- You have recently upgraded your Kubernetes cluster to 1.21 or higher and the CPM now fails to start.
- Looking at the minion pod logs, you see a message that says:
2021-09-20 12:39:51,303 - One and only one volume is expected to be bound to the minion synthetics-minion-0 - volumes found: ...
A Kubernetes cluster at version 1.21+.
- A Kubernetes CPM (build 3.0.48+ until the fix is released)
- A private location in New Relic -> Synthetics -> Private locations
We have discovered a compatibility issue with Kubernetes version 1.21+.
A workaround is available by disabling the `BoundServiceAccountTokenVolume` feature gate on the cluster.
Since not all services allow disabling feature gates (like AWS EKS), downgrading the cluster to 1.20 may be the only option until a fix can be released.
About EKS, it is possible to create a new cluster at version 1.20 using eksctl.io.
Create a cluster from a yaml file. In the yaml, specify the cluster
When this feature is activated, it creates a "projected volume instead of a secret-based volume". We require the use of a secret-based volume. This is why the minion pod keeps restarting. More details in K8s documentation.
Type: Projected (a volume that contains injected data from multiple sources)