tidb-operator
tidb-operator copied to clipboard
pingcap
helm chart with admission webhook enabled does not work after kubernetes v1.22
Bug Report
What version of Kubernetes are you using?
Client Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.1", GitCommit:"d224476cd0730baca2b6e357d144171ed74192d6", GitTreeState:"clean", BuildDate:"2020-01-14T21:04:32Z", GoVersion:"go1.13.5", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"22", GitVersion:"v1.22.9", GitCommit:"6df4433e288edc9c40c2e344eb336f63fad45cd2", GitTreeState:"clean", BuildDate:"2022-05-19T19:53:08Z", GoVersion:"go1.16.15", Compiler:"gc", Platform:"linux/amd64"}
What version of TiDB Operator are you using?
n/a
What storage classes exist in the Kubernetes cluster and what are used for PD/TiKV pods?
n/a
What's the status of the TiDB cluster pods?
n/a
What did you do?
We tried to deploy the tidb-operator with admission webhook enabled using helm chart following the instructions described here: https://docs.pingcap.com/tidb-in-kubernetes/stable/enable-admission-webhook
What did you expect to see? We expect to see the tidb-operator is successfully deployed with the admission webhook enabled.
What did you see instead? The operator fails to deploy, throwing the following error message:
Error: unable to build kubernetes objects from release manifest: [unable to recognize "": no matches for kind "APIService" in version "apiregistration.k8s.io/v1beta1", unable to recognize "": no matches for kind "MutatingWebhookConfiguration" in version "admissionregistration.k8s.io/v1beta1", unable to recognize "": no matches for kind "ValidatingWebhookConfiguration" in version "admissionregistration.k8s.io/v1beta1"]
Possible reason
We think this is caused because we are using kubernetes version newer than v1.22. Kubernetes v1.22 has several API removals as described here: https://kubernetes.io/blog/2021/07/14/upcoming-changes-in-kubernetes-1-22/
To migrate, we need to change the apiVersion from admissionregistration.k8s.io/v1beta1 to admissionregistration.k8s.io/v1, apiregistration.k8s.io/v1.
Additional notes
However, after making these changes in the admission-webhook-registration.yaml, we still get the following error message from the helm install:
Error: unable to build kubernetes objects from release manifest: error validating "": error validating data: [ValidationError(MutatingWebhookConfiguration.webhooks[0]): missing required field "sideEffects" in io.k8s.api.admissionregistration.v1.MutatingWebhook, ValidationError(MutatingWebhookConfiguration.webhooks[0]): missing required field "admissionReviewVersions" in io.k8s.api.admissionregistration.v1.MutatingWebhook]
There seems to be some required fields for the webhook resources.
Hi~I met this question too, could I know how to solve it?
Client Version: version.Info{Major:"1", Minor:"24", GitVersion:"v1.24.2", GitCommit:"f66044f4361b9f1f96f0053dd46cb7dce5e990a8", GitTreeState:"clean", BuildDate:"2022-06-15T14:14:10Z", GoVersion:"go1.18.3", Compiler:"gc", Platform:"darwin/arm64"}
Kustomize Version: v4.5.4
Server Version: version.Info{Major:"1", Minor:"22+", GitVersion:"v1.22.15-eks-fb459a0", GitCommit:"be82fa628e60d024275efaa239bfe53a9119c2d9", GitTreeState:"clean", BuildDate:"2022-10-24T20:33:23Z", GoVersion:"go1.16.15", Compiler:"gc", Platform:"linux/amd64"}
Error: UPGRADE FAILED: [resource mapping not found for name: "v1alpha1.admission.tidb.pingcap.com" namespace: "tidb-admin" from "": no matches for kind "APIService" in version "apiregistration.k8s.io/v1beta1"
ensure CRDs are installed first, resource mapping not found for name: "pingcap-tidb-resources-defaulitng" namespace: "tidb-admin" from "": no matches for kind "MutatingWebhookConfiguration" in version "admissionregistration.k8s.io/v1beta1"
ensure CRDs are installed first]
