Infiniroot Blog: We sometimes write, too.

Of course we cannot always share details about our work with customers, but nevertheless it is nice to show our technical achievements and share some of our implemented solutions.

Upgrade Rancher 2 version on HA management cluster with helm

Published on February 14th 2019

Important note: This article was written in 2019 for Rancher 2.0. On more recent  Rancher versions, make sure you are using helm3. See this blog article how to upgrade Rancher using helm3.

Until recently, RKE (Rancher Kubernetes Engine) had to be used to upgrade Rancher to a newer version.

Since 2.0.8 it is possible to use helm for this. helm can be compared to the "apt" package manager for Debian based systems, just for Kubernetes nodes. It manages "repositories" and Rancher does offer such a helm repository.

You can initiate the upgrade from any machine you like, as long as you can access the Rancher 2 management URL and you have kubectl and helm installed locally. Read this article to learn how to install kubectl and how to connect to a Rancher 2 cluster. And read the helm installation instructions from Rancher.

Once you have kubectl and helm installed, you can now configure kubectl to connect to your Rancher 2 management cluster.
For this I have prepared a kube config yaml file:

$ export KUBECONFIG=~/.kube/local-teststage.yaml

Verify that you are able to connect to the Kubernetes cluster:

$ kubectl get nodes
NAME             STATUS    AGE       VERSION   Ready     98d       v1.11.3   Ready     98d       v1.11.3   Ready     98d       v1.11.3

Yep, these are the internal IP's of the Rancher 2 cluster "local". I can also verify this in the Rancher 2 UI:

Rancher 2 local cluster nodes

Make sure your local helm version is up to date:

$ helm init --upgrade --service-account tiller
$HELM_HOME has been configured at /srv/ansible/.helm.

Tiller (the Helm server-side component) has been upgraded to the current version.
Happy Helming!

$ helm version
Client: &version.Version{SemVer:"v2.11.0", GitCommit:"2e55dbe1fdb5fdb96b75ff144a339489417b146b", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.11.0", GitCommit:"2e55dbe1fdb5fdb96b75ff144a339489417b146b", GitTreeState:"clean"}

As I mentioned before, helm is a package manager using repos. Let's make sure the rancher repository is active:

$ helm repo list
NAME              URL                                             

Let's get the latest updates from all the listed repos (comparable to apt-get update):

$ helm repo update
Hang tight while we grab the latest from your chart repositories...
...Skip local chart repository
...Successfully got an update from the "rancher-stable" chart repository
...Successfully got an update from the "stable" chart repository
Update Complete. ? Happy Helming!?

Before you upgrade Rancher, check for specific package values (we need them in the upgrade command):

$ helm get values rancher
    source: secret

So here we got two keys/values back:

See the Helm Chart Options for all available options.

With this information we can now launch the upgrade:

$ helm upgrade rancher rancher-stable/rancher --set --set ingress.tls.source=secret
Release "rancher" has been upgraded. Happy Helming!
LAST DEPLOYED: Thu Feb 14 09:53:04 2019
NAMESPACE: cattle-system

==> v1/Deployment
rancher  98d

==> v1beta1/Ingress
rancher  98d

==> v1/Pod(related)

NAME                      READY  STATUS   RESTARTS  AGE
rancher-5dc9f9b886-jhrrm  0/1    Pending  0         0s
rancher-6dc68bb996-j66lw  1/1    Running  1         72d
rancher-6dc68bb996-jrl7k  1/1    Running  0         72d
rancher-6dc68bb996-mjg8t  1/1    Running  0         72d

==> v1/ServiceAccount

rancher  98d

==> v1/ClusterRoleBinding
rancher  98d

==> v1/Service
rancher  98d

Rancher Server has been installed.

NOTE: Rancher may take several minutes to fully initialize. Please standby while Certificates are being issued and Ingress comes up.

Check out our docs at

Browse to

Happy Containering!

 In the Rancher UI it took a couple of seconds and then the version at the lower left corner changed from 1.2.1 to 1.2.6. The UI also stated that the cluster API is currently unavailable. This took around 5 minutes until it was up again.