Kubernetes 1.29 compatibility

[joebowbeer]

According to the docs, lacework agent is not compatible with Kubernetes 1.29

https://docs.lacework.net/onboarding/deploy-on-kubernetes#supported-kubernetes-environments

The current version appears to be using the following APIs that were removed in 1.29:

• /apis/flowcontrol.apiserver.k8s.io/v1beta2/flowschemas
• /apis/flowcontrol.apiserver.k8s.io/v1beta2/prioritylevelconfigurations

[catz-lw]

Hi Joe. Thanks for the report. I'm curious, how are you determining which deprecated APIs the agent is using?

[vglen]

Hi Joe. Thanks for the report. I'm curious, how are you determining which deprecated APIs the agent is using?

It's listed in the EKS console under upgrade insights from 1.28 to 1.29. Basically the api moves to beta3. It's listed as a stop version serving in 1.29.

/apis/flowcontrol.apiserver.k8s.io/v1beta3/flowschemas
/apis/flowcontrol.apiserver.k8s.io/v1beta3/prioritylevelconfigurations

[treyhyde]

I'd hate to me-too this but it's everyone. Lacework is blocking our upgrade to 1.29 and this has been a warning for a while.

[vglen]

I think the calls are from the app and not in the chart. I upgraded from 6.6 to 6.11 today and waiting for EKS insights checks. I'll report back.

[vglen]

I think the calls are from the app and not in the chart. I upgraded from 6.6 to 6.11 today and waiting for EKS insights checks. I'll report back.

The checks did not clear and ran after upgrading to 6.11 on numerous 1.28 clusters.

[catz-lw]

@vglen and @treyhyde It is safe to upgrade the cluster agent. The cluster agent will not use the removed APIs if running on k8s 1.29. Future versions of the cluster agent will exclude deprecated APIs from this scraping to avoid the warnings.

Details:

The agent doesn't require the use of the deprecated and removed APIs, but it will query whatever APIs are present in a given version of Kubernetes. The agent asks k8s "what APIs exist right now" and then queries all of them. The warnings are a heuristic, and do not mean "this product will break" but rather than "this product might break".

[joebowbeer]

@catz-lw Can you update the supported versions?

https://docs.lacework.net/onboarding/deploy-on-kubernetes

[catz-lw]

@catz-lw Can you update the supported versions?

https://docs.lacework.net/onboarding/deploy-on-kubernetes

@joebowbeer Yes, sorry for the confusion, official documentation will land soon.