Bug 2067384

Summary: OCP 4.10 should be firing APIRemovedInNextEUSReleaseInUse for APIs removed in 1.25
Product: OpenShift Container Platform Reporter: Scott Dodson <sdodson>
Component: kube-apiserverAssignee: Luis Sanchez <sanchezl>
Status: CLOSED ERRATA QA Contact: jmekkatt
Severity: high Docs Contact:
Priority: unspecified    
Version: 4.10CC: jmekkatt, kgordeev, mfojtik, sanchezl, wking, xxia
Target Milestone: ---   
Target Release: 4.11.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-08-10 10:55:33 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2071030    

Description Scott Dodson 2022-03-23 20:25:45 UTC 
Description of problem:
It doesn't look like we updated the alert to start firing APIRemovedInNextEUSReleaseInUse for APIs removed in 1.25 / 4.12.

Version-Release number of selected component (if applicable):
4.10.x

How reproducible:
100%

Steps to Reproduce:
1. Install 4.10
2. Use any of the APIs here https://github.com/openshift/kubernetes/blob/master/openshift-kube-apiserver/filters/deprecatedapirequest/deprecated.go#L39-L46
3. Don't get APIRemovedInNextEUSReleaseInUse

Actual results:
APIRemovedInNextEUSReleaseInUse


Expected results:
Get APIRemovedInNextEUSReleaseInUse alert firing

Additional info:
We should go ahead and update 4.11 rules as well, I'll file a separate bug with 4.11 version for that where we'll want to ensure that APIRemovedInNextReleaseInUse similarly fires for 1.25 removals.
Comment 3 jmekkatt 2022-04-04 07:38:17 UTC 
$oc get clusterversion
NAME      VERSION                              AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.11.0-0.nightly-2022-04-01-172551   True        False         24m     Cluster version is 4.11.0-0.nightly-2022-04-01-172551

Current apirequestcount against the cronjobs.v1beta1.batch as follows.
$ oc get apirequestcount | grep cronjobs.v1beta1.batch 
cronjobs.v1beta1.batch                                                         1.25               5                       5

Definition of cronjob yaml as follows
$ cat betacronjob.yaml 
apiVersion: batch/v1beta1
kind: CronJob
metadata:
  name: pi
spec:
  schedule: "*/1 * * * *"  
  concurrencyPolicy: "Replace" 
  startingDeadlineSeconds: 200 
  suspend: true            
  successfulJobsHistoryLimit: 3 
  failedJobsHistoryLimit: 1     
  jobTemplate:             
    spec:
      template:
        metadata:
          labels:          
            parent: "cronjobpi"
        spec:
          containers:
          - name: pi
            image: perl
            command: ["perl",  "-Mbignum=bpi", "-wle", "print bpi(2000)"]
          restartPolicy: OnFailure 

Created a cronjob in cluster with above yaml
$ oc create -f betacronjob.yaml 
W0404 12:51:50.104302   29259 warnings.go:70] batch/v1beta1 CronJob is deprecated in v1.21+, unavailable in v1.25+; use batch/v1 CronJob
cronjob.batch/pi created

$ oc get cronjobs
NAME   SCHEDULE      SUSPEND   ACTIVE   LAST SCHEDULE   AGE
pi     */1 * * * *   True      0        <none>          9s

Call the cronjobs api to generate alert
$ curl -k  -H "Authorization: Bearer <token>" https://api.<SNIPPED>.qe.devcluster.openshift.com:6443/apis/batch/v1beta1/namespaces/default/cronjobs?limit=500
{
  "kind": "CronJobList",
  "apiVersion": "batch/v1beta1",
  "metadata": {
    "resourceVersion": "38403"
  },
  "items": [
    {
      "metadata": {
        "name": "pi",
        "namespace": "default",
        "uid": "5fc2f109-c6e8-4b9e-9100-2cb020980671",
        "resourceVersion": "38299",
        "generation": 1,
        "creationTimestamp": "2022-04-04T07:21:49Z",
        "managedFields": [
          {
            "manager": "kubectl-create",
            "operation": "Update",
            "apiVersion": "batch/v1beta1",
            "time": "2022-04-04T07:21:49Z",
        <SNIPPED>

Confirmed the apirequestcount against the api cronjobs increased. 
$ oc get apirequestcount | grep cronjobs.v1beta1.batch 
cronjobs.v1beta1.batch                                                         1.25               7                       7

Checked in web console to make sure if the respective alert i.e. APIRemovedInNextEUSReleaseInUse presence. The alert fired with inline description on web console.

Name :  APIRemovedInNextEUSReleaseInUse
Description : Deprecated API that will be removed in the next EUS version is being used. Removing the workload that is using the batch.v1beta1/cronjobs API might be necessary for a successful upgrade to the next EUS cluster version. Refer to `oc get apirequestcounts cronjobs.v1beta1.batch -o yaml` to identify the workload.
Summary : Deprecated API that will be removed in the next EUS version is being used.

Hence the fix works as expected moved ticket to VERIFIED. Thanks
Comment 6 errata-xmlrpc 2022-08-10 10:55:33 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:5069