Channels
academy
amazon
arm
azure
cabpr
chinese
ci-cd
danish
deutsch
developer
elemental
epinio
espanol
events
extensions
fleet
français
gcp
general
harvester
harvester-dev
hobbyfarm
hypper
japanese
k3d
k3os
k3s
k3s-contributor
kim
kubernetes
kubewarden
lima
logging
longhorn-dev
longhorn-storage
masterclass
mesos
mexico
nederlands
neuvector-security
office-hours
one-point-x
onlinemeetup
onlinetraining
opni
os
ozt
phillydotnet
portugues
rancher-desktop
rancher-extensions
rancher-setup
rancher-wrangler
random
rfed_ara
rio
rke
rke2
russian
s3gw
service-mesh
storage
submariner
supermicro-sixsq
swarm
terraform-controller
terraform-provider-rancher2
terraform-provider-rke
theranchcast
training-0110
training-0124
training-0131
training-0207
training-0214
training-1220
ukranian
v16-v21-migration
vsphere
windows
Title
f
few-minister-97494
11/16/2022, 4:48 PMFolks - regarding the k3s upgrade controller - there's an air-gapped k3s install scenario but - no corresponding air-gapped upgrade using the upgrade controller that I can see. E.g. if the Plan CRD offered a way to locate the binary/binaries on a local machine via SSH, or maybe S3 bucket running on a local Minio, or a persistent volume, etc. - that would support an air-gapped upgrade. Has anyone at Rancher given consideration to this?
c
creamy-pencil-82913
11/16/2022, 5:02 PMthe upgrade doesn’t NEED to go out to the internet. If you specify the target version in the plan, and have the matching tag available in your private registry or preloaded onto the node, it will just work. Have you actually tried it yet?
The only bits that need access to the internet are the channel server lookup (for obvious reasons) and the image pull. You can avoid both of those if you just prepare properly.
Are you under the impression that the k3s-upgrade image downloads the new binary from the internet? It does not. It contains the new version in it, and just copies it over.
f
few-minister-97494
11/16/2022, 5:15 PMI was - I was thinking that the k3s service binary would need to be updated / replaced PLUS any images - is that incorrect?
c
creamy-pencil-82913
11/16/2022, 5:19 PMyep. I wouldn’t try it unless you’re using a registry mirror or have a very easy process to import tarballs on all your nodes… but everything you need is available.
Just need to get the k3s-upgrade image, and all the images from the new version’s airgap image tarball, loaded before you run the upgrade
f
few-minister-97494
11/16/2022, 5:21 PMinteresting. I will experiment with it - thanks
c
creamy-pencil-82913
11/16/2022, 5:21 PMlike I said above, the k3s service binary is in the k3s-upgrade image. It does not download it from the internet.
f
few-minister-97494
11/16/2022, 5:23 PMright I inferred that. I will experiment with it - intuitively it seems like the upgrade would be easier if you could "point" the plan to a storage location with the needed tarballs but - I should work through the upgrade process in an air-gapped way before saying that - which I will do
c
creamy-pencil-82913
11/16/2022, 5:57 PMtarballs are just a convenient way to move around multiple images. At the end of the day the plan itself doesn’t care about tarballs or anything else, it just needs the images to be available - either preloaded into the containerd image store on every node, or on a registry mirror that the nodes can pull from.