Upgrading cert-manager from v0.10 to v1.2.0

I found out recently that I could no longer request SSL certificates using cert-manager’s deprecated APIs. This article describes the steps I took to upgrade cert-manager and some error messages found during the process. Total upgrade time took 1 hour and 15 minutes.

Prerequisites

  • kubernetes 1.16+ (I used 1.18)
  • kubectl 1.16+ (I used 1.18)

Backup secrets

$ kubectl get -o yaml -n cert-manager secrets > cert-manager-secrets.yaml

Backup relevant objects

$ kubectl get -o yaml \
    --all-namespaces \
    issuer,clusterissuer,certificates > cert-manager-backup.yaml

Uninstall the old cert-manager

The old cert-manager was installed using a Helm chart:

$ helm delete <helm-release-name>

Delete the cert-manager namespace

$ kubectl delete namespace cert-manager

Remove the old CRDs

$ kubectl delete crd clusterissuers.certmanager.k8s.io
$ kubectl delete crd issuers.certmanager.k8s.io
$ kubectl delete crd challenges.certmanager.k8s.io
$ kubectl delete crd certificates.certmanager.k8s.io

Check for stuck CRDs

In case CRDs could not be deleted, check for finalizers in the CRD’s manifest. Remove the finalizers from the CRD’s manifest and try to delete the CRD again.

Install cert-manager

This time, I installed using jetstack’s manifests and did not use Helm.

$ kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.2.0/cert-manager.yaml

Verify pods are running

$ kubectl get pods -n cert-manager

Example output:

NAME                                       READY   STATUS    RESTARTS   AGE
cert-manager-789fdcb77f-7qcgg              1/1     Running   0          3m6s
cert-manager-cainjector-6f6d6cb496-hzhzt   1/1     Running   0          3m7s
cert-manager-webhook-5c79844f4f-kwskp      1/1     Running   0          3m5s

Update API endpoints from backup

I recommend using a text editor to find-and-replace certmanager.k8s.io/v1alpha1 with cert-manager.io/v1.

Remove outdated syntax (e.g. http01) (see Issuer/ClusterIssuer issues).

Apply manifests to restore from backup

$ kubectl apply -f cert-manager-secrets.yaml
$ kubectl apply -f cert-manager-backup.yaml

See also

Wandering, Part One

If you don’t know where you are going, any road will get you there. – Lewis Carroll

My father gave that quote to me as he asked what my plans were after high school. He was willing to pay for college, but I had to decide what to study and see it through until graduation. I chose to study computer science despite discouragement of people around me at the time.

I mentioned luck (fortunate accidents) played a part in getting into a computer science program because I barely prepared for the exam. Staying in the program is a different problem. Not knowing what a computer science program entailed, I struggled for the first half of my stay at university. Things started to turn to a point where I had to convince university officials that I could finish the course.

I finished while working part-time at the university and eventually stayed a few years more to consult for them on software projects. This was the time when the World Wide Web has started to transform to Web 2.0.

Where It Started

Where the author writes about who he is and why he’s here.

I’ve setup this journal as a way to recall my journey in computing and how computers have influenced my decisions, good or bad.

Back in 1991, my mother’s friend (Ann) had an IBM PC XT at home (640KB of memory and no hard drives). Ann taught me how to boot up the machine using a floppy disk and start programs such as WordStar and PrintMaster. I played DOS games with her kids who are close to my age. I spent at least one summer there, with the occasional visits until 1994. Ann died on the same year and my mother died two years after.

A few months after my mother died, it was time to decide which course to take in college. With only a practical understanding of computing (no programming classes in high school), I applied for a computer science program at a university. Luckily I passed the entrance exam.

Introduce Yourself (Example Post)

Nestor: I decided to keep this post as a reminder.

What happens if I update this post?

This is an example post, originally published as part of Blogging University. Enroll in one of our ten programs, and start your blog right.

You’re going to publish a post today. Don’t worry about how your blog looks. Don’t worry if you haven’t given it a name yet, or you’re feeling overwhelmed. Just click the “New Post” button, and tell us why you’re here.

Why do this?

  • Because it gives new readers context. What are you about? Why should they read your blog?
  • Because it will help you focus your own ideas about your blog and what you’d like to do with it.

The post can be short or long, a personal intro to your life or a bloggy mission statement, a manifesto for the future or a simple outline of your the types of things you hope to publish.

To help you get started, here are a few questions:

  • Why are you blogging publicly, rather than keeping a personal journal?
  • What topics do you think you’ll write about?
  • Who would you love to connect with via your blog?
  • If you blog successfully throughout the next year, what would you hope to have accomplished?

You’re not locked into any of this; one of the wonderful things about blogs is how they constantly evolve as we learn, grow, and interact with one another — but it’s good to know where and why you started, and articulating your goals may just give you a few other post ideas.

Can’t think how to get started? Just write the first thing that pops into your head. Anne Lamott, author of a book on writing we love, says that you need to give yourself permission to write a “crappy first draft”. Anne makes a great point — just start writing, and worry about editing it later.

When you’re ready to publish, give your post three to five tags that describe your blog’s focus — writing, photography, fiction, parenting, food, cars, movies, sports, whatever. These tags will help others who care about your topics find you in the Reader. Make sure one of the tags is “zerotohero,” so other new bloggers can find you, too.