-
Notifications
You must be signed in to change notification settings - Fork 527
Upgrade to 1.15.11 ends with podsecuritypolicies.extensions not found #3726
Comments
@jprecuch I believe you're running into #3656, which should have been fixed by #3673 @jackfrancis @mboersma when is the above fix expected to be in a release? |
@CecileRobertMichon not really. #3656 says that extension should be enabled and then it should work. Which we did enable but issue is different now.
Are there some additional option needful to be added/enabed in apimodel?
|
@jackfrancis any ideas about the error above? |
@jprecuch, are you able to log onto one of the master VMs after a failure and report if you have the pod-security-policy spec in the |
@jackfrancis @CecileRobertMichon This is what is inside of that directory
|
@jprecuch thank you, I'll attempt a repro today |
O.K., I was unable to repro using the following flow:
|
Here's the relevant CSE (CustomScriptExtension, i.e., the bootstrap script that runs on the VM) output (in
So, in other words, simply enabling the pod-security-policy addon prior to upgrading did the things we'd expect:
There must be some other edge case happening. @jprecuch can you confirm that the |
@jackfrancis I believe it has something with first master not being primary.
I've copied the file it creates from /etc/kubernetes/addons/pod-security-policy.yaml and applied within my cluster manually and it created those policies fine. After that I was able to upgrade to 1.15.12.
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Describe the bug
I've tried to upgrade to 1.15.11 today using aks-engine 0.54.1 but master never finished full bringup. In this upgrade I want to change image to be 18.04. It ends same if I upgrade from 1.14.7 or force from 1.15.11.
It seems it ended on
Steps To Reproduce
Try to upgrade from 1.14.7 or 1.15.11 aks-engine (v0.48.0) to 1.15.11 using aks-engine 0.54.1.
Change image from 16.04 to 18.04 and enable pod-security-policy extension.
Expected behavior
Upgrade works
AKS Engine version
0.54.1
Kubernetes version
1.14.7
Additional context
The text was updated successfully, but these errors were encountered: