Description
Hi team,
We are using the Kamaji control plane provider and attempted to upgrade a cluster from Kubernetes version v1.30 directly to v1.32. The operation failed with the following error:
cannot create or update TenantControlPlane: admission webhook "vtenantcontrolplane.kb.io" denied the request: unable to upgrade to a minor version in a non-sequential mode
I’ve reported this to the Kamaji team here: clastix/cluster-api-control-plane-provider-kamaji#225
This brings up a broader question: who is responsible for ensuring that control plane upgrades are performed sequentially (e.g., v1.30 → v1.31 → v1.32), especially when a user requests a jump over intermediate versions?
There seem to be two possible approaches:
- If Cluster API is responsible for orchestrating sequential upgrades (both control plane and workers), then perhaps this should be implemented either as a core feature or at least as validation logic that prevents skipping versions.
- If each control plane provider is responsible for enforcing this behavior, then the issue should remain on the Kamaji side to handle sequential enforcement internally.
As far as I can tell, Cluster API already handles worker node rollouts in a version-sequential manner and coordinates upgrades carefully between control plane and workers. Based on that, I would assume that Cluster API should also be responsible for breaking down a requested upgrade path (e.g., v1.30 → v1.33) into sequential steps and apply them one-by-one.
Am I reasoning correctly here?
Thanks!