Consider installing with system-upgrade-controller suspended
Currently, we have a cronjob for suspending the system-upgrade-controller outside a nightly maintenance window. For new machines, the system starts with the controller active. This is a problem specifically for the upgrade-test pipeline, because that will install a new stackspin instance and immediately upgrade it, so any kubernetes upgrades will happen right away, while flux is also in the middle of doing helm upgrades. I suspect that my broken upgrade-test pipeline failed because of that.
Regardless of that specific problem, I think it makes sense to not start a kubernetes upgrade right away after installing but wait for the next maintenance window.