Expected Behavior
I am performing the upgrade following the guide "Upgrading an installation that uses manifests and the Kubernetes API datastore". calicoctl is not installed, and I am not using Istio. The Calico pods start successfully. After that, pods should start normally.
Current Behavior
Upgrade performed via curl and kubectl apply --server-side --force-conflicts -f upgrade.yaml. The Calico pods start successfully and are Running and Ready. Deploying a new pod or restarting an existing one results in the following error:
Failed to create pod sandbox: rpc error: code = Unknown desc = failed to setup network for sandbox "7793eab191474b0fc110efb60e94a220074e1d5ce174853eb1befecca05f1487": plugin type="calico" failed (add): error getting ClusterInformation: Get "https://10.96.0.1:443/apis/crd.projectcalico.org/v1/clusterinformations/default": tls: failed to verify certificate: x509: certificate signed by unknown authority
Possible Solution
I have checked the ca.crt in the Calico pods and in the Calico kubeconfig. They match the fingerprint of /etc/kubernetes/pki/ca.crt.
I have tried upgrading to different Calico versions: 3.28.5, 3.29.x, 3.30.x
→ all of them lead to the same result.
Steps to Reproduce (for bugs)
- Update Calico from v3.28.3
- Restart a pod
Context
I want to upgrade my Calico. But any newer version results in the Error above. A downgrade to 3.28.3 fixes the issue.
Your Environment
- Calico version: 3.28.3
- Orchestrator version (e.g. kubernetes, openshift, etc.): kubelet-version: 1.34.4
- Operating System and version: Rocky Linux 9.7
Expected Behavior
I am performing the upgrade following the guide "Upgrading an installation that uses manifests and the Kubernetes API datastore". calicoctl is not installed, and I am not using Istio. The Calico pods start successfully. After that, pods should start normally.
Current Behavior
Upgrade performed via curl and kubectl apply --server-side --force-conflicts -f upgrade.yaml. The Calico pods start successfully and are Running and Ready. Deploying a new pod or restarting an existing one results in the following error:
Failed to create pod sandbox: rpc error: code = Unknown desc = failed to setup network for sandbox "7793eab191474b0fc110efb60e94a220074e1d5ce174853eb1befecca05f1487": plugin type="calico" failed (add): error getting ClusterInformation: Get "https://10.96.0.1:443/apis/crd.projectcalico.org/v1/clusterinformations/default": tls: failed to verify certificate: x509: certificate signed by unknown authority
Possible Solution
I have checked the ca.crt in the Calico pods and in the Calico kubeconfig. They match the fingerprint of /etc/kubernetes/pki/ca.crt.
I have tried upgrading to different Calico versions: 3.28.5, 3.29.x, 3.30.x
→ all of them lead to the same result.
Steps to Reproduce (for bugs)
Context
I want to upgrade my Calico. But any newer version results in the Error above. A downgrade to 3.28.3 fixes the issue.
Your Environment