# Kubernetes 1.25
Kubernetes 1.25 retires a number of APIs, which must be addressed before clusters can be upgraded:
- PodDisruptionBudget `policy/v1beta1` -> `policy/v1`
- CronJob `batch/v1beta1` -> `batch/v1`
- PodSecurityPolicy `policy/v1beta1` -> **NONE**
Teams should review each cluster's [API Report](https://ozzi.shared.mlbinfra.net/?page=1&size=25&order=asc&sort=name&search=#clusters) to see which resources are affected. Ignore the `Deprecated APIs removed in 1.26` section for now.
## PodDisruptionBudget (PDB)
To assist with the PodDisruptionBudget change, the Platform Engineering (nee Ozzi) team is releasing `v4.10.0` of the `mlb-app` Helm chart. If an application is already configured to deploy using the latest `v4.x` release, the API upgrade will be applied with the next Argo CD sync.
Example `Chart.yaml`:
```
apiVersion: v2
name: devops-comedy
version: 1.1.0
dependencies:
- alias: devops-comedy
name: mlb-app
repository: '@mlb-artifactory-local'
version: ^4.10
```
This version also addresses another issue that many teams have encountered when upgrading clusters. That is, when an application only runs one replica (Pod), a PDB will block node upgrades for up to an hour. Going forward the chart will not generate a PDB unless `replicaCount > 1`. If a team wants a PDB for a single-replica application and is willing to deal with slow node upgrades, set `singleReplicaPDB: true`.
Finally, when manually syncing applications in Argo CD to apply these changes, be sure to select the `Prune` option. This ensures that orphaned resources (like unwanted PDBs) are deleted from the cluster.
## CronJob
The Platform Engineering team does not publish a CronJob Helm chart, so we cannot automatically upgrade them. Instead, teams must review YAML manifests and/or third-pary charts and manually update them.
Example `batch/v1 CronJob` manifest:
```
apiVersion: batch/v1
kind: CronJob
metadata:
name: kube-no-trouble
namespace: kube-no-trouble
spec:
...
```
## PodSecurityPolicy (PSP)
The PodSecurityPolicy resource is being removed from Kubernetes entirely. If teams run applications that include PSPs, they must delete the corresponding YAML manifest or upgrade to a version of the third-party Helm chart that no longer includes a PSP.
As with PDBs, remember to select the `Prune` option when manually syncing so that existing PSPs are deleted from the cluster.
## Timeline
End of life for Kubernetes 1.24 is 2023-10-31. GKE clusters that are not subscribed to a release channel will begin auto-upgrading to 1.25 in Q2 2023. Any team that wishes to avoid cluster upgrades (not including regular GKE maintenance) until next off-season should address these API changes and manually upgrade to 1.25 before Opening Day 2023.
Sign in with Wallet
Connect another wallet