-
Notifications
You must be signed in to change notification settings - Fork 377
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 1713263: pkg/cli/admin/upgrade: allow users to force when updating to latest #145
Bug 1713263: pkg/cli/admin/upgrade: allow users to force when updating to latest #145
Conversation
--force is used when a) the release image is not verified. b) the operators are blocking upgrades. For cases when the users are using custom update channel, the release-image is probably not going to be verified by Red Hat signature, but the users should be allowed to update to the latest available update by skipping the verification step. And for cases where the users want to upgrade to the latest upgrade, even when the operators are blocking updates should be achievable by setting the force flag.
@abhinavdahiya: This pull request references Bugzilla bug 1713263, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
update := cv.Status.AvailableUpdates[len(cv.Status.AvailableUpdates)-1] | ||
cv.Spec.DesiredUpdate = &update | ||
if o.Force { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hrm, I kind of would prefer not allowing this. I think if you have to force you should have to at least give us a version (was the rationale for not having this before).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So I think QE is in a situation where they set the upstream to the point to the nightly, and then mark update to the latest version.
but they can't just --to-latest
because nightly is not signed. and there they need to --force
So, hopefully when the nighties get signed, maybe that use-case doesn't apply.
But if the customer is running their own update-server in disconnected env wouldn't have access to verify, so they might want to use --to-latest --force
but maybe when we support such an env in a better way we can allow these customers to host our signatures locally, in which case this wouldn't apply too.
So the last one is, i have overrides set, or i have techpreview features on, and i want to update to whtever latest version there is, but that needs a --to-latest --force
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK.
ping @smarterclayton ? |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: abhinavdahiya, smarterclayton The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/retest |
@abhinavdahiya: All pull requests linked via external trackers have merged. Bugzilla bug 1713263 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
--force is used when
a) the release image is not verified.
b) the operators are blocking upgrades.
For cases when the users are using custom update channel, the release-image is probably not going to be verified by Red Hat signature, but the users should be allowed to update to the latest
available update by skipping the verification step.
And for cases where the users want to upgrade to the latest upgrade, even when the operators are blocking updates should be achievable by setting the force flag.
/assign @smarterclayton