+++ This bug was initially created as a clone of Bug #1730401 +++
Description of problem:
The CVO should block an upgrade of a cluster whose FeatureGate is configured for TechPreviewNoUpgrade when upgrading across minor versions.
The cluster upgrade is not blocked.
The cluster upgrade should be blocked across minor versions.
--- Additional comment from Clayton Coleman on 2019-07-30 13:34:53 UTC ---
This probably needs an API change (and a design) if we put it in the CVO, because we don't want the existing `force` flag to be used for this (that teaches users to run unsecured content). We can have oc adm upgrade check Upgradeable and bypass if --bypass-tech-preview or similar.
--- Additional comment from W. Trevor King on 2019-08-01 23:57:52 UTC ---
> The cluster upgrade should be blocked across minor versions.
Only minor versions? The docs  say "PREVENTS UPGRADES", which sounds like "no upgrades at all" which would include patch-level changes or anything else that required looking at a different release image. But maybe we're confident enough in patch-level changes that we don't feel the need to block them? Personally I don't see a problem forcing users to delete/recreate their cluster after they've set this, even for minor bumps.
> We can have oc adm upgrade check Upgradeable and bypass if --bypass-tech-preview or similar.
Is this something we want to allow people to bypass? The docs also say this setting "CANNOT BE UNDONE".
Bad clone. This is about setting Upgradable for kube-apiserver to false when unsupported feature gate is set until there is native support in CVO.
*** This bug has been marked as a duplicate of bug 1730401 ***