I've left a Kubernetes cluster running on version 1.25.5 for longer than I should have, and now I'm trying to upgrade it to version 1.26.13 by cycling out nodes. However, I'm running into issues when adding the new control plane; specifically, I'm getting error events for the control plane pods (like etcd) indicating there's a problem with image verification. The error message states: 'Error: user specified image not specified, cannot verify image signature.' Although the etcd version being pulled (3.5.10-0) matches the existing control planes and appears to be present on the machine, I'm struggling to find any helpful info online to troubleshoot this. Can anyone clarify what this error means and offer any assistance?
3 Answers
It sounds like you might be using cri-o, and it's possible that the signature verification feature got enabled when you upgraded to v1.26. That could explain the error regarding image verification. You might want to check your cri-o settings and see if that’s the case!
Since you're more than 10 versions behind, you could try doing in-place updates until the end of November. But honestly, it might be quicker to set up a new cluster with the latest version and move everything over. It could save you a lot of hassle compared to doing repeated edits and updates.
This.
I'm afraid I'd already thought of that. Sure would be the easier methodology, but since it's just a homelab, I need to minimize downtime. An in-place upgrade should help me maintain near-zero downtime.
Honestly, at this stage, it’s probably a good idea to plan for a migration to a new cluster.
You may well have figured it out, great insight to check, thanks!