+++ This bug was initially created as a clone of Bug #1730401 +++ Description of problem: The CVO should block an upgrade of a cluster whose FeatureGate is configured for TechPreviewNoUpgrade when upgrading across minor versions. Actual results: The cluster upgrade is not blocked. Expected results: The cluster upgrade should be blocked across minor versions. --- Additional comment from Clayton Coleman on 2019-07-30 13:34:53 UTC --- This probably needs an API change (and a design) if we put it in the CVO, because we don't want the existing `force` flag to be used for this (that teaches users to run unsecured content). We can have oc adm upgrade check Upgradeable and bypass if --bypass-tech-preview or similar. --- Additional comment from W. Trevor King on 2019-08-01 23:57:52 UTC --- > The cluster upgrade should be blocked across minor versions. Only minor versions? The docs [1] say "PREVENTS UPGRADES", which sounds like "no upgrades at all" which would include patch-level changes or anything else that required looking at a different release image. But maybe we're confident enough in patch-level changes that we don't feel the need to block them? Personally I don't see a problem forcing users to delete/recreate their cluster after they've set this, even for minor bumps. > We can have oc adm upgrade check Upgradeable and bypass if --bypass-tech-preview or similar. Is this something we want to allow people to bypass? The docs also say this setting "CANNOT BE UNDONE". [1]: https://github.com/openshift/api/blob/0922aa5a655be314e20a3e0e94f4f2b105100154/config/v1/types_feature.go#L31
Bad clone. This is about setting Upgradable for kube-apiserver to false when unsupported feature gate is set until there is native support in CVO.
*** This bug has been marked as a duplicate of bug 1730401 ***