no matches for kind "PodSecurityPolicy" in version "policy/v1beta1"

Question

no matches for kind "PodSecurityPolicy" in version "policy/v1beta1"

aurin-l opened this issue a year ago · 2 comments

Hi,
I am running EKS 1.26

Client Version: v1.26.8-eks-43840fb
Server Version: v1.26.12-eks-5e0fdde

Kong version

$ helm ls
NAME                    NAMESPACE       REVISION        UPDATED                                         STATUS          CHART                  APP VERSION
kong-admin              kong            3               2021-04-21 16:38:13.328313 +0200 SAST           deployed        kong-2.0.0             2.3

I have been trying to upgrade following:
https://github.com/Kong/charts/blob/main/charts/kong/UPGRADE.md#280

In tying to upgrade to 2.14.0 I get the following error:

Error: UPGRADE FAILED: unable to build kubernetes objects from current release manifest: resource mapping not found for name: "kong-admin-kong-psp" namespace: "" from "": no matches for kind "PodSecurityPolicy" in version "policy/v1beta1"
ensure CRDs are installed first

I have updated the CRDs manually as suggested on the upgrade guide.

This was installed before PodSecurityPolicy Deprecation on EKS 1.25, so the manifest still contains the PodSecurityPolicy and I suspect that is the problem.

Answer 1 · 2024-02-24T00:35:47.000Z

Do you have podSecurityPolicy.enabled=true in your values.yaml? The current default has it off, and if it's off the templates shouldn't generate any PodSecurityPolicy resources at all.

If it's disabled you shouldn't get any PSPs.

Answer 2 · 2024-02-24T12:55:32.000Z

I have podSecurityPolicy.enabled=false

but have found the problem and solved it by removing the API from the manifest.
https://helm.sh/docs/topics/kubernetes_apis/#updating-api-versions-of-a-release-manifest

Once removed from here I could run the upgrade.