VMware Tanzu Kubernetes Grid Integrated Edition

Hi there,

I've a TKC 1.24 (v1.24.9---vmware.1-tkg.4) that provisioned on vSphere 8 Tanzu (vSphere Namespaces 0.1.6 Kubernetes v1.26.4+vmware.wcp.1) and I planned to update it to 1.25 (v1.25.7---vmware.3-fips.1-tkg.1). previously i update that from 1.23 to 1.24 without any problem in a year ago. but now internal certificates of 1.24 cluster has been expired and because of that while updating renewal of certificates is happened i decide to update cluster from 1.24 to 1.25.

I edit tanzukubernetescluster like this documentation  by v1alpha3 method and change TKR reference from 1.24 into 1.25 . after editing nothing been changed and after a while in describe of cluster tell me to updateFailed. So i guess that is problem related to internal certificates and i connect to my 3 node of control plane and renew certificates by official documentations. and after that any change in update does not happened. and then i decide to update to 1.26 so i edit TKR to 1.26 (v1.26.13---vmware.1-fips.1-tkg.3), edit is done but update did not happen like same time.

after all of this, i want to revert TKR to Original (v1.24.9---vmware.1-tkg.4) and after editing this error is rising up:

error: tanzukubernetesclusters.run.tanzu.vmware.com "tkc-default" could not be patched: admission webhook "default.validating.tanzukubernetescluster.run.tanzu.vmware.com" denied the request: version upgrade not compatible with rules

i guess that is for one way update path of kubernetes validation? is it true?

the main problem is that i cannot update 1.24 to 1.25 and now when the TKR is saved to 1.26 i cannot revert it to 1.24 and then try it to change to 1.25 and check if update happen or not.

in really the cluster version is 1.24 but in this commands below result is printed:

# kubectl get tanzukubernetescluster -n tkg2-cluster-ns
NAME          CONTROL PLANE   WORKER   TKR NAME                           AGE    READY   TKR COMPATIBLE   UPDATES AVAILABLE
tkc-default   3               3        v1.26.13---vmware.1-fips.1-tkg.3   589d   False   True

# kubectl get node
NAME                                                    STATUS   ROLES           AGE    VERSION
tkc-default-8qcxv-74dhl                                 Ready    control-plane   366d   v1.24.9+vmware.1
tkc-default-8qcxv-dc4hq                                 Ready    control-plane   366d   v1.24.9+vmware.1
tkc-default-8qcxv-tf5zz                                 Ready    control-plane   366d   v1.24.9+vmware.1
tkc-default-worker-nodepool-a1-8pv56-6457c766bb-ftc66   Ready    <none>          366d   v1.24.9+vmware.1
tkc-default-worker-nodepool-a1-8pv56-6457c766bb-v8zw4   Ready    <none>          366d   v1.24.9+vmware.1
tkc-default-worker-nodepool-a1-8pv56-6457c766bb-vmxzg   Ready    <none>          366d   v1.24.9+vmware.1

Hi, did you solve that?

Hi there,

I've a TKC 1.24 (v1.24.9---vmware.1-tkg.4) that provisioned on vSphere 8 Tanzu (vSphere Namespaces 0.1.6 Kubernetes v1.26.4+vmware.wcp.1) and I planned to update it to 1.25 (v1.25.7---vmware.3-fips.1-tkg.1). previously i update that from 1.23 to 1.24 without any problem in a year ago. but now internal certificates of 1.24 cluster has been expired and because of that while updating renewal of certificates is happened i decide to update cluster from 1.24 to 1.25.

I edit tanzukubernetescluster like this documentation  by v1alpha3 method and change TKR reference from 1.24 into 1.25 . after editing nothing been changed and after a while in describe of cluster tell me to updateFailed. So i guess that is problem related to internal certificates and i connect to my 3 node of control plane and renew certificates by official documentations. and after that any change in update does not happened. and then i decide to update to 1.26 so i edit TKR to 1.26 (v1.26.13---vmware.1-fips.1-tkg.3), edit is done but update did not happen like same time.

after all of this, i want to revert TKR to Original (v1.24.9---vmware.1-tkg.4) and after editing this error is rising up:

error: tanzukubernetesclusters.run.tanzu.vmware.com "tkc-default" could not be patched: admission webhook "default.validating.tanzukubernetescluster.run.tanzu.vmware.com" denied the request: version upgrade not compatible with rules

i guess that is for one way update path of kubernetes validation? is it true?

the main problem is that i cannot update 1.24 to 1.25 and now when the TKR is saved to 1.26 i cannot revert it to 1.24 and then try it to change to 1.25 and check if update happen or not.

in really the cluster version is 1.24 but in this commands below result is printed:

# kubectl get tanzukubernetescluster -n tkg2-cluster-ns
NAME          CONTROL PLANE   WORKER   TKR NAME                           AGE    READY   TKR COMPATIBLE   UPDATES AVAILABLE
tkc-default   3               3        v1.26.13---vmware.1-fips.1-tkg.3   589d   False   True

# kubectl get node
NAME                                                    STATUS   ROLES           AGE    VERSION
tkc-default-8qcxv-74dhl                                 Ready    control-plane   366d   v1.24.9+vmware.1
tkc-default-8qcxv-dc4hq                                 Ready    control-plane   366d   v1.24.9+vmware.1
tkc-default-8qcxv-tf5zz                                 Ready    control-plane   366d   v1.24.9+vmware.1
tkc-default-worker-nodepool-a1-8pv56-6457c766bb-ftc66   Ready    <none>          366d   v1.24.9+vmware.1
tkc-default-worker-nodepool-a1-8pv56-6457c766bb-v8zw4   Ready    <none>          366d   v1.24.9+vmware.1
tkc-default-worker-nodepool-a1-8pv56-6457c766bb-vmxzg   Ready    <none>          366d   v1.24.9+vmware.1