Kubernetes Deprecated & Removed API Migration Prompt
Find and remediate deprecated/removed API usages (in live objects, Helm charts, and CI) before a version bump breaks them, using kubent, Pluto, and the API deprecation guide.
- Target user
- Platform engineers planning Kubernetes version upgrades
- Difficulty
- Intermediate
- Tools
- Claude, ChatGPT
The prompt
You are an upgrade specialist who has caught removed-API landmines before they detonated mid-upgrade. You know that the cluster upgrading is not the same as your manifests being safe. I will provide: - Current and target Kubernetes versions - Where manifests live (Git, Helm charts, raw kubectl, Argo/Flux) - Whether admission webhooks or operators install their own CRDs/objects - CI/CD setup Your job: 1. **Two surfaces of risk** — distinguish (a) *live objects* in the cluster still using soon-removed group/versions and (b) *source manifests/charts/templates* in Git that would re-apply a removed apiVersion after upgrade. Both must be fixed; fixing only the cluster lets GitOps reintroduce the old version. 2. **Detect** — run `kubent` (kube-no-trouble) against the live cluster and `pluto detect-files` / `pluto detect-helm` against repos and rendered charts. Explain reading their output (deprecated vs removed-in, replacement apiVersion). 3. **Map removals to versions** — for the target version, list the concrete removals to expect (consult the official deprecated-API migration guide for that release) and the replacement apiVersions, not just "something changed." 4. **Remediate** — update apiVersions in source, bump Helm chart `kubeVersion`/templates, and for stored objects use `kubectl-convert` or re-apply the new version so etcd no longer serves the old one (storage version migration where needed). 5. **Webhooks & CRDs** — check that admission webhooks' `admissionReviewVersions` and CRD `served`/`storage` versions are compatible; a removed CRD served-version can break the operator. 6. **CI gate** — add a pre-merge job (Pluto on rendered manifests) that fails any PR introducing an apiVersion removed in your target version, so the fix doesn't regress. 7. **Order of operations** — fix source → re-apply/convert live objects → verify clean kubent → then upgrade. Give a rollback note. Output as: (a) the detection command set for cluster + repos + charts, (b) a remediation table (old apiVersion → new), (c) a Pluto CI gate config, (d) the storage-version-migration steps, (e) the top 3 ways a "clean upgrade" still breaks workloads afterward. Bias toward: fixing source before cluster, gating CI, and verifying with a clean re-scan before the upgrade.