Using deprecated label beta.kubernetes.io/os does not work with GKE Autopilot

[juanpmarin]

Describe the bug

The label beta.kubernetes.io/os is now deprecated and kubernetes.io/os should be used instead, the beta version of the label cannot be used with GKE Autopilot as it is not supported, the following error is thrown when we try to use it:

Error: admission webhook "validation.gatekeeper.sh" denied the request: [denied by autogke-node-affinity-selector-limitation] If not using workload separation, node selector is not allowed on labels with keys: <{"beta.kubernetes.io/os"}>; Autopilot allows node selectors only on labels with keys: <["topology.kubernetes.io/region", "topology.kubernetes.io/zone", "failure-domain.beta.kubernetes.io/region", "failure-domain.beta.kubernetes.io/zone", "cloud.google.com/gke-os-distribution", "kubernetes.io/os", "kubernetes.io/arch"]>

This label is used in the chart in the following lines: https://github.com/fluxcd/flux/blob/master/chart/flux/templates/deployment.yaml#L318 https://github.com/fluxcd/flux/blob/master/chart/flux/templates/memcached.yaml#L61

To Reproduce

Steps to reproduce the behaviour:

1. Regular and simple flux installation on a GKE Cluster with Autopilot enabled https://cloud.google.com/blog/products/containers-kubernetes/introducing-gke-autopilot

Expected behavior

The installation should be successful

Logs

If applicable, please provide logs of fluxd. In a standard stand-alone installation of Flux, you'd get this by running kubectl logs deploy/flux -n flux.

Additional context

• Flux version: 1.22.1 and chart 1.8.0
• Kubernetes version: v1.18.16-gke.502
• Git provider:
• Container registry provider:

[kingdonb]

Thanks for reporting this. I will create a PR and be sure it gets included in the next chart bump.

[kingdonb]

This will be fixed in Chart 1.9.0

[juanpmarin]

@kingdonb great! thank you