Skip to content
This repository has been archived by the owner on Oct 24, 2023. It is now read-only.

Upgrade from 1.14.8 to 1.15.11 fails due to missing pod-security-policy.yaml file #3656

Closed
mtgerb opened this issue Aug 2, 2020 · 2 comments · Fixed by #3673
Closed

Upgrade from 1.14.8 to 1.15.11 fails due to missing pod-security-policy.yaml file #3656

mtgerb opened this issue Aug 2, 2020 · 2 comments · Fixed by #3673
Labels
bug Something isn't working
Projects
backlog

Comments

@mtgerb
Copy link
Contributor

mtgerb commented Aug 2, 2020
edited

Describe the bug

Upgrading a cluster from version 1.14.8 to version 1.15.11 fails, because pod-security-policy.yaml file is missing on the master node (should be located in /etc/kubernetes/addons/).

Steps To Reproduce

  1. Create a cluster with kubernetes version 1.14.8 using aks-engine v.0.48.0 or older
  2. Try to upgrade to version 1.15.11 using aks-engine v.0.54.0

Expected behavior

The cluster is successfully upgraded

AKS Engine version

v.0.54.0

Kubernetes version

1.14.8 and 1.15.11
@mtgerb mtgerb added the bug Something isn't working label Aug 2, 2020
@jprecuch
Copy link

jprecuch commented Aug 3, 2020
edited

Same scenario on our cluster. Jump from 1.14.7 to 1.15.12 using aks-engine v.0.54.0
`+ for i in '$(seq 1 $retries)'

  • grep -Fq '#EOF' /etc/kubernetes/addons/pod-security-policy.yaml
    grep: /etc/kubernetes/addons/pod-security-policy.yaml: No such file or directory
  • '[' 116 -eq 1200 ']'
  • sleep 1
  • for i in '$(seq 1 $retries)'
  • grep -Fq '#EOF' /etc/kubernetes/addons/pod-security-policy.yaml
    grep: /etc/kubernetes/addons/pod-security-policy.yaml: No such file or directory
  • '[' 117 -eq 1200 ']'
  • sleep 1
  • for i in '$(seq 1 $retries)'
    `
    Tried versions 0.51.0-0.54.0 = all have same issue.
    My apimodel.json has this extension disabled
    {
    "name": "pod-security-policy",
    "enabled": false
    },

@mboersma mboersma added this to To do in backlog via automation Aug 3, 2020
@mboersma mboersma moved this from To do to Priority in backlog Aug 3, 2020
@jackfrancis
Copy link
Member

Hi @mtgerb and @jprecuch, can you try changing the "pod-security-policy" addon configuration to "enabled": true in your apimodel.json before you perform the upgrade?

Or do you explicitly want to disable the AKS Engine-provided PodSecurityPolicy configuration?

@jackfrancis jackfrancis mentioned this issue Aug 6, 2020
Merged
4 tasks
@jackfrancis jackfrancis moved this from Priority to Review in progress in backlog Aug 6, 2020
backlog automation moved this from Review in progress to Done Aug 14, 2020
@CecileRobertMichon CecileRobertMichon mentioned this issue Aug 18, 2020
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Something isn't working
Projects
No open projects
backlog
  
Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: don't wait for pod-security-policy spec if disabled jackfrancis/aks-engine
3 participants
@jackfrancis @jprecuch @mtgerb