Upgrading Rancher Installed on Kubernetes with Helm 2
Helm 3 has been released. If you are using Helm 2, we recommend migrating to Helm 3 because it is simpler to use and more secure than Helm 2.
The current instructions for Upgrading Rancher Installed on Kubernetes use Helm 3.
This section provides a copy of the older instructions for upgrading Rancher with Helm 2, and it is intended to be used if upgrading to Helm 3 is not feasible.
The following instructions will guide you through using Helm to upgrade a Rancher server that is installed on a Kubernetes cluster.
To upgrade the components in your Kubernetes cluster, or the definition of the Kubernetes services or add-ons, refer to the upgrade documentation for RKE, the Rancher Kubernetes Engine.
If you installed Rancher using the RKE Add-on yaml, follow the directions to migrate or upgrade.
Notes:
- Let's Encrypt will be blocking cert-manager instances older than 0.8.0 starting November 1st 2019. Upgrade cert-manager to the latest version by following these instructions.
- If you are upgrading Rancher from v2.x to v2.3+, and you are using external TLS termination, you will need to edit the cluster.yml to enable using forwarded host headers.
- The upgrade instructions assume you are using Helm 3. For migration of installs started with Helm 2, refer to the official Helm 2 to 3 migration docs. This section provides a copy of the older upgrade instructions that used Helm 2, and it is intended to be used if upgrading to Helm 3 is not feasible.
Prerequisites
- Review the known upgrade issues in the Rancher documentation for the most noteworthy issues to consider when upgrading Rancher. A more complete list of known issues for each Rancher version can be found in the release notes on GitHub and on the Rancher forums.
- For air gap installs only, collect and populate images for the new Rancher server version. Follow the guide to populate your private registry with the images for the Rancher version that you want to upgrade to.
Upgrade Outline
Follow the steps to upgrade Rancher server:
- A. Back up your Kubernetes cluster that is running Rancher server
- B. Update the Helm chart repository
- C. Upgrade Rancher
- D. Verify the Upgrade
A. Back up Your Kubernetes Cluster that is Running Rancher Server
Take a one-time snapshot of your Kubernetes cluster running Rancher server. You'll use the snapshot as a restore point if something goes wrong during upgrade.
B. Update the Helm chart repository
Update your local Helm repo cache.
helm repo update
Get the repository name that you used to install Rancher.
For information about the repos and their differences, see Helm Chart Repositories.
- Latest: Recommended for trying out the newest features
helm repo add rancher-latest https://releases.rancher.com/server-charts/latest
- Stable: Recommended for production environments
helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
- Alpha: Experimental preview of upcoming releases.Note: Upgrades are not supported to, from, or between Alphas.
helm repo add rancher-stable https://releases.rancher.com/server-charts/stable
helm repo list
NAME URL
stable https://charts.helm.sh/stable
rancher-<CHART_REPO> https://releases.rancher.com/server-charts/<CHART_REPO>Note: If you want to switch to a different Helm chart repository, please follow the steps on how to switch repositories. If you switch repositories, make sure to list the repositories again before continuing onto Step 3 to ensure you have the correct one added.
- Latest: Recommended for trying out the newest features
Fetch the latest chart to install Rancher from the Helm chart repository.
This command will pull down the latest charts and save it in the current directory as a
.tgz
file.helm fetch rancher-<CHART_REPO>/rancher
C. Upgrade Rancher
This section describes how to upgrade normal (Internet-connected) or air gap installations of Rancher with Helm.
- Kubernetes Upgrade
- Kubernetes Air Gap Upgrade
Get the values, which were passed with --set
, from the current Rancher Helm chart that is installed.
helm get values rancher
hostname: rancher.my.org
Note: There will be more values that are listed with this command. This is just an example of one of the values.
If you are also upgrading cert-manager to the latest version from a version older than 0.11.0, follow Option B: Reinstalling Rancher
. Otherwise, follow Option A: Upgrading Rancher
.
Option A: Upgrading Rancher
Upgrade Rancher to the latest version with all your settings.
Take all the values from the previous step and append them to the command using --set key=value
. Note: There will be many more options from the previous step that need to be appended.
helm upgrade --install rancher rancher-<CHART_REPO>/rancher \
--namespace cattle-system \
--set hostname=rancher.my.org
Option B: Reinstalling Rancher chart
If you are currently running the cert-manager whose version is older than v0.11, and want to upgrade both Rancher and cert-manager to a newer version, then you need to reinstall both Rancher and cert-manager due to the API change in cert-manager v0.11.
Uninstall Rancher
helm delete rancher
In case this results in an error that the release "rancher" was not found, make sure you are using the correct deployment name. Use
helm list
to list the helm-deployed releases.Uninstall and reinstall
cert-manager
according to the instructions on the Upgrading Cert-Manager page.Reinstall Rancher to the latest version with all your settings. Take all the values from the step 1 and append them to the command using
--set key=value
. Note: There will be many more options from the step 1 that need to be appended.helm install rancher-<CHART_REPO>/rancher \
--name rancher \
--namespace cattle-system \
--set hostname=rancher.my.org
Render the Rancher template using the same chosen options that were used when installing Rancher. Use the reference table below to replace each placeholder. Rancher needs to be configured to use the private registry in order to provision any Rancher launched Kubernetes clusters or Rancher tools.
Based on the choice you made during installation, complete one of the procedures below.
Placeholder Description <VERSION>
The version number of the output tarball. <RANCHER.YOURDOMAIN.COM>
The DNS name you pointed at your load balancer. <REGISTRY.YOURDOMAIN.COM:PORT>
The DNS name for your private registry. <CERTMANAGER_VERSION>
Cert-manager version running on k8s cluster.
Option A-Default Self-Signed Certificate
helm template ./rancher-<VERSION>.tgz --output-dir . \
--name rancher \
--namespace cattle-system \
--set hostname=<RANCHER.YOURDOMAIN.COM> \
--set certmanager.version=<CERTMANAGER_VERSION> \
--set rancherImage=<REGISTRY.YOURDOMAIN.COM:PORT>/rancher/rancher \
--set systemDefaultRegistry=<REGISTRY.YOURDOMAIN.COM:PORT> \ # Available as of v2.2.0, set a default private registry to be used in Rancher
--set useBundledSystemChart=true # Available as of v2.3.0, use the packaged Rancher system charts
Option B: Certificates From Files using Kubernetes Secrets
helm template ./rancher-<VERSION>.tgz --output-dir . \
--name rancher \
--namespace cattle-system \
--set hostname=<RANCHER.YOURDOMAIN.COM> \
--set rancherImage=<REGISTRY.YOURDOMAIN.COM:PORT>/rancher/rancher \
--set ingress.tls.source=secret \
--set systemDefaultRegistry=<REGISTRY.YOURDOMAIN.COM:PORT> \ # Available as of v2.2.0, set a default private registry to be used in Rancher
--set useBundledSystemChart=true # Available as of v2.3.0, use the packaged Rancher system charts
If you are using a Private CA signed cert, add --set privateCA=true
following --set ingress.tls.source=secret
:
helm template ./rancher-<VERSION>.tgz --output-dir . \
--name rancher \
--namespace cattle-system \
--set hostname=<RANCHER.YOURDOMAIN.COM> \
--set rancherImage=<REGISTRY.YOURDOMAIN.COM:PORT>/rancher/rancher \
--set ingress.tls.source=secret \
--set privateCA=true \
--set systemDefaultRegistry=<REGISTRY.YOURDOMAIN.COM:PORT> \ # Available as of v2.2.0, set a default private registry to be used in Rancher
--set useBundledSystemChart=true # Available as of v2.3.0, use the packaged Rancher system charts
Copy the rendered manifest directories to a system with access to the Rancher server cluster and apply the rendered templates.
Use
kubectl
to apply the rendered manifests.kubectl -n cattle-system apply -R -f ./rancher
D. Verify the Upgrade
Log into Rancher to confirm that the upgrade succeeded.
Having network issues following upgrade?
Rolling Back
Should something go wrong, follow the roll back instructions to restore the snapshot you took before you preformed the upgrade.