIRepository-1" class="p1" %) 312 312 ==== Target: OCI Repository ==== 313 313 314 314 {{info}} 315 -Now all internal helm charts are stored in harbor folders with -helm suffix. Adding the whole public project doesn't work natively anymore, so each separate chart should be added as a separate repo. 319 +Now all internal helm charts are stored in harbor folders with -helm suffix. Adding the whole public project doesn't work natively anymore, so each separate chart should be added as a separate repo.//** If you have a real need to add the whole project, please contact support for finding a possible solution.**// 316 316 {{/info}} 317 317 318 318 (% class="p1" %) 319 -Choose OCI repository in Target and for url, use ##oci:~/~/registry-<domain>.devops.t-systems.net/<project>-helm/<chatname>## 323 +Choose OCI repository in Target and for url, use ##oci:~/~/registry-<domain>.devops.t-systems.net/<project>-helm/<chartname>## 320 320 321 -(% class="p1" %) 322 -Replace ##<domain>## , ##<project>## and ##<chatname> ##as necessary to match your set-up. 325 +(% class="box" %) 326 +((( 327 +Replace ##<domain>## , ##<project>## and ##<chartname> ##as necessary to match your set-up. Your charts should be stored in ##<project>-helm ##repository in Harbor, which is created by default when project is created in portal. 328 +))) 323 323 324 324 (% class="p1" %) 325 325 For Authentication, select "Create a HTTP Basic Auth Secret" and provide the Username and Password of the Harbor robot account from the previous section. ... ... @@ -330,6 +330,130 @@ 330 330 (% class="wikigeneratedid" %) 331 331 Click Create. 332 332 339 + 340 +(% class="wrapped" %) 341 +|=((( 342 +Field 343 +)))|=((( 344 +Value 345 +))) 346 +|=((( 347 +Name 348 +)))|((( 349 +sdcloud-sdportal 350 +))) 351 +|=((( 352 +Description 353 +)))|((( 354 +Sdportal charts of sdcloud project 355 +))) 356 +|=((( 357 +Index URL 358 +)))|((( 359 +oci:~/~/registry.sdc.t-systems.net/sdcloud-helm/sdportal 360 + 361 +{{info}} 362 +Now we should target a chart repo directly, not the whole project. In you need to reference the whole project with a lot of repos, please contact support to find a possible solution. 363 +{{/info}} 364 +))) 365 + 366 +=== Migrating chart repositories in rancher to new OCI Repository format === 367 + 368 +# Migration Guide: ChartMuseum → OCI-based Chart Repositories in Rancher 369 + 370 +## Overview 371 +ChartMuseum is being deprecated. After the migration is complete, **all charts will be removed from ChartMuseum**, and **old HTTP(S)-based chart repositories will no longer work in Rancher**. 372 + 373 +To ensure a smooth transition, each project should **add an OCI-based repository alongside the existing ChartMuseum repository** during the migration phase. 374 + 375 +We will make your charts available in the corresponding new `<pkey>-helm` OCI projects. 376 + 377 +--- 378 + 379 +## Terminology 380 +| Term | Meaning | 381 +|------|---------| 382 +| **Old Repository** | The existing HTTP/HTTPS ChartMuseum repository. | 383 +| **New Repository** | The new OCI-based Helm chart repository created for your project (e.g. `<chart-repo-name>` in `<pkey>-helm`). | 384 + 385 +--- 386 + 387 +## Why This Migration Is Required 388 +- ChartMuseum is deprecated and will be removed. 389 +- Applications deployed from old repos keep a reference to that repo inside their labels. 390 +- Without updating the application to point to the new OCI repo, **Rancher will not detect new chart versions**. 391 + 392 +--- 393 + 394 +## Migration Steps 395 + 396 +### 1. Create the New OCI Repository in Rancher 397 +1. Go to **Apps → Repositories**. 398 +2. Add a new repository of type **OCI**. 399 +3. Name it exactly like your old repo name (e.g. `<chart-repo-name>`). 400 +4. Point it to the new OCI endpoint. 401 + 402 +--- 403 + 404 +### 2. Disable the Old ChartMuseum Repository Temporarily 405 +This step ensures that Rancher resolves charts from the new OCI repo. 406 + 407 +1. Go to **Apps → Repositories**. 408 +2. Disable the old HTTP(S)-based repository. 409 +3. Keep it disabled until the migration is done. 410 + 411 +--- 412 + 413 +### 3. Update Existing Applications to Use the New OCI Repo 414 +Applications deployed with the old repository still contain the old repo name in their metadata. 415 +You must upgrade them once to transition. 416 + 417 +1. Go to **Apps → Installed Apps**. 418 +2. Open the application that was deployed using the old repo. 419 +3. Click **Upgrade**. 420 +4. In the list of available chart repositories (scroll to the bottom), select the **new OCI repository**. 421 +5. Choose the chart version you want to deploy (same or newer). 422 +6. Click **Upgrade**. 423 + 424 +After this upgrade: 425 +- Your application is now linked to the **new OCI repository**. 426 +- Rancher will show upgrade notifications only for versions available in the new repo. 427 + 428 +--- 429 + 430 +### 4. Re-enable the Old Repository (Optional) 431 +If you still need the old repo for other apps, re-enable it after the migration steps above. 432 + 433 +> Note: Even if a newer chart version exists in the old repository, your migrated app **will not see it**, because it is no longer connected to that repo. 434 + 435 +--- 436 + 437 +## Reverting the Migration (If Needed) 438 +If you want to move an app back to the old repository: 439 +1. Temporarily disable the new OCI repo. 440 +2. Enable the old ChartMuseum repo. 441 +3. Open the application → **Upgrade**. 442 +4. Select the chart from the old repo. 443 +5. Save. 444 + 445 +This will reconnect the app to the old repository. 446 + 447 +--- 448 + 449 +## Summary 450 +- Add new OCI repo → disable old repo → upgrade apps → reconnect to OCI repo. 451 +- After upgrade, apps no longer track versions from the old repository. 452 +- Old repository will stop functioning after ChartMuseum shutdown, so migration is required. 453 + 454 +--- 455 + 456 +If you want, I can also generate: 457 +- a shorter version (1-pager), 458 +- a diagram, 459 +- a Rancher UI screenshot guide, 460 +- or a version tailored for your team’s internal wiki. 461 + 462 + 333 333 = Automated deployments with Jenkins = 334 334 335 335 In this section, we describe(% style="color:#172b4d" %) how to set-up **automated builds, tests and deployments** for Jenkins.