Add info about airgap + upgrades

docs/install/airgap.md

@@ -88,3 +88,29 @@ curl -sfL https://get.rke2.io --output install.sh
 INSTALL_RKE2_ARTIFACT_PATH=/root/rke2-artifacts sh install.sh
 ```
 3. Enable and run the service as outlined [here.](quickstart.md#2-enable-the-rke2-server-service)
+
+
+## Upgrading
+
+### Manual Upgrade Method
+
+Upgrading an air-gap environment can be accomplished in the following manner:
+
+1. Download the new air-gap images (tar files) from the [releases](https://github.com/rancher/rke2/releases) page for the version of RKE2 you will be upgrading to. Place the tar in the `/var/lib/rancher/rke2/agent/images/` directory on each node. Delete the old tar files.
+2. Follow the steps of the [manual upgrade method](../upgrades/manual_upgrade.md#manually-upgrade-rke2-using-the-binary)
+
+
+### Automated Upgrades Method
+
+RKE2 supports [automated upgrades](../upgrades/automated_upgrade.md). To enable this in air-gapped environments, you must ensure the required images are available in your private registry.
+
+You will need the version of rancher/rke2-upgrade that corresponds to the version of RKE2 you intend to upgrade to. Note, the image tag replaces the `+` in the RKE2 release with a `-` because Docker images do not support `+`.
+
+You will also need the versions of system-upgrade-controller and kubectl that are specified in the system-upgrade-controller manifest YAML that you will deploy. Check for the latest release of the system-upgrade-controller [here](https://github.com/rancher/system-upgrade-controller/releases/latest) and download the system-upgrade-controller.yaml to determine the versions you need to push to your private registry. For example, in release v0.4.0 of the system-upgrade-controller, these images are specified in the manifest YAML:
+
+```
+rancher/system-upgrade-controller:v0.4.0
+rancher/kubectl:v0.17.0
+```
+
+Once you have added the necessary rancher/rke2-upgrade, rancher/system-upgrade-controller, and rancher/kubectl images to your private registry, follow the [automated upgrades](../upgrades/automated_upgrade.md) guide.

docs/known_issues.md

@@ -128,7 +128,7 @@ For more information, refer to comments on https://github.com/rancher/rke2/issue
 Kubernetes removed PodSecurityPolicy from v1.25 in favor of Pod Security Standards. You can read more about PSS in the [upstream documentation](https://kubernetes.io/docs/concepts/security/pod-security-standards/). For RKE2, there are some manual steps that must be taken if the `profile` flag has been set on the nodes.
 
 1. On all nodes, update the `profile` value to `cis-1.23`, but do not restart or upgrade RKE2 yet.
-2. Perform the upgrade as normal. If using [Automated Upgrades](./upgrade/automated_upgrade.md), ensure that the namespace where the `system-upgrade-controller` pod is running in is setup to be privileged in accordance with the [Pod Security levels](https://kubernetes.io/docs/concepts/security/pod-security-admission/#pod-security-levels):
+2. Perform the upgrade as normal. If using [Automated Upgrades](./upgrades/automated_upgrade.md), ensure that the namespace where the `system-upgrade-controller` pod is running in is setup to be privileged in accordance with the [Pod Security levels](https://kubernetes.io/docs/concepts/security/pod-security-admission/#pod-security-levels):
 ```yaml
 apiVersion: v1
 kind: Namespace

docs/upgrade/manual_upgrade.md → docs/upgrades/manual_upgrade.md

@@ -65,8 +65,7 @@ Or to manually upgrade rke2:
 
 1. Download the desired version of the rke2 binary from [releases](https://github.com/rancher/rke2/releases)
 2. Copy the downloaded binary to `/usr/local/bin/rke2` for tarball installed rke2, and `/usr/bin` for rpm installed rke2
-3. Stop the old rke2 binary
-4. Launch the new rke2 binary
+3. Restart the rke2-server or rke2-agent service
 
 ### Upgrade rke2 Using the RPM upgrades
 

i18n/zh/docusaurus-plugin-content-docs/current/known_issues.md

@@ -142,7 +142,7 @@ spec:
 Kubernetes 从 v1.25 中删除了 PodSecurityPolicy，以支持 Pod Security Standard（PSS）。你可以在[上游文档](https://kubernetes.io/docs/concepts/security/pod-security-standards/)中阅读有关 PSS 的更多信息。对于 RKE2，如果在节点上设置了 `profile` 标志，则必须手动执行一些步骤。
 
 1. 在所有节点上，将 `profile` 值更新为 `cis-1.23`，但不要重启或升级 RKE2。
-2. 正常执行升级。如果使用[自动升级](./upgrade/automated_upgrade.md)，请确保运行 `system-upgrade-controller` pod 的命名空间按照 [Pod 安全级别](https://kubernetes.io/docs/concepts/security/pod-security-admission/#pod-security-levels)的要求设置为 privileged。
+2. 正常执行升级。如果使用[自动升级](./upgrades/automated_upgrade.md)，请确保运行 `system-upgrade-controller` pod 的命名空间按照 [Pod 安全级别](https://kubernetes.io/docs/concepts/security/pod-security-admission/#pod-security-levels)的要求设置为 privileged。
 ```yaml
 apiVersion: v1
 kind: Namespace

sidebars.js

@@ -21,9 +21,9 @@ module.exports = {
       type: 'category',
       label: 'Upgrades',
       items:[
-        'upgrade/upgrade',
-        'upgrade/manual_upgrade',
-        'upgrade/automated_upgrade',
+        'upgrades/upgrade',
+        'upgrades/manual_upgrade',
+        'upgrades/automated_upgrade',
       ],
     },
     {