installer pre-checks

[smira]

Research

Extend installer container pre-checks when upgrading Talos to check for:

• Talos upgrade path: is it safe to upgrade from vX.Y to vA.B
• Kubernetes upgrade path: is current version of Kubernetes vX.Y supported with new Talos version?

Running Talos should pass enough information to the installer container (how? stdin? args? mount API socket?) to figure out if it's safe to do an upgrade.

If current Talos doesn't support passing the information, installer should not do the checks.

We need a way to pass structured errors back to Talos (output error as JSON?).

[andrewrynhard]

I like the idea of giving the installer API access but historically we couldn't because of how soon we shutdown apid. Have we made apid stay up as long as possible yet?

[smira]

Yep, apid is running until the reboot, so through the whole install process.

But in this case we even don't need that, as we need to do a check before upgrade starts, so we don't need apid all the time.

Also we don't need apid, but rather access to machined directly should be enough.