Allow running kubeadm upgrade apply
in the non-interactive mode when the --config
flag is used
#3076
Labels
kind/bug
Categorizes issue or PR as related to a bug.
kind/feature
Categorizes issue or PR as related to a new feature.
priority/backlog
Higher priority than priority/awaiting-more-evidence.
Milestone
What keywords did you search in kubeadm issues before filing this one?
non-interactive, --yes
Is this a BUG REPORT or FEATURE REQUEST?
kubeadm
1.30: Bug reportkubeadm
1.31+: Feature requestVersions
kubeadm version (use
kubeadm version
): 1.30+Environment:
kubectl version
): 1.30+uname -a
): Not relevantWhat happened?
kubeadm
allowed runningkubeadm upgrade apply
with the--config
flag provided in the non-interactive mode by using the--yes
flag. The--yes
flag had only one task and that's to skip interactive confirmations where you have to typeyes
/y
to proceed. This feature has been very useful and allowed runningkubeadm
in fully-automated scripts where typing anything, or in this caseyes
, is not an option.This however stopped working with
kubeadm
1.30. Trying to runkubeadm upgrade apply <version> --config <path> --yes
withkubeadm
1.30 results in the following error:As a side note, in
kubeadm
1.30 and the v1beta3 API, there's no option to enable the non-interactive mode via the config file, so using the--yes
flag is the only option to enable the non-interactive mode. Additionally, I'm aware that using the--config
flag in this concrete case is discouraged/deprecated.kubeadm
1.31 introduces the v1beta4 API which has theForceUpgrade
field that enables the non-interactive mode, however, as a side effect and with some serious implications. TheForceUpgrade
option (aka the--force-upgrade
flag), allows unsafe upgrade combinations, e.g. if some checks failed, if version skew policy is not satisfied, etc. This can be seen in https://github.com/kubernetes/kubernetes/blob/5df8e15a84bb3d6c80c57f0d4b50fa0c1864ca8e/cmd/kubeadm/app/cmd/upgrade/apply.go#L235-L257 and https://github.com/kubernetes/kubernetes/blob/5df8e15a84bb3d6c80c57f0d4b50fa0c1864ca8e/cmd/kubeadm/app/phases/upgrade/policy.go#L47-L150. This is much different compared to the--yes
flag which only skipped the interactive confirmations.That said, even with
kubeadm
v1.31+ and the v1beta4 API, there's still need for the--yes
flag to make usingkubeadm
in the fully-automated scripts easier/possible and safe.What you expected to happen?
The
--yes
flag should keep the behavior prior to 1.30, where you could use both--config
and--yes
flags together in thekubeadm upgrade apply
command.From the user perspective, keeping the flag instead of putting it in the API makes a couple of things easier. If I want to run
kubeadm
as part of some fully-automated script, I can just use the--yes
flag. If I want to test something interactively and see if checks are going to pass, I can omit the flag and then answeryes
/no
depending on if I'm satisfied by proposed changes.How to reproduce it (as minimally and precisely as possible)?
Run
kubeadm upgrade apply <version> --config <path> --yes
withkubeadm
1.30.0 or newer.Anything else we need to know?
Additional discussion on Slack about this: https://kubernetes.slack.com/archives/C13J86Z63/p1718644261743749
The text was updated successfully, but these errors were encountered: