Easily detect deprecated resources on Kubernetes

Asked 28/9, 2021 at 18:21 Answered 28/6 at 19:31

Solved kubernetes google-kubernetes-engine kube-apiserver

We've just received an e-mail from GCP informing us that our clusters are currently using deprecated Beta APIs and that we need to upgrade to the newest API version.

We have 3 clusters running multiple resources in multiple namespaces so it would be a bit painful having to go through all of them detecting which ones are obsolete.

The ones we control such as services, deployments, horizontalpodautoscalers, poddisruptionbudgets etc, those ones are already updated.

But we have many services whose manifest files are automatically generated such as Spinnaker services generated by Halyard, or ElasticSearch generated by Elastic Operator, etc.

Is there any way to filter all resources by the API version, or any way to detect deprecated resources across all namespaces?

Auricle answered 28/9, 2021 at 18:21 Comment(0)

In order to view which API are supported by your cluster

# Print out supported API's in the cluster
kubectl api-versions

In order to view deprecated API, you can use this tool.
it's exactly what you asked for, it will print list of resources with the deprecated API's.

https://github.com/doitintl/kube-no-trouble

# sample output from the official docs:


$./kubent
6:25PM INF >>> Kube No Trouble `kubent` <<<
6:25PM INF Initializing collectors and retrieving data
6:25PM INF Retrieved 103 resources from collector name=Cluster
6:25PM INF Retrieved 132 resources from collector name="Helm v2"
6:25PM INF Retrieved 0 resources from collector name="Helm v3"
6:25PM INF Loaded ruleset name=deprecated-1-16.rego
6:25PM INF Loaded ruleset name=deprecated-1-20.rego
_____________________________________________________________________
>>> 1.16 Deprecated APIs <<<
---------------------------------------------------------------------
KIND         NAMESPACE     NAME                    API_VERSION
Deployment   default       nginx-deployment-old    apps/v1beta1
Deployment   kube-system   event-exporter-v0.2.5   apps/v1beta1
Deployment   kube-system   k8s-snapshots           extensions/v1beta1
Deployment   kube-system   kube-dns                extensions/v1beta1
_____________________________________________________________________
>>> 1.20 Deprecated APIs <<<
---------------------------------------------------------------------
KIND      NAMESPACE   NAME           API_VERSION
Ingress   default     test-ingress   extensions/v1beta1

Installing `kubent`

# install `kubent`
sh -c "$(curl -sSL 'https://git.io/install-kubent')"

Running `kubent`

kubent

Additional Similar tools:

Duque answered 28/9, 2021 at 18:45 Comment(5)

Wow I never thought such a perfect solution existed! Thank you so much. – Auricle 28/9, 2021 at 19:0

You are welcome :-) glad to help – Duque 28/9, 2021 at 19:1

Install command doesn't work any more :( – Schaaf 1/2, 2022 at 12:44

work well. but in my case I have had an situation. It related with my kube-config. So, following this. I have to update my apiVersion: from 'apiVersion: client.authentication.k8s.io/v1alpha1' to 'apiVersion: client.authentication.k8s.io/v1beta1' – Cwm 17/2, 2023 at 3:51

There is a homebrew package as well. Just in install with brew install kubent – Spiniferous 11/6, 2023 at 8:53

kdave checks for any deprecated or removed apiVersions in the cluster and exports them in a Prometheus metrics format. It collects these apiVersions from the deployed helm releases It allows you to have visibility and answer these questions

How many applications in the cluster use deprecated apiVersions
How many applications in the cluster use removed apiVersions
Will the deprecated apiVersions be removed in the next release or next two releases
What are the replacement apiVersions for these deprecated or removed apiVersions

kdave https://github.com/wayfair-incubator/kdave and the k8s-used-api-versionshttps://github.com/wayfair-incubator/k8s-used-api-versions

https://www.linkedin.com/pulse/kubernetes-used-api-versions-operator-ahmed-elbakry/ https://www.linkedin.com/pulse/kubernetes-deprecated-api-versions-exporter-ahmed-elbakry/

Nieberg answered 19/5, 2022 at 13:26 Comment(0)

There is an Ansible module, redhatci.ocp.deprecated_api, which not only detects currently deprecated APIs but also lists soon-to-be-deprecated ones.

Here is an example of how to run it:

$ ansible-galaxy collection install redhatci.ocp

$ cat << 'EOF' > playbook.yml
---
- name: Connect to cluster and list nodes
  hosts: local
  tasks:
    - name: Detect to-be-Removed APIs in all namespaces excluding ones starting with openshift and kube-
      include_role:
        name: redhatci.ocp.deprecated_api
      vars:
        ocp_version: "4.11"
        deprecated_api_logs:
          path: "{{ playbook_dir }}"
      register: compatibility_map
EOF

$ ansible-playbook -i inventory -v playbook.yml
-- snip --
TASK [redhatci.ocp.deprecated_api : Compute OCP compatibility of the workload API for default] ******************************************************
ok: [127.0.0.1] => {"ansible_facts": {"ocp_compatibility": {"4.11": "compatible", "4.12": "events.v1beta1.events.k8s.io, podsecuritypolicies.v1beta1.policy", "4.13": "events.v1beta1.events.k8s.io, podsecuritypolicies.v1beta1.policy, prioritylevelconfigurations.v1beta1.flowcontrol.apiserver.k8s.io, flowschemas.v1beta1.flowcontrol.apiserver.k8s.io"}}, "changed": false}
-- snip --

Skijoring answered 22/5 at 15:52 Comment(0)

I created a script to search for pods that use a given api resource and version. At it’s heart is uses kubectl get ${1} -o=jsonpath="{range .items[*]}{.metadata.name}{': ‘}{.apiVersion}{'\n'}{end}" where ${1} is a resource name like 'poddisruptionbudget’. It will list the pods names and the api version of the resource and it can optionally filter by the api version.

#!/bin/bash
#
# script to get kubenetes resources of a given kind and optionally filter by api version
#

: {API:=""}

function help() {
    echo
    echo "Usage: $(basename $0) kind <api>"
    echo "- kind is a kubenetes resource type"
    echo "- api is optional.  If it is provided, it is the api version."
    echo
    echo "Depends upon:"
    echo "- kubectl must be installed"
    echo "- '$KUBECONFIG' must be set to a kubernetes cluster."
    echo
    exit 1
}

if [ "$#" -gt 2 ]; then
    "Error: too many arguments"
    help
fi

if [ "$1" == "" ]; then
    echo 'Error: the first argument must be a kubenetes resource type'
    help
fi

if [ "$2" == "" ]; then
    kubectl get ${1} -o=jsonpath="{range .items[*]}{.metadata.name}{': '}{.apiVersion}{'\n'}{end}"
else
    kubectl get ${1} -o=jsonpath="{range .items[*]}{.metadata.name}{': '}{.apiVersion}{'\n'}{end}" | grep ${2}
fi

The list of deprecations is https://kubernetes.io/docs/reference/using-api/deprecation-guide/. Searching for each kind of resource with a deprecated api version reveals the use of the deprecated apis. This script is useful as-is, or could be the basis for a better tool that takes a list of deprecations.

Phelgen answered 28/6 at 19:31 Comment(0)

Installing `kubent`

Running `kubent`

Additional Similar tools:

Recommended topics

Hot tags

Installing kubent

Running kubent

Additional Similar tools:

Recommended topics

Hot tags

Installing `kubent`

Running `kubent`