During NSX Application Platform upgrade, upgrade failed with the error: no matches for kind "PodSecurityPolicy" in version "policy/v1beta1"
NSX Application Platform 4.1.2
When NSX Application Platform is installed in Kubernetes version less than 1.25, PodSecurityPolicy in the version "policy/v1beta1" is installed. This API is removed in 1.25+. Helm stores this API in the manifest.
When we upgrade Kubernetes to 1.25+ and perform helm upgrades, the helm manifest cannot match this API in the current Kubernetes environment because PSP was removed in 1.25. So the helm complains about this and errors out.
This issue only happened when:
1. Current NSX Application Platform is 4.1.2.0
2. Upgrading Kubernetes Cluster to 1.25+ after deploying or upgrading NSX Application Platform to 4.1.2.0
3. Upgrading NSX Application Platform from 4.1.2.0 to 4.1.2.1
Please perform the below steps to workaround the issue :
(1) Upgrade to 4.2.0 ( as the issue is observed only during 4.1.2.0 - 4.1.2.1 upgrade window)
OR
(2)
Install helm mapkubeapis plugin to clean up the manifest
SSH to the NSX Manager, run following commands to install helm mapkubeapis plugin and clean up the manifest
a. wget https://github.com/helm/helm-mapkubeapis/releases/download/v0.5.2/helm-mapkubeapis_0.5.2_darwin_amd64.tar.gz
b. mkdir mapkubeapis
c. tar xvfz helm-mapkubeapis_0.5.2_darwin_amd64.tar.gz -C mapkubeapis/
d. napp-h plugin install /root/mapkubeapis/
e. napp-h mapkubeapis cert-manager -n cert-manager
f. napp-h mapkubeapis projectcontour -n projectcontour
g. napp-h mapkubeapis nsxi-platform -n nsxi-platform
h. napp-h mapkubeapis metrics -n nsxi-platform