Hi there,
I've a TKC 1.24 (v1.24.9---vmware.1-tkg.4) that provisioned on vSphere 8 Tanzu (vSphere Namespaces 0.1.6 Kubernetes v1.26.4+vmware.wcp.1) and I planned to update it to 1.25 (v1.25.7---vmware.3-fips.1-tkg.1). previously i update that from 1.23 to 1.24 without any problem in a year ago. but now internal certificates of 1.24 cluster has been expired and because of that while updating renewal of certificates is happened i decide to update cluster from 1.24 to 1.25.
I edit tanzukubernetescluster like this documentation by v1alpha3 method and change TKR reference from 1.24 into 1.25 . after editing nothing been changed and after a while in describe of cluster tell me to updateFailed. So i guess that is problem related to internal certificates and i connect to my 3 node of control plane and renew certificates by official documentations. and after that any change in update does not happened. and then i decide to update to 1.26 so i edit TKR to 1.26 (v1.26.13---vmware.1-fips.1-tkg.3), edit is done but update did not happen like same time.
after all of this, i want to revert TKR to Original (v1.24.9---vmware.1-tkg.4) and after editing this error is rising up:
error: tanzukubernetesclusters.run.tanzu.vmware.com "tkc-default" could not be patched: admission webhook "default.validating.tanzukubernetescluster.run.tanzu.vmware.com" denied the request: version upgrade not compatible with rules
i guess that is for one way update path of kubernetes validation? is it true?
the main problem is that i cannot update 1.24 to 1.25 and now when the TKR is saved to 1.26 i cannot revert it to 1.24 and then try it to change to 1.25 and check if update happen or not.
in really the cluster version is 1.24 but in this commands below result is printed:
# kubectl get tanzukubernetescluster -n tkg2-cluster-ns
NAME CONTROL PLANE WORKER TKR NAME AGE READY TKR COMPATIBLE UPDATES AVAILABLE
tkc-default 3 3 v1.26.13---vmware.1-fips.1-tkg.3 589d False True
# kubectl get node
NAME STATUS ROLES AGE VERSION
tkc-default-8qcxv-74dhl Ready control-plane 366d v1.24.9+vmware.1
tkc-default-8qcxv-dc4hq Ready control-plane 366d v1.24.9+vmware.1
tkc-default-8qcxv-tf5zz Ready control-plane 366d v1.24.9+vmware.1
tkc-default-worker-nodepool-a1-8pv56-6457c766bb-ftc66 Ready <none> 366d v1.24.9+vmware.1
tkc-default-worker-nodepool-a1-8pv56-6457c766bb-v8zw4 Ready <none> 366d v1.24.9+vmware.1
tkc-default-worker-nodepool-a1-8pv56-6457c766bb-vmxzg Ready <none> 366d v1.24.9+vmware.1