Check for auth version incompatibility (kube)#35025
Closed
bernardjkim wants to merge 1 commit intomasterfrom
Closed
Check for auth version incompatibility (kube)#35025bernardjkim wants to merge 1 commit intomasterfrom
bernardjkim wants to merge 1 commit intomasterfrom
Conversation
Contributor
|
The PR changelog entry failed validation: Changelog entry not found in the PR body. Please add a "no-changelog" label to the PR, or changelog lines starting with |
marcoandredinis
approved these changes
Nov 28, 2023
| assertErr: require.NoError, | ||
| }, | ||
| } | ||
| // Doing the real test |
Contributor
There was a problem hiding this comment.
Suggested change
| // Doing the real test |
| return nil, trace.Wrap(err) | ||
| } | ||
|
|
||
| log.Info("Verify new version candidate is compatible with the auth server version") |
Contributor
There was a problem hiding this comment.
Can we add the versions as fields to the log message?
| return nil, trace.Wrap(err) | ||
| } | ||
|
|
||
| log.Info("Verify new version candidate is compatible with the auth server version") |
Contributor
There was a problem hiding this comment.
Same here: adding the versions to the log
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Paired with #34917
Currently, the teleport-upgrader is allowed to upgrade a Teleport agent to a newer major version than the control plane, making it incompatible with the control plane.
Context
The reason we did not have this check in the first place is because this can allow the agent to become bricked. If the agent is upgraded to a broken version that cannot communicate with the auth server, the agent would no longer automatically update and be stuck in that state.
We have decided to make this change as a temporary solution so that we can make progress in this issue https://github.com/gravitational/cloud/issues/6773. Once we're in a stable state, we'll rework the auto upgrades to be more compatible with the version/upgrade management of Teleport Cloud.