github.com/jlmeeker/kismatic@v1.10.1-0.20180612190640-57f9005a1f1a/docs/upgrade/v1.6.0/disconnected-upgrade.md (about)

     1  # Disconnected Upgrade
     2  
     3  ## Action Required
     4  * Local registry must be [seeded](../../container-registry.md) with the images required for the upgrade.
     5  * Local package repository must contain the required [packages](../../packages.md) for the upgrade.
     6  
     7  ## Summary
     8  Starting with v1.6.0, KET no longer relies on the RPM or DEB packages maintained
     9  by the Kismatic team. Instead, KET installs the packages that are maintained by 
    10  the community. This has an impact on registry seeding, given that KET no longer
    11  has access to the `kismatic-offline` package which contained all the container 
    12  images required for an installation or upgrade. Moving forward, you are required
    13  to seed the image registry before the upgrade.
    14  
    15  ## Scenarios
    16  
    17  ### Existing cluster with user-managed local registry
    18  In this scenario, your local registry is already set in the KET plan file, and
    19  KET has seeded your registry in the past during the installation or upgrade process.
    20  
    21  Moving forward, you are required to seed your local registry before performing
    22  an upgrade. KET v1.6.0 introduced a new command, `seed-registry`, that will
    23  assist you in this task. For more information, see the 
    24  [container registry](../../container-registry.md) documentation and the
    25  [disconnected installation](../../disconnected_install.md) documentation.
    26  
    27  ### Existing cluster with registry stood up by KET
    28  In this scenario, your local registry was stood up by KET and the docker registry
    29  related fields (`docker_registry.address` and `docker_registry.port`) are not 
    30  set in the plan file.
    31  
    32  Moving forward, you must seed the registry before performing an upgrade.
    33  Furthermore, you must set the docker registry fields in the plan file to the 
    34  appropriate values.
    35  
    36  Given that the registry deployed by KET is not recommended for production
    37  deployments, we recommend you use your own registry. If you want to move away
    38  from the KET-deployed registry, you can set the plan file fields to point to
    39  the new registry before the upgrade. KET will update all the manifests and 
    40  the images will be pulled from your local registry, instead of the one deployed 
    41  by KET.
    42  
    43  If you want to continue using the registry that was deployed by KET, you must
    44  set the plan file fields to the following values:
    45  * `docker_registry.server`: The hostname or IP of the first master node and port 8443 (This is the port that KET used when deploying the registry during the (installation of your cluster). This
    46  is where KET deployed the registry during the installation of your cluster.
    47  * `docker_registry.CA`: Absolute path to the certificate authority located in
    48  `generated/keys/ca.pem`
    49  
    50  When using the `seed-registry` command to seed the registry deployed by KET, you
    51  must configure docker on the node where you are running the command to trust the
    52  certificate authority generated by KET. The way to configure this in docker 
    53  depends on the operating system. If you are seeding the registry from a Linux 
    54  machine, you must copy the `generated/keys/ca.pem` certificate to 
    55  `/etc/docker/certs.d/${docker_registry.server}/ca.crt`. For example, if
    56  the `docker_registry.server` field is set to `registry.example.com:8443`, you would 
    57  copy the CA to `/etc/docker/certs.d/registry.example.com:8443/ca.crt`. See the
    58  [official docker documentation](https://docs.docker.com/registry/insecure/#use-self-signed-certificates)
    59  for more information about using a registry with a self-signed certificate.
    60  
    61