Upgrade a Rancher 2 HA management cluster with helm

Written by - 0 comments

Published on February 14th 2019 - last updated on March 13th 2019 - Listed in Rancher Docker Kubernetes Containers


Until recently, RKE (Rancher Kubernetes Engine) had to be used to upgrade Rancher to a newer version.

Since 2.0.8 it is possible to use helm for this. helm can be compared to the "apt" package manager for Debian based systems, just for Kubernetes nodes. It manages "repositories" and Rancher does offer such a helm repository.

You can initiate the upgrade from any machine you like, as long as you can access the Rancher 2 management URL and you have kubectl and helm installed locally. Read this article to learn how to install kubectl and how to connect to a Rancher 2 cluster. And read the helm installation instructions from Rancher.

Once you have kubectl and helm installed, you can now configure kubectl to connect to your Rancher 2 management cluster.
For this I have prepared a kube config yaml file:

$ export KUBECONFIG=~/.kube/local-teststage.yaml

Verify that you are able to connect to the Kubernetes cluster:

$ kubectl get nodes
NAME             STATUS    AGE       VERSION
192.168.253.15   Ready     98d       v1.11.3
192.168.253.16   Ready     98d       v1.11.3
192.168.253.17   Ready     98d       v1.11.3

Yep, these are the internal IP's of the Rancher 2 cluster "local". I can also verify this in the Rancher 2 UI:

Rancher 2 local cluster nodes

Make sure your local helm version is up to date:

$ helm init --upgrade --service-account tiller
$HELM_HOME has been configured at /srv/ansible/.helm.

Tiller (the Helm server-side component) has been upgraded to the current version.
Happy Helming!

$ helm version
Client: &version.Version{SemVer:"v2.11.0", GitCommit:"2e55dbe1fdb5fdb96b75ff144a339489417b146b", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.11.0", GitCommit:"2e55dbe1fdb5fdb96b75ff144a339489417b146b", GitTreeState:"clean"}

As I mentioned before, helm is a package manager using repos. Let's make sure the rancher repository is active:

$ helm repo list
NAME              URL                                             
stable            https://kubernetes-charts.storage.googleapis.com
local             http://127.0.0.1:8879/charts                    
rancher-stable    https://releases.rancher.com/server-charts/stable

Let's get the latest updates from all the listed repos (comparable to apt-get update):

$ helm repo update
Hang tight while we grab the latest from your chart repositories...
...Skip local chart repository
...Successfully got an update from the "rancher-stable" chart repository
...Successfully got an update from the "stable" chart repository
Update Complete. ? Happy Helming!?

Before you upgrade Rancher, check for specific package values (we need them in the upgrade command):

$ helm get values rancher
hostname: rancher2.example.com
ingress:
  tls:
    source: secret

So here we got two keys/values back:

  • hostname: rancher2.example.com (= Hostname of the Rancher 2 management URL/cluster)
  • ingress.tls.source: secret (= where to get the ingress certificates from or how to create the certificates)
See the Helm Chart Options for all available options.

With this information we can now launch the upgrade:

$ helm upgrade rancher rancher-stable/rancher --set hostname=rancher.example.com --set ingress.tls.source=secret
Release "rancher" has been upgraded. Happy Helming!
LAST DEPLOYED: Thu Feb 14 09:53:04 2019
NAMESPACE: cattle-system
STATUS: DEPLOYED

RESOURCES:
==> v1/Deployment
NAME     AGE
rancher  98d

==> v1beta1/Ingress
rancher  98d

==> v1/Pod(related)

NAME                      READY  STATUS   RESTARTS  AGE
rancher-5dc9f9b886-jhrrm  0/1    Pending  0         0s
rancher-6dc68bb996-j66lw  1/1    Running  1         72d
rancher-6dc68bb996-jrl7k  1/1    Running  0         72d
rancher-6dc68bb996-mjg8t  1/1    Running  0         72d

==> v1/ServiceAccount

NAME     AGE
rancher  98d

==> v1/ClusterRoleBinding
rancher  98d

==> v1/Service
rancher  98d


NOTES:
Rancher Server has been installed.

NOTE: Rancher may take several minutes to fully initialize. Please standby while Certificates are being issued and Ingress comes up.

Check out our docs at https://rancher.com/docs/rancher/v2.x/en/

Browse to https://rancher.example.com

Happy Containering!

 In the Rancher UI it took a couple of seconds and then the version at the lower left corner changed from 1.2.1 to 1.2.6. The UI also stated that the cluster API is currently unavailable. This took around 5 minutes until it was up again.


Add a comment

Show form to leave a comment

Comments (newest first)

No comments yet.