Streamlining Kubernetes Upgrades – Overcoming Migration Barriers with Automated Protection.

Collaboratively authored by:

• Gopala Krishnan,  Partner Solution Architect, SUSE
• Abraham George, Senior Support Engineer, SUSE

Introduction

In the rapidly evolving landscape of Kubernetes, organizations are constantly seeking ways to strengthen their infrastructure with enhanced security, resilience, and scalability. Rancher Kubernetes Engine (RKE) has served enterprises well for years, but SUSE has announced its end-of-life, making the transition to Rancher Kubernetes Engine 2 (RKE2) both essential and strategic. Far more than a routine upgrade, this shift represents a move to a modern, hardened Kubernetes distribution built with security and enterprise readiness at its core.

While the advantages of RKE2 are clear, the migration from RKE to RKE2 can be a complex undertaking that involves both technical and organizational challenges. This article explores how the partnership between SUSE and CloudCasa by Catalogic is transforming the RKE to RKE2 migration journey. We examine the drivers for migration, the pitfalls of manual approaches, and how the combined solution simplifies and secures the process with automated backups, restores, validation, and compliance safeguards.

With SUSE and CloudCasa, enterprises can accelerate and de-risk their RKE to RKE2 migrations—ensuring business continuity, protecting Kubernetes workloads, and enabling seamless operations across on-premises, edge, and cloud environments.

Why RKE1 to RKE2  Migrations Matter—A Strategic Imperative (Transition to RKE2)

The decision to migrate from RKE to RKE2 is driven by several strategic imperatives that directly impact an organization’s operational continuity, security posture, and ability to innovate. RKE1 to RKE2 migration matters primarily because RKE1 is at its end-of-life (EOL) as of July 31, 2025, requiring users to switch to RKE2 for continued support, security updates, and to leverage a modern, secure platform built on containers instead of the unmaintained Docker. RKE2 also offers built-in FIPS compliance, enhanced security hardening, and a more robust, self-managing architecture compared to RKE1.

Here’s why this transition is vital:

• Enhanced Security: RKE2 introduces required support for new security frameworks and compliance mandates. Unlike RKE, which relied on Docker (a container runtime no longer actively maintained), RKE2 adopts a more modern and efficient container environment (containerd), significantly enhancing performance and security. It is designed to help clusters meet rigorous CIS Kubernetes Benchmarks with minimal configuration, ensuring robust defense against potential vulnerabilities.
• Compliance Mandates: RKE2 supports FIPS 140-2 compliance and reduces Common Vulnerabilities and Exposures (CVEs) by leveraging comprehensive scanning with Trivy during the build process. For enterprises, maintaining compliance is paramount to avoid regulatory issues and ensure business continuity, especially when handling sensitive data across containers and VMs.
• Operational Improvements: RKE2 provides better consistency across distributed and edge deployments. By combining the best features of RKE and K3S, RKE2 delivers a powerful, scalable solution that is well-positioned to meet the evolving demands of modern applications.  Moreover, deep integration with SUSE Rancher Prime streamlines multi-cluster management across all environments.
• End-of-Life (EoL) for RKE: The official EoL of RKE means that businesses must eventually transition to RKE2 to ensure ongoing support and benefit from these enhanced features. Ignoring this transition can lead to unsupported environments, increased security risks, and a lack of access to new functionalities.

Current RKE2 Migration Practices: Key Challenges

While the move to RKE2 is a strategic imperative, traditional, manual migrations are rarely simple “one-click” upgrades. They are fraught with significant technical and organizational complexities that can put operations and innovation at risk.

What Makes RKE2 Migrations from RKE So Difficult? Manual migration of application deployed in RKE clusters require meticulous planning and precise technical execution, leading to several key pain points:

• Complex Dependencies: Migration often impacts not only aplications workloads but also various interconnected layers, including network configurations, storage integrations, and authentication systems. Managing these intricate dependencies manually is highly challenging.
• Business Impact: Any downtime or failed migration can have severe ripple effects, impacting all managed clusters and critical business applications. This poses a significant risk to operational continuity.
• Skill Gaps: Many enterprises may lack deep internal expertise in RKE cluster migration best practices or the new RKE2 architecture, leading to increased risk and reliance on external consultants.
• Tedious Manual Processes: Teams must meticulously catalog every resource, integration, and Kubernetes version in use (Inventory and Documentation). Persistent volumes, cluster state, Role-Based Access Control (RBAC) policies, and any custom integrations must be manually exported, validated, and restored in the target RKE2 environment (Data Migration). Rebuilding clusters requires orchestrating dependencies, reestablishing authentication, and configuring network rules (Cluster Orchestration).
• Essential Rollback Plans: Extensive system and application testing are needed post-migration, but rollback plans are often rudimentary or untested, making recovery from failures difficult and slow.

Beyond the direct execution of upgrades, several systemic obstacles persist in current RKE to RKE2 migration practices:

• Fragmented Documentation:  Migration steps can differ significantly based on Kubernetes versions, underlying operating systems, and infrastructure (cloud, on-premises, hybrid). This lack of unified, consistent documentation makes planning and execution complex and error-prone.
• No Unified Backup/Restore: Partial backups often fail to capture critical components such as cluster metadata, secrets, and custom resources. This means that even with backups, a complete and consistent restoration may be impossible, leading to data loss or inconsistencies.
• Version Drift: Migrating to RKE2 may force teams to also update applications, network plugins, or Helm charts simultaneously. This introduces compounded changes and additional layers of complexity and potential compatibility issues.
• Manual Testing Burden: Validation of cluster health and application functionality post-migration is seldom automated. This leaves teams exposed to unnoticed failures and requires extensive manual effort, prolonging the migration timeline.
• Security Gaps: Temporary misconfigurations during the migration process could expose clusters to vulnerabilities, especially if older, unpatched images or default settings are inadvertently used. Ensuring continuous security during a complex migration is a significant challenge.
• Compliance Blind Spots: With incomplete audit logs or backup records, organizations face substantial risks in regulated environments. This can lead to non-compliance penalties and reputational damage.

These realities mean that an RKE to RKE2 migration is typically measured in days or even weeks, not hours. Its success relies heavily on the internal team’s expertise and diligence, making it a high-risk, high-effort undertaking without the right tools. This underscores the critical need for an automated, reliable solution to streamline and secure the migration process.

How SUSE and CloudCasa Transform RKE to RKE2 Migration: A Powerful Combination for Kubernetes Resilience

The joint solution offered by SUSE and CloudCasa by Catalogic directly addresses the complexities and pain points of Kubernetes migrations, particularly the transition from RKE to RKE2. By integrating CloudCasa with SUSE Rancher Prime via a new Rancher Prime Extension, users can easily install CloudCasa agents and manage and monitor backups directly from the SUSE Rancher UI. This powerful combination enhances Kubernetes data protection and resilience while simplifying backup management for enterprises across all environments.

The combined solution ensures seamless data protection, disaster recovery, and migration across all Kubernetes distributions, providing a single, unified management platform for a consistent experience, regardless of where Kubernetes clusters are hosted.

Here’s how this partnership transforms RKE to RKE2 migration and delivers significant benefits:

• End-to-End Backups: CloudCasa captures the complete cluster state, including custom resources and workload data, ensuring comprehensive coverage across all RKE environments. This goes beyond basic data backup by protecting the entire configuration and relationships within the Kubernetes environment.
• Automated Restore & Dependency Mapping: The solution enables rapid recreation of clusters in the RKE2 environment. This includes granular restores of namespaces, volumes, role bindings, and policies, significantly reducing the time and complexity of recovery.
• Compliance Built-In: Every backup and restore operation is logged, auditable, and aligned with regulatory requirements. This is critical for sectors like finance, healthcare, and government, ensuring data integrity and accountability. CloudCasa ensures compliance with encrypted, air-gapped, and immutable backups, protecting against ransomware and data loss.
• Fast Rollback and Validation: If a migration encounters issues, rapid point-in-time recoveries allow teams to avoid downtime or disruption. CloudCasa enables quick restoration of workloads to a functional state in case of migration failures or errors.

Operational Consistency: By eliminating manual scripts and leveraging automation, the platform ensures that every migration follows best practices, adapting as Kubernetes evolves. This leads to more reliable and predictable outcomes.

The integrated solution delivers a full set of capabilities to meet modern enterprise requirements for data protection, disaster recovery, and application mobility:

• Multi-Cluster Management Across Clouds and On-Premises: CloudCasa simplifies operations with unified backup and recovery management for Kubernetes clusters across hybrid, multi-cloud, and edge environments. This central management plane extends across diverse infrastructures, ensuring data is always protected and recoverable, regardless of location.
• Single Pane of Glass for Container and VM Management: The solution provides complete workload protection for both containerized applications and virtual machines in SUSE Rancher and SUSE Virtualization (Harvester)  environments. This eliminates the need for separate backup tools, reducing operational complexity and cost. CloudCasa extends protection across both environments, enabling a single, consistent data protection strategy.
• Seamless RKE to RKE2 Migration and Cross-Distribution Mobility: CloudCasa enables smooth migration and recovery between different Kubernetes distributions, including AKS, EKS, and GKE. For RKE to RKE2 specifically, CloudCasa supports pre-migration testing by replicating persistent data from the production RKE cluster to the RKE2 target cluster for validation. During production migration, Kubernetes resources and persistent data can be moved directly, simplifying the transition of stateful applications.
• Enterprise-Grade Security, Compliance, and Governance: The joint solution enforces regulatory compliance with encrypted, air-gapped, and immutable backups, effectively protecting against ransomware and data loss. SUSE Rancher’s RBAC and centralized security policies are extended by CloudCasa’s data protection framework, ensuring continuous compliance and governance.
• Cost-Effectiveness: CloudCasa is highlighted as a comprehensive and cost-effective Kubernetes data protection solution, offering enterprise data protection at a fraction of the cost.

SUSE Ecosystem Integration & Competitive Advantage

SUSE Cloud Native Ecosystem Integration: CloudCasa integrates seamlessly with the broader SUSE Cloud Native ecosystem, offering an end-to-end solution for managing Kubernetes and virtualization environments. This includes supported compatibility with:

• SUSE Rancher Prime is the open source, comprehensive, enterprise-supported container management platform designed to manage complex, multi-cluster Kubernetes environments. SUSE Rancher Prime provides a centralized control plane for managing Kubernetes clusters across diverse environments, including on-premises data centers, public clouds, and edge locations. It empowers businesses to streamline operations, improve security, and ensure consistent policies across their entire cloud native estate.
• SUSE Virtualization (Harvester) is the hyper-converged infrastructure (HCI) solution designed for cloud-native environments, integrating virtualization and Kubernetes management.
• SUSE Storage (Longhorn) delivers distributed block storage for Kubernetes, enabling easy, fast, and reliable persistent storage management.

Why CloudCasa and SUSE Win Together

• Lowest Total Cost of Ownership (TCO): CloudCasa delivers a cost-effective data protection and disaster recovery solution that significantly lowers TCO when paired with SUSE.  This solution can reduce resource utilization and streamline operations to maximize value without sacrificing functionality for both VMs and containers.
• Seamless Migration to RKE2 and SUSE Storage: CloudCasa’s SaaS deployment enables migration in minutes (e.g., RKE1 to RKE2 or other storage to SUSE Storage). This ensures rapid adoption of SUSE’s platform with high operational efficiency.
• Deep Integration with SUSE Rancher Prime: CloudCasa fully supports SUSE Rancher Prime’s strategy with integrated data protection, migration, and disaster recovery. This simplifies Kubernetes management and safeguards workloads via a third-party extension, enhancing mobility across diverse Kubernetes distributions and strengthening the overall solution proposition.
• Application Portability: CloudCasa, like SUSE Rancher, is cloud and platform agnostic. It provides an easy way to ensure applications are protected in a consistent way by supporting common policies, storage class mapping, and other techniques that make it easy to manage backups and to restore or migrate applications across clusters (and clouds) in a reliable and cost-effective way. This helps customers avoid vendor lock-in.

Take Your Next Steps

Learn more about how SUSE and CloudCasa deliver efficient and cost-effective solutions to enterprises navigating the complexities of Kubernetes and VM management with the following resources:

• CloudCasa by Catalogic
• SUSE Cloud Native: Enterprise Container Management for Dummies
• Demo: How to install CloudCasa with SUSE Rancher
• Demo: How to back up and restore SUSE Virtualization with CloudCasa

To schedule a demo or discuss your specific needs, reach out to us at isv-cosell@suse.com or casa@cloudcasa.io.