Replace NetworkExplorer kernel-collector-podsecuritypolicy since PodSecurityPolicy was removed in K8s v1.25

Question

Replace NetworkExplorer kernel-collector-podsecuritypolicy since PodSecurityPolicy was removed in K8s v1.25

jvoravong opened this issue a year ago · 5 comments

jvoravong commented a year ago

Is your feature request related to a problem? Please describe.

Description

PodSecurityPolicy was deprecated in Kubernetes v1.21, and removed from Kubernetes in v1.25.
The Network explorer
https://github.com/signalfx/splunk-otel-collector-chart/blob/main/helm-charts/splunk-otel-collector/templates/network-explorer/kernel-collector-podsecuritypolicy.yaml uses the no longer available object.
Starting in Kubernetes 1.25, you can't use the Network Explorer out of the box

Steps to Reproduce

Try deploying the network explorer to a Kubernetes +1.25 cluster.

Expected Result

Should be able to deploy the Network Explorer to current Kubernetes versions.

Actual Result

Can only deploy to older versions of Kubernetes.

Tested with the chart v0.83.0

Describe the solution you'd like

Refactor the kernel-collector K8s resources to use proper K8s objects instead of a PodSecurityPolicy.

Describe alternatives you've considered

No response

Additional context

No response

Answer 1 · 2023-09-29T19:01:36.000Z

I have tested with the chart v0.85.0. Please do advice on timelines.

Answer 2 · 2023-10-20T23:06:23.000Z

@jvoravong I'm still getting error with Pod Sec Policy and here is error.

K8s Version: v1.25.6
Helm Chart: 0.86.0

2023-10-20T22:56:52.7227095Z Error: INSTALLATION FAILED: unable to build kubernetes objects from release manifest: resource mapping not found for name: "-splunk-otel-collector-kernel-collector" namespace: "" from "": no matches for kind "PodSecurityPolicy" in version "policy/v1beta1"
2023-10-20T22:56:52.7230520Z ensure CRDs are installed first
2023-10-20T22:56:52.7233232Z helm.go:84: [debug] resource mapping not found for name: "-splunk-otel-collector-kernel-collector" namespace: "" from "": no matches for kind "PodSecurityPolicy" in version "policy/v1beta1"
2023-10-20T22:56:52.7235682Z ensure CRDs are installed first

Answer 3 · 2023-10-25T18:25:47.000Z

@jvoravong Please do respond with your findings. Thanks in advance.

Answer 4 · 2023-10-25T23:15:50.000Z

@kumachop2 the error is due to how helm works. The psp object is in the stored helm release state and it can't determine the current state of psp from the last deployed manifest when it attempts to create a diff for upgrade. Refer to this helm document on how you can fix the helm state and successfully upgrade.

Answer 5 · 2023-10-27T18:40:20.000Z

@jinja2 Thank You for your response and inputs. I'm running the helm chart against local repo rather internet due to external access issues. Some reason local repo had PodSecurityPolicy template and deleted it to resolve.