diff --git a/blocked-edges/4.11.0-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.0-AWSOldBootImageLackAfterburn.yaml index 24dd1e8fb..c301beb8d 100644 --- a/blocked-edges/4.11.0-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.0-AWSOldBootImageLackAfterburn.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImagesLackAfterburn message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.0-MachineConfigRenderingChurn.yaml b/blocked-edges/4.11.0-MachineConfigRenderingChurn.yaml index 1d9cf79ab..9e63ab8ad 100644 --- a/blocked-edges/4.11.0-MachineConfigRenderingChurn.yaml +++ b/blocked-edges/4.11.0-MachineConfigRenderingChurn.yaml @@ -5,9 +5,5 @@ name: MachineConfigRenderingChurn message: |- Clusters with KubletConfigs that do not set 'CSIMigrationOpenStack: true' should remain on 4.10 until they can update to a 4.11 that contains a fix. Clusters that do not contain any KubeletConfigs are unlikely to be exposed. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource="kubeletconfigs.machineconfiguration.openshift.io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.0-arm64-seccomp-error-524.yaml b/blocked-edges/4.11.0-arm64-seccomp-error-524.yaml index d2dd37a3a..0a176d939 100644 --- a/blocked-edges/4.11.0-arm64-seccomp-error-524.yaml +++ b/blocked-edges/4.11.0-arm64-seccomp-error-524.yaml @@ -5,9 +5,5 @@ name: ARM64SecCompError524 message: |- 4.11.0 arm64 nodes may expose container creation to seccomp error 524. matchingRules: -- type: PromQL - promql: - promql: - group(max_over_time(kube_node_labels{label_beta_kubernetes_io_arch="arm64"}[1h])) - or - 0 * group(max_over_time(kube_node_labels[1h])) +- type: Always + diff --git a/blocked-edges/4.11.0-fc.0-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.0-fc.0-AWSOldBootImageLackAfterburn.yaml index 99fa85a04..51278d37c 100644 --- a/blocked-edges/4.11.0-fc.0-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.0-fc.0-AWSOldBootImageLackAfterburn.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImagesLackAfterburn message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.0-fc.0-MachineConfigRenderingChurn.yaml b/blocked-edges/4.11.0-fc.0-MachineConfigRenderingChurn.yaml index b336ff484..1c2652ee5 100644 --- a/blocked-edges/4.11.0-fc.0-MachineConfigRenderingChurn.yaml +++ b/blocked-edges/4.11.0-fc.0-MachineConfigRenderingChurn.yaml @@ -5,9 +5,5 @@ name: MachineConfigRenderingChurn message: |- Clusters with KubletConfigs that do not set 'CSIMigrationOpenStack: true' should remain on 4.10 until they can update to a 4.11 that contains a fix. Clusters that do not contain any KubeletConfigs are unlikely to be exposed. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource="kubeletconfigs.machineconfiguration.openshift.io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.0-fc.0-arm64-seccomp-error-524.yaml b/blocked-edges/4.11.0-fc.0-arm64-seccomp-error-524.yaml index 022489bce..fe730e455 100644 --- a/blocked-edges/4.11.0-fc.0-arm64-seccomp-error-524.yaml +++ b/blocked-edges/4.11.0-fc.0-arm64-seccomp-error-524.yaml @@ -5,9 +5,5 @@ name: ARM64SecCompError524 message: |- 4.11.0-fc.0 arm64 nodes may expose container creation to seccomp error 524. matchingRules: -- type: PromQL - promql: - promql: - group(max_over_time(kube_node_labels{label_beta_kubernetes_io_arch="arm64"}[1h])) - or - 0 * group(max_over_time(kube_node_labels[1h])) +- type: Always + diff --git a/blocked-edges/4.11.0-fc.3-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.0-fc.3-AWSOldBootImageLackAfterburn.yaml index 3fd5edc2a..8ce91b947 100644 --- a/blocked-edges/4.11.0-fc.3-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.0-fc.3-AWSOldBootImageLackAfterburn.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImagesLackAfterburn message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.0-fc.3-MachineConfigRenderingChurn.yaml b/blocked-edges/4.11.0-fc.3-MachineConfigRenderingChurn.yaml index 0236456b5..8dc2346e4 100644 --- a/blocked-edges/4.11.0-fc.3-MachineConfigRenderingChurn.yaml +++ b/blocked-edges/4.11.0-fc.3-MachineConfigRenderingChurn.yaml @@ -5,9 +5,5 @@ name: MachineConfigRenderingChurn message: |- Clusters with KubletConfigs that do not set 'CSIMigrationOpenStack: true' should remain on 4.10 until they can update to a 4.11 that contains a fix. Clusters that do not contain any KubeletConfigs are unlikely to be exposed. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource="kubeletconfigs.machineconfiguration.openshift.io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.0-fc.3-arm64-seccomp-error-524.yaml b/blocked-edges/4.11.0-fc.3-arm64-seccomp-error-524.yaml index 7086157b6..a2bca710d 100644 --- a/blocked-edges/4.11.0-fc.3-arm64-seccomp-error-524.yaml +++ b/blocked-edges/4.11.0-fc.3-arm64-seccomp-error-524.yaml @@ -5,9 +5,5 @@ name: ARM64SecCompError524 message: |- 4.11.0-fc.3 arm64 nodes may expose container creation to seccomp error 524. matchingRules: -- type: PromQL - promql: - promql: - group(max_over_time(kube_node_labels{label_beta_kubernetes_io_arch="arm64"}[1h])) - or - 0 * group(max_over_time(kube_node_labels[1h])) +- type: Always + diff --git a/blocked-edges/4.11.0-rc.0-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.0-rc.0-AWSOldBootImageLackAfterburn.yaml index edfbd6bbe..b4677af68 100644 --- a/blocked-edges/4.11.0-rc.0-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.0-rc.0-AWSOldBootImageLackAfterburn.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImagesLackAfterburn message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.0-rc.0-MachineConfigRenderingChurn.yaml b/blocked-edges/4.11.0-rc.0-MachineConfigRenderingChurn.yaml index f8e5bcbe7..00a830cca 100644 --- a/blocked-edges/4.11.0-rc.0-MachineConfigRenderingChurn.yaml +++ b/blocked-edges/4.11.0-rc.0-MachineConfigRenderingChurn.yaml @@ -5,9 +5,5 @@ name: MachineConfigRenderingChurn message: |- Clusters with KubletConfigs that do not set 'CSIMigrationOpenStack: true' should remain on 4.10 until they can update to a 4.11 that contains a fix. Clusters that do not contain any KubeletConfigs are unlikely to be exposed. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource="kubeletconfigs.machineconfiguration.openshift.io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.0-rc.0-arm64-seccomp-error-524.yaml b/blocked-edges/4.11.0-rc.0-arm64-seccomp-error-524.yaml index af5c65e22..281ca5b83 100644 --- a/blocked-edges/4.11.0-rc.0-arm64-seccomp-error-524.yaml +++ b/blocked-edges/4.11.0-rc.0-arm64-seccomp-error-524.yaml @@ -5,9 +5,5 @@ name: ARM64SecCompError524 message: |- 4.11.0-rc.0 arm64 nodes may expose container creation to seccomp error 524. matchingRules: -- type: PromQL - promql: - promql: - group(max_over_time(kube_node_labels{label_beta_kubernetes_io_arch="arm64"}[1h])) - or - 0 * group(max_over_time(kube_node_labels[1h])) +- type: Always + diff --git a/blocked-edges/4.11.0-rc.1-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.0-rc.1-AWSOldBootImageLackAfterburn.yaml index 4dfc3942c..4abe7ac59 100644 --- a/blocked-edges/4.11.0-rc.1-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.0-rc.1-AWSOldBootImageLackAfterburn.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImagesLackAfterburn message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.0-rc.1-MachineConfigRenderingChurn.yaml b/blocked-edges/4.11.0-rc.1-MachineConfigRenderingChurn.yaml index 11712640a..e30f01767 100644 --- a/blocked-edges/4.11.0-rc.1-MachineConfigRenderingChurn.yaml +++ b/blocked-edges/4.11.0-rc.1-MachineConfigRenderingChurn.yaml @@ -5,9 +5,5 @@ name: MachineConfigRenderingChurn message: |- Clusters with KubletConfigs that do not set 'CSIMigrationOpenStack: true' should remain on 4.10 until they can update to a 4.11 that contains a fix. Clusters that do not contain any KubeletConfigs are unlikely to be exposed. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource="kubeletconfigs.machineconfiguration.openshift.io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.0-rc.1-arm64-seccomp-error-524.yaml b/blocked-edges/4.11.0-rc.1-arm64-seccomp-error-524.yaml index aa797c6d9..e97330fcf 100644 --- a/blocked-edges/4.11.0-rc.1-arm64-seccomp-error-524.yaml +++ b/blocked-edges/4.11.0-rc.1-arm64-seccomp-error-524.yaml @@ -5,9 +5,5 @@ name: ARM64SecCompError524 message: |- 4.11.0-rc.1 arm64 nodes may expose container creation to seccomp error 524. matchingRules: -- type: PromQL - promql: - promql: - group(max_over_time(kube_node_labels{label_beta_kubernetes_io_arch="arm64"}[1h])) - or - 0 * group(max_over_time(kube_node_labels[1h])) +- type: Always + diff --git a/blocked-edges/4.11.0-rc.2-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.0-rc.2-AWSOldBootImageLackAfterburn.yaml index 662edfcab..10871e3d0 100644 --- a/blocked-edges/4.11.0-rc.2-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.0-rc.2-AWSOldBootImageLackAfterburn.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImagesLackAfterburn message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.0-rc.2-MachineConfigRenderingChurn.yaml b/blocked-edges/4.11.0-rc.2-MachineConfigRenderingChurn.yaml index 56d2a0e3a..20ae2ccf1 100644 --- a/blocked-edges/4.11.0-rc.2-MachineConfigRenderingChurn.yaml +++ b/blocked-edges/4.11.0-rc.2-MachineConfigRenderingChurn.yaml @@ -5,9 +5,5 @@ name: MachineConfigRenderingChurn message: |- Clusters with KubletConfigs that do not set 'CSIMigrationOpenStack: true' should remain on 4.10 until they can update to a 4.11 that contains a fix. Clusters that do not contain any KubeletConfigs are unlikely to be exposed. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource="kubeletconfigs.machineconfiguration.openshift.io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.0-rc.2-arm64-seccomp-error-524.yaml b/blocked-edges/4.11.0-rc.2-arm64-seccomp-error-524.yaml index d8d66a20d..477ee46a8 100644 --- a/blocked-edges/4.11.0-rc.2-arm64-seccomp-error-524.yaml +++ b/blocked-edges/4.11.0-rc.2-arm64-seccomp-error-524.yaml @@ -5,9 +5,5 @@ name: ARM64SecCompError524 message: |- 4.11.0-rc.2 arm64 nodes may expose container creation to seccomp error 524. matchingRules: -- type: PromQL - promql: - promql: - group(max_over_time(kube_node_labels{label_beta_kubernetes_io_arch="arm64"}[1h])) - or - 0 * group(max_over_time(kube_node_labels[1h])) +- type: Always + diff --git a/blocked-edges/4.11.0-rc.3-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.0-rc.3-AWSOldBootImageLackAfterburn.yaml index 45cb483fa..5bed251ad 100644 --- a/blocked-edges/4.11.0-rc.3-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.0-rc.3-AWSOldBootImageLackAfterburn.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImagesLackAfterburn message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.0-rc.3-MachineConfigRenderingChurn.yaml b/blocked-edges/4.11.0-rc.3-MachineConfigRenderingChurn.yaml index bb9f2ae9b..5f1949357 100644 --- a/blocked-edges/4.11.0-rc.3-MachineConfigRenderingChurn.yaml +++ b/blocked-edges/4.11.0-rc.3-MachineConfigRenderingChurn.yaml @@ -5,9 +5,5 @@ name: MachineConfigRenderingChurn message: |- Clusters with KubletConfigs that do not set 'CSIMigrationOpenStack: true' should remain on 4.10 until they can update to a 4.11 that contains a fix. Clusters that do not contain any KubeletConfigs are unlikely to be exposed. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource="kubeletconfigs.machineconfiguration.openshift.io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.0-rc.3-arm64-seccomp-error-524.yaml b/blocked-edges/4.11.0-rc.3-arm64-seccomp-error-524.yaml index 924f8bf4a..15d353a57 100644 --- a/blocked-edges/4.11.0-rc.3-arm64-seccomp-error-524.yaml +++ b/blocked-edges/4.11.0-rc.3-arm64-seccomp-error-524.yaml @@ -5,9 +5,5 @@ name: ARM64SecCompError524 message: |- 4.11.0-rc.3 arm64 nodes may expose container creation to seccomp error 524. matchingRules: -- type: PromQL - promql: - promql: - group(max_over_time(kube_node_labels{label_beta_kubernetes_io_arch="arm64"}[1h])) - or - 0 * group(max_over_time(kube_node_labels[1h])) +- type: Always + diff --git a/blocked-edges/4.11.0-rc.4-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.0-rc.4-AWSOldBootImageLackAfterburn.yaml index 42fb73cc1..23cb46958 100644 --- a/blocked-edges/4.11.0-rc.4-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.0-rc.4-AWSOldBootImageLackAfterburn.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImagesLackAfterburn message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.0-rc.4-MachineConfigRenderingChurn.yaml b/blocked-edges/4.11.0-rc.4-MachineConfigRenderingChurn.yaml index 248e16f12..086771140 100644 --- a/blocked-edges/4.11.0-rc.4-MachineConfigRenderingChurn.yaml +++ b/blocked-edges/4.11.0-rc.4-MachineConfigRenderingChurn.yaml @@ -5,9 +5,5 @@ name: MachineConfigRenderingChurn message: |- Clusters with KubletConfigs that do not set 'CSIMigrationOpenStack: true' should remain on 4.10 until they can update to a 4.11 that contains a fix. Clusters that do not contain any KubeletConfigs are unlikely to be exposed. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource="kubeletconfigs.machineconfiguration.openshift.io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.0-rc.4-arm64-seccomp-error-524.yaml b/blocked-edges/4.11.0-rc.4-arm64-seccomp-error-524.yaml index f6630ae19..ec93f6d84 100644 --- a/blocked-edges/4.11.0-rc.4-arm64-seccomp-error-524.yaml +++ b/blocked-edges/4.11.0-rc.4-arm64-seccomp-error-524.yaml @@ -5,9 +5,5 @@ name: ARM64SecCompError524 message: |- 4.11.0-rc.4 arm64 nodes may expose container creation to seccomp error 524. matchingRules: -- type: PromQL - promql: - promql: - group(max_over_time(kube_node_labels{label_beta_kubernetes_io_arch="arm64"}[1h])) - or - 0 * group(max_over_time(kube_node_labels[1h])) +- type: Always + diff --git a/blocked-edges/4.11.0-rc.5-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.0-rc.5-AWSOldBootImageLackAfterburn.yaml index 6dd47dbe0..1d2ee5b0d 100644 --- a/blocked-edges/4.11.0-rc.5-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.0-rc.5-AWSOldBootImageLackAfterburn.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImagesLackAfterburn message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.0-rc.5-MachineConfigRenderingChurn.yaml b/blocked-edges/4.11.0-rc.5-MachineConfigRenderingChurn.yaml index 1ad2a9e11..93a1b73bc 100644 --- a/blocked-edges/4.11.0-rc.5-MachineConfigRenderingChurn.yaml +++ b/blocked-edges/4.11.0-rc.5-MachineConfigRenderingChurn.yaml @@ -5,9 +5,5 @@ name: MachineConfigRenderingChurn message: |- Clusters with KubletConfigs that do not set 'CSIMigrationOpenStack: true' should remain on 4.10 until they can update to a 4.11 that contains a fix. Clusters that do not contain any KubeletConfigs are unlikely to be exposed. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource="kubeletconfigs.machineconfiguration.openshift.io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.0-rc.5-arm64-seccomp-error-524.yaml b/blocked-edges/4.11.0-rc.5-arm64-seccomp-error-524.yaml index bd9fee5ff..befd4551c 100644 --- a/blocked-edges/4.11.0-rc.5-arm64-seccomp-error-524.yaml +++ b/blocked-edges/4.11.0-rc.5-arm64-seccomp-error-524.yaml @@ -5,9 +5,5 @@ name: ARM64SecCompError524 message: |- 4.11.0-rc.5 arm64 nodes may expose container creation to seccomp error 524. matchingRules: -- type: PromQL - promql: - promql: - group(max_over_time(kube_node_labels{label_beta_kubernetes_io_arch="arm64"}[1h])) - or - 0 * group(max_over_time(kube_node_labels[1h])) +- type: Always + diff --git a/blocked-edges/4.11.0-rc.6-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.0-rc.6-AWSOldBootImageLackAfterburn.yaml index c2423bc37..72c519576 100644 --- a/blocked-edges/4.11.0-rc.6-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.0-rc.6-AWSOldBootImageLackAfterburn.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImagesLackAfterburn message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.0-rc.6-MachineConfigRenderingChurn.yaml b/blocked-edges/4.11.0-rc.6-MachineConfigRenderingChurn.yaml index 7b4a0ca55..71085d9a3 100644 --- a/blocked-edges/4.11.0-rc.6-MachineConfigRenderingChurn.yaml +++ b/blocked-edges/4.11.0-rc.6-MachineConfigRenderingChurn.yaml @@ -5,9 +5,5 @@ name: MachineConfigRenderingChurn message: |- Clusters with KubletConfigs that do not set 'CSIMigrationOpenStack: true' should remain on 4.10 until they can update to a 4.11 that contains a fix. Clusters that do not contain any KubeletConfigs are unlikely to be exposed. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource="kubeletconfigs.machineconfiguration.openshift.io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.0-rc.6-arm64-seccomp-error-524.yaml b/blocked-edges/4.11.0-rc.6-arm64-seccomp-error-524.yaml index 915109367..b326f1070 100644 --- a/blocked-edges/4.11.0-rc.6-arm64-seccomp-error-524.yaml +++ b/blocked-edges/4.11.0-rc.6-arm64-seccomp-error-524.yaml @@ -5,9 +5,5 @@ name: ARM64SecCompError524 message: |- 4.11.0-rc.6 arm64 nodes may expose container creation to seccomp error 524. matchingRules: -- type: PromQL - promql: - promql: - group(max_over_time(kube_node_labels{label_beta_kubernetes_io_arch="arm64"}[1h])) - or - 0 * group(max_over_time(kube_node_labels[1h])) +- type: Always + diff --git a/blocked-edges/4.11.0-rc.7-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.0-rc.7-AWSOldBootImageLackAfterburn.yaml index 5dd2569ff..3ee3dbdeb 100644 --- a/blocked-edges/4.11.0-rc.7-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.0-rc.7-AWSOldBootImageLackAfterburn.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImagesLackAfterburn message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.0-rc.7-MachineConfigRenderingChurn.yaml b/blocked-edges/4.11.0-rc.7-MachineConfigRenderingChurn.yaml index a33f35a56..3c434b37c 100644 --- a/blocked-edges/4.11.0-rc.7-MachineConfigRenderingChurn.yaml +++ b/blocked-edges/4.11.0-rc.7-MachineConfigRenderingChurn.yaml @@ -5,9 +5,5 @@ name: MachineConfigRenderingChurn message: |- Clusters with KubletConfigs that do not set 'CSIMigrationOpenStack: true' should remain on 4.10 until they can update to a 4.11 that contains a fix. Clusters that do not contain any KubeletConfigs are unlikely to be exposed. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource="kubeletconfigs.machineconfiguration.openshift.io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.0-rc.7-arm64-seccomp-error-524.yaml b/blocked-edges/4.11.0-rc.7-arm64-seccomp-error-524.yaml index dd32d9909..cded7b133 100644 --- a/blocked-edges/4.11.0-rc.7-arm64-seccomp-error-524.yaml +++ b/blocked-edges/4.11.0-rc.7-arm64-seccomp-error-524.yaml @@ -5,9 +5,5 @@ name: ARM64SecCompError524 message: |- 4.11.0-rc.7 arm64 nodes may expose container creation to seccomp error 524. matchingRules: -- type: PromQL - promql: - promql: - group(max_over_time(kube_node_labels{label_beta_kubernetes_io_arch="arm64"}[1h])) - or - 0 * group(max_over_time(kube_node_labels[1h])) +- type: Always + diff --git a/blocked-edges/4.11.1-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.1-AWSOldBootImageLackAfterburn.yaml index 8e0122756..e3002a2c3 100644 --- a/blocked-edges/4.11.1-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.1-AWSOldBootImageLackAfterburn.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImagesLackAfterburn message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.1-MachineConfigRenderingChurn.yaml b/blocked-edges/4.11.1-MachineConfigRenderingChurn.yaml index 3c53026dd..8a4117ea7 100644 --- a/blocked-edges/4.11.1-MachineConfigRenderingChurn.yaml +++ b/blocked-edges/4.11.1-MachineConfigRenderingChurn.yaml @@ -5,9 +5,5 @@ name: MachineConfigRenderingChurn message: |- Clusters with KubletConfigs that do not set 'CSIMigrationOpenStack: true' should remain on 4.10 until they can update to a 4.11 that contains a fix. Clusters that do not contain any KubeletConfigs are unlikely to be exposed. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource="kubeletconfigs.machineconfiguration.openshift.io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.1-arm64-seccomp-error-524.yaml b/blocked-edges/4.11.1-arm64-seccomp-error-524.yaml index 1c0726669..71a75e638 100644 --- a/blocked-edges/4.11.1-arm64-seccomp-error-524.yaml +++ b/blocked-edges/4.11.1-arm64-seccomp-error-524.yaml @@ -5,9 +5,5 @@ name: ARM64SecCompError524 message: |- 4.11.1 arm64 nodes may expose container creation to seccomp error 524. matchingRules: -- type: PromQL - promql: - promql: - group(max_over_time(kube_node_labels{label_beta_kubernetes_io_arch="arm64"}[1h])) - or - 0 * group(max_over_time(kube_node_labels[1h])) +- type: Always + diff --git a/blocked-edges/4.11.10-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.10-AWSOldBootImageLackAfterburn.yaml index 015cb4093..1ad68b644 100644 --- a/blocked-edges/4.11.10-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.10-AWSOldBootImageLackAfterburn.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImagesLackAfterburn message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.10-MachineConfigRenderingChurn.yaml b/blocked-edges/4.11.10-MachineConfigRenderingChurn.yaml index 1afd1ca0c..353f58483 100644 --- a/blocked-edges/4.11.10-MachineConfigRenderingChurn.yaml +++ b/blocked-edges/4.11.10-MachineConfigRenderingChurn.yaml @@ -5,9 +5,5 @@ name: MachineConfigRenderingChurn message: |- Clusters with KubletConfigs that do not set 'CSIMigrationOpenStack: true' should remain on 4.10 until they can update to a 4.11 that contains a fix. Clusters that do not contain any KubeletConfigs are unlikely to be exposed. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource="kubeletconfigs.machineconfiguration.openshift.io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.10-arm64-seccomp-error-524.yaml b/blocked-edges/4.11.10-arm64-seccomp-error-524.yaml index 39a611900..c4a8cea28 100644 --- a/blocked-edges/4.11.10-arm64-seccomp-error-524.yaml +++ b/blocked-edges/4.11.10-arm64-seccomp-error-524.yaml @@ -5,9 +5,5 @@ name: ARM64SecCompError524 message: |- 4.11.10 arm64 nodes may expose container creation to seccomp error 524. matchingRules: -- type: PromQL - promql: - promql: - group(max_over_time(kube_node_labels{label_beta_kubernetes_io_arch="arm64"}[1h])) - or - 0 * group(max_over_time(kube_node_labels[1h])) +- type: Always + diff --git a/blocked-edges/4.11.11-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.11-AWSOldBootImageLackAfterburn.yaml index 0ed1e0504..0e2baacbe 100644 --- a/blocked-edges/4.11.11-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.11-AWSOldBootImageLackAfterburn.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImagesLackAfterburn message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.11-MachineConfigRenderingChurn.yaml b/blocked-edges/4.11.11-MachineConfigRenderingChurn.yaml index a65643635..7d4553599 100644 --- a/blocked-edges/4.11.11-MachineConfigRenderingChurn.yaml +++ b/blocked-edges/4.11.11-MachineConfigRenderingChurn.yaml @@ -5,9 +5,5 @@ name: MachineConfigRenderingChurn message: |- Clusters with KubletConfigs that do not set 'CSIMigrationOpenStack: true' should remain on 4.10 until they can update to a 4.11 that contains a fix. Clusters that do not contain any KubeletConfigs are unlikely to be exposed. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource="kubeletconfigs.machineconfiguration.openshift.io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.11-arm64-seccomp-error-524.yaml b/blocked-edges/4.11.11-arm64-seccomp-error-524.yaml index 6742eece9..c69571e28 100644 --- a/blocked-edges/4.11.11-arm64-seccomp-error-524.yaml +++ b/blocked-edges/4.11.11-arm64-seccomp-error-524.yaml @@ -5,9 +5,5 @@ name: ARM64SecCompError524 message: |- 4.11.11 arm64 nodes may expose container creation to seccomp error 524. matchingRules: -- type: PromQL - promql: - promql: - group(max_over_time(kube_node_labels{label_beta_kubernetes_io_arch="arm64"}[1h])) - or - 0 * group(max_over_time(kube_node_labels[1h])) +- type: Always + diff --git a/blocked-edges/4.11.12-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.12-AWSOldBootImageLackAfterburn.yaml index 4ab7a62b9..eee1a4a08 100644 --- a/blocked-edges/4.11.12-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.12-AWSOldBootImageLackAfterburn.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImagesLackAfterburn message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.12-MachineConfigRenderingChurn.yaml b/blocked-edges/4.11.12-MachineConfigRenderingChurn.yaml index 0b4acf420..3f7e447db 100644 --- a/blocked-edges/4.11.12-MachineConfigRenderingChurn.yaml +++ b/blocked-edges/4.11.12-MachineConfigRenderingChurn.yaml @@ -5,9 +5,5 @@ name: MachineConfigRenderingChurn message: |- Clusters with KubletConfigs that do not set 'CSIMigrationOpenStack: true' should remain on 4.10 until they can update to a 4.11 that contains a fix. Clusters that do not contain any KubeletConfigs are unlikely to be exposed. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource="kubeletconfigs.machineconfiguration.openshift.io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.12-arm64-seccomp-error-524.yaml b/blocked-edges/4.11.12-arm64-seccomp-error-524.yaml index 423af132e..d159d2263 100644 --- a/blocked-edges/4.11.12-arm64-seccomp-error-524.yaml +++ b/blocked-edges/4.11.12-arm64-seccomp-error-524.yaml @@ -5,9 +5,5 @@ name: ARM64SecCompError524 message: |- 4.11.12 arm64 nodes may expose container creation to seccomp error 524. matchingRules: -- type: PromQL - promql: - promql: - group(max_over_time(kube_node_labels{label_beta_kubernetes_io_arch="arm64"}[1h])) - or - 0 * group(max_over_time(kube_node_labels[1h])) +- type: Always + diff --git a/blocked-edges/4.11.13-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.13-AWSOldBootImageLackAfterburn.yaml index 560400553..9ecea2395 100644 --- a/blocked-edges/4.11.13-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.13-AWSOldBootImageLackAfterburn.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImagesLackAfterburn message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.13-MachineConfigRenderingChurn.yaml b/blocked-edges/4.11.13-MachineConfigRenderingChurn.yaml index e0b8b64a8..837dd83b9 100644 --- a/blocked-edges/4.11.13-MachineConfigRenderingChurn.yaml +++ b/blocked-edges/4.11.13-MachineConfigRenderingChurn.yaml @@ -5,9 +5,5 @@ name: MachineConfigRenderingChurn message: |- Clusters with KubletConfigs that do not set 'CSIMigrationOpenStack: true' should remain on 4.10 until they can update to a 4.11 that contains a fix. Clusters that do not contain any KubeletConfigs are unlikely to be exposed. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource="kubeletconfigs.machineconfiguration.openshift.io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.13-arm64-seccomp-error-524.yaml b/blocked-edges/4.11.13-arm64-seccomp-error-524.yaml index c9998a2ff..1ba94565d 100644 --- a/blocked-edges/4.11.13-arm64-seccomp-error-524.yaml +++ b/blocked-edges/4.11.13-arm64-seccomp-error-524.yaml @@ -5,9 +5,5 @@ name: ARM64SecCompError524 message: |- 4.11.13 arm64 nodes may expose container creation to seccomp error 524. matchingRules: -- type: PromQL - promql: - promql: - group(max_over_time(kube_node_labels{label_beta_kubernetes_io_arch="arm64"}[1h])) - or - 0 * group(max_over_time(kube_node_labels[1h])) +- type: Always + diff --git a/blocked-edges/4.11.14-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.14-AWSOldBootImageLackAfterburn.yaml index 417c8e31e..3ec97b08d 100644 --- a/blocked-edges/4.11.14-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.14-AWSOldBootImageLackAfterburn.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImagesLackAfterburn message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.14-MachineConfigRenderingChurn.yaml b/blocked-edges/4.11.14-MachineConfigRenderingChurn.yaml index b1043278f..31f198119 100644 --- a/blocked-edges/4.11.14-MachineConfigRenderingChurn.yaml +++ b/blocked-edges/4.11.14-MachineConfigRenderingChurn.yaml @@ -5,9 +5,5 @@ name: MachineConfigRenderingChurn message: |- Clusters with KubletConfigs that do not set 'CSIMigrationOpenStack: true' should remain on 4.10 until they can update to a 4.11 that contains a fix. Clusters that do not contain any KubeletConfigs are unlikely to be exposed. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource="kubeletconfigs.machineconfiguration.openshift.io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.14-arm64-seccomp-error-524.yaml b/blocked-edges/4.11.14-arm64-seccomp-error-524.yaml index 62da7d966..6af543f30 100644 --- a/blocked-edges/4.11.14-arm64-seccomp-error-524.yaml +++ b/blocked-edges/4.11.14-arm64-seccomp-error-524.yaml @@ -5,9 +5,5 @@ name: ARM64SecCompError524 message: |- 4.11.14 arm64 nodes may expose container creation to seccomp error 524. matchingRules: -- type: PromQL - promql: - promql: - group(max_over_time(kube_node_labels{label_beta_kubernetes_io_arch="arm64"}[1h])) - or - 0 * group(max_over_time(kube_node_labels[1h])) +- type: Always + diff --git a/blocked-edges/4.11.16-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.16-AWSOldBootImageLackAfterburn.yaml index 1eff8b52a..98010f00d 100644 --- a/blocked-edges/4.11.16-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.16-AWSOldBootImageLackAfterburn.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImagesLackAfterburn message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.16-MachineConfigRenderingChurn.yaml b/blocked-edges/4.11.16-MachineConfigRenderingChurn.yaml index 9a01cc2d6..2b58aa55e 100644 --- a/blocked-edges/4.11.16-MachineConfigRenderingChurn.yaml +++ b/blocked-edges/4.11.16-MachineConfigRenderingChurn.yaml @@ -5,9 +5,5 @@ name: MachineConfigRenderingChurn message: |- Clusters with KubletConfigs that do not set 'CSIMigrationOpenStack: true' should remain on 4.10 until they can update to a 4.11 that contains a fix. Clusters that do not contain any KubeletConfigs are unlikely to be exposed. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource="kubeletconfigs.machineconfiguration.openshift.io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.16-arm64-seccomp-error-524.yaml b/blocked-edges/4.11.16-arm64-seccomp-error-524.yaml index b5870be1c..d859ab356 100644 --- a/blocked-edges/4.11.16-arm64-seccomp-error-524.yaml +++ b/blocked-edges/4.11.16-arm64-seccomp-error-524.yaml @@ -5,9 +5,5 @@ name: ARM64SecCompError524 message: |- 4.11.16 arm64 nodes may expose container creation to seccomp error 524. matchingRules: -- type: PromQL - promql: - promql: - group(max_over_time(kube_node_labels{label_beta_kubernetes_io_arch="arm64"}[1h])) - or - 0 * group(max_over_time(kube_node_labels[1h])) +- type: Always + diff --git a/blocked-edges/4.11.17-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.17-AWSOldBootImageLackAfterburn.yaml index e1a83e2af..d3c87f1f0 100644 --- a/blocked-edges/4.11.17-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.17-AWSOldBootImageLackAfterburn.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImagesLackAfterburn message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.17-MachineConfigRenderingChurn.yaml b/blocked-edges/4.11.17-MachineConfigRenderingChurn.yaml index dbe7ef2b1..730f21751 100644 --- a/blocked-edges/4.11.17-MachineConfigRenderingChurn.yaml +++ b/blocked-edges/4.11.17-MachineConfigRenderingChurn.yaml @@ -5,9 +5,5 @@ name: MachineConfigRenderingChurn message: |- Clusters with KubletConfigs that do not set 'CSIMigrationOpenStack: true' should remain on 4.10 until they can update to a 4.11 that contains a fix. Clusters that do not contain any KubeletConfigs are unlikely to be exposed. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource="kubeletconfigs.machineconfiguration.openshift.io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.17-arm64-seccomp-error-524.yaml b/blocked-edges/4.11.17-arm64-seccomp-error-524.yaml index d69e50990..e576effbf 100644 --- a/blocked-edges/4.11.17-arm64-seccomp-error-524.yaml +++ b/blocked-edges/4.11.17-arm64-seccomp-error-524.yaml @@ -5,9 +5,5 @@ name: ARM64SecCompError524 message: |- 4.11.17 arm64 nodes may expose container creation to seccomp error 524. matchingRules: -- type: PromQL - promql: - promql: - group(max_over_time(kube_node_labels{label_beta_kubernetes_io_arch="arm64"}[1h])) - or - 0 * group(max_over_time(kube_node_labels[1h])) +- type: Always + diff --git a/blocked-edges/4.11.18-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.18-AWSOldBootImageLackAfterburn.yaml index bad532ed6..74b798a1e 100644 --- a/blocked-edges/4.11.18-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.18-AWSOldBootImageLackAfterburn.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImagesLackAfterburn message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.18-MachineConfigRenderingChurn.yaml b/blocked-edges/4.11.18-MachineConfigRenderingChurn.yaml index ebafd4bd3..926699cd8 100644 --- a/blocked-edges/4.11.18-MachineConfigRenderingChurn.yaml +++ b/blocked-edges/4.11.18-MachineConfigRenderingChurn.yaml @@ -5,9 +5,5 @@ name: MachineConfigRenderingChurn message: |- Clusters with KubletConfigs that do not set 'CSIMigrationOpenStack: true' should remain on 4.10 until they can update to a 4.11 that contains a fix. Clusters that do not contain any KubeletConfigs are unlikely to be exposed. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource="kubeletconfigs.machineconfiguration.openshift.io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.18-arm64-seccomp-error-524.yaml b/blocked-edges/4.11.18-arm64-seccomp-error-524.yaml index 7e4fe5186..e52a9cbe5 100644 --- a/blocked-edges/4.11.18-arm64-seccomp-error-524.yaml +++ b/blocked-edges/4.11.18-arm64-seccomp-error-524.yaml @@ -5,9 +5,5 @@ name: ARM64SecCompError524 message: |- 4.11.18 arm64 nodes may expose container creation to seccomp error 524. matchingRules: -- type: PromQL - promql: - promql: - group(max_over_time(kube_node_labels{label_beta_kubernetes_io_arch="arm64"}[1h])) - or - 0 * group(max_over_time(kube_node_labels[1h])) +- type: Always + diff --git a/blocked-edges/4.11.19-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.19-AWSOldBootImageLackAfterburn.yaml index 65bd773d3..1d98f05f2 100644 --- a/blocked-edges/4.11.19-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.19-AWSOldBootImageLackAfterburn.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImagesLackAfterburn message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.19-MachineConfigRenderingChurn.yaml b/blocked-edges/4.11.19-MachineConfigRenderingChurn.yaml index 0ad42c070..bd04dff8b 100644 --- a/blocked-edges/4.11.19-MachineConfigRenderingChurn.yaml +++ b/blocked-edges/4.11.19-MachineConfigRenderingChurn.yaml @@ -5,9 +5,5 @@ name: MachineConfigRenderingChurn message: |- Clusters with KubletConfigs that do not set 'CSIMigrationOpenStack: true' should remain on 4.10 until they can update to a 4.11 that contains a fix. Clusters that do not contain any KubeletConfigs are unlikely to be exposed. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource="kubeletconfigs.machineconfiguration.openshift.io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.19-arm64-seccomp-error-524.yaml b/blocked-edges/4.11.19-arm64-seccomp-error-524.yaml index 82d66ee2c..56b21645c 100644 --- a/blocked-edges/4.11.19-arm64-seccomp-error-524.yaml +++ b/blocked-edges/4.11.19-arm64-seccomp-error-524.yaml @@ -5,9 +5,5 @@ name: ARM64SecCompError524 message: |- 4.11.19 arm64 nodes may expose container creation to seccomp error 524. matchingRules: -- type: PromQL - promql: - promql: - group(max_over_time(kube_node_labels{label_beta_kubernetes_io_arch="arm64"}[1h])) - or - 0 * group(max_over_time(kube_node_labels[1h])) +- type: Always + diff --git a/blocked-edges/4.11.2-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.2-AWSOldBootImageLackAfterburn.yaml index f28f5089a..b8cbbe558 100644 --- a/blocked-edges/4.11.2-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.2-AWSOldBootImageLackAfterburn.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImagesLackAfterburn message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.2-MachineConfigRenderingChurn.yaml b/blocked-edges/4.11.2-MachineConfigRenderingChurn.yaml index e5899abad..4c8bc99d3 100644 --- a/blocked-edges/4.11.2-MachineConfigRenderingChurn.yaml +++ b/blocked-edges/4.11.2-MachineConfigRenderingChurn.yaml @@ -5,9 +5,5 @@ name: MachineConfigRenderingChurn message: |- Clusters with KubletConfigs that do not set 'CSIMigrationOpenStack: true' should remain on 4.10 until they can update to a 4.11 that contains a fix. Clusters that do not contain any KubeletConfigs are unlikely to be exposed. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource="kubeletconfigs.machineconfiguration.openshift.io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.2-arm64-seccomp-error-524.yaml b/blocked-edges/4.11.2-arm64-seccomp-error-524.yaml index cd4d8185b..e64bf95a5 100644 --- a/blocked-edges/4.11.2-arm64-seccomp-error-524.yaml +++ b/blocked-edges/4.11.2-arm64-seccomp-error-524.yaml @@ -5,9 +5,5 @@ name: ARM64SecCompError524 message: |- 4.11.2 arm64 nodes may expose container creation to seccomp error 524. matchingRules: -- type: PromQL - promql: - promql: - group(max_over_time(kube_node_labels{label_beta_kubernetes_io_arch="arm64"}[1h])) - or - 0 * group(max_over_time(kube_node_labels[1h])) +- type: Always + diff --git a/blocked-edges/4.11.20-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.20-AWSOldBootImageLackAfterburn.yaml index 63e015324..1b9dd3e5f 100644 --- a/blocked-edges/4.11.20-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.20-AWSOldBootImageLackAfterburn.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImagesLackAfterburn message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.20-MachineConfigRenderingChurn.yaml b/blocked-edges/4.11.20-MachineConfigRenderingChurn.yaml index 963f2570e..4229963e9 100644 --- a/blocked-edges/4.11.20-MachineConfigRenderingChurn.yaml +++ b/blocked-edges/4.11.20-MachineConfigRenderingChurn.yaml @@ -5,9 +5,5 @@ name: MachineConfigRenderingChurn message: |- Clusters with KubletConfigs that do not set 'CSIMigrationOpenStack: true' should remain on 4.10 until they can update to a 4.11 that contains a fix. Clusters that do not contain any KubeletConfigs are unlikely to be exposed. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource="kubeletconfigs.machineconfiguration.openshift.io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.20-arm64-seccomp-error-524.yaml b/blocked-edges/4.11.20-arm64-seccomp-error-524.yaml index 3fab08ad2..7a972f70a 100644 --- a/blocked-edges/4.11.20-arm64-seccomp-error-524.yaml +++ b/blocked-edges/4.11.20-arm64-seccomp-error-524.yaml @@ -5,9 +5,5 @@ name: ARM64SecCompError524 message: |- 4.11.20 arm64 nodes may expose container creation to seccomp error 524. matchingRules: -- type: PromQL - promql: - promql: - group(max_over_time(kube_node_labels{label_beta_kubernetes_io_arch="arm64"}[1h])) - or - 0 * group(max_over_time(kube_node_labels[1h])) +- type: Always + diff --git a/blocked-edges/4.11.21-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.21-AWSOldBootImageLackAfterburn.yaml index 71d2de9e4..86f7bd672 100644 --- a/blocked-edges/4.11.21-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.21-AWSOldBootImageLackAfterburn.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImagesLackAfterburn message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.21-MachineConfigRenderingChurn.yaml b/blocked-edges/4.11.21-MachineConfigRenderingChurn.yaml index f32c9646f..1dc248735 100644 --- a/blocked-edges/4.11.21-MachineConfigRenderingChurn.yaml +++ b/blocked-edges/4.11.21-MachineConfigRenderingChurn.yaml @@ -5,9 +5,5 @@ name: MachineConfigRenderingChurn message: |- Clusters with KubletConfigs that do not set 'CSIMigrationOpenStack: true' should remain on 4.10 until they can update to a 4.11 that contains a fix. Clusters that do not contain any KubeletConfigs are unlikely to be exposed. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource="kubeletconfigs.machineconfiguration.openshift.io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.21-arm64-seccomp-error-524.yaml b/blocked-edges/4.11.21-arm64-seccomp-error-524.yaml index d2db0df9b..385b3dab9 100644 --- a/blocked-edges/4.11.21-arm64-seccomp-error-524.yaml +++ b/blocked-edges/4.11.21-arm64-seccomp-error-524.yaml @@ -5,9 +5,5 @@ name: ARM64SecCompError524 message: |- 4.11.21 arm64 nodes may expose container creation to seccomp error 524. matchingRules: -- type: PromQL - promql: - promql: - group(max_over_time(kube_node_labels{label_beta_kubernetes_io_arch="arm64"}[1h])) - or - 0 * group(max_over_time(kube_node_labels[1h])) +- type: Always + diff --git a/blocked-edges/4.11.22-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.22-AWSOldBootImageLackAfterburn.yaml index b5b494644..aad1f4824 100644 --- a/blocked-edges/4.11.22-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.22-AWSOldBootImageLackAfterburn.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImagesLackAfterburn message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.22-MachineConfigRenderingChurn.yaml b/blocked-edges/4.11.22-MachineConfigRenderingChurn.yaml index ff66b25a0..21a61c5c9 100644 --- a/blocked-edges/4.11.22-MachineConfigRenderingChurn.yaml +++ b/blocked-edges/4.11.22-MachineConfigRenderingChurn.yaml @@ -5,9 +5,5 @@ name: MachineConfigRenderingChurn message: |- Clusters with KubletConfigs that do not set 'CSIMigrationOpenStack: true' should remain on 4.10 until they can update to a 4.11 that contains a fix. Clusters that do not contain any KubeletConfigs are unlikely to be exposed. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource="kubeletconfigs.machineconfiguration.openshift.io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.22-arm64-seccomp-error-524.yaml b/blocked-edges/4.11.22-arm64-seccomp-error-524.yaml index cc1b145fa..ab8bd4b54 100644 --- a/blocked-edges/4.11.22-arm64-seccomp-error-524.yaml +++ b/blocked-edges/4.11.22-arm64-seccomp-error-524.yaml @@ -5,9 +5,5 @@ name: ARM64SecCompError524 message: |- 4.11.22 arm64 nodes may expose container creation to seccomp error 524. matchingRules: -- type: PromQL - promql: - promql: - group(max_over_time(kube_node_labels{label_beta_kubernetes_io_arch="arm64"}[1h])) - or - 0 * group(max_over_time(kube_node_labels[1h])) +- type: Always + diff --git a/blocked-edges/4.11.23-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.23-AWSOldBootImageLackAfterburn.yaml index 36f065516..f09131740 100644 --- a/blocked-edges/4.11.23-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.23-AWSOldBootImageLackAfterburn.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImagesLackAfterburn message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.23-MachineConfigRenderingChurn.yaml b/blocked-edges/4.11.23-MachineConfigRenderingChurn.yaml index bcf50eeb7..12fbc0f01 100644 --- a/blocked-edges/4.11.23-MachineConfigRenderingChurn.yaml +++ b/blocked-edges/4.11.23-MachineConfigRenderingChurn.yaml @@ -5,9 +5,5 @@ name: MachineConfigRenderingChurn message: |- Clusters with KubletConfigs that do not set 'CSIMigrationOpenStack: true' should remain on 4.10 until they can update to a 4.11 that contains a fix. Clusters that do not contain any KubeletConfigs are unlikely to be exposed. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource="kubeletconfigs.machineconfiguration.openshift.io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.23-arm64-seccomp-error-524.yaml b/blocked-edges/4.11.23-arm64-seccomp-error-524.yaml index e4b8350b7..7ef448d86 100644 --- a/blocked-edges/4.11.23-arm64-seccomp-error-524.yaml +++ b/blocked-edges/4.11.23-arm64-seccomp-error-524.yaml @@ -5,9 +5,5 @@ name: ARM64SecCompError524 message: |- 4.11.23 arm64 nodes may expose container creation to seccomp error 524. matchingRules: -- type: PromQL - promql: - promql: - group(max_over_time(kube_node_labels{label_beta_kubernetes_io_arch="arm64"}[1h])) - or - 0 * group(max_over_time(kube_node_labels[1h])) +- type: Always + diff --git a/blocked-edges/4.11.24-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.24-AWSOldBootImageLackAfterburn.yaml index 8cebe00ce..a4275aff6 100644 --- a/blocked-edges/4.11.24-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.24-AWSOldBootImageLackAfterburn.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImagesLackAfterburn message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.24-MachineConfigRenderingChurn.yaml b/blocked-edges/4.11.24-MachineConfigRenderingChurn.yaml index 677a506fd..cef0bee28 100644 --- a/blocked-edges/4.11.24-MachineConfigRenderingChurn.yaml +++ b/blocked-edges/4.11.24-MachineConfigRenderingChurn.yaml @@ -5,9 +5,5 @@ name: MachineConfigRenderingChurn message: |- Clusters with KubletConfigs that do not set 'CSIMigrationOpenStack: true' should remain on 4.10 until they can update to a 4.11 that contains a fix. Clusters that do not contain any KubeletConfigs are unlikely to be exposed. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource="kubeletconfigs.machineconfiguration.openshift.io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.24-arm64-seccomp-error-524.yaml b/blocked-edges/4.11.24-arm64-seccomp-error-524.yaml index da3093808..851841900 100644 --- a/blocked-edges/4.11.24-arm64-seccomp-error-524.yaml +++ b/blocked-edges/4.11.24-arm64-seccomp-error-524.yaml @@ -5,9 +5,5 @@ name: ARM64SecCompError524 message: |- 4.11.24 arm64 nodes may expose container creation to seccomp error 524. matchingRules: -- type: PromQL - promql: - promql: - group(max_over_time(kube_node_labels{label_beta_kubernetes_io_arch="arm64"}[1h])) - or - 0 * group(max_over_time(kube_node_labels[1h])) +- type: Always + diff --git a/blocked-edges/4.11.25-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.25-AWSOldBootImageLackAfterburn.yaml index ca58e2c0b..9514bc943 100644 --- a/blocked-edges/4.11.25-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.25-AWSOldBootImageLackAfterburn.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImagesLackAfterburn message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.25-MachineConfigRenderingChurn.yaml b/blocked-edges/4.11.25-MachineConfigRenderingChurn.yaml index 46af0db14..0fe9c0b93 100644 --- a/blocked-edges/4.11.25-MachineConfigRenderingChurn.yaml +++ b/blocked-edges/4.11.25-MachineConfigRenderingChurn.yaml @@ -6,9 +6,5 @@ fixedIn: 4.11.26 message: |- Clusters with KubletConfigs that do not set 'CSIMigrationOpenStack: true' should remain on 4.10 until they can update to a 4.11 that contains a fix. Clusters that do not contain any KubeletConfigs are unlikely to be exposed. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource="kubeletconfigs.machineconfiguration.openshift.io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.25-arm64-seccomp-error-524.yaml b/blocked-edges/4.11.25-arm64-seccomp-error-524.yaml index b650498ca..f6fc2c79b 100644 --- a/blocked-edges/4.11.25-arm64-seccomp-error-524.yaml +++ b/blocked-edges/4.11.25-arm64-seccomp-error-524.yaml @@ -5,9 +5,5 @@ name: ARM64SecCompError524 message: |- 4.11.25 arm64 nodes may expose container creation to seccomp error 524. matchingRules: -- type: PromQL - promql: - promql: - group(max_over_time(kube_node_labels{label_beta_kubernetes_io_arch="arm64"}[1h])) - or - 0 * group(max_over_time(kube_node_labels[1h])) +- type: Always + diff --git a/blocked-edges/4.11.26-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.26-AWSOldBootImageLackAfterburn.yaml index aa343dc39..e33e7c329 100644 --- a/blocked-edges/4.11.26-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.26-AWSOldBootImageLackAfterburn.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImagesLackAfterburn message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.26-arm64-seccomp-error-524.yaml b/blocked-edges/4.11.26-arm64-seccomp-error-524.yaml index b55374b36..415e64eac 100644 --- a/blocked-edges/4.11.26-arm64-seccomp-error-524.yaml +++ b/blocked-edges/4.11.26-arm64-seccomp-error-524.yaml @@ -6,9 +6,5 @@ name: ARM64SecCompError524 message: |- 4.11.26 arm64 nodes may expose container creation to seccomp error 524. matchingRules: -- type: PromQL - promql: - promql: - group(max_over_time(kube_node_labels{label_beta_kubernetes_io_arch="arm64"}[1h])) - or - 0 * group(max_over_time(kube_node_labels[1h])) +- type: Always + diff --git a/blocked-edges/4.11.26-leaked-machineconfig.yaml b/blocked-edges/4.11.26-leaked-machineconfig.yaml index 09f4f6a05..9a429d796 100644 --- a/blocked-edges/4.11.26-leaked-machineconfig.yaml +++ b/blocked-edges/4.11.26-leaked-machineconfig.yaml @@ -5,9 +5,5 @@ name: LeakedMachineConfigBlocksMCO message: |- Machine Config Operator stalls when encountering orphaned KubeletConfig or ContainerRuntimeConfig resources. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource=~"(containerruntimeconfigs|kubeletconfigs)[.]machineconfiguration[.]openshift[.]io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.27-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.27-AWSOldBootImageLackAfterburn.yaml index dc1c51ad9..272f49a51 100644 --- a/blocked-edges/4.11.27-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.27-AWSOldBootImageLackAfterburn.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImagesLackAfterburn message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.27-leaked-machineconfig.yaml b/blocked-edges/4.11.27-leaked-machineconfig.yaml index f4483ffb0..0b46b4231 100644 --- a/blocked-edges/4.11.27-leaked-machineconfig.yaml +++ b/blocked-edges/4.11.27-leaked-machineconfig.yaml @@ -5,9 +5,5 @@ name: LeakedMachineConfigBlocksMCO message: |- Machine Config Operator stalls when encountering orphaned KubeletConfig or ContainerRuntimeConfig resources. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource=~"(containerruntimeconfigs|kubeletconfigs)[.]machineconfiguration[.]openshift[.]io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.28-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.28-AWSOldBootImageLackAfterburn.yaml index fe1c54e21..c0555dcd0 100644 --- a/blocked-edges/4.11.28-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.28-AWSOldBootImageLackAfterburn.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImagesLackAfterburn message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.28-leaked-machineconfig.yaml b/blocked-edges/4.11.28-leaked-machineconfig.yaml index 9d813a4b8..a0744d3eb 100644 --- a/blocked-edges/4.11.28-leaked-machineconfig.yaml +++ b/blocked-edges/4.11.28-leaked-machineconfig.yaml @@ -5,9 +5,5 @@ name: LeakedMachineConfigBlocksMCO message: |- Machine Config Operator stalls when encountering orphaned KubeletConfig or ContainerRuntimeConfig resources. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource=~"(containerruntimeconfigs|kubeletconfigs)[.]machineconfiguration[.]openshift[.]io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.29-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.29-AWSOldBootImageLackAfterburn.yaml index 210c89424..fce28dddf 100644 --- a/blocked-edges/4.11.29-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.29-AWSOldBootImageLackAfterburn.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImagesLackAfterburn message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.29-leaked-machineconfig.yaml b/blocked-edges/4.11.29-leaked-machineconfig.yaml index 9a6f86c5b..652381112 100644 --- a/blocked-edges/4.11.29-leaked-machineconfig.yaml +++ b/blocked-edges/4.11.29-leaked-machineconfig.yaml @@ -5,9 +5,5 @@ name: LeakedMachineConfigBlocksMCO message: |- Machine Config Operator stalls when encountering orphaned KubeletConfig or ContainerRuntimeConfig resources. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource=~"(containerruntimeconfigs|kubeletconfigs)[.]machineconfiguration[.]openshift[.]io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.3-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.3-AWSOldBootImageLackAfterburn.yaml index d0dc8bdba..0d91aa650 100644 --- a/blocked-edges/4.11.3-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.3-AWSOldBootImageLackAfterburn.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImagesLackAfterburn message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.3-MachineConfigRenderingChurn.yaml b/blocked-edges/4.11.3-MachineConfigRenderingChurn.yaml index 9c5ebab67..c8230f42d 100644 --- a/blocked-edges/4.11.3-MachineConfigRenderingChurn.yaml +++ b/blocked-edges/4.11.3-MachineConfigRenderingChurn.yaml @@ -5,9 +5,5 @@ name: MachineConfigRenderingChurn message: |- Clusters with KubletConfigs that do not set 'CSIMigrationOpenStack: true' should remain on 4.10 until they can update to a 4.11 that contains a fix. Clusters that do not contain any KubeletConfigs are unlikely to be exposed. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource="kubeletconfigs.machineconfiguration.openshift.io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.3-arm64-seccomp-error-524.yaml b/blocked-edges/4.11.3-arm64-seccomp-error-524.yaml index 0a6d5b6fa..9ba222f9b 100644 --- a/blocked-edges/4.11.3-arm64-seccomp-error-524.yaml +++ b/blocked-edges/4.11.3-arm64-seccomp-error-524.yaml @@ -5,9 +5,5 @@ name: ARM64SecCompError524 message: |- 4.11.3 arm64 nodes may expose container creation to seccomp error 524. matchingRules: -- type: PromQL - promql: - promql: - group(max_over_time(kube_node_labels{label_beta_kubernetes_io_arch="arm64"}[1h])) - or - 0 * group(max_over_time(kube_node_labels[1h])) +- type: Always + diff --git a/blocked-edges/4.11.30-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.30-AWSOldBootImageLackAfterburn.yaml index e43e11df9..1f113a221 100644 --- a/blocked-edges/4.11.30-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.30-AWSOldBootImageLackAfterburn.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImagesLackAfterburn message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.30-leaked-machineconfig.yaml b/blocked-edges/4.11.30-leaked-machineconfig.yaml index 918fa2680..a15a4f5f1 100644 --- a/blocked-edges/4.11.30-leaked-machineconfig.yaml +++ b/blocked-edges/4.11.30-leaked-machineconfig.yaml @@ -5,9 +5,5 @@ name: LeakedMachineConfigBlocksMCO message: |- Machine Config Operator stalls when encountering orphaned KubeletConfig or ContainerRuntimeConfig resources. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource=~"(containerruntimeconfigs|kubeletconfigs)[.]machineconfiguration[.]openshift[.]io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.31-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.31-AWSOldBootImageLackAfterburn.yaml index 931113e48..75d3a4211 100644 --- a/blocked-edges/4.11.31-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.31-AWSOldBootImageLackAfterburn.yaml @@ -6,17 +6,5 @@ fixedIn: 4.11.33 message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.31-leaked-machineconfig.yaml b/blocked-edges/4.11.31-leaked-machineconfig.yaml index e2e24334f..315e4d43a 100644 --- a/blocked-edges/4.11.31-leaked-machineconfig.yaml +++ b/blocked-edges/4.11.31-leaked-machineconfig.yaml @@ -6,9 +6,5 @@ fixedIn: 4.11.33 message: |- Machine Config Operator stalls when encountering orphaned KubeletConfig or ContainerRuntimeConfig resources. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource=~"(containerruntimeconfigs|kubeletconfigs)[.]machineconfiguration[.]openshift[.]io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.32-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.32-AWSOldBootImageLackAfterburn.yaml index d76346f04..267bc79b0 100644 --- a/blocked-edges/4.11.32-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.32-AWSOldBootImageLackAfterburn.yaml @@ -6,17 +6,5 @@ fixedIn: 4.11.33 message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.32-leaked-machineconfig.yaml b/blocked-edges/4.11.32-leaked-machineconfig.yaml index 7a54ebe51..6ff927fd0 100644 --- a/blocked-edges/4.11.32-leaked-machineconfig.yaml +++ b/blocked-edges/4.11.32-leaked-machineconfig.yaml @@ -6,9 +6,5 @@ fixedIn: 4.11.33 message: |- Machine Config Operator stalls when encountering orphaned KubeletConfig or ContainerRuntimeConfig resources. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource=~"(containerruntimeconfigs|kubeletconfigs)[.]machineconfiguration[.]openshift[.]io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.4-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.4-AWSOldBootImageLackAfterburn.yaml index bcad4916d..e74593bf4 100644 --- a/blocked-edges/4.11.4-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.4-AWSOldBootImageLackAfterburn.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImagesLackAfterburn message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.4-MachineConfigRenderingChurn.yaml b/blocked-edges/4.11.4-MachineConfigRenderingChurn.yaml index 6c71ab15f..1f3592ab6 100644 --- a/blocked-edges/4.11.4-MachineConfigRenderingChurn.yaml +++ b/blocked-edges/4.11.4-MachineConfigRenderingChurn.yaml @@ -5,9 +5,5 @@ name: MachineConfigRenderingChurn message: |- Clusters with KubletConfigs that do not set 'CSIMigrationOpenStack: true' should remain on 4.10 until they can update to a 4.11 that contains a fix. Clusters that do not contain any KubeletConfigs are unlikely to be exposed. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource="kubeletconfigs.machineconfiguration.openshift.io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.4-arm64-seccomp-error-524.yaml b/blocked-edges/4.11.4-arm64-seccomp-error-524.yaml index dd04492da..d309a90bb 100644 --- a/blocked-edges/4.11.4-arm64-seccomp-error-524.yaml +++ b/blocked-edges/4.11.4-arm64-seccomp-error-524.yaml @@ -5,9 +5,5 @@ name: ARM64SecCompError524 message: |- 4.11.4 arm64 nodes may expose container creation to seccomp error 524. matchingRules: -- type: PromQL - promql: - promql: - group(max_over_time(kube_node_labels{label_beta_kubernetes_io_arch="arm64"}[1h])) - or - 0 * group(max_over_time(kube_node_labels[1h])) +- type: Always + diff --git a/blocked-edges/4.11.5-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.5-AWSOldBootImageLackAfterburn.yaml index 0f0ceb174..14a5065be 100644 --- a/blocked-edges/4.11.5-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.5-AWSOldBootImageLackAfterburn.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImagesLackAfterburn message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.5-MachineConfigRenderingChurn.yaml b/blocked-edges/4.11.5-MachineConfigRenderingChurn.yaml index f0b63275e..c39c8ed51 100644 --- a/blocked-edges/4.11.5-MachineConfigRenderingChurn.yaml +++ b/blocked-edges/4.11.5-MachineConfigRenderingChurn.yaml @@ -5,9 +5,5 @@ name: MachineConfigRenderingChurn message: |- Clusters with KubletConfigs that do not set 'CSIMigrationOpenStack: true' should remain on 4.10 until they can update to a 4.11 that contains a fix. Clusters that do not contain any KubeletConfigs are unlikely to be exposed. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource="kubeletconfigs.machineconfiguration.openshift.io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.5-arm64-seccomp-error-524.yaml b/blocked-edges/4.11.5-arm64-seccomp-error-524.yaml index 287cae020..f532c964e 100644 --- a/blocked-edges/4.11.5-arm64-seccomp-error-524.yaml +++ b/blocked-edges/4.11.5-arm64-seccomp-error-524.yaml @@ -5,9 +5,5 @@ name: ARM64SecCompError524 message: |- 4.11.5 arm64 nodes may expose container creation to seccomp error 524. matchingRules: -- type: PromQL - promql: - promql: - group(max_over_time(kube_node_labels{label_beta_kubernetes_io_arch="arm64"}[1h])) - or - 0 * group(max_over_time(kube_node_labels[1h])) +- type: Always + diff --git a/blocked-edges/4.11.6-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.6-AWSOldBootImageLackAfterburn.yaml index a7dfdcd03..b6f4e1718 100644 --- a/blocked-edges/4.11.6-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.6-AWSOldBootImageLackAfterburn.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImagesLackAfterburn message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.6-MachineConfigRenderingChurn.yaml b/blocked-edges/4.11.6-MachineConfigRenderingChurn.yaml index f38544f63..4aeebae43 100644 --- a/blocked-edges/4.11.6-MachineConfigRenderingChurn.yaml +++ b/blocked-edges/4.11.6-MachineConfigRenderingChurn.yaml @@ -5,9 +5,5 @@ name: MachineConfigRenderingChurn message: |- Clusters with KubletConfigs that do not set 'CSIMigrationOpenStack: true' should remain on 4.10 until they can update to a 4.11 that contains a fix. Clusters that do not contain any KubeletConfigs are unlikely to be exposed. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource="kubeletconfigs.machineconfiguration.openshift.io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.6-arm64-seccomp-error-524.yaml b/blocked-edges/4.11.6-arm64-seccomp-error-524.yaml index 87f6cb44a..2e2f6ca54 100644 --- a/blocked-edges/4.11.6-arm64-seccomp-error-524.yaml +++ b/blocked-edges/4.11.6-arm64-seccomp-error-524.yaml @@ -5,9 +5,5 @@ name: ARM64SecCompError524 message: |- 4.11.6 arm64 nodes may expose container creation to seccomp error 524. matchingRules: -- type: PromQL - promql: - promql: - group(max_over_time(kube_node_labels{label_beta_kubernetes_io_arch="arm64"}[1h])) - or - 0 * group(max_over_time(kube_node_labels[1h])) +- type: Always + diff --git a/blocked-edges/4.11.7-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.7-AWSOldBootImageLackAfterburn.yaml index 93b625e9d..74401108f 100644 --- a/blocked-edges/4.11.7-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.7-AWSOldBootImageLackAfterburn.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImagesLackAfterburn message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.7-MachineConfigRenderingChurn.yaml b/blocked-edges/4.11.7-MachineConfigRenderingChurn.yaml index 94a6a2f98..e5476f312 100644 --- a/blocked-edges/4.11.7-MachineConfigRenderingChurn.yaml +++ b/blocked-edges/4.11.7-MachineConfigRenderingChurn.yaml @@ -5,9 +5,5 @@ name: MachineConfigRenderingChurn message: |- Clusters with KubletConfigs that do not set 'CSIMigrationOpenStack: true' should remain on 4.10 until they can update to a 4.11 that contains a fix. Clusters that do not contain any KubeletConfigs are unlikely to be exposed. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource="kubeletconfigs.machineconfiguration.openshift.io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.7-arm64-seccomp-error-524.yaml b/blocked-edges/4.11.7-arm64-seccomp-error-524.yaml index 41fce64ec..72b8a3242 100644 --- a/blocked-edges/4.11.7-arm64-seccomp-error-524.yaml +++ b/blocked-edges/4.11.7-arm64-seccomp-error-524.yaml @@ -5,9 +5,5 @@ name: ARM64SecCompError524 message: |- 4.11.7 arm64 nodes may expose container creation to seccomp error 524. matchingRules: -- type: PromQL - promql: - promql: - group(max_over_time(kube_node_labels{label_beta_kubernetes_io_arch="arm64"}[1h])) - or - 0 * group(max_over_time(kube_node_labels[1h])) +- type: Always + diff --git a/blocked-edges/4.11.8-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.8-AWSOldBootImageLackAfterburn.yaml index 4a0ea6a24..417bb51a9 100644 --- a/blocked-edges/4.11.8-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.8-AWSOldBootImageLackAfterburn.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImagesLackAfterburn message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.8-MachineConfigRenderingChurn.yaml b/blocked-edges/4.11.8-MachineConfigRenderingChurn.yaml index e1664e7a3..983abe906 100644 --- a/blocked-edges/4.11.8-MachineConfigRenderingChurn.yaml +++ b/blocked-edges/4.11.8-MachineConfigRenderingChurn.yaml @@ -5,9 +5,5 @@ name: MachineConfigRenderingChurn message: |- Clusters with KubletConfigs that do not set 'CSIMigrationOpenStack: true' should remain on 4.10 until they can update to a 4.11 that contains a fix. Clusters that do not contain any KubeletConfigs are unlikely to be exposed. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource="kubeletconfigs.machineconfiguration.openshift.io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.8-arm64-seccomp-error-524.yaml b/blocked-edges/4.11.8-arm64-seccomp-error-524.yaml index c3e57fe17..5b394df28 100644 --- a/blocked-edges/4.11.8-arm64-seccomp-error-524.yaml +++ b/blocked-edges/4.11.8-arm64-seccomp-error-524.yaml @@ -5,9 +5,5 @@ name: ARM64SecCompError524 message: |- 4.11.8 arm64 nodes may expose container creation to seccomp error 524. matchingRules: -- type: PromQL - promql: - promql: - group(max_over_time(kube_node_labels{label_beta_kubernetes_io_arch="arm64"}[1h])) - or - 0 * group(max_over_time(kube_node_labels[1h])) +- type: Always + diff --git a/blocked-edges/4.11.9-AWSOldBootImageLackAfterburn.yaml b/blocked-edges/4.11.9-AWSOldBootImageLackAfterburn.yaml index 2782a8089..a33797b52 100644 --- a/blocked-edges/4.11.9-AWSOldBootImageLackAfterburn.yaml +++ b/blocked-edges/4.11.9-AWSOldBootImageLackAfterburn.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImagesLackAfterburn message: |- 4.1 AWS boot images are not compatible with some 4.11 and later, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.2 or later, or otherwise uses 4.2 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.11.9-MachineConfigRenderingChurn.yaml b/blocked-edges/4.11.9-MachineConfigRenderingChurn.yaml index 2a07047be..b1c26cd7f 100644 --- a/blocked-edges/4.11.9-MachineConfigRenderingChurn.yaml +++ b/blocked-edges/4.11.9-MachineConfigRenderingChurn.yaml @@ -5,9 +5,5 @@ name: MachineConfigRenderingChurn message: |- Clusters with KubletConfigs that do not set 'CSIMigrationOpenStack: true' should remain on 4.10 until they can update to a 4.11 that contains a fix. Clusters that do not contain any KubeletConfigs are unlikely to be exposed. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource="kubeletconfigs.machineconfiguration.openshift.io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.11.9-arm64-seccomp-error-524.yaml b/blocked-edges/4.11.9-arm64-seccomp-error-524.yaml index cfb260e86..145de3d54 100644 --- a/blocked-edges/4.11.9-arm64-seccomp-error-524.yaml +++ b/blocked-edges/4.11.9-arm64-seccomp-error-524.yaml @@ -5,9 +5,5 @@ name: ARM64SecCompError524 message: |- 4.11.9 arm64 nodes may expose container creation to seccomp error 524. matchingRules: -- type: PromQL - promql: - promql: - group(max_over_time(kube_node_labels{label_beta_kubernetes_io_arch="arm64"}[1h])) - or - 0 * group(max_over_time(kube_node_labels[1h])) +- type: Always + diff --git a/blocked-edges/4.12.0-OldBootImagesPodmanMissingAuthFlag.yaml b/blocked-edges/4.12.0-OldBootImagesPodmanMissingAuthFlag.yaml index 2971f8d18..59fb14088 100644 --- a/blocked-edges/4.12.0-OldBootImagesPodmanMissingAuthFlag.yaml +++ b/blocked-edges/4.12.0-OldBootImagesPodmanMissingAuthFlag.yaml @@ -5,17 +5,5 @@ name: OldBootImagesPodmanMissingAuthFlag message: |- OCP 4.12 started using --authfile flag with podman to perform in-place upgrade on nodes and it does not work with nodes installed with OCP 4.1 version. This risk does not apply if a cluster was installed with version 4.2 or later. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - group(cluster_infrastructure_provider{type=~"AWS|VSphere|None"}) - or - 0 * group(cluster_infrastructure_provider) - ) +- type: Always + diff --git a/blocked-edges/4.12.0-rc.0-AWSOldBootImage.yaml b/blocked-edges/4.12.0-rc.0-AWSOldBootImage.yaml index 25a93e901..2ddb43077 100644 --- a/blocked-edges/4.12.0-rc.0-AWSOldBootImage.yaml +++ b/blocked-edges/4.12.0-rc.0-AWSOldBootImage.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImages message: |- 4.2 AWS boot images are not compatible with 4.12.0-rc.0, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.3 or later, or otherwise uses 4.3 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1 or 4.2", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.12.0-rc.1-AWSOldBootImage.yaml b/blocked-edges/4.12.0-rc.1-AWSOldBootImage.yaml index 8e082eca9..2a26d6991 100644 --- a/blocked-edges/4.12.0-rc.1-AWSOldBootImage.yaml +++ b/blocked-edges/4.12.0-rc.1-AWSOldBootImage.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImages message: |- 4.2 AWS boot images are not compatible with 4.12.0-rc.1, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.3 or later, or otherwise uses 4.3 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1 or 4.2", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.12.0-rc.2-AWSOldBootImage.yaml b/blocked-edges/4.12.0-rc.2-AWSOldBootImage.yaml index f83ba966d..89ba0e4fb 100644 --- a/blocked-edges/4.12.0-rc.2-AWSOldBootImage.yaml +++ b/blocked-edges/4.12.0-rc.2-AWSOldBootImage.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImages message: |- 4.2 AWS boot images are not compatible with 4.12.0-rc.2, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.3 or later, or otherwise uses 4.3 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1 or 4.2", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.12.0-rc.3-AWSOldBootImage.yaml b/blocked-edges/4.12.0-rc.3-AWSOldBootImage.yaml index b1e784e1d..1276e9a02 100644 --- a/blocked-edges/4.12.0-rc.3-AWSOldBootImage.yaml +++ b/blocked-edges/4.12.0-rc.3-AWSOldBootImage.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImages message: |- 4.2 AWS boot images are not compatible with 4.12.0-rc.3, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.3 or later, or otherwise uses 4.3 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1 or 4.2", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.12.0-rc.4-AWSOldBootImage.yaml b/blocked-edges/4.12.0-rc.4-AWSOldBootImage.yaml index 3896f4a68..389037acc 100644 --- a/blocked-edges/4.12.0-rc.4-AWSOldBootImage.yaml +++ b/blocked-edges/4.12.0-rc.4-AWSOldBootImage.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImages message: |- 4.2 AWS boot images are not compatible with 4.12.0-rc.4, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.3 or later, or otherwise uses 4.3 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1 or 4.2", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.12.0-rc.5-AWSOldBootImage.yaml b/blocked-edges/4.12.0-rc.5-AWSOldBootImage.yaml index 37db6e308..7efc80559 100644 --- a/blocked-edges/4.12.0-rc.5-AWSOldBootImage.yaml +++ b/blocked-edges/4.12.0-rc.5-AWSOldBootImage.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImages message: |- 4.2 AWS boot images are not compatible with 4.12.0-rc.5, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.3 or later, or otherwise uses 4.3 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1 or 4.2", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.12.0-rc.6-AWSOldBootImage.yaml b/blocked-edges/4.12.0-rc.6-AWSOldBootImage.yaml index 8b51cd9b0..34a5d1fc7 100644 --- a/blocked-edges/4.12.0-rc.6-AWSOldBootImage.yaml +++ b/blocked-edges/4.12.0-rc.6-AWSOldBootImage.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImages message: |- 4.2 AWS boot images are not compatible with 4.12.0-rc.6, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.3 or later, or otherwise uses 4.3 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1 or 4.2", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.12.0-rc.7-AWSOldBootImage.yaml b/blocked-edges/4.12.0-rc.7-AWSOldBootImage.yaml index 94a456706..1ac62e8a7 100644 --- a/blocked-edges/4.12.0-rc.7-AWSOldBootImage.yaml +++ b/blocked-edges/4.12.0-rc.7-AWSOldBootImage.yaml @@ -5,17 +5,5 @@ name: AWSOldBootImages message: |- 4.2 AWS boot images are not compatible with 4.12.0-rc.7, and machines created with them will fail to become nodes. This risk does not apply if a cluster is not on AWS, was installed as version 4.3 or later, or otherwise uses 4.3 or later boot images. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1 or 4.2", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - cluster_infrastructure_provider{type="AWS"} - or - 0 * cluster_infrastructure_provider - ) +- type: Always + diff --git a/blocked-edges/4.12.0-rc.8-OldBootImagesPodmanMissingAuthFlag.yaml b/blocked-edges/4.12.0-rc.8-OldBootImagesPodmanMissingAuthFlag.yaml index 0e8ee0c90..0b7486151 100644 --- a/blocked-edges/4.12.0-rc.8-OldBootImagesPodmanMissingAuthFlag.yaml +++ b/blocked-edges/4.12.0-rc.8-OldBootImagesPodmanMissingAuthFlag.yaml @@ -5,17 +5,5 @@ name: OldBootImagesPodmanMissingAuthFlag message: |- OCP 4.12 started using --authfile flag with podman to perform in-place upgrade on nodes and it does not work with nodes installed with OCP 4.1 version. This risk does not apply if a cluster was installed with version 4.2 or later. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - group(cluster_infrastructure_provider{type=~"AWS|VSphere|None"}) - or - 0 * group(cluster_infrastructure_provider) - ) +- type: Always + diff --git a/blocked-edges/4.12.1-OldBootImagesPodmanMissingAuthFlag.yaml b/blocked-edges/4.12.1-OldBootImagesPodmanMissingAuthFlag.yaml index afb3034df..003568c21 100644 --- a/blocked-edges/4.12.1-OldBootImagesPodmanMissingAuthFlag.yaml +++ b/blocked-edges/4.12.1-OldBootImagesPodmanMissingAuthFlag.yaml @@ -5,17 +5,5 @@ name: OldBootImagesPodmanMissingAuthFlag message: |- OCP 4.12 started using --authfile flag with podman to perform in-place upgrade on nodes and it does not work with nodes installed with OCP 4.1 version. This risk does not apply if a cluster was installed with version 4.2 or later. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - group(cluster_infrastructure_provider{type=~"AWS|VSphere|None"}) - or - 0 * group(cluster_infrastructure_provider) - ) +- type: Always + diff --git a/blocked-edges/4.12.2-OldBootImagesPodmanMissingAuthFlag.yaml b/blocked-edges/4.12.2-OldBootImagesPodmanMissingAuthFlag.yaml index e3ff3f940..9198c1439 100644 --- a/blocked-edges/4.12.2-OldBootImagesPodmanMissingAuthFlag.yaml +++ b/blocked-edges/4.12.2-OldBootImagesPodmanMissingAuthFlag.yaml @@ -5,17 +5,5 @@ name: OldBootImagesPodmanMissingAuthFlag message: |- OCP 4.12 started using --authfile flag with podman to perform in-place upgrade on nodes and it does not work with nodes installed with OCP 4.1 version. This risk does not apply if a cluster was installed with version 4.2 or later. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - group(cluster_infrastructure_provider{type=~"AWS|VSphere|None"}) - or - 0 * group(cluster_infrastructure_provider) - ) +- type: Always + diff --git a/blocked-edges/4.12.2-leaked-machineconfig.yaml b/blocked-edges/4.12.2-leaked-machineconfig.yaml index c98c48952..df660b62f 100644 --- a/blocked-edges/4.12.2-leaked-machineconfig.yaml +++ b/blocked-edges/4.12.2-leaked-machineconfig.yaml @@ -5,9 +5,5 @@ name: LeakedMachineConfigBlocksMCO message: |- Machine Config Operator stalls when encountering orphaned KubeletConfig or ContainerRuntimeConfig resources. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource=~"(containerruntimeconfigs|kubeletconfigs)[.]machineconfiguration[.]openshift[.]io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.12.3-OldBootImagesPodmanMissingAuthFlag.yaml b/blocked-edges/4.12.3-OldBootImagesPodmanMissingAuthFlag.yaml index 183ea4b2c..fc26dc048 100644 --- a/blocked-edges/4.12.3-OldBootImagesPodmanMissingAuthFlag.yaml +++ b/blocked-edges/4.12.3-OldBootImagesPodmanMissingAuthFlag.yaml @@ -5,17 +5,5 @@ name: OldBootImagesPodmanMissingAuthFlag message: |- OCP 4.12 started using --authfile flag with podman to perform in-place upgrade on nodes and it does not work with nodes installed with OCP 4.1 version. This risk does not apply if a cluster was installed with version 4.2 or later. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - group(cluster_infrastructure_provider{type=~"AWS|VSphere|None"}) - or - 0 * group(cluster_infrastructure_provider) - ) +- type: Always + diff --git a/blocked-edges/4.12.3-leaked-machineconfig.yaml b/blocked-edges/4.12.3-leaked-machineconfig.yaml index 10c622f28..3f9e51d37 100644 --- a/blocked-edges/4.12.3-leaked-machineconfig.yaml +++ b/blocked-edges/4.12.3-leaked-machineconfig.yaml @@ -5,9 +5,5 @@ name: LeakedMachineConfigBlocksMCO message: |- Machine Config Operator stalls when encountering orphaned KubeletConfig or ContainerRuntimeConfig resources. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource=~"(containerruntimeconfigs|kubeletconfigs)[.]machineconfiguration[.]openshift[.]io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.12.4-OldBootImagesPodmanMissingAuthFlag.yaml b/blocked-edges/4.12.4-OldBootImagesPodmanMissingAuthFlag.yaml index 90e5d75ef..e6366a3e8 100644 --- a/blocked-edges/4.12.4-OldBootImagesPodmanMissingAuthFlag.yaml +++ b/blocked-edges/4.12.4-OldBootImagesPodmanMissingAuthFlag.yaml @@ -5,17 +5,5 @@ name: OldBootImagesPodmanMissingAuthFlag message: |- OCP 4.12 started using --authfile flag with podman to perform in-place upgrade on nodes and it does not work with nodes installed with OCP 4.1 version. This risk does not apply if a cluster was installed with version 4.2 or later. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - group(cluster_infrastructure_provider{type=~"AWS|VSphere|None"}) - or - 0 * group(cluster_infrastructure_provider) - ) +- type: Always + diff --git a/blocked-edges/4.12.4-leaked-machineconfig.yaml b/blocked-edges/4.12.4-leaked-machineconfig.yaml index 6db68fe39..b8093e5a3 100644 --- a/blocked-edges/4.12.4-leaked-machineconfig.yaml +++ b/blocked-edges/4.12.4-leaked-machineconfig.yaml @@ -5,9 +5,5 @@ name: LeakedMachineConfigBlocksMCO message: |- Machine Config Operator stalls when encountering orphaned KubeletConfig or ContainerRuntimeConfig resources. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource=~"(containerruntimeconfigs|kubeletconfigs)[.]machineconfiguration[.]openshift[.]io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.12.5-OldBootImagesPodmanMissingAuthFlag.yaml b/blocked-edges/4.12.5-OldBootImagesPodmanMissingAuthFlag.yaml index c267b296c..82fdbec82 100644 --- a/blocked-edges/4.12.5-OldBootImagesPodmanMissingAuthFlag.yaml +++ b/blocked-edges/4.12.5-OldBootImagesPodmanMissingAuthFlag.yaml @@ -5,17 +5,5 @@ name: OldBootImagesPodmanMissingAuthFlag message: |- OCP 4.12 started using --authfile flag with podman to perform in-place upgrade on nodes and it does not work with nodes installed with OCP 4.1 version. This risk does not apply if a cluster was installed with version 4.2 or later. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - group(cluster_infrastructure_provider{type=~"AWS|VSphere|None"}) - or - 0 * group(cluster_infrastructure_provider) - ) +- type: Always + diff --git a/blocked-edges/4.12.5-leaked-machineconfig.yaml b/blocked-edges/4.12.5-leaked-machineconfig.yaml index 159130448..e9ac0099f 100644 --- a/blocked-edges/4.12.5-leaked-machineconfig.yaml +++ b/blocked-edges/4.12.5-leaked-machineconfig.yaml @@ -5,9 +5,5 @@ name: LeakedMachineConfigBlocksMCO message: |- Machine Config Operator stalls when encountering orphaned KubeletConfig or ContainerRuntimeConfig resources. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource=~"(containerruntimeconfigs|kubeletconfigs)[.]machineconfiguration[.]openshift[.]io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.12.6-OldBootImagesPodmanMissingAuthFlag.yaml b/blocked-edges/4.12.6-OldBootImagesPodmanMissingAuthFlag.yaml index f69c7c994..0e1343a9b 100644 --- a/blocked-edges/4.12.6-OldBootImagesPodmanMissingAuthFlag.yaml +++ b/blocked-edges/4.12.6-OldBootImagesPodmanMissingAuthFlag.yaml @@ -5,17 +5,5 @@ name: OldBootImagesPodmanMissingAuthFlag message: |- OCP 4.12 started using --authfile flag with podman to perform in-place upgrade on nodes and it does not work with nodes installed with OCP 4.1 version. This risk does not apply if a cluster was installed with version 4.2 or later. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - group(cluster_infrastructure_provider{type=~"AWS|VSphere|None"}) - or - 0 * group(cluster_infrastructure_provider) - ) +- type: Always + diff --git a/blocked-edges/4.12.6-leaked-machineconfig.yaml b/blocked-edges/4.12.6-leaked-machineconfig.yaml index 387d44091..4018fba42 100644 --- a/blocked-edges/4.12.6-leaked-machineconfig.yaml +++ b/blocked-edges/4.12.6-leaked-machineconfig.yaml @@ -5,9 +5,5 @@ name: LeakedMachineConfigBlocksMCO message: |- Machine Config Operator stalls when encountering orphaned KubeletConfig or ContainerRuntimeConfig resources. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource=~"(containerruntimeconfigs|kubeletconfigs)[.]machineconfiguration[.]openshift[.]io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.12.7-OldBootImagesPodmanMissingAuthFlag.yaml b/blocked-edges/4.12.7-OldBootImagesPodmanMissingAuthFlag.yaml index 00fde191f..d84cb97e9 100644 --- a/blocked-edges/4.12.7-OldBootImagesPodmanMissingAuthFlag.yaml +++ b/blocked-edges/4.12.7-OldBootImagesPodmanMissingAuthFlag.yaml @@ -6,17 +6,5 @@ fixedIn: 4.12.9 message: |- OCP 4.12 started using --authfile flag with podman to perform in-place upgrade on nodes and it does not work with nodes installed with OCP 4.1 version. This risk does not apply if a cluster was installed with version 4.2 or later. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - group(cluster_infrastructure_provider{type=~"AWS|VSphere|None"}) - or - 0 * group(cluster_infrastructure_provider) - ) +- type: Always + diff --git a/blocked-edges/4.12.7-leaked-machineconfig.yaml b/blocked-edges/4.12.7-leaked-machineconfig.yaml index d5fca7869..9c598f7de 100644 --- a/blocked-edges/4.12.7-leaked-machineconfig.yaml +++ b/blocked-edges/4.12.7-leaked-machineconfig.yaml @@ -6,9 +6,5 @@ fixedIn: 4.12.8 message: |- Machine Config Operator stalls when encountering orphaned KubeletConfig or ContainerRuntimeConfig resources. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource=~"(containerruntimeconfigs|kubeletconfigs)[.]machineconfiguration[.]openshift[.]io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.12.8-OldBootImagesPodmanMissingAuthFlag.yaml b/blocked-edges/4.12.8-OldBootImagesPodmanMissingAuthFlag.yaml index f9cdbba35..51e7aea14 100644 --- a/blocked-edges/4.12.8-OldBootImagesPodmanMissingAuthFlag.yaml +++ b/blocked-edges/4.12.8-OldBootImagesPodmanMissingAuthFlag.yaml @@ -6,17 +6,5 @@ fixedIn: 4.12.9 message: |- OCP 4.12 started using --authfile flag with podman to perform in-place upgrade on nodes and it does not work with nodes installed with OCP 4.1 version. This risk does not apply if a cluster was installed with version 4.2 or later. matchingRules: -- type: PromQL - promql: - promql: - topk(1, - label_replace(group(cluster_version{type="initial",version=~"4[.][0-9][.].*"}),"born_by_4_9", "yes, so possibly actually born in 4.1", "", "") - or - label_replace(0 * group(cluster_version{type="initial",version!~"4[.][0-9][.].*"}),"born_by_4_9", "no, born in 4.10 or later", "", "") - ) - * on () group_left (type) - ( - group(cluster_infrastructure_provider{type=~"AWS|VSphere|None"}) - or - 0 * group(cluster_infrastructure_provider) - ) +- type: Always + diff --git a/blocked-edges/4.13.0-ec.1-StrictPodSecurityViolation.yaml b/blocked-edges/4.13.0-ec.1-StrictPodSecurityViolation.yaml index c012cd3da..3bce7c7fc 100644 --- a/blocked-edges/4.13.0-ec.1-StrictPodSecurityViolation.yaml +++ b/blocked-edges/4.13.0-ec.1-StrictPodSecurityViolation.yaml @@ -5,9 +5,5 @@ name: StrictPodSecurityViolation message: |- OCP 4.13 prereleases attempted to enforce PodSecurityViolations, but ended up backing off. Clusters with violating workloads should either fix their workloads, or avoid updating to 4.13 until that softening lands. matchingRules: -- type: PromQL - promql: - promql: - group(ALERTS{alertname="PodSecurityViolation",alertstate="firing"}) - or - 0 * group(ALERTS{alertname="Watchdog",alertstate="firing"}) +- type: Always + diff --git a/blocked-edges/4.13.0-ec.2-StrictPodSecurityViolation.yaml b/blocked-edges/4.13.0-ec.2-StrictPodSecurityViolation.yaml index d30154540..4b549dc32 100644 --- a/blocked-edges/4.13.0-ec.2-StrictPodSecurityViolation.yaml +++ b/blocked-edges/4.13.0-ec.2-StrictPodSecurityViolation.yaml @@ -5,9 +5,5 @@ name: StrictPodSecurityViolation message: |- OCP 4.13 prereleases attempted to enforce PodSecurityViolations, but ended up backing off. Clusters with violating workloads should either fix their workloads, or avoid updating to 4.13 until that softening lands. matchingRules: -- type: PromQL - promql: - promql: - group(ALERTS{alertname="PodSecurityViolation",alertstate="firing"}) - or - 0 * group(ALERTS{alertname="Watchdog",alertstate="firing"}) +- type: Always + diff --git a/blocked-edges/4.13.0-ec.3-StrictPodSecurityViolation.yaml b/blocked-edges/4.13.0-ec.3-StrictPodSecurityViolation.yaml index 71f1d0aa9..f21383254 100644 --- a/blocked-edges/4.13.0-ec.3-StrictPodSecurityViolation.yaml +++ b/blocked-edges/4.13.0-ec.3-StrictPodSecurityViolation.yaml @@ -5,9 +5,5 @@ name: StrictPodSecurityViolation message: |- OCP 4.13 prereleases attempted to enforce PodSecurityViolations, but ended up backing off. Clusters with violating workloads should either fix their workloads, or avoid updating to 4.13 until that softening lands. matchingRules: -- type: PromQL - promql: - promql: - group(ALERTS{alertname="PodSecurityViolation",alertstate="firing"}) - or - 0 * group(ALERTS{alertname="Watchdog",alertstate="firing"}) +- type: Always + diff --git a/blocked-edges/4.13.0-ec.3-leaked-machineconfig.yaml b/blocked-edges/4.13.0-ec.3-leaked-machineconfig.yaml index 7ae2bb7ed..4bfc7a08e 100644 --- a/blocked-edges/4.13.0-ec.3-leaked-machineconfig.yaml +++ b/blocked-edges/4.13.0-ec.3-leaked-machineconfig.yaml @@ -5,9 +5,5 @@ name: LeakedMachineConfigBlocksMCO message: |- Machine Config Operator stalls when encountering orphaned KubeletConfig or ContainerRuntimeConfig resources. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource=~"(containerruntimeconfigs|kubeletconfigs)[.]machineconfiguration[.]openshift[.]io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.13.0-ec.4-StrictPodSecurityViolation.yaml b/blocked-edges/4.13.0-ec.4-StrictPodSecurityViolation.yaml index c0df3d9db..09e382649 100644 --- a/blocked-edges/4.13.0-ec.4-StrictPodSecurityViolation.yaml +++ b/blocked-edges/4.13.0-ec.4-StrictPodSecurityViolation.yaml @@ -5,9 +5,5 @@ name: StrictPodSecurityViolation message: |- OCP 4.13 prereleases attempted to enforce PodSecurityViolations, but ended up backing off. Clusters with violating workloads should either fix their workloads, or avoid updating to 4.13 until that softening lands. matchingRules: -- type: PromQL - promql: - promql: - group(ALERTS{alertname="PodSecurityViolation",alertstate="firing"}) - or - 0 * group(ALERTS{alertname="Watchdog",alertstate="firing"}) +- type: Always + diff --git a/blocked-edges/4.13.0-ec.4-leaked-machineconfig.yaml b/blocked-edges/4.13.0-ec.4-leaked-machineconfig.yaml index af76f0caa..ea01a1ceb 100644 --- a/blocked-edges/4.13.0-ec.4-leaked-machineconfig.yaml +++ b/blocked-edges/4.13.0-ec.4-leaked-machineconfig.yaml @@ -6,9 +6,5 @@ fixedIn: 4.13.0-rc.0 message: |- Machine Config Operator stalls when encountering orphaned KubeletConfig or ContainerRuntimeConfig resources. matchingRules: -- type: PromQL - promql: - promql: - group(cluster:usage:resources:sum{resource=~"(containerruntimeconfigs|kubeletconfigs)[.]machineconfiguration[.]openshift[.]io"} > 0) - or - 0 * group(cluster:usage:resources:sum) +- type: Always + diff --git a/blocked-edges/4.13.0-rc.0-StrictPodSecurityViolation.yaml b/blocked-edges/4.13.0-rc.0-StrictPodSecurityViolation.yaml index 6479c2809..bf17c51dc 100644 --- a/blocked-edges/4.13.0-rc.0-StrictPodSecurityViolation.yaml +++ b/blocked-edges/4.13.0-rc.0-StrictPodSecurityViolation.yaml @@ -6,9 +6,5 @@ fixedIn: 4.13.0-rc.2 message: |- OCP 4.13 prereleases attempted to enforce PodSecurityViolations, but ended up backing off. Clusters with violating workloads should either fix their workloads, or avoid updating to 4.13 until that softening lands. matchingRules: -- type: PromQL - promql: - promql: - group(ALERTS{alertname="PodSecurityViolation",alertstate="firing"}) - or - 0 * group(ALERTS{alertname="Watchdog",alertstate="firing"}) +- type: Always +