machine_config: add BootImageSkewEnforcement API

Author: djoshy

openapi/generated_openapi/zz_generated.openapi.go

@@ -27562,6 +27562,31 @@
         }
       }
     },
+    "com.github.openshift.api.operator.v1.BootImageSkewEnforcement": {
+      "type": "object",
+      "required": [
+        "mode"
+      ],
+      "properties": {
+        "clusterBootImage": {
+          "description": "clusterBootImage describes the current boot image of the cluster. This will be used to enforce the skew limit. This value will be compared against the cluster's skew limit to determine skew compliance. Required when mode is set to \"Automatic\" or \"Manual\" and forbidden otherwise.",
+          "$ref": "#/definitions/com.github.openshift.api.operator.v1.ClusterBootImage"
+        },
+        "mode": {
+          "description": "mode determines the underlying behavior of skew enforcement mechanism. Valid values are Automatic, Manual and None. Automatic means that the MCO will store the OCP version associated with the last boot image update in the clusterBootImage field. Manual means that the cluster admin is expected to perform manual boot image updates and store OCP version associated with the last boot image update in the clusterBootImage field. In Automatic and Manual mode, the MCO will prevent upgrades when the boot image skew exceeds the skew limit described by the release image. None means that the MCO will permit upgrades when the boot image exceeds the skew limit described by the release image. This will affect the cluster's ability to scale. This field is required.",
+          "type": "string",
+          "default": ""
+        }
+      },
+      "x-kubernetes-unions": [
+        {
+          "discriminator": "mode",
+          "fields-to-discriminateBy": {
+            "clusterBootImage": "ClusterBootImage"
+          }
+        }
+      ]
+    },
     "com.github.openshift.api.operator.v1.CSIDriverConfigSpec": {
       "description": "CSIDriverConfigSpec defines configuration spec that can be used to optionally configure a specific CSI Driver.",
       "type": "object",
@@ -27968,6 +27993,24 @@
         }
       }
     },
+    "com.github.openshift.api.operator.v1.ClusterBootImage": {
+      "description": "ClusterBootImage describes the boot image of a cluster. It stores the RHCOS version of the boot image and the OCP release version which shipped with that RHCOS boot image. If ocpVersion and rhcosVersion are defined, both values will be used for checking skew compliance. If only ocpVersion is defined, only that value will be used for checking skew compliance.",
+      "type": "object",
+      "required": [
+        "ocpVersion"
+      ],
+      "properties": {
+        "ocpVersion": {
+          "description": "ocpVersion provides a string which represents the OCP version of the boot image. This field must match the OCP semver compatible format of x.y.z",
+          "type": "string",
+          "default": ""
+        },
+        "rhcosVersion": {
+          "description": "rhcosVersion provides a string which represents the RHCOS version of the boot image This field must match rhcosVersion formatting of [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] or the legacy format of [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber]",
+          "type": "string"
+        }
+      }
+    },
     "com.github.openshift.api.operator.v1.ClusterCSIDriver": {
       "description": "ClusterCSIDriver object allows management and configuration of a CSI driver operator installed by default in OpenShift. Name of the object must be name of the CSI driver it operates. See CSIDriverName type for list of allowed values.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).",
       "type": "object",
@@ -31278,6 +31321,11 @@
         "forceRedeploymentReason"
       ],
       "properties": {
+        "bootImageSkewEnforcement": {
+          "description": "bootImageSkewEnforcement allows an admin to set the behavior of the boot image skew enforcement mechanism.",
+          "default": {},
+          "$ref": "#/definitions/com.github.openshift.api.operator.v1.BootImageSkewEnforcement"
+        },
         "failedRevisionLimit": {
           "description": "failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)",
           "type": "integer",

openapi/openapi.json

@@ -0,0 +1,144 @@
+apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
+name: "MachineConfiguration"
+crdName: machineconfigurations.operator.openshift.io
+featureGates:
+- BootImageSkewEnforcement
+tests:
+  onCreate:
+    - name: Should be able to create a minimal MachineConfiguration
+      initial: |
+        apiVersion: operator.openshift.io/v1
+        kind: MachineConfiguration
+        spec: {} # No spec is required for a MachineConfiguration
+      expected: |
+        apiVersion: operator.openshift.io/v1
+        kind: MachineConfiguration
+        spec:
+          logLevel: Normal
+          operatorLogLevel: Normal
+    - name: Should be able to create an manual BootImageSkewEnforcement configuration knob
+      initial: |
+        apiVersion: operator.openshift.io/v1
+        kind: MachineConfiguration
+        spec:
+          bootImageSkewEnforcement:
+            mode: Manual
+            clusterBootImage:
+              ocpVersion: "4.18.2"
+              rhcosVersion: "9.6.20250523-1"
+      expected: |
+        apiVersion: operator.openshift.io/v1
+        kind: MachineConfiguration
+        spec:
+          logLevel: Normal
+          operatorLogLevel: Normal
+          bootImageSkewEnforcement:
+            mode: Manual
+            clusterBootImage:
+              ocpVersion: "4.18.2"
+              rhcosVersion: "9.6.20250523-1"
+    - name: Should be able to create an automatic BootImageSkewEnforcement configuration knob
+      initial: |
+        apiVersion: operator.openshift.io/v1
+        kind: MachineConfiguration
+        spec:
+          bootImageSkewEnforcement:
+            mode: Automatic
+            clusterBootImage:
+              ocpVersion: "4.18.2"
+              rhcosVersion: "9.6.20250523-1"
+      expected: |
+        apiVersion: operator.openshift.io/v1
+        kind: MachineConfiguration
+        spec:
+          logLevel: Normal
+          operatorLogLevel: Normal
+          bootImageSkewEnforcement:
+            mode: Automatic
+            clusterBootImage:
+              ocpVersion: "4.18.2"
+              rhcosVersion: "9.6.20250523-1"
+    - name: Should be able to create an manual BootImageSkewEnforcement configuration knob with a legacy cluster boot image
+      initial: |
+        apiVersion: operator.openshift.io/v1
+        kind: MachineConfiguration
+        spec:
+          bootImageSkewEnforcement:
+            mode: Manual
+            clusterBootImage:
+              ocpVersion: "4.18.2"
+              rhcosVersion: "416.94.202411201433-0"
+      expected: |
+        apiVersion: operator.openshift.io/v1
+        kind: MachineConfiguration
+        spec:
+          logLevel: Normal
+          operatorLogLevel: Normal
+          bootImageSkewEnforcement:
+            mode: Manual
+            clusterBootImage:
+              ocpVersion: "4.18.2"
+              rhcosVersion: "416.94.202411201433-0"
+    - name: Should be able to create an automatic BootImageSkewEnforcement configuration knob with a legacy cluster boot image
+      initial: |
+        apiVersion: operator.openshift.io/v1
+        kind: MachineConfiguration
+        spec:
+          bootImageSkewEnforcement:
+            mode: Automatic
+            clusterBootImage:
+              ocpVersion: "4.18.2"
+              rhcosVersion: "416.94.202411201433-0"
+      expected: |
+        apiVersion: operator.openshift.io/v1
+        kind: MachineConfiguration
+        spec:
+          logLevel: Normal
+          operatorLogLevel: Normal
+          bootImageSkewEnforcement:
+            mode: Automatic
+            clusterBootImage:
+              ocpVersion: "4.18.2"
+              rhcosVersion: "416.94.202411201433-0"
+    - name: Should be able to create a None BootImageSkewEnforcement configuration knob
+      initial: |
+        apiVersion: operator.openshift.io/v1
+        kind: MachineConfiguration
+        spec:
+          bootImageSkewEnforcement:
+            mode: None
+      expected: |
+        apiVersion: operator.openshift.io/v1
+        kind: MachineConfiguration
+        spec:
+          logLevel: Normal
+          operatorLogLevel: Normal
+          bootImageSkewEnforcement:
+            mode: None
+    - name: Should not be able to add ClusterBootImage field if bootImageSkewEnforcement.mode is set to None
+      initial: |
+        apiVersion: operator.openshift.io/v1
+        kind: MachineConfiguration
+        spec:
+          bootImageSkewEnforcement:
+            mode: None
+            clusterBootImage:
+              ocpVersion: "4.18.2"
+              rhcosVersion: "9.6.20250523-1"
+      expectedError: "clusterBootImage is required when mode is Automatic or Manual, and forbidden otherwise"
+    - name: ClusterBootImage field should be set if bootImageSkewEnforcement.mode is set to Automatic
+      initial: |
+        apiVersion: operator.openshift.io/v1
+        kind: MachineConfiguration
+        spec:
+          bootImageSkewEnforcement:
+            mode: Automatic
+      expectedError: "clusterBootImage is required when mode is Automatic or Manual, and forbidden otherwise"
+    - name: ClusterBootImage field should be set if bootImageSkewEnforcement.mode is set to Manual
+      initial: |
+        apiVersion: operator.openshift.io/v1
+        kind: MachineConfiguration
+        spec:
+          bootImageSkewEnforcement:
+            mode: Manual
+      expectedError: "clusterBootImage is required when mode is Automatic or Manual, and forbidden otherwise"