Troubleshoot system errors in Backup for GKE

This page describes system-related errors you might experience when you use Backup for GKE, things to consider when you back up resources, and steps for troubleshooting the issue.

Error 100020102: Strict permissive mode - Failed to backup CRD - Unsupported v1beta1 API version

Error 100020102 occurs when an attempt to back up a CustomResourceDefinition that was originally applied as a apiextensions.k8s.io/v1beta1 version fails because it lacks the structural schema that's required in the apiextensions.k8s.io/v1 API version. This error results in the following error message: Strict permissive mode - Failed to backup CRD - Unsupported v1beta1 API Version.

This error occurs because the apiextensions.k8s.io/v1 API version was removed in Google Kubernetes Engine version 1.22. For more information about the API removal for GKE version 1.22, see API removals for GKE v1.22.

Backup operation behavior in non-permissive mode

In non-permissive mode, or in a strict backup plan, the backup operation fails if it encounters a resource that can't be backed up, such as a CustomResourceDefinition that was created with the v1beta1 API. This error occurs because the resource lacks the structural schema that's required by the v1 API. The presence of this CustomResourceDefinition is considered a critical error because it might not restore correctly to a newer cluster.

To resolve this error, use the following instructions:

  1. Identify the problematic CustomResourceDefinition by running the kubectl get crd command:

    kubectl get crd CRD_NAME
    

    Replace CRD_NAME with the name of the CustomResourceDefinition from your error message.

  2. In the YAML output, confirm whether the CustomResourceDefinition was properly converted from the vbeta1 API to the v1 API by locating the following conditions:

    1. spec.versions: locate the spec.versions condition by looking through each version that's listed under the spec.versions field. If any of the spec.versions are missing the schema.openAIV3Schema field, the CustomResourceDefinition doesn't have a structural schema defined for that version.

    2. status.conditions: locate the status.conditions condition by finding the type:NonStructuralSchema condition. If the status.conditions's status is true, it explicitly confirms that the schema is not structural.

  3. Upgrade the CustomResourceDefinition to v1 API version by using the following steps:

    1. Edit the existing CustomResourceDefinition to make it compatible with the v1 standard by adding a structural schema that defines every field and its type within the custom resource. For more information about how to add a structural schema, see Specifying a structural schema.

    2. Apply the compatible v1 manifest to your cluster.

  4. If the upgrade succeeds, re-attempt the backup operation. Otherwise, use one of the following methods to resolve the issue:

    • Delete the CustomResourceDefinition by running the kubectl delete crd command if the CustomResourceDefinition isn't being used in the cluster.

      kubectl delete crd CRD_NAME
      

      Replace CRD_NAME with the name of the CustomResourceDefinitionyou want to delete.

    • Enable permissive mode on the backup plan, which allows Backup for GKE to skip the resource—including CustomResourceDefinitions in the v1beta1 API version—and continue with the rest of the backup operation. For more information about how to enable permissive mode, see Enable permissive mode on a backup plan.

  5. Re-attempt the backup operation. If the operation continues to fail, contact Cloud Customer Care for further assistance.

What's next