NAPP uninstallation will fail after NAPP k8s version has been upgraded from older version to k8s 1.25 or higher
search cancel

NAPP uninstallation will fail after NAPP k8s version has been upgraded from older version to k8s 1.25 or higher

book

Article ID: 372791

calendar_today

Updated On:

Products

VMware vDefend Firewall VMware vDefend Firewall with Advanced Threat Prevention

Issue/Introduction

This issue is ONLY seen on the NAPP setup after k8s version has been upgraded from older versions to 1.25 or higher. 

Uninstall NAPP failed with below error Error: "Error: failed to delete release: metrics\"

Cause

NAPP deployed with k8s version 1.24 (or older K8s versions) creates PSP(Pod Security policy - a k8s resource type) in k8s cluster but PSP is deprecated from k8s version 1.25 onwards. After k8s is upgraded to 1.25 and NAPP uninstallation is performed, NSX still tries to delete pod security policy which is not known to k8s 1.25. Since  NSX can not find PSP when trying to delete NAPP, hence NAPP Uninstallation failed.


This problem is seen in NAPP versions inter-Op with NSX 4.2.0 or older nsx releases, as long as NAPP side k8s version is upgraded from any old k8s version to 1.25 or higher.

Resolution

Workaround#1

1. Delete NAPP from NSX. Refer to the procedure outlined at 
https://docs.vmware.com/en/VMware-NSX/4.2/nsx-application-platform/GUID-56CFAD34-EB58-46DF-AC40-1637336AC3E6.html

If it fails , please force delete NAPP. Follow KB Article :

https://knowledge.broadcom.com/external/article?articleNumber=313953

2. Delete Guest cluster and reprovision it before redeployment.

https://docs.vmware.com/en/VMware-vSphere/7.0/vmware-vsphere-with-tanzu/GUID-A650DE01-7001-4B3B-804F-652CC73D0171.html

Workaround#2 (In case the same guest cluster would be re-used):  

1. Delete NAPP from NSX. Refer to the procedure outlined at 
https://docs.vmware.com/en/VMware-NSX/4.2/nsx-application-platform/GUID-56CFAD34-EB58-46DF-AC40-1637336AC3E6.html

If it fails , please force delete NAPP. Follow KB Article :

https://knowledge.broadcom.com/external/article?articleNumber=313953

2. Delete nsxi-platform, projectcontour and cert-manager namespace from NSX Manager. Use the below commands :
   - napp-k delete namespace nsxi-platform
   - napp-k delete namespace projectcontour
   - napp-k delete namespace cert-manager


3. Delete roles and role-binding from NSX Manager.
   - napp-k delete psp vmware-napp-platform-psp
   - napp-k delete clusterrole vmware-napp-platform-psp-role
   - napp-k delete clusterrole spark-operator
   - napp-k delete clusterrolebinding spark-operator-psp-role-binding
   - napp-k delete clusterrolebinding spark-operator
   - napp-k delete clusterrole druid-cluster-role
   - napp-k delete clusterrolebinding druid-cluster-role-binding
   - napp-k delete clusterrolebinding druid-upgrade-psp-role-binding

4. Redeploy NAPP on the guest cluster.

Additional Information

Note: Green field deployment of NAPP on k8s version 1.25 or higher will not hit this problem. 

Powered by Wolken Software