PodSecurityPolicies deprecated/removed in Kubernetes v1.25+, causing Loki HelmRelease to fail
BLUF; PodSecurityPolicies are removed in K8s 1.25+ and Loki fails to deploy with this error
unable to build kubernetes objects from release manifest: resource mapping not found for name: "loki" namespace: "" from "": no matches for kind "PodSecurityPolicy" in version "policy/v1beta1" ensure CRDs are installed firstDetails
When running
helm upgrade -i bigbang --create-namespace oci://registry.dso.mil/platform-one/big-bang/bigbang/bigbang --version 1.45.0 \
-n bigbang \
-f bigbang/values.yaml \
...values.yaml
logging:
enabled: false
engine: plg
monitoring:
enabled: true
loki:
enabled: true
promtail:
enabled: true
values:
serviceMonitor:
enabled: true
clusterAuditor:
enabled: false
eckoperator:
enabled: false
fluentbit:
enabled: false
jaeger:
enabled: false
twistlock:
enabled: falseI encountered the mentioned error.
As a test, I ran with these changes removing PodSecurityPolicies and Loki successfully deployed.
This upstream issue has the same error. However, the proposed fix doesn't work with Big Bang. I suspect Flux is doing something with the PodSecurityPolicy even though this loki chart doesn't enable by default i.e. podsecuritypolicy.yaml#L1
Versions
big bang: 1.45.0
loki: 1.8.10-bb.20
Kubernetes (k3s): v1.25.4+k3s1