search

open-policy-agent / kube-mgmt

Sidecar for managing OPA instances in Kubernetes.
Apache License 2.0
235 stars 105 forks source link

Upgrading the Helm chart on Kubernetes v1.25 fails with podDisruptionsBudget enabled #184

Closed elchenberg closed 1 year ago

elchenberg commented 1 year ago

This is the error message:

Error: UPGRADE FAILED: unable to build kubernetes objects from current release manifest: resource mapping not found for name: "opa-opa-kube-mgmt" namespace: "" from "": no matches for kind "PodDisruptionBudget" in version "policy/v1beta1"

And this is the reason:

Recommendation: The best practice is to upgrade releases using deprecated API versions to supported API versions, prior to upgrading to a kubernetes cluster that removes those API versions.

If you don't update a release as suggested previously, you will have an error similar to the following when trying to upgrade a release in a Kubernetes version where its API version(s) is/are removed: [...]

https://helm.sh/docs/topics/kubernetes_apis/#helm-users

So my pull request from a few months ago (#172) had the order wrong:

{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodDisruptionBudget" }}
apiVersion: policy/v1beta1
{{- else }}
apiVersion: policy/v1
{{- end }}

It would have been better to do it like this:

{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }}
apiVersion: policy/v1
{{- else }}
apiVersion: policy/v1beta1
{{- end }}