openshift · openshift-merge-robot · Sep 23, 2021 · Sep 15, 2021 · deads2k · Sep 22, 2021
diff --git a/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml b/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml
@@ -112,7 +112,7 @@ spec:
                 - versionHash
               properties:
                 availableUpdates:
-                  description: availableUpdates contains the list of updates that are appropriate for this cluster. This list may be empty if no updates are recommended, if the update service is unavailable, or if an invalid channel has been specified.
+                  description: availableUpdates contains updates recommended for this cluster. Updates which appear in conditionalUpdates but not in availableUpdates may expose this cluster to known issues. This list may be empty if no updates are recommended, if the update service is unavailable, or if an invalid channel has been specified.
                   type: array
                   items:
                     description: Release represents an OpenShift release image and associated metadata.
@@ -133,6 +133,137 @@ spec:
                         description: version is a semantic versioning identifying the update version. When this field is part of spec, version is optional if image is specified.
                         type: string
                   nullable: true
+                conditionalUpdates:
+                  description: conditionalUpdates contains the list of updates that may be recommended for this cluster if it meets specific required conditions. Consumers interested in the set of updates that are actually recommended for this cluster should use availableUpdates. This list may be empty if no updates are recommended, if the update service is unavailable, or if an empty or invalid channel has been specified.
+                  type: array
+                  items:
+                    description: ConditionalUpdate represents an update which is recommended to some clusters on the version the current cluster is reconciling, but which may not be recommended for the current cluster.
+                    type: object
+                    required:
+                      - release
+                      - risks
+                    properties:
+                      conditions:
+                        description: 'conditions represents the observations of the conditional update''s current status. Known types are: * Evaluating, for whether the cluster-version operator will attempt to evaluate any risks[].matchingRules. * Recommended, for whether the update is recommended for the current cluster.'
+                        type: array
+                        items:
+                          description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions.  For example, type FooStatus struct{     // Represents the observations of a foo's current state.     // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"     // +patchMergeKey=type     // +patchStrategy=merge     // +listType=map     // +listMapKey=type     Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n     // other fields }"
+                          type: object
+                          required:
+                            - lastTransitionTime
+                            - message
+                            - reason
+                            - status
+                            - type
+                          properties:
+                            lastTransitionTime:
+                              description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
+                              type: string
+                              format: date-time
+                            message:
+                              description: message is a human readable message indicating details about the transition. This may be an empty string.
+                              type: string
+                              maxLength: 32768
+                            observedGeneration:
+                              description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
+                              type: integer
+                              format: int64
+                              minimum: 0
+                            reason:
+                              description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
+                              type: string
+                              maxLength: 1024
+                              minLength: 1
+                              pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+                            status:
+                              description: status of the condition, one of True, False, Unknown.
+                              type: string
+                              enum:
+                                - "True"
+                                - "False"
+                                - Unknown
+                            type:
+                              description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                              type: string
+                              maxLength: 316
+                              pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+                        x-kubernetes-list-map-keys:
+                          - type
+                        x-kubernetes-list-type: map
+                      release:
+                        description: release is the target of the update.
+                        type: object
+                        properties:
+                          channels:
+                            description: channels is the set of Cincinnati channels to which the release currently belongs.
+                            type: array
+                            items:
+                              type: string
+                          image:
+                            description: image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version.
+                            type: string
+                          url:
+                            description: url contains information about this release. This URL is set by the 'url' metadata property on a release or the metadata returned by the update API and should be displayed as a link in user interfaces. The URL field may not be set for test or nightly releases.
+                            type: string
+                          version:
+                            description: version is a semantic versioning identifying the update version. When this field is part of spec, version is optional if image is specified.
+                            type: string
+                      risks:
+                        description: risks represents the range of issues associated with updating to the target release. The cluster-version operator will evaluate all entries, and only recommend the update if there is at least one entry and all entries recommend the update.
+                        type: array
+                        minItems: 1
+                        items:
+                          description: ConditionalUpdateRisk represents a reason and cluster-state for not recommending a conditional update.
+                          type: object
+                          required:
+                            - matchingRules
+                            - message
+                            - name
+                            - url
+                          properties:
+                            matchingRules:
+                              description: matchingRules is a slice of conditions for deciding which clusters match the risk and which do not. The slice is ordered by decreasing precedence. The cluster-version operator will walk the slice in order, and stop after the first it can successfully evaluate. If no condition can be successfully evaluated, the update will not be recommended.
+                              type: array
+                              minItems: 1
+                              items:
+                                description: ClusterCondition is a union of typed cluster conditions.  The 'type' property determines which of the type-specific properties are relevant. When evaluated on a cluster, the condition may match, not match, or fail to evaluate.
+                                type: object
+                                required:
+                                  - type
+                                properties:
+                                  promql:
+                                    description: promQL represents a cluster condition based on PromQL.
+                                    type: object
+                                    required:
+                                      - promql
+                                    properties:
+                                      promql:
+                                        description: PromQL is a PromQL query classifying clusters. This query query should return a 1 in the match case and a 0 in the does-not-match case case. Queries which return no time series, or which return values besides 0 or 1, are evaluation failures.
+                                        type: string
+                                  type:
+                                    description: type represents the cluster-condition type. This defines the members and semantics of any additional properties.
+                                    type: string
+                                    enum:
+                                      - Always
+                                      - PromQL
+                              x-kubernetes-list-type: atomic
+                            message:
+                              description: message provides additional information about the risk of updating, in the event that matchingRules match the cluster state. This is only to be consumed by humans. It may contain Line Feed characters (U+000A), which should be rendered as new lines.
+                              type: string
+                              minLength: 1
+                            name:
+                              description: name is the CamelCase reason for not recommending a conditional update, in the event that matchingRules match the cluster state.
+                              type: string
+                              minLength: 1
+                            url:
+                              description: url contains information about this risk.
+                              type: string
+                              format: uri
+                              minLength: 1
+                        x-kubernetes-list-map-keys:
+                          - name
+                        x-kubernetes-list-type: map
+                  x-kubernetes-list-type: atomic
                 conditions:
                   description: conditions provides information about the cluster version. The condition "Available" is set to true if the desiredUpdate has been reached. The condition "Progressing" is set to true if an update is being applied. The condition "Degraded" is set to true if an update is currently blocked by a temporary or permanent error. Conditions are only valid for the current desiredUpdate when metadata.generation is equal to status.generation.
                   type: array
@@ -191,6 +322,9 @@ spec:
                       - state
                       - verified
                     properties:
+                      acceptedRisks:
+                        description: acceptedRisks records risks which were accepted to initiate the update. For example, it may menition an Upgradeable=False or missing signature that was overriden via desiredUpdate.force, or an update that was initiated despite not being in the availableUpdates set of recommended update targets.
+                        type: string
                       completionTime:
                         description: completionTime, if set, is when the update was fully applied. The update that is currently being applied will have a null completion time. Completion time will always be set for entries that are not the current update (usually to the started time of the next update).
                         type: string

diff --git a/config/v1/types_cluster_version.go b/config/v1/types_cluster_version.go
@@ -123,14 +123,26 @@ type ClusterVersionStatus struct {
 	// +optional
 	Conditions []ClusterOperatorStatusCondition `json:"conditions,omitempty"`
 
-	// availableUpdates contains the list of updates that are appropriate
-	// for this cluster. This list may be empty if no updates are recommended,
-	// if the update service is unavailable, or if an invalid channel has
-	// been specified.
+	// availableUpdates contains updates recommended for this
+	// cluster. Updates which appear in conditionalUpdates but not in
+	// availableUpdates may expose this cluster to known issues. This list
+	// may be empty if no updates are recommended, if the update service
+	// is unavailable, or if an invalid channel has been specified.
 	// +nullable
 	// +kubebuilder:validation:Required
 	// +required
 	AvailableUpdates []Release `json:"availableUpdates"`
+
+	// conditionalUpdates contains the list of updates that may be
+	// recommended for this cluster if it meets specific required
+	// conditions. Consumers interested in the set of updates that are
+	// actually recommended for this cluster should use
+	// availableUpdates. This list may be empty if no updates are
+	// recommended, if the update service is unavailable, or if an empty
+	// or invalid channel has been specified.
+	// +listType=atomic
+	// +optional
+	ConditionalUpdates []ConditionalUpdate `json:"conditionalUpdates,omitempty"`
 }
 
 // UpdateState is a constant representing whether an update was successfully
@@ -190,6 +202,14 @@ type UpdateHistory struct {
 	// +kubebuilder:validation:Required
 	// +required
 	Verified bool `json:"verified"`
+
+	// acceptedRisks records risks which were accepted to initiate the update.
+	// For example, it may menition an Upgradeable=False or missing signature
+	// that was overriden via desiredUpdate.force, or an update that was
+	// initiated despite not being in the availableUpdates set of recommended
+	// update targets.
+	// +optional
+	AcceptedRisks string `json:"acceptedRisks,omitempty"`
 }
 
 // ClusterID is string RFC4122 uuid.
@@ -290,6 +310,112 @@ type Release struct {
 // availableUpdates field is accurate and recent.
 const RetrievedUpdates ClusterStatusConditionType = "RetrievedUpdates"
 
+// ConditionalUpdate represents an update which is recommended to some
+// clusters on the version the current cluster is reconciling, but which
+// may not be recommended for the current cluster.
+type ConditionalUpdate struct {
+	// release is the target of the update.
+	// +kubebuilder:validation:Required
+	// +required
+	Release Release `json:"release"`
+
+	// risks represents the range of issues associated with
+	// updating to the target release. The cluster-version
+	// operator will evaluate all entries, and only recommend the
+	// update if there is at least one entry and all entries
+	// recommend the update.
+	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:MinItems=1
+	// +patchMergeKey=name
+	// +patchStrategy=merge
+	// +listType=map
+	// +listMapKey=name
+	// +required
+	Risks []ConditionalUpdateRisk `json:"risks"`
+
+	// conditions represents the observations of the conditional update's
+	// current status. Known types are:
+	// * Evaluating, for whether the cluster-version operator will attempt to evaluate any risks[].matchingRules.
+	// * Recommended, for whether the update is recommended for the current cluster.
+	// +patchMergeKey=type
+	// +patchStrategy=merge
+	// +listType=map
+	// +listMapKey=type
+	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
+}
+
+// ConditionalUpdateRisk represents a reason and cluster-state
+// for not recommending a conditional update.
+// +k8s:deepcopy-gen=true
+type ConditionalUpdateRisk struct {
+	// url contains information about this risk.
+	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:Format=uri
+	// +kubebuilder:validation:MinLength=1
+	// +required
+	URL string `json:"url"`
+
+	// name is the CamelCase reason for not recommending a
+	// conditional update, in the event that matchingRules match the
+	// cluster state.
+	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:MinLength=1
+	// +required
+	Name string `json:"name"`
+
+	// message provides additional information about the risk of
+	// updating, in the event that matchingRules match the cluster
+	// state. This is only to be consumed by humans. It may
+	// contain Line Feed characters (U+000A), which should be
+	// rendered as new lines.
+	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:MinLength=1
+	// +required
+	Message string `json:"message"`
+
+	// matchingRules is a slice of conditions for deciding which
+	// clusters match the risk and which do not. The slice is
+	// ordered by decreasing precedence. The cluster-version
+	// operator will walk the slice in order, and stop after the
+	// first it can successfully evaluate. If no condition can be
+	// successfully evaluated, the update will not be recommended.
+	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:MinItems=1
+	// +listType=atomic
+	// +required
+	MatchingRules []ClusterCondition `json:"matchingRules"`
+}
+
+// ClusterCondition is a union of typed cluster conditions.  The 'type'
+// property determines which of the type-specific properties are relevant.
+// When evaluated on a cluster, the condition may match, not match, or
+// fail to evaluate.
+// +k8s:deepcopy-gen=true
+type ClusterCondition struct {
+	// type represents the cluster-condition type. This defines
+	// the members and semantics of any additional properties.
+	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:Enum={"Always","PromQL"}
+	// +required
+	Type string `json:"type"`
+
+	// promQL represents a cluster condition based on PromQL.
+	// +optional
+	PromQL *PromQLClusterCondition `json:"promql,omitempty"`
+}
+
+// PromQLClusterCondition represents a cluster condition based on PromQL.
+type PromQLClusterCondition struct {
+	// PromQL is a PromQL query classifying clusters. This query
+	// query should return a 1 in the match case and a 0 in the
+	// does-not-match case case. Queries which return no time
+	// series, or which return values besides 0 or 1, are
+	// evaluation failures.
+	// +kubebuilder:validation:Required
+	// +required
+	PromQL string `json:"promql"`
+}
+
 // ClusterVersionList is a list of ClusterVersion resources.
 //
 // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).