The Kubernetes documentation notes the necessity of draining nodes when upgrading across minor versions. I am integrating a kubernetes deployment with a preexisting rollout/workflow engine that has a notion of a fleetwide rollback, and one question that I haven’t seen covered in the documentation is whether it is contractually safe to roll back a node across minor versions, presumably while drained. The scenario might involve successful upgrades of many nodes in the fleet, the subsequent detection of a problem, and then a rollback of all nodes that have been upgraded.
I have not yet encountered any reason it would be dangerous today in practice, but before allowing such rollbacks, I want to understand whether there’s a risk of its becoming unsafe in the future (e.g. durable state in etcd precluding rollback).