From bfb86e653f4e4f9d6b6b36abd8eb37c60e7f2b00 Mon Sep 17 00:00:00 2001 From: Viktor Barzin Date: Wed, 17 Jun 2026 13:49:06 +0000 Subject: [PATCH] k8s-version-upgrade: ignore CoreDNS preflight on `kubeadm upgrade plan` too MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The prior commit added the CoreDNS ignore/skip flags only to `kubeadm upgrade apply`, but `kubeadm upgrade plan` runs the SAME CoreDNS preflight. Once master's kubeadm binary is on the target version (the first attempt's apt step already bumps it), both plan calls fail on the Keel-drifted CoreDNS 1.12.4 under set -euo pipefail and abort: - preflight Job step 4 (upgrade-step.sh) — `plan` output is grepped for the target version; the failing pipeline killed the whole preflight. - update_k8s.sh master path line 85 — bare `plan` before the apply. Both now pass --ignore-preflight-errors=CoreDNSMigration,CoreDNSUnsupportedPlugins. Verified read-only on master: plan exits 0 and still emits "kubeadm upgrade apply v1.34.9". Co-Authored-By: Claude Opus 4.8 --- scripts/update_k8s.sh | 5 ++++- stacks/k8s-version-upgrade/scripts/upgrade-step.sh | 8 ++++++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/scripts/update_k8s.sh b/scripts/update_k8s.sh index 3684fc1d..19abe7ef 100755 --- a/scripts/update_k8s.sh +++ b/scripts/update_k8s.sh @@ -82,7 +82,10 @@ sudo apt-get install -y "kubeadm=$RELEASE-*" if [[ "$ROLE" == "master" ]]; then echo "==> Master path: kubeadm upgrade plan + apply" - sudo kubeadm upgrade plan + # `plan` runs the same CoreDNS preflight as `apply`, so once master's kubeadm + # is on the new version it fails here too (under set -e) — ignore the same + # two CoreDNS checks. See the apply block below for the full rationale. + sudo kubeadm upgrade plan --ignore-preflight-errors=CoreDNSMigration,CoreDNSUnsupportedPlugins # The first apply may fail with "static Pod hash for component did # not change after 5m0s" — kubeadm's 5min wait for the kubelet to reload # a static pod is too tight on our cluster (apiserver-to-kubelet status diff --git a/stacks/k8s-version-upgrade/scripts/upgrade-step.sh b/stacks/k8s-version-upgrade/scripts/upgrade-step.sh index 57ef87fc..fb1f2fcc 100644 --- a/stacks/k8s-version-upgrade/scripts/upgrade-step.sh +++ b/stacks/k8s-version-upgrade/scripts/upgrade-step.sh @@ -325,9 +325,13 @@ phase_preflight() { exit 1 fi - # 4. kubeadm upgrade plan matches target + # 4. kubeadm upgrade plan matches target. `plan` runs the same CoreDNS + # preflight as `apply`; once master's kubeadm is on the new version it errors + # on a Keel-drifted CoreDNS (start version unsupported) and, under pipefail, + # aborts this whole check. Ignore the two CoreDNS checks here too so plan + # still emits its "kubeadm upgrade apply vX.Y.Z" line. (See update_k8s.sh.) local plan_target - plan_target=$(ssh "${SSH_OPTS[@]}" "wizard@k8s-master$NODE_DOMAIN" 'sudo kubeadm upgrade plan' \ + plan_target=$(ssh "${SSH_OPTS[@]}" "wizard@k8s-master$NODE_DOMAIN" 'sudo kubeadm upgrade plan --ignore-preflight-errors=CoreDNSMigration,CoreDNSUnsupportedPlugins' \ | grep -oE 'kubeadm upgrade apply v[0-9]+\.[0-9]+\.[0-9]+' \ | grep -oE 'v[0-9]+\.[0-9]+\.[0-9]+' | head -1 | tr -d v) if [ "$plan_target" != "$TARGET_VERSION" ]; then