This page describes system-related errors you might experience when you use Backup for GKE, things to consider when you back up resources, and steps for troubleshooting the issue.
Error 100020102: Strict permissive mode - Failed to backup CRD - Unsupported v1beta1 API version
Error 100020102 occurs when an attempt to back up a CustomResourceDefinition
that was originally applied as a apiextensions.k8s.io/v1beta1 version fails because it
lacks the structural schema that's required in the apiextensions.k8s.io/v1 API
version. This error results in the following error message:
Strict permissive mode - Failed to backup CRD - Unsupported v1beta1 API Version.
This error occurs because the apiextensions.k8s.io/v1 API version was removed in
Google Kubernetes Engine version 1.22. For more information about the API removal for
GKE version 1.22, see
API removals for GKE v1.22.
Backup operation behavior in non-permissive mode
In non-permissive mode, or in a strict backup plan, the backup operation fails
if it encounters a resource that can't be backed up, such as a
CustomResourceDefinition that was created with the v1beta1 API. This error
occurs because the resource lacks the structural schema that's required by
the v1 API. The presence of this CustomResourceDefinition is considered a
critical error because it might not restore correctly to a newer cluster.
To resolve this error, use the following instructions:
Identify the problematic
CustomResourceDefinitionby running thekubectl get crdcommand:kubectl get crd CRD_NAMEReplace
CRD_NAMEwith the name of theCustomResourceDefinitionfrom your error message.In the YAML output, confirm whether the
CustomResourceDefinitionwas properly converted from thevbeta1API to thev1API by locating the following conditions:spec.versions: locate thespec.versionscondition by looking through each version that's listed under thespec.versionsfield. If any of thespec.versionsare missing theschema.openAIV3Schemafield, theCustomResourceDefinitiondoesn't have a structural schema defined for that version.status.conditions: locate thestatus.conditionscondition by finding thetype:NonStructuralSchemacondition. If thestatus.conditions'sstatusistrue, it explicitly confirms that the schema is not structural.
Upgrade the
CustomResourceDefinitiontov1API version by using the following steps:Edit the existing
CustomResourceDefinitionto make it compatible with thev1standard by adding a structural schema that defines every field and its type within the custom resource. For more information about how to add a structural schema, see Specifying a structural schema.Apply the compatible
v1manifest to your cluster.
If the upgrade succeeds, re-attempt the backup operation. Otherwise, use one of the following methods to resolve the issue:
Delete the
CustomResourceDefinitionby running thekubectl delete crdcommand if theCustomResourceDefinitionisn't being used in the cluster.kubectl delete crd CRD_NAMEReplace
CRD_NAMEwith the name of theCustomResourceDefinitionyou want to delete.Enable permissive mode on the backup plan, which allows Backup for GKE to skip the resource—including
CustomResourceDefinitionsin thev1beta1API version—and continue with the rest of the backup operation. For more information about how to enable permissive mode, see Enable permissive mode on a backup plan.
Re-attempt the backup operation. If the operation continues to fail, contact Cloud Customer Care for further assistance.
Error 100040102: Namespace not found
Error 100040102 occurs when an attempt to perform a backup operation fails
because a namespace specified in the backup scope can't be found within the
cluster. The Backup for GKE agent wasn't able to locate one or more namespaces
that were explicitly listed in the selectedNamespaces field of the BackupPlan
configuration. Backup for GKE requires all specified namespaces to be present
in the cluster at the time the backup operation is initiated. Failure to find
the namespace results in the following error message:
Namespace [NAMESPACE_NAME] is not found.
To resolve this issue, use the following instructions:
Verify that the namespace has been entered correctly by checking the
selectedNamespaceslist in yourBackupPlanconfiguration.Confirm that the namespace reported in the error message exists by running the
kubectl get namespacecommand:kubectl get namespace NAMESPACE_NAMEReplace
NAMESPACE_NAMEwith the name of the namespace reported in the error message.If the namespace doesn't exist, a message appears stating that the namespace wasn't found, for example,
Error from server (NotFound): namespaces "[NAMESPACE_NAME]" not found.Correct the
BackupPlan. If the namespace was misspelled, update theBackupPlanwith the correct namespace name. If the namespace truly no longer exists and does not need to be backed up, remove it from theselectedNamespaceslist in theBackupPlanconfiguration.Re-attempt the backup operation after making the necessary corrections to the
BackupPlanand initiate a new backup.
If the operation continues to fail, contact Cloud Customer Care for further assistance.