Skip to content

Upgrading from 1.11.6 -> 1.11.7 or 1.12.0 Fails #20626

New issue
New issue
Closed
#20643
Closed
Upgrading from 1.11.6 -> 1.11.7 or 1.12.0 Fails#20626
#20643
Assignees
sayboras
Labels
kind/bugThis is a bug in the Cilium logic.needs/triageThis issue requires triaging to establish severity and next steps.
@alphabet5

Description

@alphabet5
alphabet5
opened on Jul 21, 2022

Is there an existing issue for this?

  • I have searched the existing issues

What happened?

upgrading with helm from 1.11.6->1.11.7

Helm upgrade failed: cannot patch "cilium" with kind DaemonSet: DaemonSet.apps "cilium" is invalid: spec.template.spec.initContainers[0].volumeMounts[0].name: Not found: "hostproc"

upgrading from 1.11.6 -> 1.12.0

Helm upgrade failed: cannot patch "cilium" with kind DaemonSet: DaemonSet.apps "cilium" is invalid: [spec.template.annotations[container.apparmor.security.beta.kubernetes.io/mount-cgroup]: Invalid value: "mount-cgroup": container not found, spec.template.spec.initContainers[0].volumeMounts[0].name: Not found: "hostproc"]

Flux config. Version was changed to 1.11.7 and 1.12.0 with the above resulting errors. I looked through the upgrade notes and didn't see any incompatibilities. Maybe I'm missing something though.

---
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: HelmRepository
metadata:
  name: cilium
  namespace: flux-system
spec:
  interval: 1h0m0s
  url: https://helm.cilium.io

---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: cilium
  namespace: flux-system
spec:
  releaseName: cilium
  chart:
    spec:
      chart: cilium
      sourceRef:
        kind: HelmRepository
        name: cilium
      version: '=1.11.6'
  install:
    crds: CreateReplace
    remediation:
      retries: 3
    createNamespace: true
  interval: 1h0m0s
  targetNamespace: kube-system
  upgrade:
    crds: CreateReplace
    remediation:
      retries: 3
      remediateLastFailure: true
  values:
    ipam:
      mode: kubernetes
    kubeProxyReplacement: strict
    k8sServiceHost: 127.0.0.1
    k8sServicePort: 6443
    ipMasqAgent:
      enabled: true
    nonMasqueradeCIDRs: []
    loadbalancer.mode: dsr
    l7Proxy: false
    installIptablesRules: true
    cgroup:
      autoMount:
        enabled: false
      hostRoot: /sys/fs/cgroup
    enableIPv4Masquerade: true
    bpf:
      masqerade: true

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: ip-masq-agent
  namespace: kube-system
data:
  config: |
    nonMasqueradeCIDRs:
    - 100.64.0.0/16
    - 100.65.0.0/16
    masqLinkLocal: false

Cilium Version

1.11.6

Kernel Version

5.15.0-41-generic

Kubernetes Version

Client Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.8+k3s2", GitCommit:"fe3cecc219175ea85d7a95ed9e44349d94734bc7", GitTreeState:"clean", BuildDate:"2022-07-06T20:35:20Z", GoVersion:"go1.17.5", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.8+k3s2", GitCommit:"fe3cecc219175ea85d7a95ed9e44349d94734bc7", GitTreeState:"clean", BuildDate:"2022-07-06T20:35:20Z", GoVersion:"go1.17.5", Compiler:"gc", Platform:"linux/amd64"}

Sysdump

No response

Relevant log output

No response

Anything else?

No response

Code of Conduct

  • I agree to follow this project's Code of Conduct

Metadata

Metadata

Assignees

Labels

kind/bugThis is a bug in the Cilium logic.needs/triageThis issue requires triaging to establish severity and next steps.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions