diff --git a/controlplane/kubeadm/api/v1beta1/kubeadm_control_plane_webhook.go b/controlplane/kubeadm/api/v1beta1/kubeadm_control_plane_webhook.go index 8ace322bbdf0..d654b2a58707 100644 --- a/controlplane/kubeadm/api/v1beta1/kubeadm_control_plane_webhook.go +++ b/controlplane/kubeadm/api/v1beta1/kubeadm_control_plane_webhook.go @@ -500,7 +500,7 @@ func (in *KubeadmControlPlane) validateCoreDNSVersion(prev *KubeadmControlPlane) ) return allErrs } - + // Note: This check allows an "upgrade" in the case where the versions are equal. if err := migration.ValidUpMigration(fromVersion.String(), toVersion.String()); err != nil { allErrs = append( allErrs, diff --git a/controlplane/kubeadm/api/v1beta1/kubeadm_control_plane_webhook_test.go b/controlplane/kubeadm/api/v1beta1/kubeadm_control_plane_webhook_test.go index cb86359df9ab..2f9d9410df96 100644 --- a/controlplane/kubeadm/api/v1beta1/kubeadm_control_plane_webhook_test.go +++ b/controlplane/kubeadm/api/v1beta1/kubeadm_control_plane_webhook_test.go @@ -744,6 +744,11 @@ func TestKubeadmControlPlaneValidateUpdate(t *testing.T) { before: before, kcp: dnsBuildTag, }, + { + name: "should succeed when using the same CoreDNS version", + before: dns, + kcp: dns.DeepCopy(), + }, { name: "should fail when using an invalid DNS build", expectErr: true, @@ -756,6 +761,7 @@ func TestKubeadmControlPlaneValidateUpdate(t *testing.T) { before: dns, kcp: dnsInvalidCoreDNSToVersion, }, + { name: "should fail when making a change to the cluster config's certificatesDir", expectErr: true, diff --git a/controlplane/kubeadm/internal/workload_cluster_coredns.go b/controlplane/kubeadm/internal/workload_cluster_coredns.go index 97c062e0df21..e50d53497a85 100644 --- a/controlplane/kubeadm/internal/workload_cluster_coredns.go +++ b/controlplane/kubeadm/internal/workload_cluster_coredns.go @@ -412,10 +412,9 @@ func validateCoreDNSImageTag(fromTag, toTag string) error { if err != nil { return errors.Wrapf(err, "failed to parse CoreDNS target version %q", toTag) } - // make sure that the version we're upgrading to is greater than the current one, - // or if they're the same version, the raw tags should be different (e.g. allow from `v1.17.4-somevendor.0` to `v1.17.4-somevendor.1`). - if x := from.Compare(to); x > 0 || (x == 0 && fromTag == toTag) { - return fmt.Errorf("toVersion %q must be greater than fromVersion %q", toTag, fromTag) + // make sure that the version we're upgrading to is greater than or equal to the current version. + if to.LT(from) { + return fmt.Errorf("toVersion %q must be greater than or equal to fromVersion %q", toTag, fromTag) } // check if the from version is even in the list of coredns versions if _, ok := migration.Versions[fmt.Sprintf("%d.%d.%d", from.Major, from.Minor, from.Patch)]; !ok { diff --git a/controlplane/kubeadm/internal/workload_cluster_coredns_test.go b/controlplane/kubeadm/internal/workload_cluster_coredns_test.go index 12e143a0d57e..182993583a4b 100644 --- a/controlplane/kubeadm/internal/workload_cluster_coredns_test.go +++ b/controlplane/kubeadm/internal/workload_cluster_coredns_test.go @@ -491,17 +491,16 @@ func TestValidateCoreDNSImageTag(t *testing.T) { toVer: "1.6.1", expectErrSubStr: "failed to parse CoreDNS current version", }, + { + name: "fromVer is equal to toVer", + fromVer: "1.6.5", + toVer: "1.6.5", + }, { name: "fromVer is equal to toVer, but different patch versions", fromVer: "1.6.5_foobar.1", toVer: "1.6.5_foobar.2", }, - { - name: "fromVer is equal to toVer", - fromVer: "1.6.5_foobar.1", - toVer: "1.6.5_foobar.1", - expectErrSubStr: "must be greater", - }, { name: "fromVer is lower but has meta", fromVer: "1.6.5-foobar.1",