Rancher upgrade before K8S?

Jason-R · June 28, 2024, 3:14am

Hi, I’m new to Rancher, and we have a very old environment on EKS that we need to upgrade. Rancher is v2.5.12 and our K8S is 1.21, which is auto-updating by 15Jul24 so we need to act fast.
I know we must update Rancher to V2.6.14 first to handle our current and next version (1.21 and 1.22).

However, I would like to get a second opinion that the APIs listed in the Insights (summary below) are all related to Rancher calls, or if anything else sticks out as not Rancher related.

And secondly, our first step is we upgrade Rancher to 2.6.14 - are there any expected issues that I should be aware of?

Thank you

Insight ERROR details:

These are all ""stopServingVersion": "1.22","

- Resources:
        "kubernetesResourceUri": "/apis/networking.k8s.io/v1beta1/ingressclasses/nginx"
        "kubernetesResourceUri": "/apis/extensions/v1beta1/namespaces/cattle-system/ingresses/cm-acme-http-solver-mnwjv"
        "kubernetesResourceUri": "/apis/networking.k8s.io/v1beta1/namespaces/cattle-system/ingresses/cm-acme-http-solver-mnwjv"
        "kubernetesResourceUri": "/apis/networking.k8s.io/v1beta1/namespaces/cattle-system/ingresses/cm-acme-http-solver-mnwjv"
- categorySpecificSummary:
      "deprecationDetails": [
        {
          "usage": "/apis/admissionregistration.k8s.io/v1beta1/mutatingwebhookconfigurations",
          "replacedWith": "/apis/admissionregistration.k8s.io/v1/mutatingwebhookconfigurations",

          "usage": "/apis/admissionregistration.k8s.io/v1beta1/validatingwebhookconfigurations",
          "replacedWith": "/apis/admissionregistration.k8s.io/v1/validatingwebhookconfigurations",

          "usage": "/apis/apiextensions.k8s.io/v1beta1/customresourcedefinitions",
          "replacedWith": "/apis/apiextensions.k8s.io/v1/customresourcedefinitions",

              "userAgent": "webhook",
              "numberOfRequestsLast30Days": 11468,
              "lastRequestTime": "2024-06-26T23:07:16+00:00"

              "userAgent": "rancher",
              "numberOfRequestsLast30Days": 35605,
              "lastRequestTime": "2024-06-26T23:08:53+00:00"

          "usage": "/apis/apiregistration.k8s.io/v1beta1/apiservices",
          "replacedWith": "/apis/apiregistration.k8s.io/v1/apiservices",

          "usage": "/apis/authentication.k8s.io/v1beta1/tokenreviews",
          "replacedWith": "/apis/authentication.k8s.io/v1/tokenreviews",

          "usage": "/apis/authorization.k8s.io/v1beta1/localsubjectaccessreviews",
          "replacedWith": "/apis/authorization.k8s.io/v1/localsubjectaccessreviews",

          "usage": "/apis/authorization.k8s.io/v1beta1/selfsubjectaccessreviews",
          "replacedWith": "/apis/authorization.k8s.io/v1/selfsubjectaccessreviews",

          "usage": "/apis/authorization.k8s.io/v1beta1/subjectaccessreviews",
          "replacedWith": "/apis/authorization.k8s.io/v1/subjectaccessreviews",

          "usage": "/apis/authorization.k8s.io/v1beta1/selfsubjectrulesreviews",
          "replacedWith": "/apis/authorization.k8s.io/v1/selfsubjectrulesreviews",

          "usage": "/apis/certificates.k8s.io/v1beta1/certificatesigningrequests",
          "replacedWith": "/apis/certificates.k8s.io/v1/certificatesigningrequests",

          "usage": "/apis/coordination.k8s.io/v1beta1/leases",
          "replacedWith": "/apis/coordination.k8s.io/v1/leases",

          "usage": "/apis/extensions/v1beta1/ingresses",
          "replacedWith": "/apis/networking.k8s.io/v1/ingresses",

              "userAgent": "Go-http-client",
              "numberOfRequestsLast30Days": 567,

              "userAgent": "kube-controller-manager",
              "numberOfRequestsLast30Days": 11525,
 
              "userAgent": "rancher",
              "numberOfRequestsLast30Days": 11556,
    
          "usage": "/apis/networking.k8s.io/v1beta1/ingresses",
          "replacedWith": "/apis/networking.k8s.io/v1/ingresses",

              "userAgent": "nginx-ingress-controller",
              "numberOfRequestsLast30Days": 34455,

          "usage": "/apis/networking.k8s.io/v1beta1/ingressclasses",
          "replacedWith": "/apis/networking.k8s.io/v1/ingressclasses",
 
             "userAgent": "nginx-ingress-controller",
              "numberOfRequestsLast30Days": 3,

          "usage": "/apis/rbac.authorization.k8s.io/v1beta1/clusterroles",
          "replacedWith": "/apis/rbac.authorization.k8s.io/v1/clusterroles",

          "usage": "/apis/rbac.authorization.k8s.io/v1beta1/clusterrolebindings",
          "replacedWith": "/apis/rbac.authorization.k8s.io/v1/clusterrolebindings",

          "usage": "/apis/rbac.authorization.k8s.io/v1beta1/roles",
          "replacedWith": "/apis/rbac.authorization.k8s.io/v1/roles",

          "usage": "/apis/rbac.authorization.k8s.io/v1beta1/rolebindings",
          "replacedWith": "/apis/rbac.authorization.k8s.io/v1/rolebindings",

          "usage": "/apis/scheduling.k8s.io/v1beta1/priorityclasses",
          "replacedWith": "/apis/scheduling.k8s.io/v1/priorityclasses",

          "usage": "/apis/storage.k8s.io/v1beta1/csidrivers",
          "replacedWith": "/apis/storage.k8s.io/v1/csidrivers",

          "usage": "/apis/storage.k8s.io/v1beta1/csinodes",
          "replacedWith": "/apis/storage.k8s.io/v1/csinodes",

          "usage": "/apis/storage.k8s.io/v1beta1/storageclasses",
          "replacedWith": "/apis/storage.k8s.io/v1/storageclasses",

          "usage": "/apis/storage.k8s.io/v1beta1/volumeattachments",
          "replacedWith": "/apis/storage.k8s.io/v1/volumeattachments",

mattmattox · June 28, 2024, 4:02am

First I would recommend deploying the Rancher Backup Operator (backs up the Rancher stuff in the local cluster as json files then tars them up and sends them off to s3) as we want to make sure we can rollback if the upgrade has problems.

Next we need to plan out the versions. We do this by reviewing the Support Matrix.

Currently you are out of the supported k8s range for Rancher v2.5.12 (v1.17.17 - v1.20.14) so you first need to upgrade Rancher to v2.6.14 (v1.20 - v1.24). Then you can upgrade your EKS cluster from v1.21 → v1.22 → v1.23 → v1.24.

Of course Rancher 2.6 is EOL so we then want you to go to Rancher v2.7.14 (v1.23 - v1.27) followed by upgrading EKS v1.24 → v1.25 → v1.26 → v1.27

Finally we would recommend going to Rancher v2.8.5 then upgrade EKS to v1.28. At that point you are running the latest recommended versions. Also, if you have downstream clusters. You should be upgrading them after upgrading the upstream cluster (local). Of course you should be taking backups before and after each upgrade and allowing some burn-in time between upgrades.

Also, before upgrading your downstream clusters, you should review your applications for compatibility. I personally use GitHub - kubepug/kubepug: Kubernetes PreUpGrade (Checker).

Jason-R · July 2, 2024, 3:32am

Thanks Matt, really appreciate the confirmation on the version upgrade path.

However, I would also like to confirm if there are any APIs listed in my insights list that don’t seem to be related to our older Rancher version?

Some are obviously related, like “cattle”, but some are likely, but not obvious to me, like admissionregistration/mutatingwebhookconfig

Anything that sticks out I will further investigate.
Much appreciated

Topic		Replies	Views
K8s 1.16 - api changes Rancher	1	437	November 14, 2019
Upgrade Rancher Server v1.0.1 to v1.6.2 Rancher 1.x	3	804	March 29, 2018
Latest Rancher NGINX images information	5	746	December 14, 2023
Upgrade K8S from 1.7.7 to 1.8.3 using Rancher 1.6.11 Rancher 1.x	3	981	November 19, 2017
Upgrade kubernetes from rancher	3	1122	July 26, 2016

Rancher upgrade before K8S?

Related topics