DEV Community

Cover image for Installing an Old Kubernetes version on Windows
Victor Osório
Victor Osório

Posted on

1

Installing an Old Kubernetes version on Windows

Yes, sometimes we need to downgrade. So that was my problem I need to maintain an application using Windows and Kubernetes 1.17.

First attempt

I try to install the Kubernetes package inside Docker. But... For now, I only have the version 1.19! I know that I should reproduce the same environment from the deployment.

Second attempt

What if I deploy Rancher v2?

We have one problem. The latest version of Rancher doesn't create a Kubernetes 1.17 cluster, only a 1.19!

So I have to find a version of Rancher that creates the cluster on the required version. I found it on the version 2.3.8.

So to get this Rancher open a CMD running as Administrator and execute:

docker run --name rancher --privileged -d --restart=unless-stopped -p 10080:80 -p 10443:443 rancher/rancher:v2.3.8
Enter fullscreen mode Exit fullscreen mode

Why I'm not using port 80 and 443? Because ETCD will use these ports, let them free!

Troubleshooting

If you tried running more than one Kubernetes Cluster on Windows with WSL, you will have a problem with client certification:

2020-10-27 20:14:53.231000 I | etcdserver: published {Name:etcd-docker-desktop ClientURLs:[https://192.168.65.3:2379 https://192.168.65.3:4001]} to cluster 3c0da32f1ef888fb
2020-10-27 20:14:53.232544 I | embed: serving client requests on [::]:2379
2020-10-27 20:14:53.241806 I | embed: rejected connection from "192.168.65.3:43330" (error "tls: failed to verify client's certificate: x509: certificate signed by unknown authority (possibly because of \"crypto/rsa: verification error\" while trying to verify candidate authority certificate \"kube-ca\")", ServerName "")
2020-10-27 20:14:58.251358 I | embed: rejected connection from "192.168.65.3:43744" (error "tls: failed to verify client's certificate: x509: certificate signed by unknown authority (possibly because of \"crypto/rsa: verification error\" while trying to verify candidate authority certificate \"kube-ca\")", ServerName "")
2020-10-27 20:15:03.258650 I | embed: rejected connection from "192.168.65.3:43908" (error "tls: failed to verify client's certificate: x509: certificate signed by unknown authority (possibly because of \"crypto/rsa: verification error\" while trying to verify candidate authority certificate \"kube-ca\")", ServerName "")
2020-10-27 20:16:22.390547 I | embed: rejected connection from "192.168.65.3:46707" (error "EOF", ServerName "")
2020-10-27 20:16:36.732519 I | embed: rejected connection from "192.168.65.3:47178" (error "tls: failed to verify client's certificate: x509: certificate signed by unknown authority (possibly because of \"crypto/rsa: verification error\" while trying to verify candidate authority certificate \"kube-ca\")", ServerName "")
Enter fullscreen mode Exit fullscreen mode

This happens because Rancher ETCD creates a folder inside the host machine and reuse some data. You can find that information on the log:

2020-10-27 20:14:43.703157 N | etcdmain: the server is already initialized as member before, starting as etcd member...
Enter fullscreen mode Exit fullscreen mode

On the line above, ETCD is informing us that it will use a certificate for an old cluster. This will produce an error.

To resolve this problem, you should remove all data from /var/lib/etcd. I could not find that folder on Windows File System, so I open the Docker Troubleshoot and select Clean / Purge data.

Docker Troubleshoot

Conclusion

You can run any version of Kubernetes using Windows, WSL and Rancher. You have only to find the correct versions.


Picture by Julius Silver from Pexels

Picture by Julius Silver from Pexels

Speedy emails, satisfied customers

Postmark Image

Are delayed transactional emails costing you user satisfaction? Postmark delivers your emails almost instantly, keeping your customers happy and connected.

Sign up

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

AWS GenAI Live!

GenAI LIVE! is a dynamic live-streamed show exploring how AWS and our partners are helping organizations unlock real value with generative AI.

Tune in to the full event

DEV is partnering to bring live events to the community. Join us or dismiss this billboard if you're not interested. ❤️