Bug 1713263: pkg/cli/admin/upgrade: allow users to force when updating to latest #145
Conversation
--force is used when a) the release image is not verified. b) the operators are blocking upgrades. For cases when the users are using custom update channel, the release-image is probably not going to be verified by Red Hat signature, but the users should be allowed to update to the latest available update by skipping the verification step. And for cases where the users want to upgrade to the latest upgrade, even when the operators are blocking updates should be achievable by setting the force flag.
|
@abhinavdahiya: This pull request references Bugzilla bug 1713263, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift-ci-robot
added
bugzilla/valid-bug
| update := cv.Status.AvailableUpdates[len(cv.Status.AvailableUpdates)-1] | ||
| cv.Spec.DesiredUpdate = &update | ||
| if o.Force { |
There was a problem hiding this comment.
Hrm, I kind of would prefer not allowing this. I think if you have to force you should have to at least give us a version (was the rationale for not having this before).
There was a problem hiding this comment.
So I think QE is in a situation where they set the upstream to the point to the nightly, and then mark update to the latest version.
but they can't just --to-latest because nightly is not signed. and there they need to --force
So, hopefully when the nighties get signed, maybe that use-case doesn't apply.
But if the customer is running their own update-server in disconnected env wouldn't have access to verify, so they might want to use --to-latest --force
but maybe when we support such an env in a better way we can allow these customers to host our signatures locally, in which case this wouldn't apply too.
So the last one is, i have overrides set, or i have techpreview features on, and i want to update to whtever latest version there is, but that needs a --to-latest --force.
|
ping @smarterclayton ? |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: abhinavdahiya, smarterclayton The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
|
/retest |
|
@abhinavdahiya: All pull requests linked via external trackers have merged. Bugzilla bug 1713263 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
--force is used when
a) the release image is not verified.
b) the operators are blocking upgrades.
For cases when the users are using custom update channel, the release-image is probably not going to be verified by Red Hat signature, but the users should be allowed to update to the latest
available update by skipping the verification step.
And for cases where the users want to upgrade to the latest upgrade, even when the operators are blocking updates should be achievable by setting the force flag.
/assign @smarterclayton