Yes, sometimes we need to downgrade. So that was my problem I need to maintain an application using Windows and Kubernetes 1.17.
First attempt
I try to install the Kubernetes package inside Docker. But... For now, I only have the version 1.19! I know that I should reproduce the same environment from the deployment.
Second attempt
What if I deploy Rancher v2?
We have one problem. The latest version of Rancher doesn't create a Kubernetes 1.17 cluster, only a 1.19!
So I have to find a version of Rancher that creates the cluster on the required version. I found it on the version 2.3.8
.
So to get this Rancher open a CMD running as Administrator and execute:
docker run --name rancher --privileged -d --restart=unless-stopped -p 10080:80 -p 10443:443 rancher/rancher:v2.3.8
Why I'm not using port 80
and 443
? Because ETCD will use these ports, let them free!
Troubleshooting
If you tried running more than one Kubernetes Cluster on Windows with WSL, you will have a problem with client certification:
2020-10-27 20:14:53.231000 I | etcdserver: published {Name:etcd-docker-desktop ClientURLs:[https://192.168.65.3:2379 https://192.168.65.3:4001]} to cluster 3c0da32f1ef888fb
2020-10-27 20:14:53.232544 I | embed: serving client requests on [::]:2379
2020-10-27 20:14:53.241806 I | embed: rejected connection from "192.168.65.3:43330" (error "tls: failed to verify client's certificate: x509: certificate signed by unknown authority (possibly because of \"crypto/rsa: verification error\" while trying to verify candidate authority certificate \"kube-ca\")", ServerName "")
2020-10-27 20:14:58.251358 I | embed: rejected connection from "192.168.65.3:43744" (error "tls: failed to verify client's certificate: x509: certificate signed by unknown authority (possibly because of \"crypto/rsa: verification error\" while trying to verify candidate authority certificate \"kube-ca\")", ServerName "")
2020-10-27 20:15:03.258650 I | embed: rejected connection from "192.168.65.3:43908" (error "tls: failed to verify client's certificate: x509: certificate signed by unknown authority (possibly because of \"crypto/rsa: verification error\" while trying to verify candidate authority certificate \"kube-ca\")", ServerName "")
2020-10-27 20:16:22.390547 I | embed: rejected connection from "192.168.65.3:46707" (error "EOF", ServerName "")
2020-10-27 20:16:36.732519 I | embed: rejected connection from "192.168.65.3:47178" (error "tls: failed to verify client's certificate: x509: certificate signed by unknown authority (possibly because of \"crypto/rsa: verification error\" while trying to verify candidate authority certificate \"kube-ca\")", ServerName "")
This happens because Rancher ETCD creates a folder inside the host machine and reuse some data. You can find that information on the log:
2020-10-27 20:14:43.703157 N | etcdmain: the server is already initialized as member before, starting as etcd member...
On the line above, ETCD is informing us that it will use a certificate for an old cluster. This will produce an error.
To resolve this problem, you should remove all data from /var/lib/etcd
. I could not find that folder on Windows File System, so I open the Docker Troubleshoot and select Clean / Purge data.
Conclusion
You can run any version of Kubernetes using Windows, WSL and Rancher. You have only to find the correct versions.
Picture by Julius Silver from Pexels
Top comments (0)