Master now supports delayed upgrades. It will wait until specifically told to upgrade with an action unless the configuration option require-manual-upgrade is false.

cluster/juju/layers/kubernetes-master/actions.yaml

@@ -46,3 +46,5 @@ namespace-delete:
       minLength: 2
   required:
     - name
+upgrade:
+    description: Upgrade the kubernetes snaps

cluster/juju/layers/kubernetes-master/actions/upgrade

@@ -0,0 +1,5 @@
+#!/bin/sh
+set -eux
+
+charms.reactive set_state kubernetes-master.upgrade-specified
+exec hooks/config-changed

cluster/juju/layers/kubernetes-master/config.yaml

@@ -70,3 +70,9 @@ options:
     description: |
       Comma separated authorization modes. Allowed values are
       "RBAC", "Node", "Webhook", "ABAC", "AlwaysDeny" and "AlwaysAllow".
+  require-manual-upgrade:
+    type: boolean
+    default: true
+    description: |
+      When true, master nodes will not be upgraded until the user triggers
+      it manually by running the upgrade action.

cluster/juju/layers/kubernetes-master/reactive/kubernetes_master.py

@@ -63,6 +63,22 @@ nrpe.Check.shortname_re = '[\.A-Za-z0-9-_]+$'
 os.environ['PATH'] += os.pathsep + os.path.join(os.sep, 'snap', 'bin')
 
 
+def set_upgrade_needed():
+    set_state('kubernetes-master.upgrade-needed')
+    config = hookenv.config()
+    previous_channel = config.previous('channel')
+    require_manual = config.get('require-manual-upgrade')
+    hookenv.log('set upgrade needed')
+    if previous_channel is None or not require_manual:
+        hookenv.log('forcing upgrade')
+        set_state('kubernetes-master.upgrade-specified')
+
+
+@when('config.changed.channel')
+def channel_changed():
+    set_upgrade_needed()
+
+
 def service_cidr():
     ''' Return the charm's service-cidr config '''
     db = unitdata.kv()
@@ -78,14 +94,21 @@ def freeze_service_cidr():
 
 
 @hook('upgrade-charm')
-def reset_states_for_delivery():
+def check_for_upgrade_needed():
     '''An upgrade charm event was triggered by Juju, react to that here.'''
+    hookenv.status_set('maintenance', 'Checking resources')
+
     migrate_from_pre_snaps()
-    install_snaps()
     add_rbac_roles()
     set_state('reconfigure.authentication.setup')
     remove_state('authentication.setup')
 
+    resources = ['kubectl', 'kube-apiserver', 'kube-controller-manager',
+                 'kube-scheduler', 'cdk-addons']
+    paths = [hookenv.resource_get(resource) for resource in resources]
+    if any_file_changed(paths):
+        set_upgrade_needed()
+
 
 def add_rbac_roles():
     '''Update the known_tokens file with proper groups.'''
@@ -172,6 +195,20 @@ def migrate_from_pre_snaps():
             os.remove(file)
 
 
+@when('kubernetes-master.upgrade-needed')
+@when_not('kubernetes-master.upgrade-specified')
+def upgrade_needed_status():
+    msg = 'Needs manual upgrade, run the upgrade action'
+    hookenv.status_set('blocked', msg)
+
+
+@when('kubernetes-master.upgrade-specified')
+def do_upgrade():
+    install_snaps()
+    remove_state('kubernetes-master.upgrade-needed')
+    remove_state('kubernetes-master.upgrade-specified')
+
+
 def install_snaps():
     channel = hookenv.config('channel')
     hookenv.status_set('maintenance', 'Installing kubectl snap')
@@ -189,11 +226,6 @@ def install_snaps():
     remove_state('kubernetes-master.components.started')
 
 
-@when('config.changed.channel')
-def channel_changed():
-    install_snaps()
-
-
 @when('config.changed.client_password', 'leadership.is_leader')
 def password_changed():
     """Handle password change via the charms config."""