[Bug] Getting - Error while getting new resource: could not find correct resource type

[rohitgit-web]

Kyverno Version

1.12

Kubernetes Version

1.29

Kubernetes Platform

EKS

Description

I am encountering an issue in the Kyverno report under Errored Policy Results. I have custom CRDs installed for Argo Rollouts, but Kyverno is unable to fetch the Rollout resource kind.
I have already added the environment variable KYVERNO_ENABLE_CUSTOM_RESOURCES=true in the Kyverno deployment, but the issue persists.
Has anyone faced a similar problem when trying to fetch custom resource kinds in Kyverno? Any insights or suggestions would be appreciated.
This is the error got in--> Errored Policy Results
Error while getting new resource: could not find correct resource type

Steps to reproduce

1. This is the POLICY

---

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: podsecurity-subrule-baseline
annotations:
policies.kyverno.io/title: Baseline Pod Security Standards
policies.kyverno.io/category: Pod Security, EKS Best Practices
policies.kyverno.io/severity: high
policies.kyverno.io/subject: Pod
policies.kyverno.io/description: >-
The baseline profile of the Pod Security Standards is a collection of the most basic and important steps that can be taken to secure Pods.
Beginning with Kyverno 1.8, an entire profile may be assigned to the cluster through a single rule. This policy configures the baseline profile through the latest version of the Pod Security Standards cluster wide.
spec:
background: true
validationFailureAction: Audit
rules:
- name: baseline
match:
any:
- resources:
kinds:
- Pod
validate:
podSecurity:
level: baseline
version: latest

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: podsecurity-subrule-restricted
annotations:
policies.kyverno.io/title: Restricted Pod Security Standards
policies.kyverno.io/category: Pod Security, EKS Best Practices
policies.kyverno.io/severity: medium
policies.kyverno.io/subject: Pod
policies.kyverno.io/description: >-
The restricted profile of the Pod Security Standards, which is inclusive of the baseline profile, is a collection of all the most common configurations that can be taken to secure Pods.
Beginning with Kyverno 1.8, an entire profile may be assigned to the cluster through a single rule. This policy configures the restricted profile through the latest version of the Pod Security Standards cluster wide.
spec:
background: true
validationFailureAction: Audit
rules:
- name: restricted
match:
any:
- resources:
kinds:
- Rollout
- Deployment
- Pod
validate:
podSecurity:
level: restricted
version: latest

Expected behavior

NA

Screenshots

Kyverno logs

No response

Slack discussion

https://kubernetes.slack.com/archives/CLGR9BJU9/p1736852027614789

Troubleshooting

• I have read and followed the documentation AND the troubleshooting guide.
• I have searched other issues in this repository and mine is not recorded.

[rohitgit-web]

It seems the issue lies with this PSS policy as it is unable to recognize the custom CRD with kind: Rollout.

Policy --->>>

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: podsecurity-subrule-restricted
annotations:
policies.kyverno.io/title: Restricted Pod Security Standards
policies.kyverno.io/category: Pod Security, EKS Best Practices
policies.kyverno.io/severity: medium
policies.kyverno.io/subject: Pod
kyverno.io/kyverno-version: 1.12.5
policies.kyverno.io/minversion: 1.12.5
kyverno.io/kubernetes-version: "1.29"
policies.kyverno.io/description: >-
The restricted profile of the Pod Security Standards, which is inclusive of the baseline profile, is a collection of all the most common configurations that can be taken to secure Pods.
Beginning with Kyverno 1.8, an entire profile may be assigned to the cluster through a single rule. This policy configures the restricted profile through the latest version of the Pod Security Standards cluster wide.
spec:
background: true
validationFailureAction: Audit
rules:
- name: restricted
match:
any:
- resources:
kinds:
- Pod
validate:
podSecurity:
level: restricted
version: latest