This page describes system-related errors you might experience when you use Backup for GKE, things to consider when you back up resources, and steps for troubleshooting the issue.
Error 100020102: Strict permissive mode - Failed to backup CRD - Unsupported v1beta1
API version
Error 100020102
occurs when an attempt to back up a CustomResourceDefinition
that was originally applied as a apiextensions.k8s.io/v1beta1
version fails because it
lacks the structural schema that's required in the apiextensions.k8s.io/v1
API
version. This error results in the following error message:
Strict permissive mode - Failed to backup CRD - Unsupported v1beta1 API Version
.
This error occurs because the apiextensions.k8s.io/v1
API version was removed in
Google Kubernetes Engine version 1.22. For more information about the API removal for
GKE version 1.22, see
API removals for GKE v1.22.
Backup operation behavior in non-permissive mode
In non-permissive mode, or in a strict backup plan, the backup operation fails
if it encounters a resource that can't be backed up, such as a
CustomResourceDefinition
that was created with the v1beta1
API. This error
occurs because the resource lacks the structural schema that's required by
the v1
API. The presence of this CustomResourceDefinition
is considered a
critical error because it might not restore correctly to a newer cluster.
To resolve this error, use the following instructions:
Identify the problematic
CustomResourceDefinition
by running thekubectl get crd
command:kubectl get crd CRD_NAME
Replace
CRD_NAME
with the name of theCustomResourceDefinition
from your error message.In the YAML output, confirm whether the
CustomResourceDefinition
was properly converted from thevbeta1
API to thev1
API by locating the following conditions:spec.versions
: locate thespec.versions
condition by looking through each version that's listed under thespec.versions
field. If any of thespec.versions
are missing theschema.openAIV3Schema
field, theCustomResourceDefinition
doesn't have a structural schema defined for that version.status.conditions
: locate thestatus.conditions
condition by finding thetype:NonStructuralSchema
condition. If thestatus.conditions
'sstatus
istrue
, it explicitly confirms that the schema is not structural.
Upgrade the
CustomResourceDefinition
tov1
API version by using the following steps:Edit the existing
CustomResourceDefinition
to make it compatible with thev1
standard by adding a structural schema that defines every field and its type within the custom resource. For more information about how to add a structural schema, see Specifying a structural schema.Apply the compatible
v1
manifest to your cluster.
If the upgrade succeeds, re-attempt the backup operation. Otherwise, use one of the following methods to resolve the issue:
Delete the
CustomResourceDefinition
by running thekubectl delete crd
command if theCustomResourceDefinition
isn't being used in the cluster.kubectl delete crd CRD_NAME
Replace
CRD_NAME
with the name of theCustomResourceDefinition
you want to delete.Enable permissive mode on the backup plan, which allows Backup for GKE to skip the resource—including
CustomResourceDefinitions
in thev1beta1
API version—and continue with the rest of the backup operation. For more information about how to enable permissive mode, see Enable permissive mode on a backup plan.
Re-attempt the backup operation. If the operation continues to fail, contact Cloud Customer Care for further assistance.