diff --git a/docs/install/airgap.md b/docs/install/airgap.md index 090e7527..2e57e4f5 100644 --- a/docs/install/airgap.md +++ b/docs/install/airgap.md @@ -88,3 +88,29 @@ curl -sfL https://get.rke2.io --output install.sh INSTALL_RKE2_ARTIFACT_PATH=/root/rke2-artifacts sh install.sh ``` 3. Enable and run the service as outlined [here.](quickstart.md#2-enable-the-rke2-server-service) + + +## Upgrading + +### Manual Upgrade Method + +Upgrading an air-gap environment can be accomplished in the following manner: + +1. Download the new air-gap images (tar files) from the [releases](https://github.com/rancher/rke2/releases) page for the version of RKE2 you will be upgrading to. Place the tar in the `/var/lib/rancher/rke2/agent/images/` directory on each node. Delete the old tar files. +2. Follow the steps of the [manual upgrade method](../upgrades/manual_upgrade.md#manually-upgrade-rke2-using-the-binary) + + +### Automated Upgrades Method + +RKE2 supports [automated upgrades](../upgrades/automated_upgrade.md). To enable this in air-gapped environments, you must ensure the required images are available in your private registry. + +You will need the version of rancher/rke2-upgrade that corresponds to the version of RKE2 you intend to upgrade to. Note, the image tag replaces the `+` in the RKE2 release with a `-` because Docker images do not support `+`. + +You will also need the versions of system-upgrade-controller and kubectl that are specified in the system-upgrade-controller manifest YAML that you will deploy. Check for the latest release of the system-upgrade-controller [here](https://github.com/rancher/system-upgrade-controller/releases/latest) and download the system-upgrade-controller.yaml to determine the versions you need to push to your private registry. For example, in release v0.4.0 of the system-upgrade-controller, these images are specified in the manifest YAML: + +``` +rancher/system-upgrade-controller:v0.4.0 +rancher/kubectl:v0.17.0 +``` + +Once you have added the necessary rancher/rke2-upgrade, rancher/system-upgrade-controller, and rancher/kubectl images to your private registry, follow the [automated upgrades](../upgrades/automated_upgrade.md) guide. \ No newline at end of file diff --git a/docs/known_issues.md b/docs/known_issues.md index 8d787e20..922a1f8e 100644 --- a/docs/known_issues.md +++ b/docs/known_issues.md @@ -128,7 +128,7 @@ For more information, refer to comments on https://github.com/rancher/rke2/issue Kubernetes removed PodSecurityPolicy from v1.25 in favor of Pod Security Standards. You can read more about PSS in the [upstream documentation](https://kubernetes.io/docs/concepts/security/pod-security-standards/). For RKE2, there are some manual steps that must be taken if the `profile` flag has been set on the nodes. 1. On all nodes, update the `profile` value to `cis-1.23`, but do not restart or upgrade RKE2 yet. -2. Perform the upgrade as normal. If using [Automated Upgrades](./upgrade/automated_upgrade.md), ensure that the namespace where the `system-upgrade-controller` pod is running in is setup to be privileged in accordance with the [Pod Security levels](https://kubernetes.io/docs/concepts/security/pod-security-admission/#pod-security-levels): +2. Perform the upgrade as normal. If using [Automated Upgrades](./upgrades/automated_upgrade.md), ensure that the namespace where the `system-upgrade-controller` pod is running in is setup to be privileged in accordance with the [Pod Security levels](https://kubernetes.io/docs/concepts/security/pod-security-admission/#pod-security-levels): ```yaml apiVersion: v1 kind: Namespace diff --git a/docs/upgrade/automated_upgrade.md b/docs/upgrades/automated_upgrade.md similarity index 100% rename from docs/upgrade/automated_upgrade.md rename to docs/upgrades/automated_upgrade.md diff --git a/docs/upgrade/manual_upgrade.md b/docs/upgrades/manual_upgrade.md similarity index 98% rename from docs/upgrade/manual_upgrade.md rename to docs/upgrades/manual_upgrade.md index 19a76a68..20bc4767 100644 --- a/docs/upgrade/manual_upgrade.md +++ b/docs/upgrades/manual_upgrade.md @@ -65,8 +65,7 @@ Or to manually upgrade rke2: 1. Download the desired version of the rke2 binary from [releases](https://github.com/rancher/rke2/releases) 2. Copy the downloaded binary to `/usr/local/bin/rke2` for tarball installed rke2, and `/usr/bin` for rpm installed rke2 -3. Stop the old rke2 binary -4. Launch the new rke2 binary +3. Restart the rke2-server or rke2-agent service ### Upgrade rke2 Using the RPM upgrades diff --git a/docs/upgrade/upgrade.md b/docs/upgrades/upgrade.md similarity index 100% rename from docs/upgrade/upgrade.md rename to docs/upgrades/upgrade.md diff --git a/i18n/zh/docusaurus-plugin-content-docs/current/known_issues.md b/i18n/zh/docusaurus-plugin-content-docs/current/known_issues.md index 08a434da..6e0c3cde 100644 --- a/i18n/zh/docusaurus-plugin-content-docs/current/known_issues.md +++ b/i18n/zh/docusaurus-plugin-content-docs/current/known_issues.md @@ -142,7 +142,7 @@ spec: Kubernetes 从 v1.25 中删除了 PodSecurityPolicy,以支持 Pod Security Standard(PSS)。你可以在[上游文档](https://kubernetes.io/docs/concepts/security/pod-security-standards/)中阅读有关 PSS 的更多信息。对于 RKE2,如果在节点上设置了 `profile` 标志,则必须手动执行一些步骤。 1. 在所有节点上,将 `profile` 值更新为 `cis-1.23`,但不要重启或升级 RKE2。 -2. 正常执行升级。如果使用[自动升级](./upgrade/automated_upgrade.md),请确保运行 `system-upgrade-controller` pod 的命名空间按照 [Pod 安全级别](https://kubernetes.io/docs/concepts/security/pod-security-admission/#pod-security-levels)的要求设置为 privileged。 +2. 正常执行升级。如果使用[自动升级](./upgrades/automated_upgrade.md),请确保运行 `system-upgrade-controller` pod 的命名空间按照 [Pod 安全级别](https://kubernetes.io/docs/concepts/security/pod-security-admission/#pod-security-levels)的要求设置为 privileged。 ```yaml apiVersion: v1 kind: Namespace diff --git a/i18n/zh/docusaurus-plugin-content-docs/current/upgrade/automated_upgrade.md b/i18n/zh/docusaurus-plugin-content-docs/current/upgrades/automated_upgrade.md similarity index 100% rename from i18n/zh/docusaurus-plugin-content-docs/current/upgrade/automated_upgrade.md rename to i18n/zh/docusaurus-plugin-content-docs/current/upgrades/automated_upgrade.md diff --git a/i18n/zh/docusaurus-plugin-content-docs/current/upgrade/manual_upgrade.md b/i18n/zh/docusaurus-plugin-content-docs/current/upgrades/manual_upgrade.md similarity index 100% rename from i18n/zh/docusaurus-plugin-content-docs/current/upgrade/manual_upgrade.md rename to i18n/zh/docusaurus-plugin-content-docs/current/upgrades/manual_upgrade.md diff --git a/i18n/zh/docusaurus-plugin-content-docs/current/upgrade/upgrade.md b/i18n/zh/docusaurus-plugin-content-docs/current/upgrades/upgrade.md similarity index 100% rename from i18n/zh/docusaurus-plugin-content-docs/current/upgrade/upgrade.md rename to i18n/zh/docusaurus-plugin-content-docs/current/upgrades/upgrade.md diff --git a/sidebars.js b/sidebars.js index 2afe3e61..a3eebb2e 100644 --- a/sidebars.js +++ b/sidebars.js @@ -21,9 +21,9 @@ module.exports = { type: 'category', label: 'Upgrades', items:[ - 'upgrade/upgrade', - 'upgrade/manual_upgrade', - 'upgrade/automated_upgrade', + 'upgrades/upgrade', + 'upgrades/manual_upgrade', + 'upgrades/automated_upgrade', ], }, {