From 9cb58aa620ccf24fde7479cc7d62deb52c81cc63 Mon Sep 17 00:00:00 2001 From: Nick Bottari Date: Tue, 2 Jun 2026 14:28:34 -0400 Subject: [PATCH 01/11] fix(adm-upgrade): switched to checking for CVO in alerts(). Wrote unit test for new functions Signed-off-by: Nick Bottari fix(alerts): prevent duplication of warnings by disabling client-side alert checking if the server is already doing it. Signed-off-by: Nick Bottari fix(adm-upgrade): changed method of detecting if CVO is already checking alerts Signed-off-by: Nick Bottari fix(adm-upgrade): add check for hypershift and improve error checking Signed-off-by: Nick Bottari fix(adm-upgrade): switched to checking for CVO in alerts(). Wrote unit test for new functions Signed-off-by: Nick Bottari cv != nil Signed-off-by: Nick Bottari --- pkg/cli/admin/upgrade/recommend/alerts.go | 42 +++++++++++++++++++ pkg/cli/admin/upgrade/recommend/recommend.go | 1 - .../admin/upgrade/recommend/recommend_test.go | 36 ++++++++++++++++ 3 files changed, 78 insertions(+), 1 deletion(-) diff --git a/pkg/cli/admin/upgrade/recommend/alerts.go b/pkg/cli/admin/upgrade/recommend/alerts.go index f5508f4608..6633cd355b 100644 --- a/pkg/cli/admin/upgrade/recommend/alerts.go +++ b/pkg/cli/admin/upgrade/recommend/alerts.go @@ -6,6 +6,8 @@ import ( "fmt" "strings" + configv1 "github.com/openshift/api/config/v1" + "github.com/openshift/api/features" routev1 "github.com/openshift/api/route/v1" routev1client "github.com/openshift/client-go/route/clientset/versioned/typed/route/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -20,6 +22,19 @@ import ( // and Unknown when we do not have enough information to make a // happy-or-sad determination. func (o *options) alerts(ctx context.Context) ([]acceptableCondition, error) { + + if o.Client != nil { + featureGates, _ := o.Client.ConfigV1().FeatureGates().Get(ctx, "cluster", metav1.GetOptions{}) + infrastructure, _ := o.Client.ConfigV1().Infrastructures().Get(ctx, "cluster", metav1.GetOptions{}) + cv, _ := o.Client.ConfigV1().ClusterVersions().Get(ctx, "version", metav1.GetOptions{}) + + // if the AcceptRisks feature gate AND hypershift is not enabled, + // the CVO is handling alerts and will generate the Recommended condition if needed + if cv != nil && isAcceptRisksEnabled(featureGates, cv.Status.Desired.Version) && !isHypershiftEnabled(infrastructure) { + return nil, nil + } + } + var alertsBytes []byte if o.mockData.alertsPath != "" { if len(o.mockData.alerts) == 0 { @@ -251,3 +266,30 @@ func (o *options) alerts(ctx context.Context) ([]acceptableCondition, error) { return conditions, nil } + +// isAcceptRisksEnabled checks to see if the 'ClusterUpdateAcceptRisks' feature gate is enabled +// if so, return true to skip client-side alert checking +func isAcceptRisksEnabled(featureGate *configv1.FeatureGate, clusterVersion string) bool { + if featureGate == nil { + return false + } + + for _, versionedGates := range featureGate.Status.FeatureGates { + if versionedGates.Version == clusterVersion { + for _, enabledGate := range versionedGates.Enabled { + if enabledGate.Name == features.FeatureGateClusterUpdateAcceptRisks { + return true + } + } + } + } + return false +} + +func isHypershiftEnabled(i *configv1.Infrastructure) bool { + if i == nil { + return false + } + + return i.Status.ControlPlaneTopology == configv1.ExternalTopologyMode +} diff --git a/pkg/cli/admin/upgrade/recommend/recommend.go b/pkg/cli/admin/upgrade/recommend/recommend.go index 89c54ea00f..ff50cd79df 100644 --- a/pkg/cli/admin/upgrade/recommend/recommend.go +++ b/pkg/cli/admin/upgrade/recommend/recommend.go @@ -132,7 +132,6 @@ func (o *options) Complete(f kcmdutil.Factory, cmd *cobra.Command, args []string o.version = &version } } - return nil } diff --git a/pkg/cli/admin/upgrade/recommend/recommend_test.go b/pkg/cli/admin/upgrade/recommend/recommend_test.go index 6df6cda3a4..d6a27d5727 100644 --- a/pkg/cli/admin/upgrade/recommend/recommend_test.go +++ b/pkg/cli/admin/upgrade/recommend/recommend_test.go @@ -6,6 +6,7 @@ import ( "testing" configv1 "github.com/openshift/api/config/v1" + "github.com/openshift/api/features" ) func TestSortConditionalUpdatesBySemanticVersions(t *testing.T) { @@ -29,3 +30,38 @@ func TestSortConditionalUpdatesBySemanticVersions(t *testing.T) { t.Errorf("%v != %v", actual, expected) } } + +func TestIsAcceptRisksEnabled(t *testing.T) { + featureGate := &configv1.FeatureGate{ + Status: configv1.FeatureGateStatus{ + FeatureGates: []configv1.FeatureGateDetails{ + { + Version: "4.22.0", + Enabled: []configv1.FeatureGateAttributes{ + { + Name: features.FeatureGateClusterUpdateAcceptRisks, + }, + }, + }, + }, + }, + } + + result := isAcceptRisksEnabled(featureGate, "4.22.0") + if result != true { + t.Errorf("ClusterUpdateAcceptRisks feature gate should report as enabled") + } +} + +func TestIsHypershiftEnabled(t *testing.T) { + infra := &configv1.Infrastructure{ + Status: configv1.InfrastructureStatus{ + ControlPlaneTopology: configv1.ExternalTopologyMode, + }, + } + + result := isHypershiftEnabled(infra) + if result != true { + t.Errorf("Hypershift should report as enabled") + } +} From 55acfea61266fa1aada8559c2467787988d65c1a Mon Sep 17 00:00:00 2001 From: Nick Bottari Date: Tue, 16 Jun 2026 13:44:41 -0400 Subject: [PATCH 02/11] fix(adm-upgrade-recommend-alerts): moved CVO detection into its own function, added comprehensive tests for the 2 pure functions Signed-off-by: Nick Bottari --- pkg/cli/admin/upgrade/recommend/alerts.go | 47 +++++-- .../admin/upgrade/recommend/alerts_test.go | 120 ++++++++++++++++++ .../admin/upgrade/recommend/recommend_test.go | 36 ------ 3 files changed, 155 insertions(+), 48 deletions(-) create mode 100644 pkg/cli/admin/upgrade/recommend/alerts_test.go diff --git a/pkg/cli/admin/upgrade/recommend/alerts.go b/pkg/cli/admin/upgrade/recommend/alerts.go index 6633cd355b..af8574100d 100644 --- a/pkg/cli/admin/upgrade/recommend/alerts.go +++ b/pkg/cli/admin/upgrade/recommend/alerts.go @@ -12,6 +12,7 @@ import ( routev1client "github.com/openshift/client-go/route/clientset/versioned/typed/route/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/rest" + "k8s.io/klog/v2" "github.com/openshift/oc/pkg/cli/admin/inspectalerts" "github.com/openshift/oc/pkg/cli/admin/upgrade/status" @@ -22,17 +23,12 @@ import ( // and Unknown when we do not have enough information to make a // happy-or-sad determination. func (o *options) alerts(ctx context.Context) ([]acceptableCondition, error) { - - if o.Client != nil { - featureGates, _ := o.Client.ConfigV1().FeatureGates().Get(ctx, "cluster", metav1.GetOptions{}) - infrastructure, _ := o.Client.ConfigV1().Infrastructures().Get(ctx, "cluster", metav1.GetOptions{}) - cv, _ := o.Client.ConfigV1().ClusterVersions().Get(ctx, "version", metav1.GetOptions{}) - - // if the AcceptRisks feature gate AND hypershift is not enabled, - // the CVO is handling alerts and will generate the Recommended condition if needed - if cv != nil && isAcceptRisksEnabled(featureGates, cv.Status.Desired.Version) && !isHypershiftEnabled(infrastructure) { - return nil, nil - } + skip, err := o.alertsEvaluatedByCVO(ctx) + if err != nil { + klog.Warningf("An error occured while determining if the CVO is evaluating alerts, so the client will check. %v", err) + } + if skip { + return nil, nil } var alertsBytes []byte @@ -74,7 +70,7 @@ func (o *options) alerts(ctx context.Context) ([]acceptableCondition, error) { } var alertData status.AlertData - err := json.Unmarshal(alertsBytes, &alertData) + err = json.Unmarshal(alertsBytes, &alertData) if err != nil { return nil, fmt.Errorf("parsing alerts: %w", err) } @@ -267,6 +263,33 @@ func (o *options) alerts(ctx context.Context) ([]acceptableCondition, error) { return conditions, nil } +// alertsEvaluatedByCVO makes API calls to determine if we need to do client-side alert checking +func (o *options) alertsEvaluatedByCVO(ctx context.Context) (bool, error) { + featureGates, err := o.Client.ConfigV1().FeatureGates().Get(ctx, "cluster", metav1.GetOptions{}) + if err != nil { + return false, err + } + + infrastructure, err := o.Client.ConfigV1().Infrastructures().Get(ctx, "cluster", metav1.GetOptions{}) + if err != nil { + return false, err + } + + cv, err := o.Client.ConfigV1().ClusterVersions().Get(ctx, "version", metav1.GetOptions{}) + if err != nil { + return false, err + } + + // if the AcceptRisks feature gate AND hypershift is not enabled, + // the CVO is handling alerts and will generate the Recommended condition if needed + if isAcceptRisksEnabled(featureGates, cv.Status.Desired.Version) && !isHypershiftEnabled(infrastructure) { + return true, nil + } + + // if we get to this point, check on the client anyway to be safe + return false, fmt.Errorf("Failed to detect presence of CVO and/or if Hypershift is enabled") +} + // isAcceptRisksEnabled checks to see if the 'ClusterUpdateAcceptRisks' feature gate is enabled // if so, return true to skip client-side alert checking func isAcceptRisksEnabled(featureGate *configv1.FeatureGate, clusterVersion string) bool { diff --git a/pkg/cli/admin/upgrade/recommend/alerts_test.go b/pkg/cli/admin/upgrade/recommend/alerts_test.go new file mode 100644 index 0000000000..3d798847e3 --- /dev/null +++ b/pkg/cli/admin/upgrade/recommend/alerts_test.go @@ -0,0 +1,120 @@ +package recommend + +import ( + "testing" + + configv1 "github.com/openshift/api/config/v1" + "github.com/openshift/api/features" +) + +func TestIsAcceptRisksEnabled(t *testing.T) { + + for _, testCase := range []struct { + name string + featureGateConfig *configv1.FeatureGate + expected bool + }{ + { + name: "no feature gates", + expected: false, + }, + { + name: "ClusterUpdateAcceptRisks feature gate is enabled", + featureGateConfig: &configv1.FeatureGate{ + Status: configv1.FeatureGateStatus{ + FeatureGates: []configv1.FeatureGateDetails{ + { + Version: "4.22.0", + Enabled: []configv1.FeatureGateAttributes{ + { + Name: features.FeatureGateClusterUpdateAcceptRisks, + }, + }, + }, + }, + }, + }, + expected: true, + }, + { + name: "ClusterUpdateAcceptRisks feature gate is explicitly disabled", + featureGateConfig: &configv1.FeatureGate{ + Status: configv1.FeatureGateStatus{ + FeatureGates: []configv1.FeatureGateDetails{ + { + Version: "4.22.0", + Disabled: []configv1.FeatureGateAttributes{ + { + Name: features.FeatureGateClusterUpdateAcceptRisks, + }, + }, + }, + }, + }, + }, + expected: false, + }, + { + name: "ClusterUpdateAcceptRisks feature gate is not explicitly enabled or disabled", + featureGateConfig: &configv1.FeatureGate{ + Status: configv1.FeatureGateStatus{ + FeatureGates: []configv1.FeatureGateDetails{ + { + Version: "4.22.0", + Enabled: []configv1.FeatureGateAttributes{}, + Disabled: []configv1.FeatureGateAttributes{}, + }, + }, + }, + }, + expected: false, + }, + } { + t.Run(testCase.name, func(t *testing.T) { + actual := isAcceptRisksEnabled(testCase.featureGateConfig, "4.22.0") + + if actual != testCase.expected { + t.Errorf("%v != %v", actual, testCase.expected) + } + }) + } +} + +func TestIsHypershiftEnabled(t *testing.T) { + for _, testCase := range []struct { + name string + infrastructure *configv1.Infrastructure + expected bool + }{ + { + name: "no infrastructure", + expected: false, + }, + { + name: "hypershift enabled", + infrastructure: &configv1.Infrastructure{ + Status: configv1.InfrastructureStatus{ + ControlPlaneTopology: configv1.ExternalTopologyMode, + }, + }, + expected: true, + }, + { + name: "hypershift not enabled", + infrastructure: &configv1.Infrastructure{ + Status: configv1.InfrastructureStatus{ + ControlPlaneTopology: configv1.HighlyAvailableTopologyMode, + }, + }, + expected: false, + }, + } { + t.Run(testCase.name, func(t *testing.T) { + actual := isHypershiftEnabled(testCase.infrastructure) + + if actual != testCase.expected { + t.Errorf("%v != %v", actual, testCase.expected) + } + }) + } +} diff --git a/pkg/cli/admin/upgrade/recommend/recommend_test.go b/pkg/cli/admin/upgrade/recommend/recommend_test.go index d6a27d5727..6df6cda3a4 100644 --- a/pkg/cli/admin/upgrade/recommend/recommend_test.go +++ b/pkg/cli/admin/upgrade/recommend/recommend_test.go @@ -6,7 +6,6 @@ import ( "testing" configv1 "github.com/openshift/api/config/v1" - "github.com/openshift/api/features" ) func TestSortConditionalUpdatesBySemanticVersions(t *testing.T) { @@ -30,38 +29,3 @@ func TestSortConditionalUpdatesBySemanticVersions(t *testing.T) { t.Errorf("%v != %v", actual, expected) } } - -func TestIsAcceptRisksEnabled(t *testing.T) { - featureGate := &configv1.FeatureGate{ - Status: configv1.FeatureGateStatus{ - FeatureGates: []configv1.FeatureGateDetails{ - { - Version: "4.22.0", - Enabled: []configv1.FeatureGateAttributes{ - { - Name: features.FeatureGateClusterUpdateAcceptRisks, - }, - }, - }, - }, - }, - } - - result := isAcceptRisksEnabled(featureGate, "4.22.0") - if result != true { - t.Errorf("ClusterUpdateAcceptRisks feature gate should report as enabled") - } -} - -func TestIsHypershiftEnabled(t *testing.T) { - infra := &configv1.Infrastructure{ - Status: configv1.InfrastructureStatus{ - ControlPlaneTopology: configv1.ExternalTopologyMode, - }, - } - - result := isHypershiftEnabled(infra) - if result != true { - t.Errorf("Hypershift should report as enabled") - } -} From 05b6aaa30a91b99c0e39c1e9a2149f4271a36f62 Mon Sep 17 00:00:00 2001 From: Nick Bottari Date: Tue, 16 Jun 2026 14:52:19 -0400 Subject: [PATCH 03/11] fix(adm-upgrade-recommend-alerts): extend mockData to include featureGates's and infrastructure's Signed-off-by: Nick Bottari fix(adm-upgrade-recommend-alerts): add test for different featureGate version Signed-off-by: Nick Bottari add comma Signed-off-by: Nick Bottari --- pkg/cli/admin/upgrade/recommend/alerts.go | 33 +++++++++----- .../admin/upgrade/recommend/alerts_test.go | 18 ++++++++ .../admin/upgrade/recommend/mockresources.go | 44 ++++++++++++++++++- pkg/cli/admin/upgrade/recommend/recommend.go | 2 + 4 files changed, 84 insertions(+), 13 deletions(-) diff --git a/pkg/cli/admin/upgrade/recommend/alerts.go b/pkg/cli/admin/upgrade/recommend/alerts.go index af8574100d..5442922f6d 100644 --- a/pkg/cli/admin/upgrade/recommend/alerts.go +++ b/pkg/cli/admin/upgrade/recommend/alerts.go @@ -265,19 +265,30 @@ func (o *options) alerts(ctx context.Context) ([]acceptableCondition, error) { // alertsEvaluatedByCVO makes API calls to determine if we need to do client-side alert checking func (o *options) alertsEvaluatedByCVO(ctx context.Context) (bool, error) { - featureGates, err := o.Client.ConfigV1().FeatureGates().Get(ctx, "cluster", metav1.GetOptions{}) - if err != nil { - return false, err - } + var featureGates *configv1.FeatureGate + var infrastructure *configv1.Infrastructure + var cv *configv1.ClusterVersion + + if o.mockData.cvPath != "" { + featureGates = o.mockData.featureGate + infrastructure = o.mockData.infrastructure + cv = o.mockData.clusterVersion + } else { + var err error + featureGates, err = o.Client.ConfigV1().FeatureGates().Get(ctx, "cluster", metav1.GetOptions{}) + if err != nil { + return false, err + } - infrastructure, err := o.Client.ConfigV1().Infrastructures().Get(ctx, "cluster", metav1.GetOptions{}) - if err != nil { - return false, err - } + infrastructure, err = o.Client.ConfigV1().Infrastructures().Get(ctx, "cluster", metav1.GetOptions{}) + if err != nil { + return false, err + } - cv, err := o.Client.ConfigV1().ClusterVersions().Get(ctx, "version", metav1.GetOptions{}) - if err != nil { - return false, err + cv, err = o.Client.ConfigV1().ClusterVersions().Get(ctx, "version", metav1.GetOptions{}) + if err != nil { + return false, err + } } // if the AcceptRisks feature gate AND hypershift is not enabled, diff --git a/pkg/cli/admin/upgrade/recommend/alerts_test.go b/pkg/cli/admin/upgrade/recommend/alerts_test.go index 3d798847e3..37a6299fd6 100644 --- a/pkg/cli/admin/upgrade/recommend/alerts_test.go +++ b/pkg/cli/admin/upgrade/recommend/alerts_test.go @@ -69,6 +69,24 @@ func TestIsAcceptRisksEnabled(t *testing.T) { }, expected: false, }, + { + name: "ClusterUpdateAcceptRisks feature gate is enabled for a different cluster version", + featureGateConfig: &configv1.FeatureGate{ + Status: configv1.FeatureGateStatus{ + FeatureGates: []configv1.FeatureGateDetails{ + { + Version: "4.21.0", + Enabled: []configv1.FeatureGateAttributes{ + { + Name: features.FeatureGateClusterUpdateAcceptRisks, + }, + }, + }, + }, + }, + }, + expected: false, + }, } { t.Run(testCase.name, func(t *testing.T) { actual := isAcceptRisksEnabled(testCase.featureGateConfig, "4.22.0") diff --git a/pkg/cli/admin/upgrade/recommend/mockresources.go b/pkg/cli/admin/upgrade/recommend/mockresources.go index 76be0da53b..eadef85dbe 100644 --- a/pkg/cli/admin/upgrade/recommend/mockresources.go +++ b/pkg/cli/admin/upgrade/recommend/mockresources.go @@ -13,12 +13,16 @@ import ( type mockData struct { // inputs - cvPath string - alertsPath string + cvPath string + alertsPath string + featureGatePath string + infrastructurePath string // outputs clusterVersion *configv1.ClusterVersion alerts []byte + featureGate *configv1.FeatureGate + infrastructure *configv1.Infrastructure } func asResourceList[T any](objects *corev1.List, decoder runtime.Decoder) ([]T, error) { @@ -78,5 +82,41 @@ func (o *mockData) load() error { } } + if o.featureGatePath != "" { + fgBytes, err := os.ReadFile(o.featureGatePath) + if err != nil && !errors.Is(err, os.ErrNotExist) { + return err + } + if fgBytes != nil { + fgObj, err := runtime.Decode(decoder, fgBytes) + if err != nil { + return fmt.Errorf("error while parsing file %s: %w", o.featureGatePath, err) + } + fg, ok := fgObj.(*configv1.FeatureGate) + if !ok { + return fmt.Errorf("unexpected object type %T in %s content", fgObj, o.featureGatePath) + } + o.featureGate = fg + } + } + + if o.infrastructurePath != "" { + infraBytes, err := os.ReadFile(o.infrastructurePath) + if err != nil && !errors.Is(err, os.ErrNotExist) { + return err + } + if infraBytes != nil { + infraObj, err := runtime.Decode(decoder, infraBytes) + if err != nil { + return fmt.Errorf("error while parsing file %s: %w", o.infrastructurePath, err) + } + infra, ok := infraObj.(*configv1.Infrastructure) + if !ok { + return fmt.Errorf("unexpected object type %T in %s content", infraObj, o.infrastructurePath) + } + o.infrastructure = infra + } + } + return nil } diff --git a/pkg/cli/admin/upgrade/recommend/recommend.go b/pkg/cli/admin/upgrade/recommend/recommend.go index ff50cd79df..c7874f71a4 100644 --- a/pkg/cli/admin/upgrade/recommend/recommend.go +++ b/pkg/cli/admin/upgrade/recommend/recommend.go @@ -111,6 +111,8 @@ func (o *options) Complete(f kcmdutil.Factory, cmd *cobra.Command, args []string } else { cvSuffix := "-cv.yaml" o.mockData.alertsPath = strings.Replace(o.mockData.cvPath, cvSuffix, "-alerts.json", 1) + o.mockData.featureGatePath = strings.Replace(o.mockData.cvPath, cvSuffix, "-featuregate.yaml", 1) + o.mockData.infrastructurePath = strings.Replace(o.mockData.cvPath, cvSuffix, "-infrastructure.yaml", 1) err := o.mockData.load() if err != nil { return err From e61d937788bc2583e374e61c60ad51453675a012 Mon Sep 17 00:00:00 2001 From: Nick Bottari Date: Wed, 17 Jun 2026 10:09:55 -0400 Subject: [PATCH 04/11] fix(adm-upgrade-recommend-alerts): cleaned up logic Signed-off-by: Nick Bottari --- pkg/cli/admin/upgrade/recommend/alerts.go | 38 ++++++------------- .../admin/upgrade/recommend/alerts_test.go | 2 +- 2 files changed, 12 insertions(+), 28 deletions(-) diff --git a/pkg/cli/admin/upgrade/recommend/alerts.go b/pkg/cli/admin/upgrade/recommend/alerts.go index 5442922f6d..af9834f93f 100644 --- a/pkg/cli/admin/upgrade/recommend/alerts.go +++ b/pkg/cli/admin/upgrade/recommend/alerts.go @@ -23,11 +23,9 @@ import ( // and Unknown when we do not have enough information to make a // happy-or-sad determination. func (o *options) alerts(ctx context.Context) ([]acceptableCondition, error) { - skip, err := o.alertsEvaluatedByCVO(ctx) - if err != nil { + if skip, err := o.alertsEvaluatedByCVO(ctx); err != nil { klog.Warningf("An error occured while determining if the CVO is evaluating alerts, so the client will check. %v", err) - } - if skip { + } else if skip { return nil, nil } @@ -70,7 +68,7 @@ func (o *options) alerts(ctx context.Context) ([]acceptableCondition, error) { } var alertData status.AlertData - err = json.Unmarshal(alertsBytes, &alertData) + err := json.Unmarshal(alertsBytes, &alertData) if err != nil { return nil, fmt.Errorf("parsing alerts: %w", err) } @@ -265,15 +263,10 @@ func (o *options) alerts(ctx context.Context) ([]acceptableCondition, error) { // alertsEvaluatedByCVO makes API calls to determine if we need to do client-side alert checking func (o *options) alertsEvaluatedByCVO(ctx context.Context) (bool, error) { - var featureGates *configv1.FeatureGate - var infrastructure *configv1.Infrastructure - var cv *configv1.ClusterVersion - - if o.mockData.cvPath != "" { - featureGates = o.mockData.featureGate - infrastructure = o.mockData.infrastructure - cv = o.mockData.clusterVersion - } else { + featureGates := o.mockData.featureGate + infrastructure := o.mockData.infrastructure + cv := o.mockData.clusterVersion + if cv == nil { var err error featureGates, err = o.Client.ConfigV1().FeatureGates().Get(ctx, "cluster", metav1.GetOptions{}) if err != nil { @@ -291,14 +284,9 @@ func (o *options) alertsEvaluatedByCVO(ctx context.Context) (bool, error) { } } - // if the AcceptRisks feature gate AND hypershift is not enabled, + // if the AcceptRisks feature gate AND oc is not running against a hosted cluster, // the CVO is handling alerts and will generate the Recommended condition if needed - if isAcceptRisksEnabled(featureGates, cv.Status.Desired.Version) && !isHypershiftEnabled(infrastructure) { - return true, nil - } - - // if we get to this point, check on the client anyway to be safe - return false, fmt.Errorf("Failed to detect presence of CVO and/or if Hypershift is enabled") + return isAcceptRisksEnabled(featureGates, cv.Status.Desired.Version) && !isHostedCluster(infrastructure), nil } // isAcceptRisksEnabled checks to see if the 'ClusterUpdateAcceptRisks' feature gate is enabled @@ -320,10 +308,6 @@ func isAcceptRisksEnabled(featureGate *configv1.FeatureGate, clusterVersion stri return false } -func isHypershiftEnabled(i *configv1.Infrastructure) bool { - if i == nil { - return false - } - - return i.Status.ControlPlaneTopology == configv1.ExternalTopologyMode +func isHostedCluster(i *configv1.Infrastructure) bool { + return i != nil && i.Status.ControlPlaneTopology == configv1.ExternalTopologyMode } diff --git a/pkg/cli/admin/upgrade/recommend/alerts_test.go b/pkg/cli/admin/upgrade/recommend/alerts_test.go index 37a6299fd6..0090b9c2d1 100644 --- a/pkg/cli/admin/upgrade/recommend/alerts_test.go +++ b/pkg/cli/admin/upgrade/recommend/alerts_test.go @@ -128,7 +128,7 @@ func TestIsHypershiftEnabled(t *testing.T) { }, } { t.Run(testCase.name, func(t *testing.T) { - actual := isHypershiftEnabled(testCase.infrastructure) + actual := isHostedCluster(testCase.infrastructure) if actual != testCase.expected { t.Errorf("%v != %v", actual, testCase.expected) From 4a2cbfa85d67421250beb2110e20f9844525ca35 Mon Sep 17 00:00:00 2001 From: Nick Bottari Date: Wed, 17 Jun 2026 16:17:53 -0400 Subject: [PATCH 05/11] added featureGate and infrastructure manifests to ../admin/upgrade/recommend/examples Signed-off-by: Nick Bottari --- ...date-accept-risks-enabled-featuregate.yaml | 140 ++++++++++++++++++ ...hly-available-topology-infrastructure.yaml | 35 +++++ 2 files changed, 175 insertions(+) create mode 100644 pkg/cli/admin/upgrade/recommend/examples/4.22.0-cluster-update-accept-risks-enabled-featuregate.yaml create mode 100644 pkg/cli/admin/upgrade/recommend/examples/4.22.0-highly-available-topology-infrastructure.yaml diff --git a/pkg/cli/admin/upgrade/recommend/examples/4.22.0-cluster-update-accept-risks-enabled-featuregate.yaml b/pkg/cli/admin/upgrade/recommend/examples/4.22.0-cluster-update-accept-risks-enabled-featuregate.yaml new file mode 100644 index 0000000000..06ef263d3d --- /dev/null +++ b/pkg/cli/admin/upgrade/recommend/examples/4.22.0-cluster-update-accept-risks-enabled-featuregate.yaml @@ -0,0 +1,140 @@ +apiVersion: v1 +items: +- apiVersion: config.openshift.io/v1 + kind: FeatureGate + metadata: + annotations: + include.release.openshift.io/self-managed-high-availability: "true" + creationTimestamp: "2026-06-17T16:56:45Z" + generation: 1 + name: cluster + resourceVersion: "711" + uid: 8a6cd285-122f-4dbb-9f28-23e952a3cad3 + spec: + featureSet: TechPreviewNoUpgrade + status: + featureGates: + - disabled: + - name: ClientsAllowCBOR + - name: ClusterAPIComputeInstall + - name: ClusterAPIControlPlaneInstall + - name: ClusterAPIInstall + - name: ClusterUpdatePreflight + - name: ConfidentialCluster + - name: EventedPLEG + - name: Example2 + - name: ExternalOIDCExternalClaimsSourcing + - name: ExternalSnapshotMetadata + - name: HyperShiftOnlyDynamicResourceAllocation + - name: KMSEncryptionProvider + - name: MachineAPIMigrationVSphere + - name: MachineAPIOperatorDisableMachineHealthCheckController + - name: MultiArchInstallAzure + - name: NetworkConnect + - name: ProvisioningRequestAvailable + - name: ShortCertRotation + - name: VSphereMultiVCenterDay2 + enabled: + - name: AWSClusterHostedDNS + - name: AWSClusterHostedDNSInstall + - name: AWSDedicatedHosts + - name: AWSDualStackInstall + - name: AWSEuropeanSovereignCloudInstall + - name: AWSServiceLBNetworkSecurityGroup + - name: AdditionalStorageConfig + - name: AutomatedEtcdBackup + - name: AzureClusterHostedDNSInstall + - name: AzureDedicatedHosts + - name: AzureDualStackInstall + - name: AzureMultiDisk + - name: AzureWorkloadIdentity + - name: BootImageSkewEnforcement + - name: BootcNodeManagement + - name: BuildCSIVolumes + - name: CBORServingAndStorage + - name: CRDCompatibilityRequirementOperator + - name: CRIOCredentialProviderConfig + - name: ClientsPreferCBOR + - name: ClusterAPIInstallIBMCloud + - name: ClusterAPIMachineManagement + - name: ClusterAPIMachineManagementAWS + - name: ClusterAPIMachineManagementAzure + - name: ClusterAPIMachineManagementBareMetal + - name: ClusterAPIMachineManagementGCP + - name: ClusterAPIMachineManagementOpenStack + - name: ClusterAPIMachineManagementPowerVS + - name: ClusterAPIMachineManagementVSphere + - name: ClusterMonitoringConfig + - name: ClusterUpdateAcceptRisks + - name: ClusterVersionOperatorConfiguration + - name: ConfigurablePKI + - name: ConsolePluginContentSecurityPolicy + - name: DNSNameResolver + - name: DRAPartitionableDevices + - name: DualReplica + - name: DyanmicServiceEndpointIBMCloud + - name: EVPN + - name: EtcdBackendQuota + - name: EventTTL + - name: Example + - name: ExternalOIDC + - name: ExternalOIDCWithUIDAndExtraClaimMappings + - name: ExternalOIDCWithUpstreamParity + - name: GCPCustomAPIEndpoints + - name: GCPCustomAPIEndpointsInstall + - name: GCPDualStackInstall + - name: GatewayAPIWithoutOLM + - name: ImageModeStatusReporting + - name: ImageStreamImportMode + - name: IngressControllerDynamicConfigurationManager + - name: InsightsConfig + - name: InsightsOnDemandDataGather + - name: IrreconcilableMachineConfig + - name: KMSEncryption + - name: KMSv1 + - name: MachineAPIMigration + - name: MachineAPIMigrationAWS + - name: MachineAPIMigrationOpenStack + - name: ManagedBootImagesCPMS + - name: MaxUnavailableStatefulSet + - name: MetricsCollectionProfiles + - name: MinimumKubeletVersion + - name: MixedCPUsAllocation + - name: MultiDiskSetup + - name: MutableCSINodeAllocatableCount + - name: MutatingAdmissionPolicy + - name: NewOLM + - name: NewOLMBoxCutterRuntime + - name: NewOLMCatalogdAPIV1Metas + - name: NewOLMConfigAPI + - name: NewOLMOwnSingleNamespace + - name: NewOLMPreflightPermissionChecks + - name: NewOLMWebhookProviderOpenshiftServiceCA + - name: NoOverlayMode + - name: NoRegistryClusterInstall + - name: NutanixMultiSubnets + - name: OSStreams + - name: OVNObservability + - name: OnPremDNSRecords + - name: OpenShiftPodSecurityAdmission + - name: RouteExternalCertificate + - name: SELinuxMount + - name: ServiceAccountTokenNodeBinding + - name: SignatureStores + - name: SigstoreImageVerification + - name: SigstoreImageVerificationPKI + - name: StoragePerformantSecurityPolicy + - name: TLSAdherence + - name: UpgradeStatus + - name: UserNamespacesPodSecurityStandards + - name: UserNamespacesSupport + - name: VSphereConfigurableMaxAllowedBlockVolumesPerNode + - name: VSphereHostVMGroupZonal + - name: VSphereMixedNodeEnv + - name: VSphereMultiDisk + - name: VSphereMultiNetworks + - name: VolumeGroupSnapshot + version: 4.22.0-0.nightly-2026-06-16-095052 +kind: List +metadata: + resourceVersion: "" diff --git a/pkg/cli/admin/upgrade/recommend/examples/4.22.0-highly-available-topology-infrastructure.yaml b/pkg/cli/admin/upgrade/recommend/examples/4.22.0-highly-available-topology-infrastructure.yaml new file mode 100644 index 0000000000..f65faa7f85 --- /dev/null +++ b/pkg/cli/admin/upgrade/recommend/examples/4.22.0-highly-available-topology-infrastructure.yaml @@ -0,0 +1,35 @@ +apiVersion: v1 +items: +- apiVersion: config.openshift.io/v1 + kind: Infrastructure + metadata: + creationTimestamp: "2026-06-17T16:56:16Z" + generation: 1 + name: cluster + resourceVersion: "571" + uid: b33b2f9d-dd29-4c05-8e12-d506d7444f04 + spec: + cloudConfig: + key: config + name: cloud-provider-config + platformSpec: + type: GCP + status: + apiServerInternalURI: https://api-int.ci-ln-0pbb87b-72292.gcp-2.ci.openshift.org:6443 + apiServerURL: https://api.ci-ln-0pbb87b-72292.gcp-2.ci.openshift.org:6443 + controlPlaneTopology: HighlyAvailable + cpuPartitioning: None + etcdDiscoveryDomain: "" + infrastructureName: ci-ln-0pbb87b-72292-kqgf4 + infrastructureTopology: HighlyAvailable + platform: GCP + platformStatus: + gcp: + cloudLoadBalancerConfig: + dnsType: PlatformDefault + projectID: openshift-gce-devel-ci-2 + region: us-central1 + type: GCP +kind: List +metadata: + resourceVersion: "" From 65611b9f7b64b67dcc16bf7aac0c7b6b24711488 Mon Sep 17 00:00:00 2001 From: Nick Bottari Date: Thu, 18 Jun 2026 14:07:10 -0400 Subject: [PATCH 06/11] fix(adm-upgrade-recommend-alerts): added new mockData test case to test ignoring alert checking Signed-off-by: Nick Bottari --- ...date-accept-risks-enabled-featuregate.yaml | 140 -------------- ...hly-available-topology-infrastructure.yaml | 35 ---- .../5.0.0-cvo-handling-risks-alerts.json | 177 ++++++++++++++++++ .../examples/5.0.0-cvo-handling-risks-cv.yaml | 103 ++++++++++ .../5.0.0-cvo-handling-risks-featuregate.yaml | 138 ++++++++++++++ ...0.0-cvo-handling-risks-infrastructure.yaml | 30 +++ .../examples/5.0.0-cvo-handling-risks.output | 1 + ...ndling-risks.show-outdated-releases-output | 1 + ...g-risks.version-1.2.3-not-important-output | 2 + .../admin/upgrade/recommend/examples_test.go | 1 + 10 files changed, 453 insertions(+), 175 deletions(-) delete mode 100644 pkg/cli/admin/upgrade/recommend/examples/4.22.0-cluster-update-accept-risks-enabled-featuregate.yaml delete mode 100644 pkg/cli/admin/upgrade/recommend/examples/4.22.0-highly-available-topology-infrastructure.yaml create mode 100644 pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks-alerts.json create mode 100644 pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks-cv.yaml create mode 100644 pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks-featuregate.yaml create mode 100644 pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks-infrastructure.yaml create mode 100644 pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.output create mode 100644 pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.show-outdated-releases-output create mode 100644 pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.version-1.2.3-not-important-output diff --git a/pkg/cli/admin/upgrade/recommend/examples/4.22.0-cluster-update-accept-risks-enabled-featuregate.yaml b/pkg/cli/admin/upgrade/recommend/examples/4.22.0-cluster-update-accept-risks-enabled-featuregate.yaml deleted file mode 100644 index 06ef263d3d..0000000000 --- a/pkg/cli/admin/upgrade/recommend/examples/4.22.0-cluster-update-accept-risks-enabled-featuregate.yaml +++ /dev/null @@ -1,140 +0,0 @@ -apiVersion: v1 -items: -- apiVersion: config.openshift.io/v1 - kind: FeatureGate - metadata: - annotations: - include.release.openshift.io/self-managed-high-availability: "true" - creationTimestamp: "2026-06-17T16:56:45Z" - generation: 1 - name: cluster - resourceVersion: "711" - uid: 8a6cd285-122f-4dbb-9f28-23e952a3cad3 - spec: - featureSet: TechPreviewNoUpgrade - status: - featureGates: - - disabled: - - name: ClientsAllowCBOR - - name: ClusterAPIComputeInstall - - name: ClusterAPIControlPlaneInstall - - name: ClusterAPIInstall - - name: ClusterUpdatePreflight - - name: ConfidentialCluster - - name: EventedPLEG - - name: Example2 - - name: ExternalOIDCExternalClaimsSourcing - - name: ExternalSnapshotMetadata - - name: HyperShiftOnlyDynamicResourceAllocation - - name: KMSEncryptionProvider - - name: MachineAPIMigrationVSphere - - name: MachineAPIOperatorDisableMachineHealthCheckController - - name: MultiArchInstallAzure - - name: NetworkConnect - - name: ProvisioningRequestAvailable - - name: ShortCertRotation - - name: VSphereMultiVCenterDay2 - enabled: - - name: AWSClusterHostedDNS - - name: AWSClusterHostedDNSInstall - - name: AWSDedicatedHosts - - name: AWSDualStackInstall - - name: AWSEuropeanSovereignCloudInstall - - name: AWSServiceLBNetworkSecurityGroup - - name: AdditionalStorageConfig - - name: AutomatedEtcdBackup - - name: AzureClusterHostedDNSInstall - - name: AzureDedicatedHosts - - name: AzureDualStackInstall - - name: AzureMultiDisk - - name: AzureWorkloadIdentity - - name: BootImageSkewEnforcement - - name: BootcNodeManagement - - name: BuildCSIVolumes - - name: CBORServingAndStorage - - name: CRDCompatibilityRequirementOperator - - name: CRIOCredentialProviderConfig - - name: ClientsPreferCBOR - - name: ClusterAPIInstallIBMCloud - - name: ClusterAPIMachineManagement - - name: ClusterAPIMachineManagementAWS - - name: ClusterAPIMachineManagementAzure - - name: ClusterAPIMachineManagementBareMetal - - name: ClusterAPIMachineManagementGCP - - name: ClusterAPIMachineManagementOpenStack - - name: ClusterAPIMachineManagementPowerVS - - name: ClusterAPIMachineManagementVSphere - - name: ClusterMonitoringConfig - - name: ClusterUpdateAcceptRisks - - name: ClusterVersionOperatorConfiguration - - name: ConfigurablePKI - - name: ConsolePluginContentSecurityPolicy - - name: DNSNameResolver - - name: DRAPartitionableDevices - - name: DualReplica - - name: DyanmicServiceEndpointIBMCloud - - name: EVPN - - name: EtcdBackendQuota - - name: EventTTL - - name: Example - - name: ExternalOIDC - - name: ExternalOIDCWithUIDAndExtraClaimMappings - - name: ExternalOIDCWithUpstreamParity - - name: GCPCustomAPIEndpoints - - name: GCPCustomAPIEndpointsInstall - - name: GCPDualStackInstall - - name: GatewayAPIWithoutOLM - - name: ImageModeStatusReporting - - name: ImageStreamImportMode - - name: IngressControllerDynamicConfigurationManager - - name: InsightsConfig - - name: InsightsOnDemandDataGather - - name: IrreconcilableMachineConfig - - name: KMSEncryption - - name: KMSv1 - - name: MachineAPIMigration - - name: MachineAPIMigrationAWS - - name: MachineAPIMigrationOpenStack - - name: ManagedBootImagesCPMS - - name: MaxUnavailableStatefulSet - - name: MetricsCollectionProfiles - - name: MinimumKubeletVersion - - name: MixedCPUsAllocation - - name: MultiDiskSetup - - name: MutableCSINodeAllocatableCount - - name: MutatingAdmissionPolicy - - name: NewOLM - - name: NewOLMBoxCutterRuntime - - name: NewOLMCatalogdAPIV1Metas - - name: NewOLMConfigAPI - - name: NewOLMOwnSingleNamespace - - name: NewOLMPreflightPermissionChecks - - name: NewOLMWebhookProviderOpenshiftServiceCA - - name: NoOverlayMode - - name: NoRegistryClusterInstall - - name: NutanixMultiSubnets - - name: OSStreams - - name: OVNObservability - - name: OnPremDNSRecords - - name: OpenShiftPodSecurityAdmission - - name: RouteExternalCertificate - - name: SELinuxMount - - name: ServiceAccountTokenNodeBinding - - name: SignatureStores - - name: SigstoreImageVerification - - name: SigstoreImageVerificationPKI - - name: StoragePerformantSecurityPolicy - - name: TLSAdherence - - name: UpgradeStatus - - name: UserNamespacesPodSecurityStandards - - name: UserNamespacesSupport - - name: VSphereConfigurableMaxAllowedBlockVolumesPerNode - - name: VSphereHostVMGroupZonal - - name: VSphereMixedNodeEnv - - name: VSphereMultiDisk - - name: VSphereMultiNetworks - - name: VolumeGroupSnapshot - version: 4.22.0-0.nightly-2026-06-16-095052 -kind: List -metadata: - resourceVersion: "" diff --git a/pkg/cli/admin/upgrade/recommend/examples/4.22.0-highly-available-topology-infrastructure.yaml b/pkg/cli/admin/upgrade/recommend/examples/4.22.0-highly-available-topology-infrastructure.yaml deleted file mode 100644 index f65faa7f85..0000000000 --- a/pkg/cli/admin/upgrade/recommend/examples/4.22.0-highly-available-topology-infrastructure.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: v1 -items: -- apiVersion: config.openshift.io/v1 - kind: Infrastructure - metadata: - creationTimestamp: "2026-06-17T16:56:16Z" - generation: 1 - name: cluster - resourceVersion: "571" - uid: b33b2f9d-dd29-4c05-8e12-d506d7444f04 - spec: - cloudConfig: - key: config - name: cloud-provider-config - platformSpec: - type: GCP - status: - apiServerInternalURI: https://api-int.ci-ln-0pbb87b-72292.gcp-2.ci.openshift.org:6443 - apiServerURL: https://api.ci-ln-0pbb87b-72292.gcp-2.ci.openshift.org:6443 - controlPlaneTopology: HighlyAvailable - cpuPartitioning: None - etcdDiscoveryDomain: "" - infrastructureName: ci-ln-0pbb87b-72292-kqgf4 - infrastructureTopology: HighlyAvailable - platform: GCP - platformStatus: - gcp: - cloudLoadBalancerConfig: - dnsType: PlatformDefault - projectID: openshift-gce-devel-ci-2 - region: us-central1 - type: GCP -kind: List -metadata: - resourceVersion: "" diff --git a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks-alerts.json b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks-alerts.json new file mode 100644 index 0000000000..322368fc22 --- /dev/null +++ b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks-alerts.json @@ -0,0 +1,177 @@ +{ + "status": "success", + "data": { + "alerts": [ + { + "labels": { + "alertname": "ClusterNotUpgradeable", + "condition": "Upgradeable", + "endpoint": "metrics", + "name": "version", + "namespace": "openshift-cluster-version", + "severity": "info" + }, + "annotations": { + "description": "In most cases, you will still be able to apply patch releases. Reason MultipleReasons. For more information refer to 'oc adm upgrade' or https://console-openshift-console.apps.ci-ln-gsv92fb-72292.gcp-2.ci.openshift.org/settings/cluster/.", + "summary": "One or more cluster operators have been blocking minor or major version cluster updates for at least an hour." + }, + "state": "pending", + "activeAt": "2026-06-18T17:13:55.045225289Z", + "value": "0e+00", + "partialResponseStrategy": "WARN" + }, + { + "labels": { + "alertname": "InsightsRecommendationActive", + "container": "insights-operator", + "description": "Enabling the **TechPreviewNoUpgrade** feature set on your cluster\ncan not be undone and prevents minor version updates. Please do\nnot enable this feature set on production clusters.\n", + "endpoint": "https", + "info_link": "https://console.redhat.com/openshift/insights/advisor/clusters/0cbb9b16-2f80-4b25-bb1e-82679443eeac?first=ccx_rules_ocp.external.rules.upgrade_is_blocked_due_to_tpfg%7CTECH_PREVIEW_NO_UPGRADE_FEATURE_SET_IS_ENABLED", + "instance": "10.128.0.44:8443", + "job": "metrics", + "namespace": "openshift-insights", + "pod": "insights-operator-696cc9bcd8-kkcv8", + "service": "metrics", + "severity": "info", + "total_risk": "Important" + }, + "annotations": { + "description": "Insights recommendation \"Enabling the **TechPreviewNoUpgrade** feature set on your cluster\ncan not be undone and prevents minor version updates. Please do\nnot enable this feature set on production clusters.\n\" with total risk \"Important\" was detected on the cluster. More information is available at https://console.redhat.com/openshift/insights/advisor/clusters/0cbb9b16-2f80-4b25-bb1e-82679443eeac?first=ccx_rules_ocp.external.rules.upgrade_is_blocked_due_to_tpfg%7CTECH_PREVIEW_NO_UPGRADE_FEATURE_SET_IS_ENABLED.", + "summary": "An Insights recommendation is active for this cluster." + }, + "state": "firing", + "activeAt": "2026-06-18T17:13:45.348773391Z", + "value": "1e+00", + "partialResponseStrategy": "WARN" + }, + { + "labels": { + "alertname": "TechPreviewNoUpgrade", + "container": "kube-apiserver-operator", + "endpoint": "https", + "instance": "10.128.0.43:8443", + "job": "kube-apiserver-operator", + "name": "TechPreviewNoUpgrade", + "namespace": "openshift-kube-apiserver-operator", + "pod": "kube-apiserver-operator-558495b7fd-9pqb6", + "service": "metrics", + "severity": "warning" + }, + "annotations": { + "description": "Cluster has enabled Technology Preview features that cannot be undone and will prevent upgrades. The TechPreviewNoUpgrade feature set is not recommended on production clusters.", + "summary": "Cluster has enabled tech preview features that will prevent upgrades." + }, + "state": "firing", + "activeAt": "2026-06-18T17:14:06.939121033Z", + "value": "0e+00", + "partialResponseStrategy": "WARN" + }, + { + "labels": { + "alertname": "PodDisruptionBudgetAtLimit", + "namespace": "openshift-monitoring", + "poddisruptionbudget": "prometheus-k8s", + "severity": "warning" + }, + "annotations": { + "description": "The pod disruption budget is at the minimum disruptions allowed level. The number of current healthy pods is equal to the desired healthy pods.", + "runbook_url": "https://github.com/openshift/runbooks/blob/master/alerts/cluster-kube-controller-manager-operator/PodDisruptionBudgetAtLimit.md", + "summary": "The pod disruption budget is preventing further disruption to pods." + }, + "state": "pending", + "activeAt": "2026-06-18T17:47:50.934967567Z", + "value": "1e+00", + "partialResponseStrategy": "WARN" + }, + { + "labels": { + "alertname": "Watchdog", + "namespace": "openshift-monitoring", + "severity": "none" + }, + "annotations": { + "description": "This is an alert meant to ensure that the entire alerting pipeline is functional.\nThis alert is always firing, therefore it should always be firing in Alertmanager\nand always fire against a receiver. There are integrations with various notification\nmechanisms that send a notification when this alert is not firing. For example the\n\"DeadMansSnitch\" integration in PagerDuty.\n", + "summary": "An alert that should always be firing to certify that Alertmanager is working properly." + }, + "state": "firing", + "activeAt": "2026-06-18T17:13:33.035303677Z", + "value": "1e+00", + "partialResponseStrategy": "WARN" + }, + { + "labels": { + "alertname": "TargetDown", + "job": "check-endpoints", + "namespace": "openshift-apiserver", + "service": "check-endpoints", + "severity": "warning" + }, + "annotations": { + "description": "100% of the check-endpoints/check-endpoints targets in openshift-apiserver namespace have been unreachable for more than 15 minutes. This may be a symptom of network connectivity issues, down nodes, or failures within these components. Assess the health of the infrastructure and nodes running these targets and then contact support.", + "runbook_url": "https://github.com/openshift/runbooks/blob/master/alerts/cluster-monitoring-operator/TargetDown.md", + "summary": "Some targets were not reachable from the monitoring server for an extended period of time." + }, + "state": "firing", + "activeAt": "2026-06-18T17:14:09.020412509Z", + "value": "1e+02", + "partialResponseStrategy": "WARN" + }, + { + "labels": { + "alertname": "AlertmanagerReceiversNotConfigured", + "namespace": "openshift-monitoring", + "severity": "warning" + }, + "annotations": { + "description": "Alerts are not configured to be sent to a notification system, meaning that you may not be notified in a timely fashion when important failures occur. Check the OpenShift documentation to learn how to configure notifications with Alertmanager.", + "summary": "Receivers (notification integrations) are not configured on Alertmanager" + }, + "state": "firing", + "activeAt": "2026-06-18T17:13:58.917705608Z", + "value": "0e+00", + "partialResponseStrategy": "WARN" + }, + { + "labels": { + "alertname": "KubePodNotScheduled", + "container": "kube-rbac-proxy-main", + "endpoint": "https-main", + "job": "kube-state-metrics", + "namespace": "openshift-monitoring", + "pod": "prometheus-k8s-0", + "service": "kube-state-metrics", + "severity": "warning", + "uid": "9481fb03-5ed0-4bc2-bd76-37751126087b" + }, + "annotations": { + "description": "Pod openshift-monitoring/prometheus-k8s-0 cannot be scheduled for more than 30 minutes.\nCheck the details of the pod with the following command:\noc describe -n openshift-monitoring pod prometheus-k8s-0", + "summary": "Pod cannot be scheduled." + }, + "state": "pending", + "activeAt": "2026-06-18T17:47:58.917705608Z", + "value": "1e+00", + "partialResponseStrategy": "WARN" + }, + { + "labels": { + "alertname": "KubeStatefulSetReplicasMismatch", + "container": "kube-rbac-proxy-main", + "endpoint": "https-main", + "job": "kube-state-metrics", + "namespace": "openshift-monitoring", + "service": "kube-state-metrics", + "severity": "warning", + "statefulset": "prometheus-k8s" + }, + "annotations": { + "description": "StatefulSet openshift-monitoring/prometheus-k8s has not matched the expected number of replicas for longer than 15 minutes.", + "summary": "StatefulSet has not matched the expected number of replicas." + }, + "state": "pending", + "activeAt": "2026-06-18T17:47:46.320022484Z", + "value": "1e+00", + "partialResponseStrategy": "WARN" + } + ] + } +} \ No newline at end of file diff --git a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks-cv.yaml b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks-cv.yaml new file mode 100644 index 0000000000..96fe7b4cf5 --- /dev/null +++ b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks-cv.yaml @@ -0,0 +1,103 @@ +apiVersion: config.openshift.io/v1 +kind: ClusterVersion +metadata: + creationTimestamp: "2026-06-18T16:45:59Z" + generation: 2 + name: version + resourceVersion: "32889" + uid: df6f5ec1-6287-49c2-b763-7ca55c8d7c4a +spec: + clusterID: 0cbb9b16-2f80-4b25-bb1e-82679443eeac + overrides: + - group: config.openshift.io + kind: ClusterImagePolicy + name: openshift + namespace: "" + unmanaged: true +status: + availableUpdates: null + capabilities: + enabledCapabilities: + - Build + - CSISnapshot + - CloudControllerManager + - CloudCredential + - Console + - DeploymentConfig + - ImageRegistry + - Ingress + - Insights + - MachineAPI + - NodeTuning + - OperatorLifecycleManager + - OperatorLifecycleManagerV1 + - Storage + - baremetal + - marketplace + - openshift-samples + knownCapabilities: + - Build + - CSISnapshot + - CloudControllerManager + - CloudCredential + - Console + - DeploymentConfig + - ImageRegistry + - Ingress + - Insights + - MachineAPI + - NodeTuning + - OperatorLifecycleManager + - OperatorLifecycleManagerV1 + - Storage + - baremetal + - marketplace + - openshift-samples + conditions: + - lastTransitionTime: "2026-06-18T16:46:44Z" + message: The update channel has not been configured. + reason: NoChannel + status: "False" + type: RetrievedUpdates + - lastTransitionTime: "2026-06-18T16:46:44Z" + message: |- + Cluster should not be upgraded between minor or major versions for multiple reasons: + * Disabling ownership via cluster version overrides prevents updates between minor or major versions. Please remove overrides before requesting a minor or major version update. + * FeatureGatesUpgradeable: "TechPreviewNoUpgrade" does not allow updates + reason: MultipleReasons + status: "False" + type: Upgradeable + - lastTransitionTime: "2026-06-18T16:46:44Z" + message: Capabilities match configured spec + reason: AsExpected + status: "False" + type: ImplicitlyEnabledCapabilities + - lastTransitionTime: "2026-06-18T16:46:44Z" + message: Payload loaded version="5.0.0-0.nightly-2026-06-18-000016" image="registry.build12.ci.openshift.org/ci-ln-gsv92fb/release@sha256:53a5158cf59349bd674c2fb5a40074c6a141ea2908b6a87a56bab704b18c44b8" + architecture="amd64" + reason: PayloadLoaded + status: "True" + type: ReleaseAccepted + - lastTransitionTime: "2026-06-18T17:16:06Z" + message: Done applying 5.0.0-0.nightly-2026-06-18-000016 + status: "True" + type: Available + - lastTransitionTime: "2026-06-18T17:16:06Z" + status: "False" + type: Failing + - lastTransitionTime: "2026-06-18T17:16:06Z" + message: Cluster version is 5.0.0-0.nightly-2026-06-18-000016 + status: "False" + type: Progressing + desired: + image: registry.build12.ci.openshift.org/ci-ln-gsv92fb/release@sha256:53a5158cf59349bd674c2fb5a40074c6a141ea2908b6a87a56bab704b18c44b8 + version: 5.0.0-0.nightly-2026-06-18-000016 + history: + - completionTime: "2026-06-18T17:16:06Z" + image: registry.build12.ci.openshift.org/ci-ln-gsv92fb/release@sha256:53a5158cf59349bd674c2fb5a40074c6a141ea2908b6a87a56bab704b18c44b8 + startedTime: "2026-06-18T16:46:44Z" + state: Completed + verified: false + version: 5.0.0-0.nightly-2026-06-18-000016 + observedGeneration: 2 + versionHash: 3WXMtJd4snY= diff --git a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks-featuregate.yaml b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks-featuregate.yaml new file mode 100644 index 0000000000..702d03a7f9 --- /dev/null +++ b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks-featuregate.yaml @@ -0,0 +1,138 @@ +apiVersion: config.openshift.io/v1 +kind: FeatureGate +metadata: + annotations: + include.release.openshift.io/self-managed-high-availability: "true" + creationTimestamp: "2026-06-18T16:46:19Z" + generation: 1 + name: cluster + resourceVersion: "728" + uid: 5a8c95c7-ca06-4bec-849c-e7426013ef61 +spec: + featureSet: TechPreviewNoUpgrade +status: + featureGates: + - disabled: + - name: ClientsAllowCBOR + - name: ClusterAPIComputeInstall + - name: ClusterAPIControlPlaneInstall + - name: ClusterAPIInstall + - name: ClusterUpdatePreflight + - name: ConfidentialCluster + - name: EventedPLEG + - name: Example2 + - name: ExternalOIDCExternalClaimsSourcing + - name: ExternalSnapshotMetadata + - name: HyperShiftOnlyDynamicResourceAllocation + - name: MachineAPIMigrationAzure + - name: MachineAPIMigrationBareMetal + - name: MachineAPIMigrationGCP + - name: MachineAPIMigrationPowerVS + - name: MachineAPIMigrationVSphere + - name: MachineAPIOperatorDisableMachineHealthCheckController + - name: MultiArchInstallAzure + - name: MutableTopology + - name: NetworkConnect + - name: ProvisioningRequestAvailable + - name: ShortCertRotation + enabled: + - name: AWSClusterHostedDNS + - name: AWSClusterHostedDNSInstall + - name: AWSDedicatedHosts + - name: AWSDualStackInstall + - name: AWSEuropeanSovereignCloudInstall + - name: AWSServiceLBNetworkSecurityGroup + - name: AdditionalStorageConfig + - name: AutomatedEtcdBackup + - name: AzureClusterHostedDNSInstall + - name: AzureDedicatedHosts + - name: AzureDualStackInstall + - name: AzureMultiDisk + - name: AzureWorkloadIdentity + - name: BootImageSkewEnforcement + - name: BootcNodeManagement + - name: BuildCSIVolumes + - name: CBORServingAndStorage + - name: CRDCompatibilityRequirementOperator + - name: CRIOCredentialProviderConfig + - name: ClientsPreferCBOR + - name: ClusterAPIInstallIBMCloud + - name: ClusterAPIMachineManagement + - name: ClusterAPIMachineManagementAWS + - name: ClusterAPIMachineManagementAzure + - name: ClusterAPIMachineManagementBareMetal + - name: ClusterAPIMachineManagementGCP + - name: ClusterAPIMachineManagementOpenStack + - name: ClusterAPIMachineManagementPowerVS + - name: ClusterAPIMachineManagementVSphere + - name: ClusterMonitoringConfig + - name: ClusterUpdateAcceptRisks + - name: ClusterVersionOperatorConfiguration + - name: ConfigurablePKI + - name: DNSNameResolver + - name: DualReplica + - name: DyanmicServiceEndpointIBMCloud + - name: EVPN + - name: EtcdBackendQuota + - name: EventTTL + - name: Example + - name: ExternalOIDC + - name: ExternalOIDCWithUIDAndExtraClaimMappings + - name: ExternalOIDCWithUpstreamParity + - name: GCPCustomAPIEndpoints + - name: GCPCustomAPIEndpointsInstall + - name: GCPDualStackInstall + - name: GatewayAPIWithoutOLM + - name: ImageModeStatusReporting + - name: ImageStreamImportMode + - name: IngressControllerDynamicConfigurationManager + - name: InsightsConfig + - name: InsightsOnDemandDataGather + - name: IrreconcilableMachineConfig + - name: KMSEncryption + - name: KMSv1 + - name: MachineAPIMigration + - name: MachineAPIMigrationAWS + - name: MachineAPIMigrationOpenStack + - name: ManagedBootImagesCPMS + - name: MaxUnavailableStatefulSet + - name: MetricsCollectionProfiles + - name: MinimumKubeletVersion + - name: MixedCPUsAllocation + - name: MultiDiskSetup + - name: MutableCSINodeAllocatableCount + - name: MutatingAdmissionPolicy + - name: NetworkObservabilityInstall + - name: NewOLM + - name: NewOLMBoxCutterRuntime + - name: NewOLMCatalogdAPIV1Metas + - name: NewOLMConfigAPI + - name: NewOLMOwnSingleNamespace + - name: NewOLMPreflightPermissionChecks + - name: NewOLMWebhookProviderOpenshiftServiceCA + - name: NoOverlayMode + - name: NoRegistryClusterInstall + - name: NutanixMultiSubnets + - name: OLMLifecycleAndCompatibility + - name: OSStreams + - name: OVNObservability + - name: OnPremDNSRecords + - name: OpenShiftPodSecurityAdmission + - name: RouteExternalCertificate + - name: SELinuxMount + - name: ServiceAccountTokenNodeBinding + - name: SignatureStores + - name: SigstoreImageVerification + - name: SigstoreImageVerificationPKI + - name: StoragePerformantSecurityPolicy + - name: TLSAdherence + - name: TLSGroupPreferences + - name: UpgradeStatus + - name: VSphereConfigurableMaxAllowedBlockVolumesPerNode + - name: VSphereHostVMGroupZonal + - name: VSphereMixedNodeEnv + - name: VSphereMultiDisk + - name: VSphereMultiNetworks + - name: VSphereMultiVCenterDay2 + - name: VolumeGroupSnapshot + version: 5.0.0-0.nightly-2026-06-18-000016 diff --git a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks-infrastructure.yaml b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks-infrastructure.yaml new file mode 100644 index 0000000000..3bdfea6917 --- /dev/null +++ b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks-infrastructure.yaml @@ -0,0 +1,30 @@ +apiVersion: config.openshift.io/v1 +kind: Infrastructure +metadata: + creationTimestamp: "2026-06-18T16:45:51Z" + generation: 1 + name: cluster + resourceVersion: "591" + uid: 5bd60047-c83f-4891-9175-c6eab065e71b +spec: + cloudConfig: + key: config + name: cloud-provider-config + platformSpec: + type: GCP +status: + apiServerInternalURI: https://api-int.ci-ln-gsv92fb-72292.gcp-2.ci.openshift.org:6443 + apiServerURL: https://api.ci-ln-gsv92fb-72292.gcp-2.ci.openshift.org:6443 + controlPlaneTopology: HighlyAvailable + cpuPartitioning: None + etcdDiscoveryDomain: "" + infrastructureName: ci-ln-gsv92fb-72292-gw5gc + infrastructureTopology: HighlyAvailable + platform: GCP + platformStatus: + gcp: + cloudLoadBalancerConfig: + dnsType: PlatformDefault + projectID: openshift-gce-devel-ci-2 + region: us-central1 + type: GCP diff --git a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.output b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.output new file mode 100644 index 0000000000..d5aa93f09b --- /dev/null +++ b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.output @@ -0,0 +1 @@ +No updates available. You may still upgrade to a specific release image with --to-image or wait for new updates to be available. diff --git a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.show-outdated-releases-output b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.show-outdated-releases-output new file mode 100644 index 0000000000..d5aa93f09b --- /dev/null +++ b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.show-outdated-releases-output @@ -0,0 +1 @@ +No updates available. You may still upgrade to a specific release image with --to-image or wait for new updates to be available. diff --git a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.version-1.2.3-not-important-output b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.version-1.2.3-not-important-output new file mode 100644 index 0000000000..1f5147f3d9 --- /dev/null +++ b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.version-1.2.3-not-important-output @@ -0,0 +1,2 @@ + +error: no updates available, so cannot display context for the requested release 1.2.3-not-important diff --git a/pkg/cli/admin/upgrade/recommend/examples_test.go b/pkg/cli/admin/upgrade/recommend/examples_test.go index 0c55bdf93e..99fe367c2c 100644 --- a/pkg/cli/admin/upgrade/recommend/examples_test.go +++ b/pkg/cli/admin/upgrade/recommend/examples_test.go @@ -70,6 +70,7 @@ func TestExamples(t *testing.T) { "examples/4.19.0-okd-scos.16-cv.yaml": "4.19.0-okd-scos.17", "examples/4.22.0-extend-recommended-alert-cv.yaml": "1.2.3-not-important", "examples/4.22.0-extend-recommended-critical-alert-cv.yaml": "1.2.3-not-important", + "examples/5.0.0-cvo-handling-risks-cv.yaml": "1.2.3-not-important", }, outputSuffixPattern: ".version-%s-output", }, From a15db87f403445383f9199226ca7c7569927f75e Mon Sep 17 00:00:00 2001 From: Nick Bottari Date: Mon, 22 Jun 2026 15:39:58 -0400 Subject: [PATCH 07/11] fix(adm-upgrade-recommend-alerts): test fixtures showing duplicate information Signed-off-by: Nick Bottari --- pkg/cli/admin/upgrade/recommend/alerts.go | 13 +- .../5.0.0-cvo-handling-risks-alerts.json | 178 +----------------- .../examples/5.0.0-cvo-handling-risks-cv.yaml | 126 ++++++++++--- .../5.0.0-cvo-handling-risks-featuregate.yaml | 18 +- ...0.0-cvo-handling-risks-infrastructure.yaml | 12 +- .../examples/5.0.0-cvo-handling-risks.output | 24 ++- ...ndling-risks.show-outdated-releases-output | 21 ++- ...g-risks.version-1.2.3-not-important-output | 18 +- 8 files changed, 176 insertions(+), 234 deletions(-) diff --git a/pkg/cli/admin/upgrade/recommend/alerts.go b/pkg/cli/admin/upgrade/recommend/alerts.go index af9834f93f..758ecabd0a 100644 --- a/pkg/cli/admin/upgrade/recommend/alerts.go +++ b/pkg/cli/admin/upgrade/recommend/alerts.go @@ -12,7 +12,8 @@ import ( routev1client "github.com/openshift/client-go/route/clientset/versioned/typed/route/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/rest" - "k8s.io/klog/v2" + + // "k8s.io/klog/v2" "github.com/openshift/oc/pkg/cli/admin/inspectalerts" "github.com/openshift/oc/pkg/cli/admin/upgrade/status" @@ -23,11 +24,11 @@ import ( // and Unknown when we do not have enough information to make a // happy-or-sad determination. func (o *options) alerts(ctx context.Context) ([]acceptableCondition, error) { - if skip, err := o.alertsEvaluatedByCVO(ctx); err != nil { - klog.Warningf("An error occured while determining if the CVO is evaluating alerts, so the client will check. %v", err) - } else if skip { - return nil, nil - } + // if skip, err := o.alertsEvaluatedByCVO(ctx); err != nil { + // klog.Warningf("An error occured while determining if the CVO is evaluating alerts, so the client will check. %v", err) + // } else if skip { + // return nil, nil + // } var alertsBytes []byte if o.mockData.alertsPath != "" { diff --git a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks-alerts.json b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks-alerts.json index 322368fc22..747afafd0a 100644 --- a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks-alerts.json +++ b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks-alerts.json @@ -1,177 +1 @@ -{ - "status": "success", - "data": { - "alerts": [ - { - "labels": { - "alertname": "ClusterNotUpgradeable", - "condition": "Upgradeable", - "endpoint": "metrics", - "name": "version", - "namespace": "openshift-cluster-version", - "severity": "info" - }, - "annotations": { - "description": "In most cases, you will still be able to apply patch releases. Reason MultipleReasons. For more information refer to 'oc adm upgrade' or https://console-openshift-console.apps.ci-ln-gsv92fb-72292.gcp-2.ci.openshift.org/settings/cluster/.", - "summary": "One or more cluster operators have been blocking minor or major version cluster updates for at least an hour." - }, - "state": "pending", - "activeAt": "2026-06-18T17:13:55.045225289Z", - "value": "0e+00", - "partialResponseStrategy": "WARN" - }, - { - "labels": { - "alertname": "InsightsRecommendationActive", - "container": "insights-operator", - "description": "Enabling the **TechPreviewNoUpgrade** feature set on your cluster\ncan not be undone and prevents minor version updates. Please do\nnot enable this feature set on production clusters.\n", - "endpoint": "https", - "info_link": "https://console.redhat.com/openshift/insights/advisor/clusters/0cbb9b16-2f80-4b25-bb1e-82679443eeac?first=ccx_rules_ocp.external.rules.upgrade_is_blocked_due_to_tpfg%7CTECH_PREVIEW_NO_UPGRADE_FEATURE_SET_IS_ENABLED", - "instance": "10.128.0.44:8443", - "job": "metrics", - "namespace": "openshift-insights", - "pod": "insights-operator-696cc9bcd8-kkcv8", - "service": "metrics", - "severity": "info", - "total_risk": "Important" - }, - "annotations": { - "description": "Insights recommendation \"Enabling the **TechPreviewNoUpgrade** feature set on your cluster\ncan not be undone and prevents minor version updates. Please do\nnot enable this feature set on production clusters.\n\" with total risk \"Important\" was detected on the cluster. More information is available at https://console.redhat.com/openshift/insights/advisor/clusters/0cbb9b16-2f80-4b25-bb1e-82679443eeac?first=ccx_rules_ocp.external.rules.upgrade_is_blocked_due_to_tpfg%7CTECH_PREVIEW_NO_UPGRADE_FEATURE_SET_IS_ENABLED.", - "summary": "An Insights recommendation is active for this cluster." - }, - "state": "firing", - "activeAt": "2026-06-18T17:13:45.348773391Z", - "value": "1e+00", - "partialResponseStrategy": "WARN" - }, - { - "labels": { - "alertname": "TechPreviewNoUpgrade", - "container": "kube-apiserver-operator", - "endpoint": "https", - "instance": "10.128.0.43:8443", - "job": "kube-apiserver-operator", - "name": "TechPreviewNoUpgrade", - "namespace": "openshift-kube-apiserver-operator", - "pod": "kube-apiserver-operator-558495b7fd-9pqb6", - "service": "metrics", - "severity": "warning" - }, - "annotations": { - "description": "Cluster has enabled Technology Preview features that cannot be undone and will prevent upgrades. The TechPreviewNoUpgrade feature set is not recommended on production clusters.", - "summary": "Cluster has enabled tech preview features that will prevent upgrades." - }, - "state": "firing", - "activeAt": "2026-06-18T17:14:06.939121033Z", - "value": "0e+00", - "partialResponseStrategy": "WARN" - }, - { - "labels": { - "alertname": "PodDisruptionBudgetAtLimit", - "namespace": "openshift-monitoring", - "poddisruptionbudget": "prometheus-k8s", - "severity": "warning" - }, - "annotations": { - "description": "The pod disruption budget is at the minimum disruptions allowed level. The number of current healthy pods is equal to the desired healthy pods.", - "runbook_url": "https://github.com/openshift/runbooks/blob/master/alerts/cluster-kube-controller-manager-operator/PodDisruptionBudgetAtLimit.md", - "summary": "The pod disruption budget is preventing further disruption to pods." - }, - "state": "pending", - "activeAt": "2026-06-18T17:47:50.934967567Z", - "value": "1e+00", - "partialResponseStrategy": "WARN" - }, - { - "labels": { - "alertname": "Watchdog", - "namespace": "openshift-monitoring", - "severity": "none" - }, - "annotations": { - "description": "This is an alert meant to ensure that the entire alerting pipeline is functional.\nThis alert is always firing, therefore it should always be firing in Alertmanager\nand always fire against a receiver. There are integrations with various notification\nmechanisms that send a notification when this alert is not firing. For example the\n\"DeadMansSnitch\" integration in PagerDuty.\n", - "summary": "An alert that should always be firing to certify that Alertmanager is working properly." - }, - "state": "firing", - "activeAt": "2026-06-18T17:13:33.035303677Z", - "value": "1e+00", - "partialResponseStrategy": "WARN" - }, - { - "labels": { - "alertname": "TargetDown", - "job": "check-endpoints", - "namespace": "openshift-apiserver", - "service": "check-endpoints", - "severity": "warning" - }, - "annotations": { - "description": "100% of the check-endpoints/check-endpoints targets in openshift-apiserver namespace have been unreachable for more than 15 minutes. This may be a symptom of network connectivity issues, down nodes, or failures within these components. Assess the health of the infrastructure and nodes running these targets and then contact support.", - "runbook_url": "https://github.com/openshift/runbooks/blob/master/alerts/cluster-monitoring-operator/TargetDown.md", - "summary": "Some targets were not reachable from the monitoring server for an extended period of time." - }, - "state": "firing", - "activeAt": "2026-06-18T17:14:09.020412509Z", - "value": "1e+02", - "partialResponseStrategy": "WARN" - }, - { - "labels": { - "alertname": "AlertmanagerReceiversNotConfigured", - "namespace": "openshift-monitoring", - "severity": "warning" - }, - "annotations": { - "description": "Alerts are not configured to be sent to a notification system, meaning that you may not be notified in a timely fashion when important failures occur. Check the OpenShift documentation to learn how to configure notifications with Alertmanager.", - "summary": "Receivers (notification integrations) are not configured on Alertmanager" - }, - "state": "firing", - "activeAt": "2026-06-18T17:13:58.917705608Z", - "value": "0e+00", - "partialResponseStrategy": "WARN" - }, - { - "labels": { - "alertname": "KubePodNotScheduled", - "container": "kube-rbac-proxy-main", - "endpoint": "https-main", - "job": "kube-state-metrics", - "namespace": "openshift-monitoring", - "pod": "prometheus-k8s-0", - "service": "kube-state-metrics", - "severity": "warning", - "uid": "9481fb03-5ed0-4bc2-bd76-37751126087b" - }, - "annotations": { - "description": "Pod openshift-monitoring/prometheus-k8s-0 cannot be scheduled for more than 30 minutes.\nCheck the details of the pod with the following command:\noc describe -n openshift-monitoring pod prometheus-k8s-0", - "summary": "Pod cannot be scheduled." - }, - "state": "pending", - "activeAt": "2026-06-18T17:47:58.917705608Z", - "value": "1e+00", - "partialResponseStrategy": "WARN" - }, - { - "labels": { - "alertname": "KubeStatefulSetReplicasMismatch", - "container": "kube-rbac-proxy-main", - "endpoint": "https-main", - "job": "kube-state-metrics", - "namespace": "openshift-monitoring", - "service": "kube-state-metrics", - "severity": "warning", - "statefulset": "prometheus-k8s" - }, - "annotations": { - "description": "StatefulSet openshift-monitoring/prometheus-k8s has not matched the expected number of replicas for longer than 15 minutes.", - "summary": "StatefulSet has not matched the expected number of replicas." - }, - "state": "pending", - "activeAt": "2026-06-18T17:47:46.320022484Z", - "value": "1e+00", - "partialResponseStrategy": "WARN" - } - ] - } -} \ No newline at end of file +{"status":"success","data":{"alerts":[{"labels":{"alertname":"ClusterNotUpgradeable","condition":"Upgradeable","endpoint":"metrics","name":"version","namespace":"openshift-cluster-version","severity":"info"},"annotations":{"description":"In most cases, you will still be able to apply patch releases. Reason MultipleReasons. For more information refer to 'oc adm upgrade' or https://console-openshift-console.apps.ci-ln-8np31z2-72292.gcp-2.ci.openshift.org/settings/cluster/.","summary":"One or more cluster operators have been blocking minor or major version cluster updates for at least an hour."},"state":"firing","activeAt":"2026-06-22T17:55:24.835299202Z","value":"0e+00","partialResponseStrategy":"WARN"},{"labels":{"alertname":"ClusterOperatorDegraded","name":"monitoring","namespace":"openshift-cluster-version","reason":"UpdatingPrometheusFailed","severity":"warning"},"annotations":{"description":"The monitoring operator is degraded because UpdatingPrometheusFailed, and the components it manages may have reduced quality of service. Cluster upgrades may not complete. For more information refer to 'oc get -o yaml clusteroperator monitoring' or https://console-openshift-console.apps.ci-ln-8np31z2-72292.gcp-2.ci.openshift.org/settings/cluster/.","runbook_url":"https://github.com/openshift/runbooks/blob/master/alerts/cluster-monitoring-operator/ClusterOperatorDegraded.md","summary":"Cluster operator has been degraded for 30 minutes."},"state":"firing","activeAt":"2026-06-22T18:52:24.835299202Z","value":"1e+00","partialResponseStrategy":"WARN"},{"labels":{"alertname":"ClusterOperatorDegraded","name":"version","namespace":"openshift-cluster-version","reason":"ClusterOperatorDegraded","severity":"warning"},"annotations":{"description":"The version operator is degraded because ClusterOperatorDegraded, and the components it manages may have reduced quality of service. Cluster upgrades may not complete. For more information refer to 'oc adm upgrade' or https://console-openshift-console.apps.ci-ln-8np31z2-72292.gcp-2.ci.openshift.org/settings/cluster/.","runbook_url":"https://github.com/openshift/runbooks/blob/master/alerts/cluster-monitoring-operator/ClusterOperatorDegraded.md","summary":"Cluster operator has been degraded for 30 minutes."},"state":"firing","activeAt":"2026-06-22T18:53:24.835299202Z","value":"1e+00","partialResponseStrategy":"WARN"},{"labels":{"alertname":"OpenShiftUpdateRiskMightApply","namespace":"openshift-cluster-version","reason":"Alert:firing","risk":"PodDisruptionBudgetAtLimit","severity":"warning"},"annotations":{"description":"The conditional update risk PodDisruptionBudgetAtLimit might apply to the cluster because of Alert:firing, and the cluster update to a version exposed to the risk is not recommended. For more information refer to 'oc adm upgrade'.","runbook_url":"https://github.com/openshift/runbooks/blob/master/alerts/cluster-version-operator/OpenShiftUpdateRiskMightApply.md","summary":"The cluster might have been exposed to the conditional update risk for 15 minutes."},"state":"pending","activeAt":"2026-06-22T19:30:27.711254056Z","value":"1e+00","partialResponseStrategy":"WARN"},{"labels":{"alertname":"InsightsRecommendationActive","container":"insights-operator","description":"Enabling the **TechPreviewNoUpgrade** feature set on your cluster\ncan not be undone and prevents minor version updates. Please do\nnot enable this feature set on production clusters.\n","endpoint":"https","info_link":"https://console.redhat.com/openshift/insights/advisor/clusters/ab59f554-a72f-40c3-87e7-49ebec220e4f?first=ccx_rules_ocp.external.rules.upgrade_is_blocked_due_to_tpfg%7CTECH_PREVIEW_NO_UPGRADE_FEATURE_SET_IS_ENABLED","instance":"10.130.0.40:8443","job":"metrics","namespace":"openshift-insights","pod":"insights-operator-584747df49-wqrjp","service":"metrics","severity":"info","total_risk":"Important"},"annotations":{"description":"Insights recommendation \"Enabling the **TechPreviewNoUpgrade** feature set on your cluster\ncan not be undone and prevents minor version updates. Please do\nnot enable this feature set on production clusters.\n\" with total risk \"Important\" was detected on the cluster. More information is available at https://console.redhat.com/openshift/insights/advisor/clusters/ab59f554-a72f-40c3-87e7-49ebec220e4f?first=ccx_rules_ocp.external.rules.upgrade_is_blocked_due_to_tpfg%7CTECH_PREVIEW_NO_UPGRADE_FEATURE_SET_IS_ENABLED.","summary":"An Insights recommendation is active for this cluster."},"state":"firing","activeAt":"2026-06-22T17:55:43.284361153Z","value":"1e+00","partialResponseStrategy":"WARN"},{"labels":{"alertname":"TechPreviewNoUpgrade","container":"kube-apiserver-operator","endpoint":"https","instance":"10.130.0.23:8443","job":"kube-apiserver-operator","name":"TechPreviewNoUpgrade","namespace":"openshift-kube-apiserver-operator","pod":"kube-apiserver-operator-7d998989dd-l5tww","service":"metrics","severity":"warning"},"annotations":{"description":"Cluster has enabled Technology Preview features that cannot be undone and will prevent upgrades. The TechPreviewNoUpgrade feature set is not recommended on production clusters.","summary":"Cluster has enabled tech preview features that will prevent upgrades."},"state":"firing","activeAt":"2026-06-22T17:55:30.88338992Z","value":"0e+00","partialResponseStrategy":"WARN"},{"labels":{"alertname":"PodDisruptionBudgetAtLimit","namespace":"openshift-monitoring","poddisruptionbudget":"prometheus-k8s","severity":"warning"},"annotations":{"description":"The pod disruption budget is at the minimum disruptions allowed level. The number of current healthy pods is equal to the desired healthy pods.","runbook_url":"https://github.com/openshift/runbooks/blob/master/alerts/cluster-kube-controller-manager-operator/PodDisruptionBudgetAtLimit.md","summary":"The pod disruption budget is preventing further disruption to pods."},"state":"firing","activeAt":"2026-06-22T18:19:01.64123308Z","value":"1e+00","partialResponseStrategy":"WARN"},{"labels":{"alertname":"Watchdog","namespace":"openshift-monitoring","severity":"none"},"annotations":{"description":"This is an alert meant to ensure that the entire alerting pipeline is functional.\nThis alert is always firing, therefore it should always be firing in Alertmanager\nand always fire against a receiver. There are integrations with various notification\nmechanisms that send a notification when this alert is not firing. For example the\n\"DeadMansSnitch\" integration in PagerDuty.\n","summary":"An alert that should always be firing to certify that Alertmanager is working properly."},"state":"firing","activeAt":"2026-06-22T17:54:52.013519252Z","value":"1e+00","partialResponseStrategy":"WARN"},{"labels":{"alertname":"TargetDown","job":"check-endpoints","namespace":"openshift-apiserver","service":"check-endpoints","severity":"warning"},"annotations":{"description":"100% of the check-endpoints/check-endpoints targets in openshift-apiserver namespace have been unreachable for more than 15 minutes. This may be a symptom of network connectivity issues, down nodes, or failures within these components. Assess the health of the infrastructure and nodes running these targets and then contact support.","runbook_url":"https://github.com/openshift/runbooks/blob/master/alerts/cluster-monitoring-operator/TargetDown.md","summary":"Some targets were not reachable from the monitoring server for an extended period of time."},"state":"firing","activeAt":"2026-06-22T17:55:19.290981414Z","value":"1e+02","partialResponseStrategy":"WARN"},{"labels":{"alertname":"AlertmanagerReceiversNotConfigured","namespace":"openshift-monitoring","severity":"warning"},"annotations":{"description":"Alerts are not configured to be sent to a notification system, meaning that you may not be notified in a timely fashion when important failures occur. Check the OpenShift documentation to learn how to configure notifications with Alertmanager.","summary":"Receivers (notification integrations) are not configured on Alertmanager"},"state":"firing","activeAt":"2026-06-22T17:55:19.616745055Z","value":"0e+00","partialResponseStrategy":"WARN"},{"labels":{"alertname":"ClusterMonitoringOperatorReconciliationErrors","container":"cluster-monitoring-operator","endpoint":"https","instance":"10.130.0.38:8443","job":"cluster-monitoring-operator","namespace":"openshift-monitoring","pod":"cluster-monitoring-operator-56c95fb488-cxqcp","service":"cluster-monitoring-operator","severity":"warning"},"annotations":{"description":"Errors are occurring during reconciliation cycles. Inspect the cluster-monitoring-operator log for potential root causes.","summary":"Cluster Monitoring Operator is experiencing unexpected reconciliation errors."},"state":"pending","activeAt":"2026-06-22T18:41:49.616745055Z","value":"0e+00","partialResponseStrategy":"WARN"},{"labels":{"alertname":"KubePodNotScheduled","container":"kube-rbac-proxy-main","endpoint":"https-main","job":"kube-state-metrics","namespace":"openshift-monitoring","pod":"prometheus-k8s-0","service":"kube-state-metrics","severity":"warning","uid":"5654bd3d-f61e-4c27-a56b-63eea0effc5e"},"annotations":{"description":"Pod openshift-monitoring/prometheus-k8s-0 cannot be scheduled for more than 30 minutes.\nCheck the details of the pod with the following command:\noc describe -n openshift-monitoring pod prometheus-k8s-0","summary":"Pod cannot be scheduled."},"state":"firing","activeAt":"2026-06-22T18:18:49.616745055Z","value":"1e+00","partialResponseStrategy":"WARN"},{"labels":{"alertname":"KubeStatefulSetReplicasMismatch","container":"kube-rbac-proxy-main","endpoint":"https-main","job":"kube-state-metrics","namespace":"openshift-monitoring","service":"kube-state-metrics","severity":"warning","statefulset":"prometheus-k8s"},"annotations":{"description":"StatefulSet openshift-monitoring/prometheus-k8s has not matched the expected number of replicas for longer than 15 minutes.","summary":"StatefulSet has not matched the expected number of replicas."},"state":"firing","activeAt":"2026-06-22T18:18:49.654575017Z","value":"1e+00","partialResponseStrategy":"WARN"}]}} \ No newline at end of file diff --git a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks-cv.yaml b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks-cv.yaml index 96fe7b4cf5..0e817ea73a 100644 --- a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks-cv.yaml +++ b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks-cv.yaml @@ -1,13 +1,14 @@ apiVersion: config.openshift.io/v1 kind: ClusterVersion metadata: - creationTimestamp: "2026-06-18T16:45:59Z" - generation: 2 + creationTimestamp: "2026-06-22T17:25:19Z" + generation: 3 name: version - resourceVersion: "32889" - uid: df6f5ec1-6287-49c2-b763-7ca55c8d7c4a + resourceVersion: "63760" + uid: bc00f3f2-da92-4342-9882-ac16001b3d13 spec: - clusterID: 0cbb9b16-2f80-4b25-bb1e-82679443eeac + channel: candidate-5.0 + clusterID: ab59f554-a72f-40c3-87e7-49ebec220e4f overrides: - group: config.openshift.io kind: ClusterImagePolicy @@ -53,51 +54,118 @@ status: - baremetal - marketplace - openshift-samples + conditionalUpdateRisks: + - conditions: + - lastTransitionTime: "2026-06-22T18:19:01Z" + message: 'warning alert PodDisruptionBudgetAtLimit firing, which might slow + node drains. Namespace=openshift-monitoring, PodDisruptionBudget=prometheus-k8s. + The pod disruption budget is preventing further disruption to pods. The alert + description is: The pod disruption budget is at the minimum disruptions allowed + level. The number of current healthy pods is equal to the desired healthy + pods. https://github.com/openshift/runbooks/blob/master/alerts/cluster-kube-controller-manager-operator/PodDisruptionBudgetAtLimit.md' + reason: Alert:firing + status: "True" + type: Applies + matchingRules: + - type: Always + message: The pod disruption budget is preventing further disruption to pods. + name: PodDisruptionBudgetAtLimit + url: https://github.com/openshift/runbooks/blob/master/alerts/cluster-kube-controller-manager-operator/PodDisruptionBudgetAtLimit.md + conditionalUpdates: + - conditions: + - lastTransitionTime: "2026-06-22T19:30:17Z" + message: The pod disruption budget is preventing further disruption to pods. + https://github.com/openshift/runbooks/blob/master/alerts/cluster-kube-controller-manager-operator/PodDisruptionBudgetAtLimit.md + reason: PodDisruptionBudgetAtLimit + status: "False" + type: Recommended + release: + channels: + - candidate-5.0 + image: quay.io/openshift-release-dev/ocp-release@sha256:b5ad6b4bb5efbd9b9d88bd42182e85388742b4441a2ff4301c4f5aa8176d5d29 + version: 5.0.0-ec.3 + riskNames: + - PodDisruptionBudgetAtLimit + risks: + - conditions: + - lastTransitionTime: "2026-06-22T18:19:01Z" + message: 'warning alert PodDisruptionBudgetAtLimit firing, which might slow + node drains. Namespace=openshift-monitoring, PodDisruptionBudget=prometheus-k8s. + The pod disruption budget is preventing further disruption to pods. The + alert description is: The pod disruption budget is at the minimum disruptions + allowed level. The number of current healthy pods is equal to the desired + healthy pods. https://github.com/openshift/runbooks/blob/master/alerts/cluster-kube-controller-manager-operator/PodDisruptionBudgetAtLimit.md' + reason: Alert:firing + status: "True" + type: Applies + matchingRules: + - type: Always + message: The pod disruption budget is preventing further disruption to pods. + name: PodDisruptionBudgetAtLimit + url: https://github.com/openshift/runbooks/blob/master/alerts/cluster-kube-controller-manager-operator/PodDisruptionBudgetAtLimit.md conditions: - - lastTransitionTime: "2026-06-18T16:46:44Z" - message: The update channel has not been configured. - reason: NoChannel - status: "False" + - lastTransitionTime: "2026-06-22T19:30:17Z" + status: "True" type: RetrievedUpdates - - lastTransitionTime: "2026-06-18T16:46:44Z" + - lastTransitionTime: "2026-06-22T17:26:06Z" message: |- - Cluster should not be upgraded between minor or major versions for multiple reasons: - * Disabling ownership via cluster version overrides prevents updates between minor or major versions. Please remove overrides before requesting a minor or major version update. - * FeatureGatesUpgradeable: "TechPreviewNoUpgrade" does not allow updates + Cluster should not be upgraded between minor or major versions for multiple reasons: ClusterVersionOverridesSet,FeatureGates_RestrictedFeatureGates_TechPreviewNoUpgrade + * Disabling ownership via cluster version overrides prevents upgrades between minor or major versions. Please remove overrides before requesting a minor or major version update. + * Cluster operator config-operator should not be upgraded between minor or major versions: FeatureGatesUpgradeable: "TechPreviewNoUpgrade" does not allow updates reason: MultipleReasons status: "False" type: Upgradeable - - lastTransitionTime: "2026-06-18T16:46:44Z" + - lastTransitionTime: "2026-06-22T17:26:06Z" message: Capabilities match configured spec reason: AsExpected status: "False" type: ImplicitlyEnabledCapabilities - - lastTransitionTime: "2026-06-18T16:46:44Z" - message: Payload loaded version="5.0.0-0.nightly-2026-06-18-000016" image="registry.build12.ci.openshift.org/ci-ln-gsv92fb/release@sha256:53a5158cf59349bd674c2fb5a40074c6a141ea2908b6a87a56bab704b18c44b8" + - lastTransitionTime: "2026-06-22T17:26:06Z" + message: Payload loaded version="5.0.0-ec.2" image="registry.build12.ci.openshift.org/ci-ln-8np31z2/release@sha256:e8f74fa0423f416cdcd6b35a0769765118c0f8ba9d7e0e25517e41c59483c6af" architecture="amd64" reason: PayloadLoaded status: "True" type: ReleaseAccepted - - lastTransitionTime: "2026-06-18T17:16:06Z" - message: Done applying 5.0.0-0.nightly-2026-06-18-000016 + - lastTransitionTime: "2026-06-22T17:58:15Z" + message: Done applying 5.0.0-ec.2 status: "True" type: Available - - lastTransitionTime: "2026-06-18T17:16:06Z" - status: "False" + - lastTransitionTime: "2026-06-22T18:53:00Z" + message: Cluster operator monitoring is degraded + reason: ClusterOperatorDegraded + status: "True" type: Failing - - lastTransitionTime: "2026-06-18T17:16:06Z" - message: Cluster version is 5.0.0-0.nightly-2026-06-18-000016 + - lastTransitionTime: "2026-06-22T17:58:15Z" + message: 'Error while reconciling 5.0.0-ec.2: the cluster operator monitoring + is degraded' + reason: ClusterOperatorDegraded status: "False" type: Progressing + - lastTransitionTime: "2026-06-22T17:26:51Z" + message: Disabling ownership via cluster version overrides prevents upgrades between + minor or major versions. Please remove overrides before requesting a minor or + major version update. + reason: ClusterVersionOverridesSet + status: "False" + type: UpgradeableClusterVersionOverrides + - lastTransitionTime: "2026-06-22T17:31:17Z" + message: 'Cluster operator config-operator should not be upgraded between minor + or major versions: FeatureGatesUpgradeable: "TechPreviewNoUpgrade" does not + allow updates' + reason: FeatureGates_RestrictedFeatureGates_TechPreviewNoUpgrade + status: "False" + type: UpgradeableClusterOperators desired: - image: registry.build12.ci.openshift.org/ci-ln-gsv92fb/release@sha256:53a5158cf59349bd674c2fb5a40074c6a141ea2908b6a87a56bab704b18c44b8 - version: 5.0.0-0.nightly-2026-06-18-000016 + channels: + - candidate-5.0 + image: registry.build12.ci.openshift.org/ci-ln-8np31z2/release@sha256:e8f74fa0423f416cdcd6b35a0769765118c0f8ba9d7e0e25517e41c59483c6af + version: 5.0.0-ec.2 history: - - completionTime: "2026-06-18T17:16:06Z" - image: registry.build12.ci.openshift.org/ci-ln-gsv92fb/release@sha256:53a5158cf59349bd674c2fb5a40074c6a141ea2908b6a87a56bab704b18c44b8 - startedTime: "2026-06-18T16:46:44Z" + - completionTime: "2026-06-22T17:58:15Z" + image: registry.build12.ci.openshift.org/ci-ln-8np31z2/release@sha256:e8f74fa0423f416cdcd6b35a0769765118c0f8ba9d7e0e25517e41c59483c6af + startedTime: "2026-06-22T17:26:06Z" state: Completed verified: false - version: 5.0.0-0.nightly-2026-06-18-000016 + version: 5.0.0-ec.2 observedGeneration: 2 - versionHash: 3WXMtJd4snY= + versionHash: cUYyzI3AJLo= diff --git a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks-featuregate.yaml b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks-featuregate.yaml index 702d03a7f9..561db1f92f 100644 --- a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks-featuregate.yaml +++ b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks-featuregate.yaml @@ -3,11 +3,11 @@ kind: FeatureGate metadata: annotations: include.release.openshift.io/self-managed-high-availability: "true" - creationTimestamp: "2026-06-18T16:46:19Z" + creationTimestamp: "2026-06-22T17:25:39Z" generation: 1 name: cluster - resourceVersion: "728" - uid: 5a8c95c7-ca06-4bec-849c-e7426013ef61 + resourceVersion: "718" + uid: e6d830fe-e07a-4276-8730-fc8d9089d10e spec: featureSet: TechPreviewNoUpgrade status: @@ -24,17 +24,13 @@ status: - name: ExternalOIDCExternalClaimsSourcing - name: ExternalSnapshotMetadata - name: HyperShiftOnlyDynamicResourceAllocation - - name: MachineAPIMigrationAzure - - name: MachineAPIMigrationBareMetal - - name: MachineAPIMigrationGCP - - name: MachineAPIMigrationPowerVS - name: MachineAPIMigrationVSphere - name: MachineAPIOperatorDisableMachineHealthCheckController - name: MultiArchInstallAzure - - name: MutableTopology - name: NetworkConnect - name: ProvisioningRequestAvailable - name: ShortCertRotation + - name: VSphereMultiVCenterDay2 enabled: - name: AWSClusterHostedDNS - name: AWSClusterHostedDNSInstall @@ -102,7 +98,6 @@ status: - name: MultiDiskSetup - name: MutableCSINodeAllocatableCount - name: MutatingAdmissionPolicy - - name: NetworkObservabilityInstall - name: NewOLM - name: NewOLMBoxCutterRuntime - name: NewOLMCatalogdAPIV1Metas @@ -118,7 +113,6 @@ status: - name: OVNObservability - name: OnPremDNSRecords - name: OpenShiftPodSecurityAdmission - - name: RouteExternalCertificate - name: SELinuxMount - name: ServiceAccountTokenNodeBinding - name: SignatureStores @@ -126,13 +120,11 @@ status: - name: SigstoreImageVerificationPKI - name: StoragePerformantSecurityPolicy - name: TLSAdherence - - name: TLSGroupPreferences - name: UpgradeStatus - name: VSphereConfigurableMaxAllowedBlockVolumesPerNode - name: VSphereHostVMGroupZonal - name: VSphereMixedNodeEnv - name: VSphereMultiDisk - name: VSphereMultiNetworks - - name: VSphereMultiVCenterDay2 - name: VolumeGroupSnapshot - version: 5.0.0-0.nightly-2026-06-18-000016 + version: 5.0.0-ec.2 diff --git a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks-infrastructure.yaml b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks-infrastructure.yaml index 3bdfea6917..ab3c42fe29 100644 --- a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks-infrastructure.yaml +++ b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks-infrastructure.yaml @@ -1,11 +1,11 @@ apiVersion: config.openshift.io/v1 kind: Infrastructure metadata: - creationTimestamp: "2026-06-18T16:45:51Z" + creationTimestamp: "2026-06-22T17:25:11Z" generation: 1 name: cluster - resourceVersion: "591" - uid: 5bd60047-c83f-4891-9175-c6eab065e71b + resourceVersion: "580" + uid: e7ac2dd3-5925-44fa-b93d-fc2461223d6a spec: cloudConfig: key: config @@ -13,12 +13,12 @@ spec: platformSpec: type: GCP status: - apiServerInternalURI: https://api-int.ci-ln-gsv92fb-72292.gcp-2.ci.openshift.org:6443 - apiServerURL: https://api.ci-ln-gsv92fb-72292.gcp-2.ci.openshift.org:6443 + apiServerInternalURI: https://api-int.ci-ln-8np31z2-72292.gcp-2.ci.openshift.org:6443 + apiServerURL: https://api.ci-ln-8np31z2-72292.gcp-2.ci.openshift.org:6443 controlPlaneTopology: HighlyAvailable cpuPartitioning: None etcdDiscoveryDomain: "" - infrastructureName: ci-ln-gsv92fb-72292-gw5gc + infrastructureName: ci-ln-8np31z2-72292-nzmck infrastructureTopology: HighlyAvailable platform: GCP platformStatus: diff --git a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.output b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.output index d5aa93f09b..e23bc9015e 100644 --- a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.output +++ b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.output @@ -1 +1,23 @@ -No updates available. You may still upgrade to a specific release image with --to-image or wait for new updates to be available. +Failing=True: + + Reason: ClusterOperatorDegraded + Message: Cluster operator monitoring is degraded + +The following conditions found no cause for concern in updating this cluster to later releases: recommended/CriticalAlerts (AsExpected), recommended/NodeAlerts (AsExpected), recommended/PodImagePullAlerts (AsExpected), recommended/UpdatePrecheckAlerts (AsExpected) + +The following conditions found cause for concern in updating this cluster to later releases: recommended/PodDisruptionBudgetAlerts/PodDisruptionBudgetAtLimit/0 + +recommended/PodDisruptionBudgetAlerts/PodDisruptionBudgetAtLimit/0=False: + + Reason: Alert:firing + Message: warning alert PodDisruptionBudgetAtLimit firing, which might slow node drains. Namespace=openshift-monitoring, PodDisruptionBudget=prometheus-k8s. The pod disruption budget is preventing further disruption to pods. The alert description is: The pod disruption budget is at the minimum disruptions allowed level. The number of current healthy pods is equal to the desired healthy pods. https://github.com/openshift/runbooks/blob/master/alerts/cluster-kube-controller-manager-operator/PodDisruptionBudgetAtLimit.md + +Upstream update service is unset, so the cluster will use an appropriate default. +Channel: candidate-5.0 (available channels: candidate-5.0) + +Updates to 5.0: + + Version: 5.0.0-ec.3 + Image: quay.io/openshift-release-dev/ocp-release@sha256:b5ad6b4bb5efbd9b9d88bd42182e85388742b4441a2ff4301c4f5aa8176d5d29 + Reason: PodDisruptionBudgetAtLimit + Message: The pod disruption budget is preventing further disruption to pods. https://github.com/openshift/runbooks/blob/master/alerts/cluster-kube-controller-manager-operator/PodDisruptionBudgetAtLimit.md diff --git a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.show-outdated-releases-output b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.show-outdated-releases-output index d5aa93f09b..7de0e8d546 100644 --- a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.show-outdated-releases-output +++ b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.show-outdated-releases-output @@ -1 +1,20 @@ -No updates available. You may still upgrade to a specific release image with --to-image or wait for new updates to be available. +Failing=True: + + Reason: ClusterOperatorDegraded + Message: Cluster operator monitoring is degraded + +The following conditions found no cause for concern in updating this cluster to later releases: recommended/CriticalAlerts (AsExpected), recommended/NodeAlerts (AsExpected), recommended/PodImagePullAlerts (AsExpected), recommended/UpdatePrecheckAlerts (AsExpected) + +The following conditions found cause for concern in updating this cluster to later releases: recommended/PodDisruptionBudgetAlerts/PodDisruptionBudgetAtLimit/0 + +recommended/PodDisruptionBudgetAlerts/PodDisruptionBudgetAtLimit/0=False: + + Reason: Alert:firing + Message: warning alert PodDisruptionBudgetAtLimit firing, which might slow node drains. Namespace=openshift-monitoring, PodDisruptionBudget=prometheus-k8s. The pod disruption budget is preventing further disruption to pods. The alert description is: The pod disruption budget is at the minimum disruptions allowed level. The number of current healthy pods is equal to the desired healthy pods. https://github.com/openshift/runbooks/blob/master/alerts/cluster-kube-controller-manager-operator/PodDisruptionBudgetAtLimit.md + +Upstream update service is unset, so the cluster will use an appropriate default. +Channel: candidate-5.0 (available channels: candidate-5.0) + +Updates to 5.0: + VERSION ISSUES + 5.0.0-ec.3 PodDisruptionBudgetAtLimit diff --git a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.version-1.2.3-not-important-output b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.version-1.2.3-not-important-output index 1f5147f3d9..7db3af658e 100644 --- a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.version-1.2.3-not-important-output +++ b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.version-1.2.3-not-important-output @@ -1,2 +1,18 @@ +Failing=True: -error: no updates available, so cannot display context for the requested release 1.2.3-not-important + Reason: ClusterOperatorDegraded + Message: Cluster operator monitoring is degraded + +The following conditions found no cause for concern in updating this cluster to later releases: recommended/CriticalAlerts (AsExpected), recommended/NodeAlerts (AsExpected), recommended/PodImagePullAlerts (AsExpected), recommended/UpdatePrecheckAlerts (AsExpected) + +The following conditions found cause for concern in updating this cluster to later releases: recommended/PodDisruptionBudgetAlerts/PodDisruptionBudgetAtLimit/0 + +recommended/PodDisruptionBudgetAlerts/PodDisruptionBudgetAtLimit/0=False: + + Reason: Alert:firing + Message: warning alert PodDisruptionBudgetAtLimit firing, which might slow node drains. Namespace=openshift-monitoring, PodDisruptionBudget=prometheus-k8s. The pod disruption budget is preventing further disruption to pods. The alert description is: The pod disruption budget is at the minimum disruptions allowed level. The number of current healthy pods is equal to the desired healthy pods. https://github.com/openshift/runbooks/blob/master/alerts/cluster-kube-controller-manager-operator/PodDisruptionBudgetAtLimit.md + +Upstream update service is unset, so the cluster will use an appropriate default. +Channel: candidate-5.0 (available channels: candidate-5.0) + +error: no updates to 1 available, so cannot display context for the requested release 1.2.3-not-important From 482fdc1a66d31c9eefe8768e979b9b9838c282a9 Mon Sep 17 00:00:00 2001 From: Nick Bottari Date: Mon, 22 Jun 2026 15:41:45 -0400 Subject: [PATCH 08/11] fix(adm-upgrade-recommend-alerts): duplicate information is gone once we start checking if the CVO is already handling risks Signed-off-by: Nick Bottari --- pkg/cli/admin/upgrade/recommend/alerts.go | 12 ++++++------ .../examples/5.0.0-cvo-handling-risks.output | 9 --------- ...-cvo-handling-risks.show-outdated-releases-output | 9 --------- ...handling-risks.version-1.2.3-not-important-output | 9 --------- 4 files changed, 6 insertions(+), 33 deletions(-) diff --git a/pkg/cli/admin/upgrade/recommend/alerts.go b/pkg/cli/admin/upgrade/recommend/alerts.go index 758ecabd0a..aa1e6efedd 100644 --- a/pkg/cli/admin/upgrade/recommend/alerts.go +++ b/pkg/cli/admin/upgrade/recommend/alerts.go @@ -13,7 +13,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/rest" - // "k8s.io/klog/v2" + "k8s.io/klog/v2" "github.com/openshift/oc/pkg/cli/admin/inspectalerts" "github.com/openshift/oc/pkg/cli/admin/upgrade/status" @@ -24,11 +24,11 @@ import ( // and Unknown when we do not have enough information to make a // happy-or-sad determination. func (o *options) alerts(ctx context.Context) ([]acceptableCondition, error) { - // if skip, err := o.alertsEvaluatedByCVO(ctx); err != nil { - // klog.Warningf("An error occured while determining if the CVO is evaluating alerts, so the client will check. %v", err) - // } else if skip { - // return nil, nil - // } + if skip, err := o.alertsEvaluatedByCVO(ctx); err != nil { + klog.Warningf("An error occured while determining if the CVO is evaluating alerts, so the client will check. %v", err) + } else if skip { + return nil, nil + } var alertsBytes []byte if o.mockData.alertsPath != "" { diff --git a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.output b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.output index e23bc9015e..3f7ec49344 100644 --- a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.output +++ b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.output @@ -3,15 +3,6 @@ Failing=True: Reason: ClusterOperatorDegraded Message: Cluster operator monitoring is degraded -The following conditions found no cause for concern in updating this cluster to later releases: recommended/CriticalAlerts (AsExpected), recommended/NodeAlerts (AsExpected), recommended/PodImagePullAlerts (AsExpected), recommended/UpdatePrecheckAlerts (AsExpected) - -The following conditions found cause for concern in updating this cluster to later releases: recommended/PodDisruptionBudgetAlerts/PodDisruptionBudgetAtLimit/0 - -recommended/PodDisruptionBudgetAlerts/PodDisruptionBudgetAtLimit/0=False: - - Reason: Alert:firing - Message: warning alert PodDisruptionBudgetAtLimit firing, which might slow node drains. Namespace=openshift-monitoring, PodDisruptionBudget=prometheus-k8s. The pod disruption budget is preventing further disruption to pods. The alert description is: The pod disruption budget is at the minimum disruptions allowed level. The number of current healthy pods is equal to the desired healthy pods. https://github.com/openshift/runbooks/blob/master/alerts/cluster-kube-controller-manager-operator/PodDisruptionBudgetAtLimit.md - Upstream update service is unset, so the cluster will use an appropriate default. Channel: candidate-5.0 (available channels: candidate-5.0) diff --git a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.show-outdated-releases-output b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.show-outdated-releases-output index 7de0e8d546..027bc72c92 100644 --- a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.show-outdated-releases-output +++ b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.show-outdated-releases-output @@ -3,15 +3,6 @@ Failing=True: Reason: ClusterOperatorDegraded Message: Cluster operator monitoring is degraded -The following conditions found no cause for concern in updating this cluster to later releases: recommended/CriticalAlerts (AsExpected), recommended/NodeAlerts (AsExpected), recommended/PodImagePullAlerts (AsExpected), recommended/UpdatePrecheckAlerts (AsExpected) - -The following conditions found cause for concern in updating this cluster to later releases: recommended/PodDisruptionBudgetAlerts/PodDisruptionBudgetAtLimit/0 - -recommended/PodDisruptionBudgetAlerts/PodDisruptionBudgetAtLimit/0=False: - - Reason: Alert:firing - Message: warning alert PodDisruptionBudgetAtLimit firing, which might slow node drains. Namespace=openshift-monitoring, PodDisruptionBudget=prometheus-k8s. The pod disruption budget is preventing further disruption to pods. The alert description is: The pod disruption budget is at the minimum disruptions allowed level. The number of current healthy pods is equal to the desired healthy pods. https://github.com/openshift/runbooks/blob/master/alerts/cluster-kube-controller-manager-operator/PodDisruptionBudgetAtLimit.md - Upstream update service is unset, so the cluster will use an appropriate default. Channel: candidate-5.0 (available channels: candidate-5.0) diff --git a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.version-1.2.3-not-important-output b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.version-1.2.3-not-important-output index 7db3af658e..303389863a 100644 --- a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.version-1.2.3-not-important-output +++ b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.version-1.2.3-not-important-output @@ -3,15 +3,6 @@ Failing=True: Reason: ClusterOperatorDegraded Message: Cluster operator monitoring is degraded -The following conditions found no cause for concern in updating this cluster to later releases: recommended/CriticalAlerts (AsExpected), recommended/NodeAlerts (AsExpected), recommended/PodImagePullAlerts (AsExpected), recommended/UpdatePrecheckAlerts (AsExpected) - -The following conditions found cause for concern in updating this cluster to later releases: recommended/PodDisruptionBudgetAlerts/PodDisruptionBudgetAtLimit/0 - -recommended/PodDisruptionBudgetAlerts/PodDisruptionBudgetAtLimit/0=False: - - Reason: Alert:firing - Message: warning alert PodDisruptionBudgetAtLimit firing, which might slow node drains. Namespace=openshift-monitoring, PodDisruptionBudget=prometheus-k8s. The pod disruption budget is preventing further disruption to pods. The alert description is: The pod disruption budget is at the minimum disruptions allowed level. The number of current healthy pods is equal to the desired healthy pods. https://github.com/openshift/runbooks/blob/master/alerts/cluster-kube-controller-manager-operator/PodDisruptionBudgetAtLimit.md - Upstream update service is unset, so the cluster will use an appropriate default. Channel: candidate-5.0 (available channels: candidate-5.0) From 3355a4a3cb96824373bf6de2ab3f6e93a026445b Mon Sep 17 00:00:00 2001 From: Nick Bottari Date: Tue, 23 Jun 2026 13:43:15 -0400 Subject: [PATCH 09/11] fix(alerts): remove unnecessary lines and revised comments to better reflect functionality Signed-off-by: Nick Bottari --- pkg/cli/admin/upgrade/recommend/alerts.go | 3 +- .../admin/upgrade/recommend/alerts_test.go | 10 +- .../5.0.0-cvo-handling-risks-alerts.json | 253 +++++++++++++++++- 3 files changed, 255 insertions(+), 11 deletions(-) diff --git a/pkg/cli/admin/upgrade/recommend/alerts.go b/pkg/cli/admin/upgrade/recommend/alerts.go index aa1e6efedd..f6612f48eb 100644 --- a/pkg/cli/admin/upgrade/recommend/alerts.go +++ b/pkg/cli/admin/upgrade/recommend/alerts.go @@ -12,7 +12,6 @@ import ( routev1client "github.com/openshift/client-go/route/clientset/versioned/typed/route/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/rest" - "k8s.io/klog/v2" "github.com/openshift/oc/pkg/cli/admin/inspectalerts" @@ -285,7 +284,7 @@ func (o *options) alertsEvaluatedByCVO(ctx context.Context) (bool, error) { } } - // if the AcceptRisks feature gate AND oc is not running against a hosted cluster, + // if the AcceptRisks feature gate is enabled AND oc is not running against a hosted cluster, // the CVO is handling alerts and will generate the Recommended condition if needed return isAcceptRisksEnabled(featureGates, cv.Status.Desired.Version) && !isHostedCluster(infrastructure), nil } diff --git a/pkg/cli/admin/upgrade/recommend/alerts_test.go b/pkg/cli/admin/upgrade/recommend/alerts_test.go index 0090b9c2d1..6566e9710d 100644 --- a/pkg/cli/admin/upgrade/recommend/alerts_test.go +++ b/pkg/cli/admin/upgrade/recommend/alerts_test.go @@ -15,8 +15,7 @@ func TestIsAcceptRisksEnabled(t *testing.T) { expected bool }{ { - name: "no feature gates", - expected: false, + name: "no feature gates", }, { name: "ClusterUpdateAcceptRisks feature gate is enabled", @@ -52,7 +51,6 @@ func TestIsAcceptRisksEnabled(t *testing.T) { }, }, }, - expected: false, }, { name: "ClusterUpdateAcceptRisks feature gate is not explicitly enabled or disabled", @@ -67,7 +65,6 @@ func TestIsAcceptRisksEnabled(t *testing.T) { }, }, }, - expected: false, }, { name: "ClusterUpdateAcceptRisks feature gate is enabled for a different cluster version", @@ -85,7 +82,6 @@ func TestIsAcceptRisksEnabled(t *testing.T) { }, }, }, - expected: false, }, } { t.Run(testCase.name, func(t *testing.T) { @@ -105,8 +101,7 @@ func TestIsHypershiftEnabled(t *testing.T) { expected bool }{ { - name: "no infrastructure", - expected: false, + name: "no infrastructure", }, { name: "hypershift enabled", @@ -124,7 +119,6 @@ func TestIsHypershiftEnabled(t *testing.T) { ControlPlaneTopology: configv1.HighlyAvailableTopologyMode, }, }, - expected: false, }, } { t.Run(testCase.name, func(t *testing.T) { diff --git a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks-alerts.json b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks-alerts.json index 747afafd0a..a5307ab53a 100644 --- a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks-alerts.json +++ b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks-alerts.json @@ -1 +1,252 @@ -{"status":"success","data":{"alerts":[{"labels":{"alertname":"ClusterNotUpgradeable","condition":"Upgradeable","endpoint":"metrics","name":"version","namespace":"openshift-cluster-version","severity":"info"},"annotations":{"description":"In most cases, you will still be able to apply patch releases. Reason MultipleReasons. For more information refer to 'oc adm upgrade' or https://console-openshift-console.apps.ci-ln-8np31z2-72292.gcp-2.ci.openshift.org/settings/cluster/.","summary":"One or more cluster operators have been blocking minor or major version cluster updates for at least an hour."},"state":"firing","activeAt":"2026-06-22T17:55:24.835299202Z","value":"0e+00","partialResponseStrategy":"WARN"},{"labels":{"alertname":"ClusterOperatorDegraded","name":"monitoring","namespace":"openshift-cluster-version","reason":"UpdatingPrometheusFailed","severity":"warning"},"annotations":{"description":"The monitoring operator is degraded because UpdatingPrometheusFailed, and the components it manages may have reduced quality of service. Cluster upgrades may not complete. For more information refer to 'oc get -o yaml clusteroperator monitoring' or https://console-openshift-console.apps.ci-ln-8np31z2-72292.gcp-2.ci.openshift.org/settings/cluster/.","runbook_url":"https://github.com/openshift/runbooks/blob/master/alerts/cluster-monitoring-operator/ClusterOperatorDegraded.md","summary":"Cluster operator has been degraded for 30 minutes."},"state":"firing","activeAt":"2026-06-22T18:52:24.835299202Z","value":"1e+00","partialResponseStrategy":"WARN"},{"labels":{"alertname":"ClusterOperatorDegraded","name":"version","namespace":"openshift-cluster-version","reason":"ClusterOperatorDegraded","severity":"warning"},"annotations":{"description":"The version operator is degraded because ClusterOperatorDegraded, and the components it manages may have reduced quality of service. Cluster upgrades may not complete. For more information refer to 'oc adm upgrade' or https://console-openshift-console.apps.ci-ln-8np31z2-72292.gcp-2.ci.openshift.org/settings/cluster/.","runbook_url":"https://github.com/openshift/runbooks/blob/master/alerts/cluster-monitoring-operator/ClusterOperatorDegraded.md","summary":"Cluster operator has been degraded for 30 minutes."},"state":"firing","activeAt":"2026-06-22T18:53:24.835299202Z","value":"1e+00","partialResponseStrategy":"WARN"},{"labels":{"alertname":"OpenShiftUpdateRiskMightApply","namespace":"openshift-cluster-version","reason":"Alert:firing","risk":"PodDisruptionBudgetAtLimit","severity":"warning"},"annotations":{"description":"The conditional update risk PodDisruptionBudgetAtLimit might apply to the cluster because of Alert:firing, and the cluster update to a version exposed to the risk is not recommended. For more information refer to 'oc adm upgrade'.","runbook_url":"https://github.com/openshift/runbooks/blob/master/alerts/cluster-version-operator/OpenShiftUpdateRiskMightApply.md","summary":"The cluster might have been exposed to the conditional update risk for 15 minutes."},"state":"pending","activeAt":"2026-06-22T19:30:27.711254056Z","value":"1e+00","partialResponseStrategy":"WARN"},{"labels":{"alertname":"InsightsRecommendationActive","container":"insights-operator","description":"Enabling the **TechPreviewNoUpgrade** feature set on your cluster\ncan not be undone and prevents minor version updates. Please do\nnot enable this feature set on production clusters.\n","endpoint":"https","info_link":"https://console.redhat.com/openshift/insights/advisor/clusters/ab59f554-a72f-40c3-87e7-49ebec220e4f?first=ccx_rules_ocp.external.rules.upgrade_is_blocked_due_to_tpfg%7CTECH_PREVIEW_NO_UPGRADE_FEATURE_SET_IS_ENABLED","instance":"10.130.0.40:8443","job":"metrics","namespace":"openshift-insights","pod":"insights-operator-584747df49-wqrjp","service":"metrics","severity":"info","total_risk":"Important"},"annotations":{"description":"Insights recommendation \"Enabling the **TechPreviewNoUpgrade** feature set on your cluster\ncan not be undone and prevents minor version updates. Please do\nnot enable this feature set on production clusters.\n\" with total risk \"Important\" was detected on the cluster. More information is available at https://console.redhat.com/openshift/insights/advisor/clusters/ab59f554-a72f-40c3-87e7-49ebec220e4f?first=ccx_rules_ocp.external.rules.upgrade_is_blocked_due_to_tpfg%7CTECH_PREVIEW_NO_UPGRADE_FEATURE_SET_IS_ENABLED.","summary":"An Insights recommendation is active for this cluster."},"state":"firing","activeAt":"2026-06-22T17:55:43.284361153Z","value":"1e+00","partialResponseStrategy":"WARN"},{"labels":{"alertname":"TechPreviewNoUpgrade","container":"kube-apiserver-operator","endpoint":"https","instance":"10.130.0.23:8443","job":"kube-apiserver-operator","name":"TechPreviewNoUpgrade","namespace":"openshift-kube-apiserver-operator","pod":"kube-apiserver-operator-7d998989dd-l5tww","service":"metrics","severity":"warning"},"annotations":{"description":"Cluster has enabled Technology Preview features that cannot be undone and will prevent upgrades. The TechPreviewNoUpgrade feature set is not recommended on production clusters.","summary":"Cluster has enabled tech preview features that will prevent upgrades."},"state":"firing","activeAt":"2026-06-22T17:55:30.88338992Z","value":"0e+00","partialResponseStrategy":"WARN"},{"labels":{"alertname":"PodDisruptionBudgetAtLimit","namespace":"openshift-monitoring","poddisruptionbudget":"prometheus-k8s","severity":"warning"},"annotations":{"description":"The pod disruption budget is at the minimum disruptions allowed level. The number of current healthy pods is equal to the desired healthy pods.","runbook_url":"https://github.com/openshift/runbooks/blob/master/alerts/cluster-kube-controller-manager-operator/PodDisruptionBudgetAtLimit.md","summary":"The pod disruption budget is preventing further disruption to pods."},"state":"firing","activeAt":"2026-06-22T18:19:01.64123308Z","value":"1e+00","partialResponseStrategy":"WARN"},{"labels":{"alertname":"Watchdog","namespace":"openshift-monitoring","severity":"none"},"annotations":{"description":"This is an alert meant to ensure that the entire alerting pipeline is functional.\nThis alert is always firing, therefore it should always be firing in Alertmanager\nand always fire against a receiver. There are integrations with various notification\nmechanisms that send a notification when this alert is not firing. For example the\n\"DeadMansSnitch\" integration in PagerDuty.\n","summary":"An alert that should always be firing to certify that Alertmanager is working properly."},"state":"firing","activeAt":"2026-06-22T17:54:52.013519252Z","value":"1e+00","partialResponseStrategy":"WARN"},{"labels":{"alertname":"TargetDown","job":"check-endpoints","namespace":"openshift-apiserver","service":"check-endpoints","severity":"warning"},"annotations":{"description":"100% of the check-endpoints/check-endpoints targets in openshift-apiserver namespace have been unreachable for more than 15 minutes. This may be a symptom of network connectivity issues, down nodes, or failures within these components. Assess the health of the infrastructure and nodes running these targets and then contact support.","runbook_url":"https://github.com/openshift/runbooks/blob/master/alerts/cluster-monitoring-operator/TargetDown.md","summary":"Some targets were not reachable from the monitoring server for an extended period of time."},"state":"firing","activeAt":"2026-06-22T17:55:19.290981414Z","value":"1e+02","partialResponseStrategy":"WARN"},{"labels":{"alertname":"AlertmanagerReceiversNotConfigured","namespace":"openshift-monitoring","severity":"warning"},"annotations":{"description":"Alerts are not configured to be sent to a notification system, meaning that you may not be notified in a timely fashion when important failures occur. Check the OpenShift documentation to learn how to configure notifications with Alertmanager.","summary":"Receivers (notification integrations) are not configured on Alertmanager"},"state":"firing","activeAt":"2026-06-22T17:55:19.616745055Z","value":"0e+00","partialResponseStrategy":"WARN"},{"labels":{"alertname":"ClusterMonitoringOperatorReconciliationErrors","container":"cluster-monitoring-operator","endpoint":"https","instance":"10.130.0.38:8443","job":"cluster-monitoring-operator","namespace":"openshift-monitoring","pod":"cluster-monitoring-operator-56c95fb488-cxqcp","service":"cluster-monitoring-operator","severity":"warning"},"annotations":{"description":"Errors are occurring during reconciliation cycles. Inspect the cluster-monitoring-operator log for potential root causes.","summary":"Cluster Monitoring Operator is experiencing unexpected reconciliation errors."},"state":"pending","activeAt":"2026-06-22T18:41:49.616745055Z","value":"0e+00","partialResponseStrategy":"WARN"},{"labels":{"alertname":"KubePodNotScheduled","container":"kube-rbac-proxy-main","endpoint":"https-main","job":"kube-state-metrics","namespace":"openshift-monitoring","pod":"prometheus-k8s-0","service":"kube-state-metrics","severity":"warning","uid":"5654bd3d-f61e-4c27-a56b-63eea0effc5e"},"annotations":{"description":"Pod openshift-monitoring/prometheus-k8s-0 cannot be scheduled for more than 30 minutes.\nCheck the details of the pod with the following command:\noc describe -n openshift-monitoring pod prometheus-k8s-0","summary":"Pod cannot be scheduled."},"state":"firing","activeAt":"2026-06-22T18:18:49.616745055Z","value":"1e+00","partialResponseStrategy":"WARN"},{"labels":{"alertname":"KubeStatefulSetReplicasMismatch","container":"kube-rbac-proxy-main","endpoint":"https-main","job":"kube-state-metrics","namespace":"openshift-monitoring","service":"kube-state-metrics","severity":"warning","statefulset":"prometheus-k8s"},"annotations":{"description":"StatefulSet openshift-monitoring/prometheus-k8s has not matched the expected number of replicas for longer than 15 minutes.","summary":"StatefulSet has not matched the expected number of replicas."},"state":"firing","activeAt":"2026-06-22T18:18:49.654575017Z","value":"1e+00","partialResponseStrategy":"WARN"}]}} \ No newline at end of file +{ + "status": "success", + "data": { + "alerts": [ + { + "labels": { + "alertname": "ClusterNotUpgradeable", + "condition": "Upgradeable", + "endpoint": "metrics", + "name": "version", + "namespace": "openshift-cluster-version", + "severity": "info" + }, + "annotations": { + "description": "In most cases, you will still be able to apply patch releases. Reason MultipleReasons. For more information refer to 'oc adm upgrade' or https://console-openshift-console.apps.ci-ln-8np31z2-72292.gcp-2.ci.openshift.org/settings/cluster/.", + "summary": "One or more cluster operators have been blocking minor or major version cluster updates for at least an hour." + }, + "state": "firing", + "activeAt": "2026-06-22T17:55:24.835299202Z", + "value": "0e+00", + "partialResponseStrategy": "WARN" + }, + { + "labels": { + "alertname": "ClusterOperatorDegraded", + "name": "monitoring", + "namespace": "openshift-cluster-version", + "reason": "UpdatingPrometheusFailed", + "severity": "warning" + }, + "annotations": { + "description": "The monitoring operator is degraded because UpdatingPrometheusFailed, and the components it manages may have reduced quality of service. Cluster upgrades may not complete. For more information refer to 'oc get -o yaml clusteroperator monitoring' or https://console-openshift-console.apps.ci-ln-8np31z2-72292.gcp-2.ci.openshift.org/settings/cluster/.", + "runbook_url": "https://github.com/openshift/runbooks/blob/master/alerts/cluster-monitoring-operator/ClusterOperatorDegraded.md", + "summary": "Cluster operator has been degraded for 30 minutes." + }, + "state": "firing", + "activeAt": "2026-06-22T18:52:24.835299202Z", + "value": "1e+00", + "partialResponseStrategy": "WARN" + }, + { + "labels": { + "alertname": "ClusterOperatorDegraded", + "name": "version", + "namespace": "openshift-cluster-version", + "reason": "ClusterOperatorDegraded", + "severity": "warning" + }, + "annotations": { + "description": "The version operator is degraded because ClusterOperatorDegraded, and the components it manages may have reduced quality of service. Cluster upgrades may not complete. For more information refer to 'oc adm upgrade' or https://console-openshift-console.apps.ci-ln-8np31z2-72292.gcp-2.ci.openshift.org/settings/cluster/.", + "runbook_url": "https://github.com/openshift/runbooks/blob/master/alerts/cluster-monitoring-operator/ClusterOperatorDegraded.md", + "summary": "Cluster operator has been degraded for 30 minutes." + }, + "state": "firing", + "activeAt": "2026-06-22T18:53:24.835299202Z", + "value": "1e+00", + "partialResponseStrategy": "WARN" + }, + { + "labels": { + "alertname": "OpenShiftUpdateRiskMightApply", + "namespace": "openshift-cluster-version", + "reason": "Alert:firing", + "risk": "PodDisruptionBudgetAtLimit", + "severity": "warning" + }, + "annotations": { + "description": "The conditional update risk PodDisruptionBudgetAtLimit might apply to the cluster because of Alert:firing, and the cluster update to a version exposed to the risk is not recommended. For more information refer to 'oc adm upgrade'.", + "runbook_url": "https://github.com/openshift/runbooks/blob/master/alerts/cluster-version-operator/OpenShiftUpdateRiskMightApply.md", + "summary": "The cluster might have been exposed to the conditional update risk for 15 minutes." + }, + "state": "pending", + "activeAt": "2026-06-22T19:30:27.711254056Z", + "value": "1e+00", + "partialResponseStrategy": "WARN" + }, + { + "labels": { + "alertname": "InsightsRecommendationActive", + "container": "insights-operator", + "description": "Enabling the **TechPreviewNoUpgrade** feature set on your cluster\ncan not be undone and prevents minor version updates. Please do\nnot enable this feature set on production clusters.\n", + "endpoint": "https", + "info_link": "https://console.redhat.com/openshift/insights/advisor/clusters/ab59f554-a72f-40c3-87e7-49ebec220e4f?first=ccx_rules_ocp.external.rules.upgrade_is_blocked_due_to_tpfg%7CTECH_PREVIEW_NO_UPGRADE_FEATURE_SET_IS_ENABLED", + "instance": "10.130.0.40:8443", + "job": "metrics", + "namespace": "openshift-insights", + "pod": "insights-operator-584747df49-wqrjp", + "service": "metrics", + "severity": "info", + "total_risk": "Important" + }, + "annotations": { + "description": "Insights recommendation \"Enabling the **TechPreviewNoUpgrade** feature set on your cluster\ncan not be undone and prevents minor version updates. Please do\nnot enable this feature set on production clusters.\n\" with total risk \"Important\" was detected on the cluster. More information is available at https://console.redhat.com/openshift/insights/advisor/clusters/ab59f554-a72f-40c3-87e7-49ebec220e4f?first=ccx_rules_ocp.external.rules.upgrade_is_blocked_due_to_tpfg%7CTECH_PREVIEW_NO_UPGRADE_FEATURE_SET_IS_ENABLED.", + "summary": "An Insights recommendation is active for this cluster." + }, + "state": "firing", + "activeAt": "2026-06-22T17:55:43.284361153Z", + "value": "1e+00", + "partialResponseStrategy": "WARN" + }, + { + "labels": { + "alertname": "TechPreviewNoUpgrade", + "container": "kube-apiserver-operator", + "endpoint": "https", + "instance": "10.130.0.23:8443", + "job": "kube-apiserver-operator", + "name": "TechPreviewNoUpgrade", + "namespace": "openshift-kube-apiserver-operator", + "pod": "kube-apiserver-operator-7d998989dd-l5tww", + "service": "metrics", + "severity": "warning" + }, + "annotations": { + "description": "Cluster has enabled Technology Preview features that cannot be undone and will prevent upgrades. The TechPreviewNoUpgrade feature set is not recommended on production clusters.", + "summary": "Cluster has enabled tech preview features that will prevent upgrades." + }, + "state": "firing", + "activeAt": "2026-06-22T17:55:30.88338992Z", + "value": "0e+00", + "partialResponseStrategy": "WARN" + }, + { + "labels": { + "alertname": "PodDisruptionBudgetAtLimit", + "namespace": "openshift-monitoring", + "poddisruptionbudget": "prometheus-k8s", + "severity": "warning" + }, + "annotations": { + "description": "The pod disruption budget is at the minimum disruptions allowed level. The number of current healthy pods is equal to the desired healthy pods.", + "runbook_url": "https://github.com/openshift/runbooks/blob/master/alerts/cluster-kube-controller-manager-operator/PodDisruptionBudgetAtLimit.md", + "summary": "The pod disruption budget is preventing further disruption to pods." + }, + "state": "firing", + "activeAt": "2026-06-22T18:19:01.64123308Z", + "value": "1e+00", + "partialResponseStrategy": "WARN" + }, + { + "labels": { + "alertname": "Watchdog", + "namespace": "openshift-monitoring", + "severity": "none" + }, + "annotations": { + "description": "This is an alert meant to ensure that the entire alerting pipeline is functional.\nThis alert is always firing, therefore it should always be firing in Alertmanager\nand always fire against a receiver. There are integrations with various notification\nmechanisms that send a notification when this alert is not firing. For example the\n\"DeadMansSnitch\" integration in PagerDuty.\n", + "summary": "An alert that should always be firing to certify that Alertmanager is working properly." + }, + "state": "firing", + "activeAt": "2026-06-22T17:54:52.013519252Z", + "value": "1e+00", + "partialResponseStrategy": "WARN" + }, + { + "labels": { + "alertname": "TargetDown", + "job": "check-endpoints", + "namespace": "openshift-apiserver", + "service": "check-endpoints", + "severity": "warning" + }, + "annotations": { + "description": "100% of the check-endpoints/check-endpoints targets in openshift-apiserver namespace have been unreachable for more than 15 minutes. This may be a symptom of network connectivity issues, down nodes, or failures within these components. Assess the health of the infrastructure and nodes running these targets and then contact support.", + "runbook_url": "https://github.com/openshift/runbooks/blob/master/alerts/cluster-monitoring-operator/TargetDown.md", + "summary": "Some targets were not reachable from the monitoring server for an extended period of time." + }, + "state": "firing", + "activeAt": "2026-06-22T17:55:19.290981414Z", + "value": "1e+02", + "partialResponseStrategy": "WARN" + }, + { + "labels": { + "alertname": "AlertmanagerReceiversNotConfigured", + "namespace": "openshift-monitoring", + "severity": "warning" + }, + "annotations": { + "description": "Alerts are not configured to be sent to a notification system, meaning that you may not be notified in a timely fashion when important failures occur. Check the OpenShift documentation to learn how to configure notifications with Alertmanager.", + "summary": "Receivers (notification integrations) are not configured on Alertmanager" + }, + "state": "firing", + "activeAt": "2026-06-22T17:55:19.616745055Z", + "value": "0e+00", + "partialResponseStrategy": "WARN" + }, + { + "labels": { + "alertname": "ClusterMonitoringOperatorReconciliationErrors", + "container": "cluster-monitoring-operator", + "endpoint": "https", + "instance": "10.130.0.38:8443", + "job": "cluster-monitoring-operator", + "namespace": "openshift-monitoring", + "pod": "cluster-monitoring-operator-56c95fb488-cxqcp", + "service": "cluster-monitoring-operator", + "severity": "warning" + }, + "annotations": { + "description": "Errors are occurring during reconciliation cycles. Inspect the cluster-monitoring-operator log for potential root causes.", + "summary": "Cluster Monitoring Operator is experiencing unexpected reconciliation errors." + }, + "state": "pending", + "activeAt": "2026-06-22T18:41:49.616745055Z", + "value": "0e+00", + "partialResponseStrategy": "WARN" + }, + { + "labels": { + "alertname": "KubePodNotScheduled", + "container": "kube-rbac-proxy-main", + "endpoint": "https-main", + "job": "kube-state-metrics", + "namespace": "openshift-monitoring", + "pod": "prometheus-k8s-0", + "service": "kube-state-metrics", + "severity": "warning", + "uid": "5654bd3d-f61e-4c27-a56b-63eea0effc5e" + }, + "annotations": { + "description": "Pod openshift-monitoring/prometheus-k8s-0 cannot be scheduled for more than 30 minutes.\nCheck the details of the pod with the following command:\noc describe -n openshift-monitoring pod prometheus-k8s-0", + "summary": "Pod cannot be scheduled." + }, + "state": "firing", + "activeAt": "2026-06-22T18:18:49.616745055Z", + "value": "1e+00", + "partialResponseStrategy": "WARN" + }, + { + "labels": { + "alertname": "KubeStatefulSetReplicasMismatch", + "container": "kube-rbac-proxy-main", + "endpoint": "https-main", + "job": "kube-state-metrics", + "namespace": "openshift-monitoring", + "service": "kube-state-metrics", + "severity": "warning", + "statefulset": "prometheus-k8s" + }, + "annotations": { + "description": "StatefulSet openshift-monitoring/prometheus-k8s has not matched the expected number of replicas for longer than 15 minutes.", + "summary": "StatefulSet has not matched the expected number of replicas." + }, + "state": "firing", + "activeAt": "2026-06-22T18:18:49.654575017Z", + "value": "1e+00", + "partialResponseStrategy": "WARN" + } + ] + } +} \ No newline at end of file From ca8e7ec3c28fc93a0592ede90a6a8b9b937ed8b1 Mon Sep 17 00:00:00 2001 From: Nick Bottari Date: Mon, 29 Jun 2026 15:49:29 -0400 Subject: [PATCH 10/11] fix(alerts): added test case for when cvo is not handling risks Signed-off-by: Nick Bottari --- .../examples/5.0.0-cvo-not-handling-risks | 23 ++ .../5.0.0-cvo-not-handling-risks-alerts.json | 252 ++++++++++++++++++ .../5.0.0-cvo-not-handling-risks-cv.yaml | 171 ++++++++++++ ....0-cvo-not-handling-risks-featuregate.yaml | 130 +++++++++ ...cvo-not-handling-risks-infrastructure.yaml | 30 +++ .../5.0.0-cvo-not-handling-risks.output | 23 ++ ...ndling-risks.show-outdated-releases-output | 20 ++ ...g-risks.version-1.2.3-not-important-output | 18 ++ .../admin/upgrade/recommend/examples_test.go | 1 + 9 files changed, 668 insertions(+) create mode 100644 pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks create mode 100644 pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks-alerts.json create mode 100644 pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks-cv.yaml create mode 100644 pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks-featuregate.yaml create mode 100644 pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks-infrastructure.yaml create mode 100644 pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks.output create mode 100644 pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks.show-outdated-releases-output create mode 100644 pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks.version-1.2.3-not-important-output diff --git a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks new file mode 100644 index 0000000000..e23bc9015e --- /dev/null +++ b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks @@ -0,0 +1,23 @@ +Failing=True: + + Reason: ClusterOperatorDegraded + Message: Cluster operator monitoring is degraded + +The following conditions found no cause for concern in updating this cluster to later releases: recommended/CriticalAlerts (AsExpected), recommended/NodeAlerts (AsExpected), recommended/PodImagePullAlerts (AsExpected), recommended/UpdatePrecheckAlerts (AsExpected) + +The following conditions found cause for concern in updating this cluster to later releases: recommended/PodDisruptionBudgetAlerts/PodDisruptionBudgetAtLimit/0 + +recommended/PodDisruptionBudgetAlerts/PodDisruptionBudgetAtLimit/0=False: + + Reason: Alert:firing + Message: warning alert PodDisruptionBudgetAtLimit firing, which might slow node drains. Namespace=openshift-monitoring, PodDisruptionBudget=prometheus-k8s. The pod disruption budget is preventing further disruption to pods. The alert description is: The pod disruption budget is at the minimum disruptions allowed level. The number of current healthy pods is equal to the desired healthy pods. https://github.com/openshift/runbooks/blob/master/alerts/cluster-kube-controller-manager-operator/PodDisruptionBudgetAtLimit.md + +Upstream update service is unset, so the cluster will use an appropriate default. +Channel: candidate-5.0 (available channels: candidate-5.0) + +Updates to 5.0: + + Version: 5.0.0-ec.3 + Image: quay.io/openshift-release-dev/ocp-release@sha256:b5ad6b4bb5efbd9b9d88bd42182e85388742b4441a2ff4301c4f5aa8176d5d29 + Reason: PodDisruptionBudgetAtLimit + Message: The pod disruption budget is preventing further disruption to pods. https://github.com/openshift/runbooks/blob/master/alerts/cluster-kube-controller-manager-operator/PodDisruptionBudgetAtLimit.md diff --git a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks-alerts.json b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks-alerts.json new file mode 100644 index 0000000000..a5307ab53a --- /dev/null +++ b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks-alerts.json @@ -0,0 +1,252 @@ +{ + "status": "success", + "data": { + "alerts": [ + { + "labels": { + "alertname": "ClusterNotUpgradeable", + "condition": "Upgradeable", + "endpoint": "metrics", + "name": "version", + "namespace": "openshift-cluster-version", + "severity": "info" + }, + "annotations": { + "description": "In most cases, you will still be able to apply patch releases. Reason MultipleReasons. For more information refer to 'oc adm upgrade' or https://console-openshift-console.apps.ci-ln-8np31z2-72292.gcp-2.ci.openshift.org/settings/cluster/.", + "summary": "One or more cluster operators have been blocking minor or major version cluster updates for at least an hour." + }, + "state": "firing", + "activeAt": "2026-06-22T17:55:24.835299202Z", + "value": "0e+00", + "partialResponseStrategy": "WARN" + }, + { + "labels": { + "alertname": "ClusterOperatorDegraded", + "name": "monitoring", + "namespace": "openshift-cluster-version", + "reason": "UpdatingPrometheusFailed", + "severity": "warning" + }, + "annotations": { + "description": "The monitoring operator is degraded because UpdatingPrometheusFailed, and the components it manages may have reduced quality of service. Cluster upgrades may not complete. For more information refer to 'oc get -o yaml clusteroperator monitoring' or https://console-openshift-console.apps.ci-ln-8np31z2-72292.gcp-2.ci.openshift.org/settings/cluster/.", + "runbook_url": "https://github.com/openshift/runbooks/blob/master/alerts/cluster-monitoring-operator/ClusterOperatorDegraded.md", + "summary": "Cluster operator has been degraded for 30 minutes." + }, + "state": "firing", + "activeAt": "2026-06-22T18:52:24.835299202Z", + "value": "1e+00", + "partialResponseStrategy": "WARN" + }, + { + "labels": { + "alertname": "ClusterOperatorDegraded", + "name": "version", + "namespace": "openshift-cluster-version", + "reason": "ClusterOperatorDegraded", + "severity": "warning" + }, + "annotations": { + "description": "The version operator is degraded because ClusterOperatorDegraded, and the components it manages may have reduced quality of service. Cluster upgrades may not complete. For more information refer to 'oc adm upgrade' or https://console-openshift-console.apps.ci-ln-8np31z2-72292.gcp-2.ci.openshift.org/settings/cluster/.", + "runbook_url": "https://github.com/openshift/runbooks/blob/master/alerts/cluster-monitoring-operator/ClusterOperatorDegraded.md", + "summary": "Cluster operator has been degraded for 30 minutes." + }, + "state": "firing", + "activeAt": "2026-06-22T18:53:24.835299202Z", + "value": "1e+00", + "partialResponseStrategy": "WARN" + }, + { + "labels": { + "alertname": "OpenShiftUpdateRiskMightApply", + "namespace": "openshift-cluster-version", + "reason": "Alert:firing", + "risk": "PodDisruptionBudgetAtLimit", + "severity": "warning" + }, + "annotations": { + "description": "The conditional update risk PodDisruptionBudgetAtLimit might apply to the cluster because of Alert:firing, and the cluster update to a version exposed to the risk is not recommended. For more information refer to 'oc adm upgrade'.", + "runbook_url": "https://github.com/openshift/runbooks/blob/master/alerts/cluster-version-operator/OpenShiftUpdateRiskMightApply.md", + "summary": "The cluster might have been exposed to the conditional update risk for 15 minutes." + }, + "state": "pending", + "activeAt": "2026-06-22T19:30:27.711254056Z", + "value": "1e+00", + "partialResponseStrategy": "WARN" + }, + { + "labels": { + "alertname": "InsightsRecommendationActive", + "container": "insights-operator", + "description": "Enabling the **TechPreviewNoUpgrade** feature set on your cluster\ncan not be undone and prevents minor version updates. Please do\nnot enable this feature set on production clusters.\n", + "endpoint": "https", + "info_link": "https://console.redhat.com/openshift/insights/advisor/clusters/ab59f554-a72f-40c3-87e7-49ebec220e4f?first=ccx_rules_ocp.external.rules.upgrade_is_blocked_due_to_tpfg%7CTECH_PREVIEW_NO_UPGRADE_FEATURE_SET_IS_ENABLED", + "instance": "10.130.0.40:8443", + "job": "metrics", + "namespace": "openshift-insights", + "pod": "insights-operator-584747df49-wqrjp", + "service": "metrics", + "severity": "info", + "total_risk": "Important" + }, + "annotations": { + "description": "Insights recommendation \"Enabling the **TechPreviewNoUpgrade** feature set on your cluster\ncan not be undone and prevents minor version updates. Please do\nnot enable this feature set on production clusters.\n\" with total risk \"Important\" was detected on the cluster. More information is available at https://console.redhat.com/openshift/insights/advisor/clusters/ab59f554-a72f-40c3-87e7-49ebec220e4f?first=ccx_rules_ocp.external.rules.upgrade_is_blocked_due_to_tpfg%7CTECH_PREVIEW_NO_UPGRADE_FEATURE_SET_IS_ENABLED.", + "summary": "An Insights recommendation is active for this cluster." + }, + "state": "firing", + "activeAt": "2026-06-22T17:55:43.284361153Z", + "value": "1e+00", + "partialResponseStrategy": "WARN" + }, + { + "labels": { + "alertname": "TechPreviewNoUpgrade", + "container": "kube-apiserver-operator", + "endpoint": "https", + "instance": "10.130.0.23:8443", + "job": "kube-apiserver-operator", + "name": "TechPreviewNoUpgrade", + "namespace": "openshift-kube-apiserver-operator", + "pod": "kube-apiserver-operator-7d998989dd-l5tww", + "service": "metrics", + "severity": "warning" + }, + "annotations": { + "description": "Cluster has enabled Technology Preview features that cannot be undone and will prevent upgrades. The TechPreviewNoUpgrade feature set is not recommended on production clusters.", + "summary": "Cluster has enabled tech preview features that will prevent upgrades." + }, + "state": "firing", + "activeAt": "2026-06-22T17:55:30.88338992Z", + "value": "0e+00", + "partialResponseStrategy": "WARN" + }, + { + "labels": { + "alertname": "PodDisruptionBudgetAtLimit", + "namespace": "openshift-monitoring", + "poddisruptionbudget": "prometheus-k8s", + "severity": "warning" + }, + "annotations": { + "description": "The pod disruption budget is at the minimum disruptions allowed level. The number of current healthy pods is equal to the desired healthy pods.", + "runbook_url": "https://github.com/openshift/runbooks/blob/master/alerts/cluster-kube-controller-manager-operator/PodDisruptionBudgetAtLimit.md", + "summary": "The pod disruption budget is preventing further disruption to pods." + }, + "state": "firing", + "activeAt": "2026-06-22T18:19:01.64123308Z", + "value": "1e+00", + "partialResponseStrategy": "WARN" + }, + { + "labels": { + "alertname": "Watchdog", + "namespace": "openshift-monitoring", + "severity": "none" + }, + "annotations": { + "description": "This is an alert meant to ensure that the entire alerting pipeline is functional.\nThis alert is always firing, therefore it should always be firing in Alertmanager\nand always fire against a receiver. There are integrations with various notification\nmechanisms that send a notification when this alert is not firing. For example the\n\"DeadMansSnitch\" integration in PagerDuty.\n", + "summary": "An alert that should always be firing to certify that Alertmanager is working properly." + }, + "state": "firing", + "activeAt": "2026-06-22T17:54:52.013519252Z", + "value": "1e+00", + "partialResponseStrategy": "WARN" + }, + { + "labels": { + "alertname": "TargetDown", + "job": "check-endpoints", + "namespace": "openshift-apiserver", + "service": "check-endpoints", + "severity": "warning" + }, + "annotations": { + "description": "100% of the check-endpoints/check-endpoints targets in openshift-apiserver namespace have been unreachable for more than 15 minutes. This may be a symptom of network connectivity issues, down nodes, or failures within these components. Assess the health of the infrastructure and nodes running these targets and then contact support.", + "runbook_url": "https://github.com/openshift/runbooks/blob/master/alerts/cluster-monitoring-operator/TargetDown.md", + "summary": "Some targets were not reachable from the monitoring server for an extended period of time." + }, + "state": "firing", + "activeAt": "2026-06-22T17:55:19.290981414Z", + "value": "1e+02", + "partialResponseStrategy": "WARN" + }, + { + "labels": { + "alertname": "AlertmanagerReceiversNotConfigured", + "namespace": "openshift-monitoring", + "severity": "warning" + }, + "annotations": { + "description": "Alerts are not configured to be sent to a notification system, meaning that you may not be notified in a timely fashion when important failures occur. Check the OpenShift documentation to learn how to configure notifications with Alertmanager.", + "summary": "Receivers (notification integrations) are not configured on Alertmanager" + }, + "state": "firing", + "activeAt": "2026-06-22T17:55:19.616745055Z", + "value": "0e+00", + "partialResponseStrategy": "WARN" + }, + { + "labels": { + "alertname": "ClusterMonitoringOperatorReconciliationErrors", + "container": "cluster-monitoring-operator", + "endpoint": "https", + "instance": "10.130.0.38:8443", + "job": "cluster-monitoring-operator", + "namespace": "openshift-monitoring", + "pod": "cluster-monitoring-operator-56c95fb488-cxqcp", + "service": "cluster-monitoring-operator", + "severity": "warning" + }, + "annotations": { + "description": "Errors are occurring during reconciliation cycles. Inspect the cluster-monitoring-operator log for potential root causes.", + "summary": "Cluster Monitoring Operator is experiencing unexpected reconciliation errors." + }, + "state": "pending", + "activeAt": "2026-06-22T18:41:49.616745055Z", + "value": "0e+00", + "partialResponseStrategy": "WARN" + }, + { + "labels": { + "alertname": "KubePodNotScheduled", + "container": "kube-rbac-proxy-main", + "endpoint": "https-main", + "job": "kube-state-metrics", + "namespace": "openshift-monitoring", + "pod": "prometheus-k8s-0", + "service": "kube-state-metrics", + "severity": "warning", + "uid": "5654bd3d-f61e-4c27-a56b-63eea0effc5e" + }, + "annotations": { + "description": "Pod openshift-monitoring/prometheus-k8s-0 cannot be scheduled for more than 30 minutes.\nCheck the details of the pod with the following command:\noc describe -n openshift-monitoring pod prometheus-k8s-0", + "summary": "Pod cannot be scheduled." + }, + "state": "firing", + "activeAt": "2026-06-22T18:18:49.616745055Z", + "value": "1e+00", + "partialResponseStrategy": "WARN" + }, + { + "labels": { + "alertname": "KubeStatefulSetReplicasMismatch", + "container": "kube-rbac-proxy-main", + "endpoint": "https-main", + "job": "kube-state-metrics", + "namespace": "openshift-monitoring", + "service": "kube-state-metrics", + "severity": "warning", + "statefulset": "prometheus-k8s" + }, + "annotations": { + "description": "StatefulSet openshift-monitoring/prometheus-k8s has not matched the expected number of replicas for longer than 15 minutes.", + "summary": "StatefulSet has not matched the expected number of replicas." + }, + "state": "firing", + "activeAt": "2026-06-22T18:18:49.654575017Z", + "value": "1e+00", + "partialResponseStrategy": "WARN" + } + ] + } +} \ No newline at end of file diff --git a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks-cv.yaml b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks-cv.yaml new file mode 100644 index 0000000000..0e817ea73a --- /dev/null +++ b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks-cv.yaml @@ -0,0 +1,171 @@ +apiVersion: config.openshift.io/v1 +kind: ClusterVersion +metadata: + creationTimestamp: "2026-06-22T17:25:19Z" + generation: 3 + name: version + resourceVersion: "63760" + uid: bc00f3f2-da92-4342-9882-ac16001b3d13 +spec: + channel: candidate-5.0 + clusterID: ab59f554-a72f-40c3-87e7-49ebec220e4f + overrides: + - group: config.openshift.io + kind: ClusterImagePolicy + name: openshift + namespace: "" + unmanaged: true +status: + availableUpdates: null + capabilities: + enabledCapabilities: + - Build + - CSISnapshot + - CloudControllerManager + - CloudCredential + - Console + - DeploymentConfig + - ImageRegistry + - Ingress + - Insights + - MachineAPI + - NodeTuning + - OperatorLifecycleManager + - OperatorLifecycleManagerV1 + - Storage + - baremetal + - marketplace + - openshift-samples + knownCapabilities: + - Build + - CSISnapshot + - CloudControllerManager + - CloudCredential + - Console + - DeploymentConfig + - ImageRegistry + - Ingress + - Insights + - MachineAPI + - NodeTuning + - OperatorLifecycleManager + - OperatorLifecycleManagerV1 + - Storage + - baremetal + - marketplace + - openshift-samples + conditionalUpdateRisks: + - conditions: + - lastTransitionTime: "2026-06-22T18:19:01Z" + message: 'warning alert PodDisruptionBudgetAtLimit firing, which might slow + node drains. Namespace=openshift-monitoring, PodDisruptionBudget=prometheus-k8s. + The pod disruption budget is preventing further disruption to pods. The alert + description is: The pod disruption budget is at the minimum disruptions allowed + level. The number of current healthy pods is equal to the desired healthy + pods. https://github.com/openshift/runbooks/blob/master/alerts/cluster-kube-controller-manager-operator/PodDisruptionBudgetAtLimit.md' + reason: Alert:firing + status: "True" + type: Applies + matchingRules: + - type: Always + message: The pod disruption budget is preventing further disruption to pods. + name: PodDisruptionBudgetAtLimit + url: https://github.com/openshift/runbooks/blob/master/alerts/cluster-kube-controller-manager-operator/PodDisruptionBudgetAtLimit.md + conditionalUpdates: + - conditions: + - lastTransitionTime: "2026-06-22T19:30:17Z" + message: The pod disruption budget is preventing further disruption to pods. + https://github.com/openshift/runbooks/blob/master/alerts/cluster-kube-controller-manager-operator/PodDisruptionBudgetAtLimit.md + reason: PodDisruptionBudgetAtLimit + status: "False" + type: Recommended + release: + channels: + - candidate-5.0 + image: quay.io/openshift-release-dev/ocp-release@sha256:b5ad6b4bb5efbd9b9d88bd42182e85388742b4441a2ff4301c4f5aa8176d5d29 + version: 5.0.0-ec.3 + riskNames: + - PodDisruptionBudgetAtLimit + risks: + - conditions: + - lastTransitionTime: "2026-06-22T18:19:01Z" + message: 'warning alert PodDisruptionBudgetAtLimit firing, which might slow + node drains. Namespace=openshift-monitoring, PodDisruptionBudget=prometheus-k8s. + The pod disruption budget is preventing further disruption to pods. The + alert description is: The pod disruption budget is at the minimum disruptions + allowed level. The number of current healthy pods is equal to the desired + healthy pods. https://github.com/openshift/runbooks/blob/master/alerts/cluster-kube-controller-manager-operator/PodDisruptionBudgetAtLimit.md' + reason: Alert:firing + status: "True" + type: Applies + matchingRules: + - type: Always + message: The pod disruption budget is preventing further disruption to pods. + name: PodDisruptionBudgetAtLimit + url: https://github.com/openshift/runbooks/blob/master/alerts/cluster-kube-controller-manager-operator/PodDisruptionBudgetAtLimit.md + conditions: + - lastTransitionTime: "2026-06-22T19:30:17Z" + status: "True" + type: RetrievedUpdates + - lastTransitionTime: "2026-06-22T17:26:06Z" + message: |- + Cluster should not be upgraded between minor or major versions for multiple reasons: ClusterVersionOverridesSet,FeatureGates_RestrictedFeatureGates_TechPreviewNoUpgrade + * Disabling ownership via cluster version overrides prevents upgrades between minor or major versions. Please remove overrides before requesting a minor or major version update. + * Cluster operator config-operator should not be upgraded between minor or major versions: FeatureGatesUpgradeable: "TechPreviewNoUpgrade" does not allow updates + reason: MultipleReasons + status: "False" + type: Upgradeable + - lastTransitionTime: "2026-06-22T17:26:06Z" + message: Capabilities match configured spec + reason: AsExpected + status: "False" + type: ImplicitlyEnabledCapabilities + - lastTransitionTime: "2026-06-22T17:26:06Z" + message: Payload loaded version="5.0.0-ec.2" image="registry.build12.ci.openshift.org/ci-ln-8np31z2/release@sha256:e8f74fa0423f416cdcd6b35a0769765118c0f8ba9d7e0e25517e41c59483c6af" + architecture="amd64" + reason: PayloadLoaded + status: "True" + type: ReleaseAccepted + - lastTransitionTime: "2026-06-22T17:58:15Z" + message: Done applying 5.0.0-ec.2 + status: "True" + type: Available + - lastTransitionTime: "2026-06-22T18:53:00Z" + message: Cluster operator monitoring is degraded + reason: ClusterOperatorDegraded + status: "True" + type: Failing + - lastTransitionTime: "2026-06-22T17:58:15Z" + message: 'Error while reconciling 5.0.0-ec.2: the cluster operator monitoring + is degraded' + reason: ClusterOperatorDegraded + status: "False" + type: Progressing + - lastTransitionTime: "2026-06-22T17:26:51Z" + message: Disabling ownership via cluster version overrides prevents upgrades between + minor or major versions. Please remove overrides before requesting a minor or + major version update. + reason: ClusterVersionOverridesSet + status: "False" + type: UpgradeableClusterVersionOverrides + - lastTransitionTime: "2026-06-22T17:31:17Z" + message: 'Cluster operator config-operator should not be upgraded between minor + or major versions: FeatureGatesUpgradeable: "TechPreviewNoUpgrade" does not + allow updates' + reason: FeatureGates_RestrictedFeatureGates_TechPreviewNoUpgrade + status: "False" + type: UpgradeableClusterOperators + desired: + channels: + - candidate-5.0 + image: registry.build12.ci.openshift.org/ci-ln-8np31z2/release@sha256:e8f74fa0423f416cdcd6b35a0769765118c0f8ba9d7e0e25517e41c59483c6af + version: 5.0.0-ec.2 + history: + - completionTime: "2026-06-22T17:58:15Z" + image: registry.build12.ci.openshift.org/ci-ln-8np31z2/release@sha256:e8f74fa0423f416cdcd6b35a0769765118c0f8ba9d7e0e25517e41c59483c6af + startedTime: "2026-06-22T17:26:06Z" + state: Completed + verified: false + version: 5.0.0-ec.2 + observedGeneration: 2 + versionHash: cUYyzI3AJLo= diff --git a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks-featuregate.yaml b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks-featuregate.yaml new file mode 100644 index 0000000000..3c7f7ca074 --- /dev/null +++ b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks-featuregate.yaml @@ -0,0 +1,130 @@ +apiVersion: config.openshift.io/v1 +kind: FeatureGate +metadata: + annotations: + include.release.openshift.io/self-managed-high-availability: "true" + creationTimestamp: "2026-06-22T17:25:39Z" + generation: 1 + name: cluster + resourceVersion: "718" + uid: e6d830fe-e07a-4276-8730-fc8d9089d10e +spec: + featureSet: TechPreviewNoUpgrade +status: + featureGates: + - disabled: + - name: ClientsAllowCBOR + - name: ClusterAPIComputeInstall + - name: ClusterAPIControlPlaneInstall + - name: ClusterAPIInstall + - name: ClusterUpdatePreflight + - name: ConfidentialCluster + - name: EventedPLEG + - name: Example2 + - name: ExternalOIDCExternalClaimsSourcing + - name: ExternalSnapshotMetadata + - name: HyperShiftOnlyDynamicResourceAllocation + - name: MachineAPIMigrationVSphere + - name: MachineAPIOperatorDisableMachineHealthCheckController + - name: MultiArchInstallAzure + - name: NetworkConnect + - name: ProvisioningRequestAvailable + - name: ShortCertRotation + - name: VSphereMultiVCenterDay2 + - name: ClusterUpdateAcceptRisks + enabled: + - name: AWSClusterHostedDNS + - name: AWSClusterHostedDNSInstall + - name: AWSDedicatedHosts + - name: AWSDualStackInstall + - name: AWSEuropeanSovereignCloudInstall + - name: AWSServiceLBNetworkSecurityGroup + - name: AdditionalStorageConfig + - name: AutomatedEtcdBackup + - name: AzureClusterHostedDNSInstall + - name: AzureDedicatedHosts + - name: AzureDualStackInstall + - name: AzureMultiDisk + - name: AzureWorkloadIdentity + - name: BootImageSkewEnforcement + - name: BootcNodeManagement + - name: BuildCSIVolumes + - name: CBORServingAndStorage + - name: CRDCompatibilityRequirementOperator + - name: CRIOCredentialProviderConfig + - name: ClientsPreferCBOR + - name: ClusterAPIInstallIBMCloud + - name: ClusterAPIMachineManagement + - name: ClusterAPIMachineManagementAWS + - name: ClusterAPIMachineManagementAzure + - name: ClusterAPIMachineManagementBareMetal + - name: ClusterAPIMachineManagementGCP + - name: ClusterAPIMachineManagementOpenStack + - name: ClusterAPIMachineManagementPowerVS + - name: ClusterAPIMachineManagementVSphere + - name: ClusterMonitoringConfig + - name: ClusterVersionOperatorConfiguration + - name: ConfigurablePKI + - name: DNSNameResolver + - name: DualReplica + - name: DyanmicServiceEndpointIBMCloud + - name: EVPN + - name: EtcdBackendQuota + - name: EventTTL + - name: Example + - name: ExternalOIDC + - name: ExternalOIDCWithUIDAndExtraClaimMappings + - name: ExternalOIDCWithUpstreamParity + - name: GCPCustomAPIEndpoints + - name: GCPCustomAPIEndpointsInstall + - name: GCPDualStackInstall + - name: GatewayAPIWithoutOLM + - name: ImageModeStatusReporting + - name: ImageStreamImportMode + - name: IngressControllerDynamicConfigurationManager + - name: InsightsConfig + - name: InsightsOnDemandDataGather + - name: IrreconcilableMachineConfig + - name: KMSEncryption + - name: KMSv1 + - name: MachineAPIMigration + - name: MachineAPIMigrationAWS + - name: MachineAPIMigrationOpenStack + - name: ManagedBootImagesCPMS + - name: MaxUnavailableStatefulSet + - name: MetricsCollectionProfiles + - name: MinimumKubeletVersion + - name: MixedCPUsAllocation + - name: MultiDiskSetup + - name: MutableCSINodeAllocatableCount + - name: MutatingAdmissionPolicy + - name: NewOLM + - name: NewOLMBoxCutterRuntime + - name: NewOLMCatalogdAPIV1Metas + - name: NewOLMConfigAPI + - name: NewOLMOwnSingleNamespace + - name: NewOLMPreflightPermissionChecks + - name: NewOLMWebhookProviderOpenshiftServiceCA + - name: NoOverlayMode + - name: NoRegistryClusterInstall + - name: NutanixMultiSubnets + - name: OLMLifecycleAndCompatibility + - name: OSStreams + - name: OVNObservability + - name: OnPremDNSRecords + - name: OpenShiftPodSecurityAdmission + - name: SELinuxMount + - name: ServiceAccountTokenNodeBinding + - name: SignatureStores + - name: SigstoreImageVerification + - name: SigstoreImageVerificationPKI + - name: StoragePerformantSecurityPolicy + - name: TLSAdherence + - name: UpgradeStatus + - name: VSphereConfigurableMaxAllowedBlockVolumesPerNode + - name: VSphereHostVMGroupZonal + - name: VSphereMixedNodeEnv + - name: VSphereMultiDisk + - name: VSphereMultiNetworks + - name: VolumeGroupSnapshot + version: 5.0.0-ec.2 diff --git a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks-infrastructure.yaml b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks-infrastructure.yaml new file mode 100644 index 0000000000..ab3c42fe29 --- /dev/null +++ b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks-infrastructure.yaml @@ -0,0 +1,30 @@ +apiVersion: config.openshift.io/v1 +kind: Infrastructure +metadata: + creationTimestamp: "2026-06-22T17:25:11Z" + generation: 1 + name: cluster + resourceVersion: "580" + uid: e7ac2dd3-5925-44fa-b93d-fc2461223d6a +spec: + cloudConfig: + key: config + name: cloud-provider-config + platformSpec: + type: GCP +status: + apiServerInternalURI: https://api-int.ci-ln-8np31z2-72292.gcp-2.ci.openshift.org:6443 + apiServerURL: https://api.ci-ln-8np31z2-72292.gcp-2.ci.openshift.org:6443 + controlPlaneTopology: HighlyAvailable + cpuPartitioning: None + etcdDiscoveryDomain: "" + infrastructureName: ci-ln-8np31z2-72292-nzmck + infrastructureTopology: HighlyAvailable + platform: GCP + platformStatus: + gcp: + cloudLoadBalancerConfig: + dnsType: PlatformDefault + projectID: openshift-gce-devel-ci-2 + region: us-central1 + type: GCP diff --git a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks.output b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks.output new file mode 100644 index 0000000000..e23bc9015e --- /dev/null +++ b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks.output @@ -0,0 +1,23 @@ +Failing=True: + + Reason: ClusterOperatorDegraded + Message: Cluster operator monitoring is degraded + +The following conditions found no cause for concern in updating this cluster to later releases: recommended/CriticalAlerts (AsExpected), recommended/NodeAlerts (AsExpected), recommended/PodImagePullAlerts (AsExpected), recommended/UpdatePrecheckAlerts (AsExpected) + +The following conditions found cause for concern in updating this cluster to later releases: recommended/PodDisruptionBudgetAlerts/PodDisruptionBudgetAtLimit/0 + +recommended/PodDisruptionBudgetAlerts/PodDisruptionBudgetAtLimit/0=False: + + Reason: Alert:firing + Message: warning alert PodDisruptionBudgetAtLimit firing, which might slow node drains. Namespace=openshift-monitoring, PodDisruptionBudget=prometheus-k8s. The pod disruption budget is preventing further disruption to pods. The alert description is: The pod disruption budget is at the minimum disruptions allowed level. The number of current healthy pods is equal to the desired healthy pods. https://github.com/openshift/runbooks/blob/master/alerts/cluster-kube-controller-manager-operator/PodDisruptionBudgetAtLimit.md + +Upstream update service is unset, so the cluster will use an appropriate default. +Channel: candidate-5.0 (available channels: candidate-5.0) + +Updates to 5.0: + + Version: 5.0.0-ec.3 + Image: quay.io/openshift-release-dev/ocp-release@sha256:b5ad6b4bb5efbd9b9d88bd42182e85388742b4441a2ff4301c4f5aa8176d5d29 + Reason: PodDisruptionBudgetAtLimit + Message: The pod disruption budget is preventing further disruption to pods. https://github.com/openshift/runbooks/blob/master/alerts/cluster-kube-controller-manager-operator/PodDisruptionBudgetAtLimit.md diff --git a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks.show-outdated-releases-output b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks.show-outdated-releases-output new file mode 100644 index 0000000000..7de0e8d546 --- /dev/null +++ b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks.show-outdated-releases-output @@ -0,0 +1,20 @@ +Failing=True: + + Reason: ClusterOperatorDegraded + Message: Cluster operator monitoring is degraded + +The following conditions found no cause for concern in updating this cluster to later releases: recommended/CriticalAlerts (AsExpected), recommended/NodeAlerts (AsExpected), recommended/PodImagePullAlerts (AsExpected), recommended/UpdatePrecheckAlerts (AsExpected) + +The following conditions found cause for concern in updating this cluster to later releases: recommended/PodDisruptionBudgetAlerts/PodDisruptionBudgetAtLimit/0 + +recommended/PodDisruptionBudgetAlerts/PodDisruptionBudgetAtLimit/0=False: + + Reason: Alert:firing + Message: warning alert PodDisruptionBudgetAtLimit firing, which might slow node drains. Namespace=openshift-monitoring, PodDisruptionBudget=prometheus-k8s. The pod disruption budget is preventing further disruption to pods. The alert description is: The pod disruption budget is at the minimum disruptions allowed level. The number of current healthy pods is equal to the desired healthy pods. https://github.com/openshift/runbooks/blob/master/alerts/cluster-kube-controller-manager-operator/PodDisruptionBudgetAtLimit.md + +Upstream update service is unset, so the cluster will use an appropriate default. +Channel: candidate-5.0 (available channels: candidate-5.0) + +Updates to 5.0: + VERSION ISSUES + 5.0.0-ec.3 PodDisruptionBudgetAtLimit diff --git a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks.version-1.2.3-not-important-output b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks.version-1.2.3-not-important-output new file mode 100644 index 0000000000..7db3af658e --- /dev/null +++ b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks.version-1.2.3-not-important-output @@ -0,0 +1,18 @@ +Failing=True: + + Reason: ClusterOperatorDegraded + Message: Cluster operator monitoring is degraded + +The following conditions found no cause for concern in updating this cluster to later releases: recommended/CriticalAlerts (AsExpected), recommended/NodeAlerts (AsExpected), recommended/PodImagePullAlerts (AsExpected), recommended/UpdatePrecheckAlerts (AsExpected) + +The following conditions found cause for concern in updating this cluster to later releases: recommended/PodDisruptionBudgetAlerts/PodDisruptionBudgetAtLimit/0 + +recommended/PodDisruptionBudgetAlerts/PodDisruptionBudgetAtLimit/0=False: + + Reason: Alert:firing + Message: warning alert PodDisruptionBudgetAtLimit firing, which might slow node drains. Namespace=openshift-monitoring, PodDisruptionBudget=prometheus-k8s. The pod disruption budget is preventing further disruption to pods. The alert description is: The pod disruption budget is at the minimum disruptions allowed level. The number of current healthy pods is equal to the desired healthy pods. https://github.com/openshift/runbooks/blob/master/alerts/cluster-kube-controller-manager-operator/PodDisruptionBudgetAtLimit.md + +Upstream update service is unset, so the cluster will use an appropriate default. +Channel: candidate-5.0 (available channels: candidate-5.0) + +error: no updates to 1 available, so cannot display context for the requested release 1.2.3-not-important diff --git a/pkg/cli/admin/upgrade/recommend/examples_test.go b/pkg/cli/admin/upgrade/recommend/examples_test.go index 99fe367c2c..ef8ed073bf 100644 --- a/pkg/cli/admin/upgrade/recommend/examples_test.go +++ b/pkg/cli/admin/upgrade/recommend/examples_test.go @@ -71,6 +71,7 @@ func TestExamples(t *testing.T) { "examples/4.22.0-extend-recommended-alert-cv.yaml": "1.2.3-not-important", "examples/4.22.0-extend-recommended-critical-alert-cv.yaml": "1.2.3-not-important", "examples/5.0.0-cvo-handling-risks-cv.yaml": "1.2.3-not-important", + "examples/5.0.0-cvo-not-handling-risks-cv.yaml": "1.2.3-not-important", }, outputSuffixPattern: ".version-%s-output", }, From 67a790ff1a44ac0bc26b622e56228b3780ca7f61 Mon Sep 17 00:00:00 2001 From: Nicholas Bottari Date: Thu, 2 Jul 2026 12:36:21 -0400 Subject: [PATCH 11/11] fix(alerts): fixed specific version number test case and added new message for users trying to use --accept flag when CVO is checking alerts Signed-off-by: Nicholas Bottari --- ...ng-risks.version-1.2.3-not-important-output | 9 --------- ...vo-handling-risks.version-5.0.0-ec.3-output | 15 +++++++++++++++ ...ng-risks.version-1.2.3-not-important-output | 18 ------------------ ...t-handling-risks.version-5.0.0-ec.3-output} | 11 ++++++----- .../admin/upgrade/recommend/examples_test.go | 4 ++-- pkg/cli/admin/upgrade/recommend/recommend.go | 9 ++++++++- 6 files changed, 31 insertions(+), 35 deletions(-) delete mode 100644 pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.version-1.2.3-not-important-output create mode 100644 pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.version-5.0.0-ec.3-output delete mode 100644 pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks.version-1.2.3-not-important-output rename pkg/cli/admin/upgrade/recommend/examples/{5.0.0-cvo-not-handling-risks => 5.0.0-cvo-not-handling-risks.version-5.0.0-ec.3-output} (70%) diff --git a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.version-1.2.3-not-important-output b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.version-1.2.3-not-important-output deleted file mode 100644 index 303389863a..0000000000 --- a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.version-1.2.3-not-important-output +++ /dev/null @@ -1,9 +0,0 @@ -Failing=True: - - Reason: ClusterOperatorDegraded - Message: Cluster operator monitoring is degraded - -Upstream update service is unset, so the cluster will use an appropriate default. -Channel: candidate-5.0 (available channels: candidate-5.0) - -error: no updates to 1 available, so cannot display context for the requested release 1.2.3-not-important diff --git a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.version-5.0.0-ec.3-output b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.version-5.0.0-ec.3-output new file mode 100644 index 0000000000..e8003db818 --- /dev/null +++ b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-handling-risks.version-5.0.0-ec.3-output @@ -0,0 +1,15 @@ +Failing=True: + + Reason: ClusterOperatorDegraded + Message: Cluster operator monitoring is degraded + +Upstream update service is unset, so the cluster will use an appropriate default. +Channel: candidate-5.0 (available channels: candidate-5.0) + +Update to 5.0.0-ec.3 Recommended=False: +Image: quay.io/openshift-release-dev/ocp-release@sha256:b5ad6b4bb5efbd9b9d88bd42182e85388742b4441a2ff4301c4f5aa8176d5d29 +Release URL: +Reason: PodDisruptionBudgetAtLimit +Message: The pod disruption budget is preventing further disruption to pods. https://github.com/openshift/runbooks/blob/master/alerts/cluster-kube-controller-manager-operator/PodDisruptionBudgetAtLimit.md + +error: issues that apply to this cluster but which were not included in --accept: ConditionalUpdateRisk,Failing diff --git a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks.version-1.2.3-not-important-output b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks.version-1.2.3-not-important-output deleted file mode 100644 index 7db3af658e..0000000000 --- a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks.version-1.2.3-not-important-output +++ /dev/null @@ -1,18 +0,0 @@ -Failing=True: - - Reason: ClusterOperatorDegraded - Message: Cluster operator monitoring is degraded - -The following conditions found no cause for concern in updating this cluster to later releases: recommended/CriticalAlerts (AsExpected), recommended/NodeAlerts (AsExpected), recommended/PodImagePullAlerts (AsExpected), recommended/UpdatePrecheckAlerts (AsExpected) - -The following conditions found cause for concern in updating this cluster to later releases: recommended/PodDisruptionBudgetAlerts/PodDisruptionBudgetAtLimit/0 - -recommended/PodDisruptionBudgetAlerts/PodDisruptionBudgetAtLimit/0=False: - - Reason: Alert:firing - Message: warning alert PodDisruptionBudgetAtLimit firing, which might slow node drains. Namespace=openshift-monitoring, PodDisruptionBudget=prometheus-k8s. The pod disruption budget is preventing further disruption to pods. The alert description is: The pod disruption budget is at the minimum disruptions allowed level. The number of current healthy pods is equal to the desired healthy pods. https://github.com/openshift/runbooks/blob/master/alerts/cluster-kube-controller-manager-operator/PodDisruptionBudgetAtLimit.md - -Upstream update service is unset, so the cluster will use an appropriate default. -Channel: candidate-5.0 (available channels: candidate-5.0) - -error: no updates to 1 available, so cannot display context for the requested release 1.2.3-not-important diff --git a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks.version-5.0.0-ec.3-output similarity index 70% rename from pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks rename to pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks.version-5.0.0-ec.3-output index e23bc9015e..1da8430550 100644 --- a/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks +++ b/pkg/cli/admin/upgrade/recommend/examples/5.0.0-cvo-not-handling-risks.version-5.0.0-ec.3-output @@ -15,9 +15,10 @@ recommended/PodDisruptionBudgetAlerts/PodDisruptionBudgetAtLimit/0=False: Upstream update service is unset, so the cluster will use an appropriate default. Channel: candidate-5.0 (available channels: candidate-5.0) -Updates to 5.0: +Update to 5.0.0-ec.3 Recommended=False: +Image: quay.io/openshift-release-dev/ocp-release@sha256:b5ad6b4bb5efbd9b9d88bd42182e85388742b4441a2ff4301c4f5aa8176d5d29 +Release URL: +Reason: PodDisruptionBudgetAtLimit +Message: The pod disruption budget is preventing further disruption to pods. https://github.com/openshift/runbooks/blob/master/alerts/cluster-kube-controller-manager-operator/PodDisruptionBudgetAtLimit.md - Version: 5.0.0-ec.3 - Image: quay.io/openshift-release-dev/ocp-release@sha256:b5ad6b4bb5efbd9b9d88bd42182e85388742b4441a2ff4301c4f5aa8176d5d29 - Reason: PodDisruptionBudgetAtLimit - Message: The pod disruption budget is preventing further disruption to pods. https://github.com/openshift/runbooks/blob/master/alerts/cluster-kube-controller-manager-operator/PodDisruptionBudgetAtLimit.md +error: issues that apply to this cluster but which were not included in --accept: ConditionalUpdateRisk,Failing,PodDisruptionBudgetAtLimit diff --git a/pkg/cli/admin/upgrade/recommend/examples_test.go b/pkg/cli/admin/upgrade/recommend/examples_test.go index ef8ed073bf..4ebf9f8057 100644 --- a/pkg/cli/admin/upgrade/recommend/examples_test.go +++ b/pkg/cli/admin/upgrade/recommend/examples_test.go @@ -70,8 +70,8 @@ func TestExamples(t *testing.T) { "examples/4.19.0-okd-scos.16-cv.yaml": "4.19.0-okd-scos.17", "examples/4.22.0-extend-recommended-alert-cv.yaml": "1.2.3-not-important", "examples/4.22.0-extend-recommended-critical-alert-cv.yaml": "1.2.3-not-important", - "examples/5.0.0-cvo-handling-risks-cv.yaml": "1.2.3-not-important", - "examples/5.0.0-cvo-not-handling-risks-cv.yaml": "1.2.3-not-important", + "examples/5.0.0-cvo-handling-risks-cv.yaml": "5.0.0-ec.3", + "examples/5.0.0-cvo-not-handling-risks-cv.yaml": "5.0.0-ec.3", }, outputSuffixPattern: ".version-%s-output", }, diff --git a/pkg/cli/admin/upgrade/recommend/recommend.go b/pkg/cli/admin/upgrade/recommend/recommend.go index c7874f71a4..3d8e061268 100644 --- a/pkg/cli/admin/upgrade/recommend/recommend.go +++ b/pkg/cli/admin/upgrade/recommend/recommend.go @@ -338,7 +338,14 @@ func (o *options) Run(ctx context.Context) error { } unaccepted := issues.Difference(accept) if unaccepted.Len() > 0 { - return fmt.Errorf("issues that apply to this cluster but which were not included in --accept: %s", strings.Join(sets.List(unaccepted), ",")) + if cvoChecking, err := o.alertsEvaluatedByCVO(ctx); cvoChecking { + if err != nil { + return fmt.Errorf("failed to determine if CVO is checking alerts: %v", err) + } + fmt.Fprintf(o.Out, "Cluster update risks are being handled by the Cluster Version Operator (CVO). Please use `oc adm upgrade accept ...` to accept risks.\n") + } else { + return fmt.Errorf("issues that apply to this cluster but which were not included in --accept: %s", strings.Join(sets.List(unaccepted), ",")) + } } else if issues.Len() > 0 && !o.quiet { fmt.Fprintf(o.Out, "Update to %s has no known issues relevant to this cluster other than the accepted %s.\n", update.Release.Version, strings.Join(sets.List(issues), ",")) }