Rancher upgrade has failed with an error no matches for kind "Issuer" in version "cert-manager.io/v1alpha2"
Article Number: 000020805
Environment
Rancher 2.6.x
Situation
Rancher upgrade is failing due to the deprecated apiVersion for the cert-manager CRD. This affects cert-manager upgrades from an earlier release, for example upgrading cert-manager from 0.12 to 1.7.1, which in turn has the potential to create a deprecated apiVersion within the existing Rancher release manifest.
The relevant error message may appear as below and occurs when running the helm upgrade command to upgrade Rancher.
Error: UPGRADE FAILED: unable to build kubernetes objects from current release manifest: resource mapping not found for name: "rancher" namespace: "" from "": no matches for kind "Issuer" in version "cert-manager.io/v1alpha2" ensure CRDs are installed first
Cause
Old CRD's are not deleted properly after the upgrade of cert-manager, this may cause a deprecated apiVersion to be used in the Rancher release manifest.
Resolution
Follow the below steps to edit the latest Helm v3 config for Rancher, and replace cert-manager.io/v1alpha2 with cert-manager.io/v1.
1. Execute the below command and locate the latest version of sh.helm.release.v1.rancher.v*
kubectl get secrets -n cattle-system
2. Back up the object, this example assumes sh.helm.release.v1.rancher.v1 is the latest
kubectl get secret sh.helm.release.v1.rancher.v1 -n cattle-system -o yaml > helm-rancher-config.yaml
3. Decode the data.release field and save the output to yaml (jq must be installed before executing the below steps)
kubectl get secrets sh.helm.release.v1.rancher.v1 -n cattle-system -o json | jq .data.release | tr -d '"' | base64 -d | base64 -d | gzip -d > helm-rancher-config-data-decoded.yaml
4. Change the apiVersion from v1/alpha2 to v1.
sed -e 's/cert-manager.io\/v1alpha2/cert-manager.io\/v1/' helm-rancher-config-data-decoded.yaml > helm-rancher-config-data-decoded-replaced.yaml
5. Store the encoded data in a variable to reuse in the next step
releaseData=$(cat helm-rancher-config-data-decoded-replaced.yaml | gzip | base64 | base64 | tr -d "\n")
6. Replace the release data
sed 's/^\(\s*release\s*:\s*\).*/\1'$releaseData'/' helm-rancher-config.yaml > helm-rancher-config-final.yaml
7. Apply the yaml
kubectl apply -f helm-rancher-config-final.yaml -n cattle-system