October 1, 2019 By Richard Theis 3 min read

Kubernetes version 1.16 has removed several deprecated APIs that you’ll likely recognize and may use on a daily basis.

Kubernetes version 1.16 removed the deprecated APIs by default. However, Kubernetes providers had the option to temporarily keep the APIs enabled. IBM Cloud Kubernetes Service kept the community default and removed the APIs starting in version 1.16. On the other hand, Red Hat OpenShift on IBM Cloud version 4.3, which is based on Kubernetes version 1.16, kept these APIs enabled. Now, Red Hat OpenShift on IBM Cloud version 4.4, which is based on Kubernetes version 1.17, removes the APIs as well.

The apps/v1beta1 and apps/v1beta2 APIs have been completely removed. In addition, the extensions/v1beta1 API has been removed for select resources. Removal of these APIs impacts the following Kubernetes resources: NetworkPolicy, PodSecurityPolicy, DaemonSet, Deployment, StatefulSet, and ReplicaSet

The good news is that replacement APIs are available now and have been for a long time. Every supported IBM Cloud Kubernetes Service and Red Hat OpenShift on IBM Cloud version supports the replacement APIs. So, if you haven’t started your transition, now is the time. 

For more information, see the Kubernetes blog: “Deprecated APIs Removed In 1.16: Here’s What You Need To Know.”

Overview of the replacement APIs

  • Use the networking.k8s.io/v1 API for NetworkPolicy resources.
  • Use the policy/v1beta1 API for PodSecurityPolicy resources.
  • Use the apps/v1 API for DaemonSet, Deployment, StatefulSet, and ReplicaSet resources.

Some tips to help you with this transition

Review kubectl last applied configurations

The Kubernetes kubectl command provides a very useful resource annotation—kubectl.kubernetes.io/last-applied-configuration—that can help you find Kubernetes resources created or updated via kubectl using the removed APIs.  

Run the following commands as a cluster administrator to find all resources last applied using the impacted APIs. Any resources found are likely backed by YAML that you or someone that you depend on needs to change. More on converting your YAML later:

$ kubectl get NetworkPolicy,PodSecurityPolicy,DaemonSet,Deployment,ReplicaSet --all-namespaces -o 'jsonpath={range .items[*]}{.metadata.annotations.kubectl\.kubernetes\.io/last-applied-configuration}{"\n"}{end}' | grep '"apiVersion":"extensions/v1beta1"'
$ kubectl get DaemonSet,Deployment,StatefulSet,ReplicaSet --all-namespaces -o 'jsonpath={range .items[*]}{.metadata.annotations.kubectl\.kubernetes\.io/last-applied-configuration}{"\n"}{end}' | grep '"apiVersion":"apps/v1beta'

Review Kubernetes API server usage metrics

The Kubernetes API server provides API usage metrics that can help you find clients using the removed APIs. 

Run the following commands as a cluster administrator. The commands filter out the dashboard (i.e., Kubernetes Dashboard), hyperkube (Kubernetes master and worker node components), and kubectl clients since these clients will transition to the replacement APIs as part of the upgrade process. Since IBM Cloud Kubernetes Service and Red Hat OpenShift on IBM Cloud clusters have highly available (HA) masters, you will have to run these commands several times to ensure data is collected from all three Kubernetes API servers.

kubectl get --raw="/metrics" | grep apiserver_request_count | grep 'group="extensions"' | grep 'version="v1beta1"' | grep -v ingresses | grep -v 'client="hyperkube' | grep -v 'client="kubectl' | grep -v 'client="dashboard' | grep -v 'component="apiserver"'
$ kubectl get --raw="/metrics" | grep apiserver_request_count | grep 'group="apps"' | grep 'version="v1beta' | grep -v 'client="hyperkube' | grep -v 'client="kubectl' | grep -v 'client="dashboard'

Review your dependencies

Even if your apps are ready for this transition, a review of the earlier command results may identify dependencies that are not. 

Convert your YAML

From the Kubernetes blog referenced earlier, “You can use the kubectl convert command to automatically convert an existing object: kubectl convert -f <file> --output-version <group>/<version>. … Note that this may use non-ideal default values.” Be sure to review and test the results of the conversion.

Next steps

The Kubernetes blog “Deprecated APIs Removed In 1.16: Here’s What You Need To Know” and Kubernetes version 1.16 CHANGELOG identify other deprecated APIs that are targeted for removal in later releases.

Once you are ready for Kubernetes version 1.16, update your to-do list to include handling these future API removals. Also, please help get the message out and open issues so the entire Kubernetes community is ready for versions 1.16 and later.


For general questions, engage our team via Slack by registering here, and join the discussion in the #general channel on our public IBM Cloud Kubernetes Service Slack.

More from Announcements

IBM Hybrid Cloud Mesh and Red Hat Service Interconnect: A new era of app-centric connectivity 

2 min read - To meet customer demands, applications are expected to be performing at their best at all times. Simultaneously, applications need to be flexible and cost effective, and therefore supported by an underlying infrastructure that is equally reliant, performant and secure as the applications themselves.   Easier said than done. According to EMA's 2024 Network Management Megatrends report only 42% of responding IT professionals would rate their network operations as successful.   In this era of hyper-distributed infrastructure where our users, apps, and data…

IBM named a Leader in Gartner Magic Quadrant for SIEM, for the 14th consecutive time

3 min read - Security operations is getting more complex and inefficient with too many tools, too much data and simply too much to do. According to a study done by IBM, SOC team members are only able to handle half of the alerts that they should be reviewing in a typical workday. This potentially leads to missing the important alerts that are critical to an organization's security. Thus, choosing the right SIEM solution can be transformative for security teams, helping them manage alerts…

IBM and MuleSoft expand global relationship to accelerate modernization on IBM Power 

2 min read - As companies undergo digital transformation, they rely on APIs as the backbone for providing new services and customer experiences. While APIs can simplify application development and deliver integrated solutions, IT shops must have a robust solution to effectively manage and govern them to ensure that response times and costs are kept low for all applications. Many customers use Salesforce’s MuleSoft, named a leader by Gartner® in full lifecycle API management for seven consecutive times, to manage and secure APIs across…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters