+++ This bug was initially created as a clone of Bug #1730401 +++

Description of problem:

The CVO should block an upgrade of a cluster whose FeatureGate is configured for TechPreviewNoUpgrade when upgrading across minor versions.

Actual results:
The cluster upgrade is not blocked.

Expected results:
The cluster upgrade should be blocked across minor versions.

--- Additional comment from Clayton Coleman on 2019-07-30 13:34:53 UTC ---

This probably needs an API change (and a design) if we put it in the CVO, because we don't want the existing `force` flag to be used for this (that teaches users to run unsecured content).   We can have oc adm upgrade check Upgradeable and bypass if --bypass-tech-preview or similar.

--- Additional comment from W. Trevor King on 2019-08-01 23:57:52 UTC ---

> The cluster upgrade should be blocked across minor versions.

Only minor versions?  The docs [1] say "PREVENTS UPGRADES", which sounds like "no upgrades at all" which would include patch-level changes or anything else that required looking at a different release image.  But maybe we're confident enough in patch-level changes that we don't feel the need to block them?  Personally I don't see a problem forcing users to delete/recreate their cluster after they've set this, even for minor bumps.

> We can have oc adm upgrade check Upgradeable and bypass if --bypass-tech-preview or similar.

Is this something we want to allow people to bypass?  The docs also say this setting "CANNOT BE UNDONE".

[1]: https://github.com/openshift/api/blob/0922aa5a655be314e20a3e0e94f4f2b105100154/config/v1/types_feature.go#L31