Kubernetes 1.16 - how to upgrade and not break anything
Today, September 18, the next version of Kubernetes is released - 1.16. As always, we will find many improvements and new products. But I would like to draw your attention to the sections of the Action Required file CHANGELOG-1.16.md . These sections publish changes that may interrupt the operation of your application, cluster maintenance tools, or require changes to configuration files.
In general, they require manual intervention ...
Let's start right away with a change that is likely to affect everyone who has been working with kubernetes for a long time. The Kubernetes API has stopped supporting legacy versions of the resource API.
If anyone did not know, or forgot ...
The version of the resource API is indicated in the manifest in the
field
apiVersion: apps/v1
field
Namely:
| Resource type | Old version | What you need to replace |
| All resources | apps / v1beta1
apps / v1beta2 | apps / v1 |
| deployments
daemonset replicaset | extensions / v1beta1 | apps / v1 |
| networkpolicies | extensions / v1beta1 | networking.k8s.io/v1 |
| podsecuritypolicies | extensions / v1beta1 | policy / v1beta1 |
Ingress
apiVersion
also changed to
networking.k8s.io/v1beta1
. The old
extensions/v1beta1
still supported, but there is a good reason to update this version in manifests at the same time.
There are a lot of changes in various system labels (Node labels) that are installed on nodes.
Kubelet was forbidden to set arbitrary labels (before they could be set via the
kubelet --node-labels
launch keys), they left only this list of allowed ones :
kubernetes.io/hostname kubernetes.io/instance-type kubernetes.io/os kubernetes.io/arch beta.kubernetes.io/instance-type beta.kubernetes.io/os beta.kubernetes.io/arch failure-domain.beta.kubernetes.io/zone failure-domain.beta.kubernetes.io/region failure-domain.kubernetes.io/zone failure-domain.kubernetes.io/region [*.]kubelet.kubernetes.io/* [*.]node.kubernetes.io/*
The labels
beta.kubernetes.io/metadata-proxy-ready
,
beta.kubernetes.io/masq-agent-ds-ready
and
beta.kubernetes.io/kube-proxy-ds-ready
no longer added to new nodes, and various additional components began to use slightly different labels as a node selector:
| Component | Old label | Current tag |
| kube-proxy | beta.kubernetes.io/kube-proxy-ds-ready | node.kubernetes.io/kube-proxy-ds-ready |
| ip-mask-agent | beta.kubernetes.io/masq-agent-ds-ready | node.kubernetes.io/masq-agent-ds-ready |
| metadata-proxy | beta.kubernetes.io/metadata-proxy-ready | cloud.google.com/metadata-proxy-ready |
bootstrap-kubelet.conf
initial configuration file. If your tools accessed this file, then switch to using
kubelet.conf
, which stores the current access settings.
Cadvisor no longer gives the
pod_name
and
container_name
metrics, if you used them in Prometheus, go to the
pod
and
container
metrics, respectively.
The keys were removed with the command line:
| Component | Key removed |
| hyperkube | --make-symlink |
| kube-proxy | --resource-container |
A moment of humor. In the process of preparing release 1.16, the following changes were made:
- removed annotation
scheduler.alpha.kubernetes.io/critical-pod
in version v1.16.0-alpha.1 - returned annotation
scheduler.alpha.kubernetes.io/critical-pod
in version v1.16.0-alpha.2 - removed annotation
scheduler.alpha.kubernetes.io/critical-pod
in version v1.16.0-beta.1
Use the
spec.priorityClassName
field to indicate the importance of the hearth.
All Articles