KubeOne 1.8.0 removes the kured DaemonSet, keep other kured resources

[judge-red]

What happened?

During the upgrade to KubeOne 1.8.0, with the unattended-upgrades addon both pre-upgrade and post-upgrade and no other changes either, the kured DaemonSet got removed but the rest of the kured resources (ServiceAccount, ClusterRole, ClusterRoleBinding, Role, RoleBinding) were kept.

Expected behavior

It's unclear from the changelog and upgrade docs, whether the intention is to orphan the installed kured or to remove it, so not sure which is the bug, the removal of the DaemonSet or that the other resources are left behind. If I had to guess, the changelog and upgrade docs seem to hint at complete removal, as they urge for the installation of kured using the upstream Helm chart.

I think either way is fine, but it needs to be clear what happens (i.e. the docs must be more explicit), and it must be either completely orphaned or be left completely untouched.

How to reproduce the issue?

• Install a Kubeone 1.7 cluster with the unattended-upgrades addon enabled
• Upgrade to KubeOne 1.8
• Notice the kured DaemonSet is missing, other resources are still there

What KubeOne version are you using?

1.8.0

Provide your KubeOneCluster manifest here (if applicable)

apiVersion: kubeone.k8c.io/v1beta2
kind: KubeOneCluster
name: <...>
versions:
  kubernetes: 1.27.13
features:
  openidConnect:
    enable: true
    config:
      <...>
addons:
  enable: true
  addons:
    - name: backups-restic
      params:
        <...>
    - name: ccm-openstack
      params:
        CCM_CONCURRENT_SERVICE_SYNCS: "10"
    - name: cluster-autoscaler
    - name: unattended-upgrades
cloudProvider:
  external: true
  cloudConfig: |
    <...>
clusterNetwork:
  cni:
    external: {}
  kubeProxy:
    skipInstallation: true
helmReleases:
  <...>

What cloud provider are you running on?

OpenStack

What operating system are you running in your cluster?

Ubuntu 22.04

Additional information

Those who wish to install the upstream Helm chart of kured will first have to clean up the left behind resources, here's the required commands for your convenience:

kubectl delete clusterrole kured
kubectl delete clusterrolebinding kured
kubectl -n kube-system delete role kured
kubectl -n kube-system delete rolebinding kured
kubectl -n kube-system delete serviceaccount kured

[kron4eg]

Thanks for the report @judge-red! Yeah, I can confirm this. It's due to how kubectl apply --prune works (it started to skip non-namespaced resources).

I'll think how to fix this.