RKE2 Upgrade AND migrate from airgap/tarball to private registry - v1.22 to v1.23 #5549
-
Hello everyone.. got a question... but first a little background Upgrading rke2 to later releases and doing so stepwise to adhere to skewing policies. First step is to upgrade from rke2 v.1.22 to rke2 v1.23 and migrating from airgap/tarball to private registry. Also had to specify custom image tags in the rke2/config.yaml file. How does the rke2 upgrade process retrieve and deploy the new helm charts? I also had to create a helmchartconfig resource to specify a different image tag. Thanks for any and all help. |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 3 replies
-
Charts for embedded components are baked into the rke2 runtime image, and are upgraded as part of rke2 itself. If you want to use a private registry you have a couple options, in descending order of preference:
|
Beta Was this translation helpful? Give feedback.
-
okay.. thanks again for the responses and answeres. I finally understand what was happening and the handling of add on components within rke2. When I mentioned that we had to specify custom image tags we also have custom image tag for the klipper helm controller. We append a suffix to the existing tag. With the helm controller tag changed, the helm jobs that launch when starting up rke2 fail because the image for the helm job is not found. I can work around in one two ways.
The problem with this work around is that it is not persistent. When rke2 restarts via systemd, the deploy controller overwrites the Addon manifest. I have come across the rke2 config option, helm-job-image, but it is not available until v1.24 and my current release v 1.23. I think this option will solve my issues going forward. Just for anyone else that comes along and has challenges using custom image tags, here are some added notes.
Can also find from :
Like I mentioned earlier, If at version <= v1.23 and there is a custom tag for the helm controller, you have to monkey around with he HelmChart manifests in /var/lib/rancher/rke2/servers/manifests/ AND understand that they will be overwritten with rke2 restarts. |
Beta Was this translation helpful? Give feedback.
-
Hey @burlyunixguy, I'm trying to set up a fully air-gap (so offline) env. I'm using rancher, but I'm getting some basic issues like: May 15 12:04:55 server2 rancher-system-agent[389864]: time="2024-05-15T12:04:55+02:00" level=info msg="[Applyinator] Extracting image 192.168.137.50:8082/rancher/system-agent-installer-rke2:v1.27.13-rke2r1 to directory /var/lib/rancher/agent/work/20240515-120455/ab9cf64bd24c75ebeadc57fa049c9cc92>
May 15 12:04:55 server2 rancher-system-agent[389864]: time="2024-05-15T12:04:55+02:00" level=info msg="Using private registry config file at /etc/rancher/agent/registries.yaml"
May 15 12:04:55 server2 rancher-system-agent[389864]: time="2024-05-15T12:04:55+02:00" level=info msg="Pulling image 192.168.137.50:8082/rancher/system-agent-installer-rke2:v1.27.13-rke2r1"
May 15 12:04:55 server2 rancher-system-agent[389864]: time="2024-05-15T12:04:55+02:00" level=warning msg="Ignoring invalid endpoint URL for registry 192.168.137.50:8082: parse \"192.168.137.50:8082\": first path segment in URL cannot contain colon"
May 15 12:04:55 server2 rancher-system-agent[389864]: time="2024-05-15T12:04:55+02:00" level=warning msg="Failed to get image from endpoint: Get \"https://192.168.137.50:8082/v2/\": http: server gave HTTP response to HTTPS client; Get \"https://192.168.137.50:8082/v2/\": http: server gave HTTP r>
May 15 12:04:55 server2 rancher-system-agent[389864]: time="2024-05-15T12:04:55+02:00" level=error msg="error while staging: all endpoints failed: Get \"https://192.168.137.50:8082/v2/\": http: server gave HTTP response to HTTPS client; Get \"https://192.168.137.50:8082/v2/\": http: server gave >
May 15 12:04:55 server2 rancher-system-agent[389864]: time="2024-05-15T12:04:55+02:00" level=error msg="error executing instruction 0: all endpoints failed: Get \"https://192.168.137.50:8082/v2/\": http: server gave HTTP response to HTTPS client; Get \"https://192.168.137.50:8082/v2/\": http: se>
May 15 12:04:55 server2 rancher-system-agent[389864]: time="2024-05-15T12:04:55+02:00" level=info msg="[Applyinator] No image provided, creating empty working directory /var/lib/rancher/agent/work/20240515-120455/ab9cf64bd24c75ebeadc57fa049c9cc927226f94c361ff71f126bf0da31d6ecb_0"
Here is my current Docker configuration {
"insecure-registries":[
"repo.labo.bi:8082",
"192.168.137.50:8082",
"repo.labo.bi:8083",
"192.168.137.50:8083"
],
"registry-mirrors":[
"http://repo.labo.bi:8082",
"http://192.168.137.50:8082",
"http://repo.labo.bi:8083",
"http://192.168.137.50:8083"
]
} And I'm pulling Docker images like this: [root@server1 ~]# docker pull 192.168.137.50:8082/nginx
Using default tag: latest
latest: Pulling from nginx
09f376ebb190: Downloading [==> ] 1.179MB/29.15MB
09f376ebb190: Downloading [===> ] 2.06MB/29.15MB
a11fc495bafd: Downloading [==> ] 2.093MB/41.83MB
999643392fb7: Download complete
09f376ebb190: Downloading [====> ] 2.645MB/29.15MB
45337c09cd57: Download complete
de3b062c0af7: Download complete
a11fc495bafd: Downloading [===> ] 2.93MB/41.83MB
09f376ebb190: Downloading [======> ] 3.522MB/29.15MB
##### or since I have a registry mirror I can do like this
[root@server1 ~]# docker pull nginx
Using default tag: latest
latest: Pulling from library/nginx
09f376ebb190: Downloading [=====> ] 2.924MB/29.15MB
a11fc495bafd: Downloading [===> ] 2.93MB/41.83MB
933cc8470577: Download complete
999643392fb7: Download complete
971bb7f4fb12: Download complete
45337c09cd57: Download complete
de3b062c0af7: Download complete Could i see the url / confgi you set in the |
Beta Was this translation helpful? Give feedback.
okay.. thanks again for the responses and answeres. I finally understand what was happening and the handling of add on components within rke2. When I mentioned that we had to specify custom image tags we also have custom image tag for the klipper helm controller. We append a suffix to the existing tag. With the helm controller tag changed, the helm jobs that launch when starting up rke2 fail because the image for the helm job is not found. I can work around in one two ways.
The problem with this work around is t…