diff --git a/blocked-edges/4.12.0-OldBootImagesPodmanMissingAuthFlag.yaml b/blocked-edges/4.12.0-OldBootImagesPodmanMissingAuthFlag.yaml new file mode 100644 index 000000000..bba053b43 --- /dev/null +++ b/blocked-edges/4.12.0-OldBootImagesPodmanMissingAuthFlag.yaml @@ -0,0 +1,21 @@ +to: 4.12.0 +from: 4[.]11[.].* +url: https://issues.redhat.com/browse/MCO-540 +name: OldBootImagesPodmanMissingAuthFlag +message: |- + OCP 4.12 started using --authfile flag with podman to perform in-place upgrade on nodes and it does not work with nodes installed with OCP 4.1 version. This risk does not apply if a cluster was installed with version 4.2 or later. +matchingRules: +- type: PromQL + promql: + promql: + topk(1, + label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") + or + label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") + ) + * on () group_left (type) + ( + cluster_infrastructure_provider{type=~"AWS|VSphere|None"} + or + 0 * cluster_infrastructure_provider + ) diff --git a/blocked-edges/4.12.0-rc.8-OldBootImagesPodmanMissingAuthFlag.yaml b/blocked-edges/4.12.0-rc.8-OldBootImagesPodmanMissingAuthFlag.yaml new file mode 100644 index 000000000..f9c5f59a6 --- /dev/null +++ b/blocked-edges/4.12.0-rc.8-OldBootImagesPodmanMissingAuthFlag.yaml @@ -0,0 +1,21 @@ +to: 4.12.0-rc.8 +from: 4[.]11[.].* +url: https://issues.redhat.com/browse/MCO-540 +name: OldBootImagesPodmanMissingAuthFlag +message: |- + OCP 4.12 started using --authfile flag with podman to perform in-place upgrade on nodes and it does not work with nodes installed with OCP 4.1 version. This risk does not apply if a cluster was installed with version 4.2 or later. +matchingRules: +- type: PromQL + promql: + promql: + topk(1, + label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") + or + label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") + ) + * on () group_left (type) + ( + cluster_infrastructure_provider{type=~"AWS|VSphere|None"} + or + 0 * cluster_infrastructure_provider + ) diff --git a/blocked-edges/4.12.1-OldBootImagesPodmanMissingAuthFlag.yaml b/blocked-edges/4.12.1-OldBootImagesPodmanMissingAuthFlag.yaml new file mode 100644 index 000000000..68855beb9 --- /dev/null +++ b/blocked-edges/4.12.1-OldBootImagesPodmanMissingAuthFlag.yaml @@ -0,0 +1,21 @@ +to: 4.12.1 +from: 4[.]11[.].* +url: https://issues.redhat.com/browse/MCO-540 +name: OldBootImagesPodmanMissingAuthFlag +message: |- + OCP 4.12 started using --authfile flag with podman to perform in-place upgrade on nodes and it does not work with nodes installed with OCP 4.1 version. This risk does not apply if a cluster was installed with version 4.2 or later. +matchingRules: +- type: PromQL + promql: + promql: + topk(1, + label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") + or + label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") + ) + * on () group_left (type) + ( + cluster_infrastructure_provider{type=~"AWS|VSphere|None"} + or + 0 * cluster_infrastructure_provider + ) diff --git a/blocked-edges/4.12.2-OldBootImagesPodmanMissingAuthFlag.yaml b/blocked-edges/4.12.2-OldBootImagesPodmanMissingAuthFlag.yaml new file mode 100644 index 000000000..88cd4115e --- /dev/null +++ b/blocked-edges/4.12.2-OldBootImagesPodmanMissingAuthFlag.yaml @@ -0,0 +1,21 @@ +to: 4.12.2 +from: 4[.]11[.].* +url: https://issues.redhat.com/browse/MCO-540 +name: OldBootImagesPodmanMissingAuthFlag +message: |- + OCP 4.12 started using --authfile flag with podman to perform in-place upgrade on nodes and it does not work with nodes installed with OCP 4.1 version. This risk does not apply if a cluster was installed with version 4.2 or later. +matchingRules: +- type: PromQL + promql: + promql: + topk(1, + label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") + or + label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") + ) + * on () group_left (type) + ( + cluster_infrastructure_provider{type=~"AWS|VSphere|None"} + or + 0 * cluster_infrastructure_provider + ) diff --git a/blocked-edges/4.12.3-OldBootImagesPodmanMissingAuthFlag.yaml b/blocked-edges/4.12.3-OldBootImagesPodmanMissingAuthFlag.yaml new file mode 100644 index 000000000..7d7bf05c5 --- /dev/null +++ b/blocked-edges/4.12.3-OldBootImagesPodmanMissingAuthFlag.yaml @@ -0,0 +1,21 @@ +to: 4.12.3 +from: 4[.]11[.].* +url: https://issues.redhat.com/browse/MCO-540 +name: OldBootImagesPodmanMissingAuthFlag +message: |- + OCP 4.12 started using --authfile flag with podman to perform in-place upgrade on nodes and it does not work with nodes installed with OCP 4.1 version. This risk does not apply if a cluster was installed with version 4.2 or later. +matchingRules: +- type: PromQL + promql: + promql: + topk(1, + label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") + or + label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") + ) + * on () group_left (type) + ( + cluster_infrastructure_provider{type=~"AWS|VSphere|None"} + or + 0 * cluster_infrastructure_provider + ) diff --git a/blocked-edges/4.12.4-OldBootImagesPodmanMissingAuthFlag.yaml b/blocked-edges/4.12.4-OldBootImagesPodmanMissingAuthFlag.yaml new file mode 100644 index 000000000..40c4ba7a4 --- /dev/null +++ b/blocked-edges/4.12.4-OldBootImagesPodmanMissingAuthFlag.yaml @@ -0,0 +1,21 @@ +to: 4.12.4 +from: 4[.]11[.].* +url: https://issues.redhat.com/browse/MCO-540 +name: OldBootImagesPodmanMissingAuthFlag +message: |- + OCP 4.12 started using --authfile flag with podman to perform in-place upgrade on nodes and it does not work with nodes installed with OCP 4.1 version. This risk does not apply if a cluster was installed with version 4.2 or later. +matchingRules: +- type: PromQL + promql: + promql: + topk(1, + label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") + or + label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") + ) + * on () group_left (type) + ( + cluster_infrastructure_provider{type=~"AWS|VSphere|None"} + or + 0 * cluster_infrastructure_provider + ) diff --git a/blocked-edges/4.12.5-OldBootImagesPodmanMissingAuthFlag.yaml b/blocked-edges/4.12.5-OldBootImagesPodmanMissingAuthFlag.yaml new file mode 100644 index 000000000..ba73c1c2e --- /dev/null +++ b/blocked-edges/4.12.5-OldBootImagesPodmanMissingAuthFlag.yaml @@ -0,0 +1,21 @@ +to: 4.12.5 +from: 4[.]11[.].* +url: https://issues.redhat.com/browse/MCO-540 +name: OldBootImagesPodmanMissingAuthFlag +message: |- + OCP 4.12 started using --authfile flag with podman to perform in-place upgrade on nodes and it does not work with nodes installed with OCP 4.1 version. This risk does not apply if a cluster was installed with version 4.2 or later. +matchingRules: +- type: PromQL + promql: + promql: + topk(1, + label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") + or + label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") + ) + * on () group_left (type) + ( + cluster_infrastructure_provider{type=~"AWS|VSphere|None"} + or + 0 * cluster_infrastructure_provider + ) diff --git a/blocked-edges/4.12.6-OldBootImagesPodmanMissingAuthFlag.yaml b/blocked-edges/4.12.6-OldBootImagesPodmanMissingAuthFlag.yaml new file mode 100644 index 000000000..603b101f4 --- /dev/null +++ b/blocked-edges/4.12.6-OldBootImagesPodmanMissingAuthFlag.yaml @@ -0,0 +1,21 @@ +to: 4.12.6 +from: 4[.]11[.].* +url: https://issues.redhat.com/browse/MCO-540 +name: OldBootImagesPodmanMissingAuthFlag +message: |- + OCP 4.12 started using --authfile flag with podman to perform in-place upgrade on nodes and it does not work with nodes installed with OCP 4.1 version. This risk does not apply if a cluster was installed with version 4.2 or later. +matchingRules: +- type: PromQL + promql: + promql: + topk(1, + label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") + or + label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") + ) + * on () group_left (type) + ( + cluster_infrastructure_provider{type=~"AWS|VSphere|None"} + or + 0 * cluster_infrastructure_provider + ) diff --git a/blocked-edges/4.12.7-OldBootImagesPodmanMissingAuthFlag.yaml b/blocked-edges/4.12.7-OldBootImagesPodmanMissingAuthFlag.yaml new file mode 100644 index 000000000..0bc247b1d --- /dev/null +++ b/blocked-edges/4.12.7-OldBootImagesPodmanMissingAuthFlag.yaml @@ -0,0 +1,21 @@ +to: 4.12.7 +from: 4[.]11[.].* +url: https://issues.redhat.com/browse/MCO-540 +name: OldBootImagesPodmanMissingAuthFlag +message: |- + OCP 4.12 started using --authfile flag with podman to perform in-place upgrade on nodes and it does not work with nodes installed with OCP 4.1 version. This risk does not apply if a cluster was installed with version 4.2 or later. +matchingRules: +- type: PromQL + promql: + promql: + topk(1, + label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") + or + label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") + ) + * on () group_left (type) + ( + cluster_infrastructure_provider{type=~"AWS|VSphere|None"} + or + 0 * cluster_infrastructure_provider + )