🌱 Enforce skip upgrade policy in clusterctl (#12017)

* Enforce skip upgrade policy in clusterctl

* Address feedback

Author: fabriziopandini

cmd/clusterctl/client/cluster/upgrader.go

@@ -21,6 +21,7 @@ import (
 	"sort"
 	"time"
 
+	"github.com/blang/semver/v4"
 	"github.com/pkg/errors"
 	appsv1 "k8s.io/api/apps/v1"
 	"k8s.io/apimachinery/pkg/util/sets"
@@ -272,6 +273,10 @@ func (u *providerUpgrader) createCustomPlan(ctx context.Context, upgradeItems []
 			return nil, errors.Errorf("unable to complete that upgrade: the provider %s in not part of the management cluster", upgradeItem.InstanceName())
 		}
 
+		if upgradeItem.Version == "" {
+			upgradeItem.Version = provider.Version
+		}
+
 		// Retrieves the contract that is supported by the target version of the provider.
 		contract, err := u.getProviderContractByVersion(ctx, *provider, upgradeItem.NextVersion)
 		if err != nil {
@@ -358,6 +363,36 @@ func (u *providerUpgrader) doUpgrade(ctx context.Context, upgradePlan *UpgradePl
 		}
 	}
 
+	// Block unsupported skip upgrades for Core, Kubeadm Bootstrap, Kubeadm ControlPlane.
+	// NOTE: in future we might consider extending the clusterctl contract to support enforcing of skip upgrade
+	// rules for out of tree providers.
+	minVersionSkew := semver.MustParse("1.10.0")
+	for _, upgradeItem := range upgradePlan.Providers {
+		if !(upgradeItem.Type == string(clusterctlv1.CoreProviderType) ||
+			(upgradeItem.Type == string(clusterctlv1.BootstrapProviderType) && upgradeItem.ProviderName == config.KubeadmBootstrapProviderName) ||
+			(upgradeItem.Type == string(clusterctlv1.ControlPlaneProviderType) && upgradeItem.ProviderName == config.KubeadmControlPlaneProviderName)) {
+			continue
+		}
+
+		currentVersion, err := semver.ParseTolerant(upgradeItem.Version)
+		if err != nil {
+			return errors.Wrapf(err, "failed to parse current version for %s provider", upgradeItem.InstanceName())
+		}
+
+		if currentVersion.LT(minVersionSkew) {
+			continue
+		}
+
+		nextVersion, err := semver.ParseTolerant(upgradeItem.NextVersion)
+		if err != nil {
+			return errors.Wrapf(err, "failed to parse next version for %s provider", upgradeItem.InstanceName())
+		}
+
+		if nextVersion.Minor > currentVersion.Minor+3 {
+			return errors.Errorf("upgrade for %s provider can't skip more than 3 versions", upgradeItem.InstanceName())
+		}
+	}
+
 	// Ensure Providers are updated in the following order: Core, Bootstrap, ControlPlane, Infrastructure.
 	providers := upgradePlan.Providers
 	sort.Slice(providers, func(a, b int) bool {

cmd/clusterctl/client/cluster/upgrader_test.go

@@ -1034,6 +1034,117 @@ func Test_providerUpgrader_ApplyCustomPlan(t *testing.T) {
 			errorMsg: "detected multiple instances of the same provider",
 			opts:     UpgradeOptions{},
 		},
+		{
+			name: "fails to upgrade to current contract when violating core provider skip version rules",
+			fields: fields{
+				reader: test.NewFakeReader().
+					WithProvider("cluster-api", clusterctlv1.CoreProviderType, "https://somewhere.com"),
+				repository: map[string]repository.Repository{
+					"cluster-api": repository.NewMemoryRepository().
+						WithVersions("v1.10.0", "v1.11.0", "v1.12.0", "v1.13.0", "v1.14.0").
+						WithMetadata("v1.14.0", &clusterctlv1.Metadata{
+							ReleaseSeries: []clusterctlv1.ReleaseSeries{
+								{Major: 1, Minor: 10, Contract: test.PreviousCAPIContractNotSupported},
+								{Major: 1, Minor: 11, Contract: test.CurrentCAPIContract},
+								{Major: 1, Minor: 12, Contract: test.CurrentCAPIContract},
+								{Major: 1, Minor: 13, Contract: test.CurrentCAPIContract},
+								{Major: 1, Minor: 14, Contract: test.CurrentCAPIContract},
+							},
+						}),
+				},
+				proxy: test.NewFakeProxy().
+					WithProviderInventory("cluster-api", clusterctlv1.CoreProviderType, "v1.10.0", "cluster-api-system"),
+			},
+			providersToUpgrade: []UpgradeItem{
+				{
+					Provider:    fakeProvider("cluster-api", clusterctlv1.CoreProviderType, "v1.10.0", "cluster-api-system"),
+					NextVersion: "v1.14.0",
+				},
+			},
+			wantErr:  true,
+			errorMsg: "upgrade for cluster-api-system/cluster-api provider can't skip more than 3 versions",
+			opts:     UpgradeOptions{},
+		},
+		{
+			name: "fails to upgrade to current contract when violating kubeadm bootstrap provider skip version rules",
+			fields: fields{
+				reader: test.NewFakeReader().
+					WithProvider("cluster-api", clusterctlv1.CoreProviderType, "https://somewhere.com").
+					WithProvider(config.KubeadmBootstrapProviderName, clusterctlv1.BootstrapProviderType, "https://somewhere.com"),
+				repository: map[string]repository.Repository{
+					"cluster-api": repository.NewMemoryRepository().
+						WithVersions("v1.0.0").
+						WithMetadata("v1.0.0", &clusterctlv1.Metadata{
+							ReleaseSeries: []clusterctlv1.ReleaseSeries{
+								{Major: 1, Minor: 0, Contract: test.CurrentCAPIContract},
+							},
+						}),
+					"bootstrap-kubeadm": repository.NewMemoryRepository().
+						WithVersions("v1.10.0", "v1.11.0", "v1.12.0", "v1.13.0", "v1.14.0").
+						WithMetadata("v1.14.0", &clusterctlv1.Metadata{
+							ReleaseSeries: []clusterctlv1.ReleaseSeries{
+								{Major: 1, Minor: 10, Contract: test.PreviousCAPIContractNotSupported},
+								{Major: 1, Minor: 11, Contract: test.CurrentCAPIContract},
+								{Major: 1, Minor: 12, Contract: test.CurrentCAPIContract},
+								{Major: 1, Minor: 13, Contract: test.CurrentCAPIContract},
+								{Major: 1, Minor: 14, Contract: test.CurrentCAPIContract},
+							},
+						}),
+				},
+				proxy: test.NewFakeProxy().
+					WithProviderInventory("cluster-api", clusterctlv1.CoreProviderType, "v1.0.0", "cluster-api-system").
+					WithProviderInventory(config.KubeadmBootstrapProviderName, clusterctlv1.BootstrapProviderType, "v1.10.0", "cluster-api-system"),
+			},
+			providersToUpgrade: []UpgradeItem{
+				{
+					Provider:    fakeProvider(config.KubeadmBootstrapProviderName, clusterctlv1.BootstrapProviderType, "v1.10.0", "cluster-api-system"),
+					NextVersion: "v1.14.0",
+				},
+			},
+			wantErr:  true,
+			errorMsg: "upgrade for cluster-api-system/bootstrap-kubeadm provider can't skip more than 3 versions",
+			opts:     UpgradeOptions{},
+		},
+		{
+			name: "fails to upgrade to current contract when violating kubeadm control plane provider skip version rules",
+			fields: fields{
+				reader: test.NewFakeReader().
+					WithProvider("cluster-api", clusterctlv1.CoreProviderType, "https://somewhere.com").
+					WithProvider(config.KubeadmControlPlaneProviderName, clusterctlv1.ControlPlaneProviderType, "https://somewhere.com"),
+				repository: map[string]repository.Repository{
+					"cluster-api": repository.NewMemoryRepository().
+						WithVersions("v1.0.0").
+						WithMetadata("v1.0.0", &clusterctlv1.Metadata{
+							ReleaseSeries: []clusterctlv1.ReleaseSeries{
+								{Major: 1, Minor: 0, Contract: test.CurrentCAPIContract},
+							},
+						}),
+					"control-plane-kubeadm": repository.NewMemoryRepository().
+						WithVersions("v1.10.0", "v1.11.0", "v1.12.0", "v1.13.0", "v1.14.0").
+						WithMetadata("v1.14.0", &clusterctlv1.Metadata{
+							ReleaseSeries: []clusterctlv1.ReleaseSeries{
+								{Major: 1, Minor: 10, Contract: test.PreviousCAPIContractNotSupported},
+								{Major: 1, Minor: 11, Contract: test.CurrentCAPIContract},
+								{Major: 1, Minor: 12, Contract: test.CurrentCAPIContract},
+								{Major: 1, Minor: 13, Contract: test.CurrentCAPIContract},
+								{Major: 1, Minor: 14, Contract: test.CurrentCAPIContract},
+							},
+						}),
+				},
+				proxy: test.NewFakeProxy().
+					WithProviderInventory("cluster-api", clusterctlv1.CoreProviderType, "v1.0.0", "cluster-api-system").
+					WithProviderInventory(config.KubeadmControlPlaneProviderName, clusterctlv1.ControlPlaneProviderType, "v1.10.0", "cluster-api-system"),
+			},
+			providersToUpgrade: []UpgradeItem{
+				{
+					Provider:    fakeProvider(config.KubeadmControlPlaneProviderName, clusterctlv1.ControlPlaneProviderType, "v1.10.0", "cluster-api-system"),
+					NextVersion: "v1.14.0",
+				},
+			},
+			wantErr:  true,
+			errorMsg: "upgrade for cluster-api-system/control-plane-kubeadm provider can't skip more than 3 versions",
+			opts:     UpgradeOptions{},
+		},
 	}
 
 	for _, tt := range tests {

docs/book/src/clusterctl/commands/upgrade.md

@@ -77,19 +77,13 @@ clusterctl upgrade apply \
 
 <aside class="note warning">
 
-<h1>Clusterctl upgrade test coverage</h1>
+<h1>Skip upgrades</h1>
 
-Cluster API only tests a subset of possible clusterctl upgrade paths as otherwise the test matrix would be overwhelming.
-Untested upgrade paths are not blocked by clusterctl and should work in general, but users
-intending to perform an upgrade path not tested by us should do their own validation to ensure the operation works correctly.
+Please check providers documentation before performing skip upgrades (skip minor versions).
+Not supported skip upgrades might lead to non functional management clusters. 
 
-The following is an example of the tested upgrade paths for v1.10:
-
-| From | To    | Note                          |
-|------|-------|-------------------------------|
-| v1.7 | v1.10 | n-3 --> n (v1.7 is v1.10 - 3) |
-| v1.8 | v1.10 | n-2 --> n (v1.8 is v1.10 - 2) |
-| v1.9 | v1.10 | n-1 --> n (v1.9 is v1.10 - 1) |
+For Core provider, Kubeadm bootstrap provider, Kubeadm control plane provider and Docker infrastructure provider
+please look at [skip upgrades](../../reference/versions.md#skip-upgrades) rules.
 
 </aside>