Skip to main content

☑️ Prevent use of removed APIs in Kubernetes v1.22

Kubernetes version 1.22 stopped serving several APIs for different resource types.
When deploying a resource with a removed API version, the Kubernetes engine will reject it.

The following resources are removed in version 1.22:

API versionResource kind
admissionregistration.k8s.io/v1beta1MutatingWebhookConfiguration, ValidatingWebhookConfiguration
apiextensions.k8s.io/v1beta1CustomResourceDefinition
apiregistration.k8s.io/v1beta1APIService
authentication.k8s.io/v1beta1TokenReview
authorization.k8s.io/v1beta1SubjectAccessReview, LocalSubjectAccessReview, SelfSubjectAccessReview
certificates.k8s.io/v1beta1CertificateSigningRequest
coordination.k8s.io/v1beta1Lease
extensions/v1beta1, networking.k8s.io/v1beta1Ingress
rbac.authorization.k8s.io/v1beta1ClusterRole, ClusterRoleBinding, Role, RoleBinding
scheduling.k8s.io/v1beta1PriorityClass
storage.k8s.io/v1beta1CSIDriver, CSINode, StorageClass, VolumeAttachment

Targeted objects by this rule (types of kind): (See table above)

Complexity: easy (What does this mean?)

Policy as code identifier: K8S_REMOVED_APIVERSION_1.22


This rule will fail​

If one of the removed API versions is used:

apiVersion: admissionregistration.k8s.io/v1beta1
kind: MutatingWebhookConfiguration

Rule output in the CLI​

$ datree test *.yaml

>> File: failExample.yaml
❌ Prevent use of removed APIs in Kubernetes v1.22 [1 occurrence]
💡 Incorrect value for key `apiVersion` - the version of the resource you are trying to use is removed in k8s v1.22

How to fix this failure​

Use a supported API version instead of the removed one:

Removed API versionSupported API version
admissionregistration.k8s.io/v1beta1admissionregistration.k8s.io/v1
apiextensions.k8s.io/v1beta1apiextensions.k8s.io/v1
apiregistration.k8s.io/v1beta1apiregistration.k8s.io/v1
authentication.k8s.io/v1beta1authentication.k8s.io/v1
authorization.k8s.io/v1beta1authorization.k8s.io/v1
certificates.k8s.io/v1beta1certificates.k8s.io/v1
coordination.k8s.io/v1beta1coordination.k8s.io/v1
extensions/v1beta1, networking.k8s.io/v1beta1networking.k8s.io/v1
rbac.authorization.k8s.io/v1beta1rbac.authorization.k8s.io/v1
scheduling.k8s.io/v1beta1scheduling.k8s.io/v1
storage.k8s.io/v1beta1storage.k8s.io/v1

Example:

apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration

Read more​