Add preventative measures to prevent cluster administrators from easily skipping release versions with upgrades

[VestigeJ]

k3s should consider implementing user protection mechanisms for Kubernetes upgrades. This could involve preventing users from directly jumping to major version changes or skipping necessary patches within a branch. Instead, forced sequential upgrades within branches and controlled transitions to major versions would promote smoother updates, mitigate potential regression risks, and guarantee system stability.

Open to debate but I'd vote we stdout which version the cluster-admin should be upgrading to - maybe leave in a --force flag for circumventing known issues and edge cases that pertain to particular clusters. If a user passes --force they're on their own and they should acknowledge that during this upgrade path. I also think if possible this should take into account historic installation methods - do we want to add protections for admins who initially installed the cluster with package managers vs. the installation script to stay within the same method for upgrades?

[brandond]

I generally work from this document: https://kubernetes.io/releases/version-skew-policy/

The biggest stumbling block I’ve had with this, internally at least, is deciding what is a reliable indicator of what the “cluster version” is.

• What would we validate again when attempting an upgrade?
• Do we look at this node by node and ignore the larger state of the cluster?
• Do we try to introspect the running cluster to determine the versions in play?
• What if the cluster isn’t currently running to query the apiserver or etcd?
• What if the users restores an old etcd snapshot from a version that we shouldn’t support upgrading directly from?
• What do we do if the upgrade is rejected? The user has already replaced the binary or rancher/k3s image, there's not a good way to "fall back" without direct action from the user.

There are a lot of edge cases; to a certain extent the cloud providers have it easy, as there is an external store that determines the “correct” desired version for the cluster, and they can just compare everything against that.