Skip to content

Rancher upgrade has failed with an error no matches for kind "Issuer" in version "cert-manager.io/v1alpha2"

Article Number: 000020805

Environment

Rancher 2.6.x

Situation

Rancher upgrade is failing due to the deprecated apiVersion for the cert-manager CRD. This affects cert-manager upgrades from an earlier release, for example upgrading cert-manager from 0.12 to 1.7.1, which in turn has the potential to create a deprecated apiVersion within the existing Rancher release manifest.

The relevant error message may appear as below and occurs when running the helm upgrade command to upgrade Rancher.

Error: UPGRADE FAILED: unable to build kubernetes objects from current release manifest: resource mapping not found for name: "rancher" namespace: "" from "": no matches for kind "Issuer" in version "cert-manager.io/v1alpha2" ensure CRDs are installed first

Cause

Old CRD's are not deleted properly after the upgrade of cert-manager, this may cause a deprecated apiVersion to be used in the Rancher release manifest.

Resolution

Follow the below steps to edit the latest Helm v3 config for Rancher, and replace cert-manager.io/v1alpha2 with cert-manager.io/v1.

1. Execute the below command and locate the latest version of sh.helm.release.v1.rancher.v*

 kubectl get secrets -n cattle-system

2. Back up the object, this example assumes sh.helm.release.v1.rancher.v1 is the latest

kubectl get secret sh.helm.release.v1.rancher.v1 -n cattle-system -o yaml > helm-rancher-config.yaml

3. Decode the data.release field and save the output to yaml (jq must be installed before executing the below steps)

kubectl get secrets sh.helm.release.v1.rancher.v1 -n cattle-system -o json | jq .data.release | tr -d '"' | base64 -d | base64 -d | gzip -d > helm-rancher-config-data-decoded.yaml

4. Change the apiVersion from v1/alpha2 to v1.

sed -e 's/cert-manager.io\/v1alpha2/cert-manager.io\/v1/' helm-rancher-config-data-decoded.yaml > helm-rancher-config-data-decoded-replaced.yaml

5. Store the encoded data in a variable to reuse in the next step

releaseData=$(cat helm-rancher-config-data-decoded-replaced.yaml | gzip | base64 | base64 | tr -d "\n")

6. Replace the release data

sed 's/^\(\s*release\s*:\s*\).*/\1'$releaseData'/' helm-rancher-config.yaml > helm-rancher-config-final.yaml

7. Apply the yaml

kubectl apply -f helm-rancher-config-final.yaml -n cattle-system