October 1, 2019 By Richard Theis 3 min read

Kubernetes version 1.16 has removed several deprecated APIs that you’ll likely recognize and may use on a daily basis.

Kubernetes version 1.16 removed the deprecated APIs by default. However, Kubernetes providers had the option to temporarily keep the APIs enabled. IBM Cloud Kubernetes Service kept the community default and removed the APIs starting in version 1.16. On the other hand, Red Hat OpenShift on IBM Cloud version 4.3, which is based on Kubernetes version 1.16, kept these APIs enabled. Now, Red Hat OpenShift on IBM Cloud version 4.4, which is based on Kubernetes version 1.17, removes the APIs as well.

The apps/v1beta1 and apps/v1beta2 APIs have been completely removed. In addition, the extensions/v1beta1 API has been removed for select resources. Removal of these APIs impacts the following Kubernetes resources: NetworkPolicy, PodSecurityPolicy, DaemonSet, Deployment, StatefulSet, and ReplicaSet

The good news is that replacement APIs are available now and have been for a long time. Every supported IBM Cloud Kubernetes Service and Red Hat OpenShift on IBM Cloud version supports the replacement APIs. So, if you haven’t started your transition, now is the time. 

For more information, see the Kubernetes blog: “Deprecated APIs Removed In 1.16: Here’s What You Need To Know.”

Overview of the replacement APIs

  • Use the networking.k8s.io/v1 API for NetworkPolicy resources.
  • Use the policy/v1beta1 API for PodSecurityPolicy resources.
  • Use the apps/v1 API for DaemonSet, Deployment, StatefulSet, and ReplicaSet resources.

Some tips to help you with this transition

Review kubectl last applied configurations

The Kubernetes kubectl command provides a very useful resource annotation—kubectl.kubernetes.io/last-applied-configuration—that can help you find Kubernetes resources created or updated via kubectl using the removed APIs.  

Run the following commands as a cluster administrator to find all resources last applied using the impacted APIs. Any resources found are likely backed by YAML that you or someone that you depend on needs to change. More on converting your YAML later:

$ kubectl get NetworkPolicy,PodSecurityPolicy,DaemonSet,Deployment,ReplicaSet --all-namespaces -o 'jsonpath={range .items[*]}{.metadata.annotations.kubectl\.kubernetes\.io/last-applied-configuration}{"\n"}{end}' | grep '"apiVersion":"extensions/v1beta1"'
$ kubectl get DaemonSet,Deployment,StatefulSet,ReplicaSet --all-namespaces -o 'jsonpath={range .items[*]}{.metadata.annotations.kubectl\.kubernetes\.io/last-applied-configuration}{"\n"}{end}' | grep '"apiVersion":"apps/v1beta'

Review Kubernetes API server usage metrics

The Kubernetes API server provides API usage metrics that can help you find clients using the removed APIs. 

Run the following commands as a cluster administrator. The commands filter out the dashboard (i.e., Kubernetes Dashboard), hyperkube (Kubernetes master and worker node components), and kubectl clients since these clients will transition to the replacement APIs as part of the upgrade process. Since IBM Cloud Kubernetes Service and Red Hat OpenShift on IBM Cloud clusters have highly available (HA) masters, you will have to run these commands several times to ensure data is collected from all three Kubernetes API servers.

kubectl get --raw="/metrics" | grep apiserver_request_count | grep 'group="extensions"' | grep 'version="v1beta1"' | grep -v ingresses | grep -v 'client="hyperkube' | grep -v 'client="kubectl' | grep -v 'client="dashboard' | grep -v 'component="apiserver"'
$ kubectl get --raw="/metrics" | grep apiserver_request_count | grep 'group="apps"' | grep 'version="v1beta' | grep -v 'client="hyperkube' | grep -v 'client="kubectl' | grep -v 'client="dashboard'

Review your dependencies

Even if your apps are ready for this transition, a review of the earlier command results may identify dependencies that are not. 

Convert your YAML

From the Kubernetes blog referenced earlier, “You can use the kubectl convert command to automatically convert an existing object: kubectl convert -f <file> --output-version <group>/<version>. … Note that this may use non-ideal default values.” Be sure to review and test the results of the conversion.

Next steps

The Kubernetes blog “Deprecated APIs Removed In 1.16: Here’s What You Need To Know” and Kubernetes version 1.16 CHANGELOG identify other deprecated APIs that are targeted for removal in later releases.

Once you are ready for Kubernetes version 1.16, update your to-do list to include handling these future API removals. Also, please help get the message out and open issues so the entire Kubernetes community is ready for versions 1.16 and later.

Questions?

For general questions, engage our team via Slack by registering here, and join the discussion in the #general channel on our public IBM Cloud Kubernetes Service Slack.

More from Announcements

Enabling customers to streamline document management with IBM watsonx.ai

2 min read - At Accusoft, our mission is to help organizations solve their most complex content workflow challenges by helping them adopt content processing, conversion and automation solutions. We accomplish this through our flagship product, PrizmDoc, which enables developers to enhance their applications with in-browser document viewing and collaboration functionality.  Over the past several years, we’ve been closely monitoring the evolving role of artificial intelligence (AI) in delivering cutting-edge solutions to our customers. Unlike many competitors who hastily incorporate AI  to check a…

Success and recognition of IBM offerings in G2 Summer Reports  

2 min read - IBM offerings were featured in over 1,365 unique G2 reports, earning over 230 Leader badges across various categories.   This recognition is important to showcase our leading products and also to provide the unbiased validation our buyers seek. According to the 2024 G2 Software Buyer Behavior Report, “When researching software, buyers are most likely to trust information from people with similar roles and challenges, and they value transparency above other factors.”  With over 90 million visitors each year and hosting more than 2.6…

IBM named a Leader in Gartner Magic Quadrant for SIEM, for the 14th consecutive time

3 min read - Security operations is getting more complex and inefficient with too many tools, too much data and simply too much to do. According to a study done by IBM, SOC team members are only able to handle half of the alerts that they should be reviewing in a typical workday. This potentially leads to missing the important alerts that are critical to an organization's security. Thus, choosing the right SIEM solution can be transformative for security teams, helping them manage alerts…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters