OTA-1546: Reconcile cv.spec.desiredUpdate.acceptRisks

Author: hongkailiu

pkg/cvo/availableupdates.go

@@ -16,12 +16,14 @@ import (
 	"k8s.io/apimachinery/pkg/api/equality"
 	"k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/klog/v2"
 
 	configv1 "github.com/openshift/api/config/v1"
 	"github.com/openshift/cluster-version-operator/lib/resourcemerge"
 	"github.com/openshift/cluster-version-operator/pkg/cincinnati"
 	"github.com/openshift/cluster-version-operator/pkg/clusterconditions"
+	"github.com/openshift/cluster-version-operator/pkg/internal"
 )
 
 const noArchitecture string = "NoArchitecture"
@@ -50,6 +52,10 @@ func (optr *Operator) syncAvailableUpdates(ctx context.Context, config *configv1
 	channel := config.Spec.Channel
 	desiredArch := optr.getDesiredArchitecture(config.Spec.DesiredUpdate)
 	currentArch := optr.getCurrentArchitecture()
+	acceptRisks := sets.New[string]()
+	for _, risk := range config.Spec.DesiredUpdate.AcceptRisks {
+		acceptRisks.Insert(risk.Name)
+	}
 
 	// updates are only checked at most once per minimumUpdateCheckInterval or if the generation changes
 	optrAvailableUpdates := optr.getAvailableUpdates()
@@ -129,6 +135,8 @@ func (optr *Operator) syncAvailableUpdates(ctx context.Context, config *configv1
 		optrAvailableUpdates.UpdateService = updateService
 		optrAvailableUpdates.Channel = channel
 		optrAvailableUpdates.Architecture = desiredArch
+		optrAvailableUpdates.ShouldReconcileAcceptRisks = optr.shouldReconcileAcceptRisks
+		optrAvailableUpdates.AcceptRisks = acceptRisks
 		optrAvailableUpdates.ConditionRegistry = optr.conditionRegistry
 		optrAvailableUpdates.Condition = condition
 
@@ -167,9 +175,11 @@ func (optr *Operator) syncAvailableUpdates(ctx context.Context, config *configv1
 }
 
 type availableUpdates struct {
-	UpdateService string
-	Channel       string
-	Architecture  string
+	UpdateService              string
+	Channel                    string
+	Architecture               string
+	ShouldReconcileAcceptRisks func() bool
+	AcceptRisks                sets.Set[string]
 
 	// LastAttempt records the time of the most recent attempt at update
 	// retrieval, regardless of whether it was successful.
@@ -192,6 +202,8 @@ type availableUpdates struct {
 	ConditionRegistry  clusterconditions.ConditionRegistry
 
 	Condition configv1.ClusterOperatorStatusCondition
+
+	RiskConditions map[string][]metav1.Condition
 }
 
 func (u *availableUpdates) RecentlyAttempted(interval time.Duration) bool {
@@ -291,14 +303,16 @@ func (optr *Operator) getAvailableUpdates() *availableUpdates {
 	}
 
 	u := &availableUpdates{
-		UpdateService:          optr.availableUpdates.UpdateService,
-		Channel:                optr.availableUpdates.Channel,
-		Architecture:           optr.availableUpdates.Architecture,
-		LastAttempt:            optr.availableUpdates.LastAttempt,
-		LastSyncOrConfigChange: optr.availableUpdates.LastSyncOrConfigChange,
-		Current:                *optr.availableUpdates.Current.DeepCopy(),
-		ConditionRegistry:      optr.availableUpdates.ConditionRegistry, // intentionally not a copy, to preserve cache state
-		Condition:              optr.availableUpdates.Condition,
+		UpdateService:              optr.availableUpdates.UpdateService,
+		Channel:                    optr.availableUpdates.Channel,
+		Architecture:               optr.availableUpdates.Architecture,
+		ShouldReconcileAcceptRisks: optr.shouldReconcileAcceptRisks,
+		AcceptRisks:                optr.availableUpdates.AcceptRisks,
+		LastAttempt:                optr.availableUpdates.LastAttempt,
+		LastSyncOrConfigChange:     optr.availableUpdates.LastSyncOrConfigChange,
+		Current:                    *optr.availableUpdates.Current.DeepCopy(),
+		ConditionRegistry:          optr.availableUpdates.ConditionRegistry, // intentionally not a copy, to preserve cache state
+		Condition:                  optr.availableUpdates.Condition,
 	}
 
 	if optr.availableUpdates.Updates != nil {
@@ -427,7 +441,7 @@ func (u *availableUpdates) evaluateConditionalUpdates(ctx context.Context) {
 		return vi.GTE(vj)
 	})
 	for i, conditionalUpdate := range u.ConditionalUpdates {
-		condition := evaluateConditionalUpdate(ctx, conditionalUpdate.Risks, u.ConditionRegistry)
+		condition := evaluateConditionalUpdate(ctx, conditionalUpdate.Risks, u.ConditionRegistry, u.AcceptRisks, u.ShouldReconcileAcceptRisks, u.RiskConditions)
 
 		if condition.Status == metav1.ConditionTrue {
 			u.addUpdate(conditionalUpdate.Release)
@@ -485,6 +499,8 @@ const (
 	// recommendedReasonExposed is used instead of the original name if it does
 	// not match the pattern for a valid k8s condition reason.
 	recommendedReasonExposed = "ExposedToRisks"
+
+	riskConditionReasonEvaluationFailed = "EvaluationFailed"
 )
 
 // Reasons follow same pattern as k8s Condition Reasons
@@ -502,29 +518,57 @@ func newRecommendedReason(now, want string) string {
 	}
 }
 
-func evaluateConditionalUpdate(ctx context.Context, risks []configv1.ConditionalUpdateRisk, conditionRegistry clusterconditions.ConditionRegistry) metav1.Condition {
+func evaluateConditionalUpdate(
+	ctx context.Context,
+	risks []configv1.ConditionalUpdateRisk,
+	conditionRegistry clusterconditions.ConditionRegistry,
+	acceptRisks sets.Set[string],
+	shouldReconcileAcceptRisks func() bool,
+	riskConditions map[string][]metav1.Condition,
+) metav1.Condition {
 	recommended := metav1.Condition{
-		Type:   ConditionalUpdateConditionTypeRecommended,
+		Type:   internal.ConditionalUpdateConditionTypeRecommended,
 		Status: metav1.ConditionTrue,
 		// FIXME: ObservedGeneration?  That would capture upstream/channel, but not necessarily the currently-reconciling version.
 		Reason:  recommendedReasonRisksNotExposed,
 		Message: "The update is recommended, because none of the conditional update risks apply to this cluster.",
 	}
 
 	var errorMessages []string
-	for _, risk := range risks {
+	for i, risk := range risks {
+		riskCondition := metav1.Condition{
+			Type:               internal.ConditionalUpdateRiskConditionTypeApplies,
+			Status:             metav1.ConditionFalse,
+			LastTransitionTime: metav1.Now(),
+		}
 		if match, err := conditionRegistry.Match(ctx, risk.MatchingRules); err != nil {
+			msg := unknownExposureMessage(risk, err)
 			recommended.Status = newRecommendedStatus(recommended.Status, metav1.ConditionUnknown)
 			recommended.Reason = newRecommendedReason(recommended.Reason, recommendedReasonEvaluationFailed)
-			errorMessages = append(errorMessages, unknownExposureMessage(risk, err))
+			errorMessages = append(errorMessages, msg)
+			riskCondition.Status = metav1.ConditionUnknown
+			riskCondition.Reason = riskConditionReasonEvaluationFailed
+			riskCondition.Message = msg
 		} else if match {
-			recommended.Status = newRecommendedStatus(recommended.Status, metav1.ConditionFalse)
-			wantReason := recommendedReasonExposed
-			if reasonPattern.MatchString(risk.Name) {
-				wantReason = risk.Name
+			riskCondition.Status = metav1.ConditionTrue
+			riskCondition.Message = fmt.Sprintf("The matchingRules[%d] matches", i)
+			if shouldReconcileAcceptRisks() && acceptRisks.Has(risk.Name) {
+				klog.V(2).Infof("Risk with name %q is accepted by the cluster admin and thus not in the evaluation of conditional update", risk.Name)
+			} else {
+				recommended.Status = newRecommendedStatus(recommended.Status, metav1.ConditionFalse)
+				wantReason := recommendedReasonExposed
+				if reasonPattern.MatchString(risk.Name) {
+					wantReason = risk.Name
+				}
+				recommended.Reason = newRecommendedReason(recommended.Reason, wantReason)
+				errorMessages = append(errorMessages, fmt.Sprintf("%s %s", risk.Message, risk.URL))
 			}
-			recommended.Reason = newRecommendedReason(recommended.Reason, wantReason)
-			errorMessages = append(errorMessages, fmt.Sprintf("%s %s", risk.Message, risk.URL))
+		}
+		if riskConditions == nil {
+			riskConditions = map[string][]metav1.Condition{}
+		}
+		if _, ok := riskConditions[risk.Name]; !ok {
+			riskConditions[risk.Name] = []metav1.Condition{riskCondition}
 		}
 	}
 	if len(errorMessages) > 0 {

pkg/cvo/cvo.go

@@ -1091,3 +1091,12 @@ func (optr *Operator) shouldReconcileCVOConfiguration() bool {
 	// The relevant CRD and CR are not applied in HyperShift, which configures the CVO via a configuration file
 	return optr.enabledFeatureGates.CVOConfiguration() && !optr.hypershift
 }
+
+// shouldReconcileAcceptRisks returns whether the CVO should reconcile spec.desiredUpdate.acceptRisks and populate the
+// relevant fields in status.
+//
+// enabledFeatureGates must be initialized before the function is called.
+func (optr *Operator) shouldReconcileAcceptRisks() bool {
+	// HyperShift will be supported later if needed
+	return optr.enabledFeatureGates.AcceptRisks() && !optr.hypershift
+}

pkg/cvo/status.go

@@ -17,6 +17,7 @@ import (
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/apimachinery/pkg/util/validation/field"
 
 	configv1 "github.com/openshift/api/config/v1"
@@ -29,18 +30,14 @@ import (
 )
 
 const (
-	// ConditionalUpdateConditionTypeRecommended is a type of the condition present on a conditional update
-	// that indicates whether the conditional update is recommended or not
-	ConditionalUpdateConditionTypeRecommended = "Recommended"
-
 	// MaxHistory is the maximum size of ClusterVersion history. Once exceeded
 	// ClusterVersion history will be pruned. It is declared here and passed
 	// into the pruner function to allow easier testing.
 	MaxHistory = 100
 )
 
 func findRecommendedCondition(conditions []metav1.Condition) *metav1.Condition {
-	return meta.FindStatusCondition(conditions, ConditionalUpdateConditionTypeRecommended)
+	return meta.FindStatusCondition(conditions, internal.ConditionalUpdateConditionTypeRecommended)
 }
 
 func mergeEqualVersions(current *configv1.UpdateHistory, desired configv1.Release) bool {
@@ -180,7 +177,7 @@ func (optr *Operator) syncStatus(ctx context.Context, original, config *configv1
 		original = config.DeepCopy()
 	}
 
-	updateClusterVersionStatus(&config.Status, status, optr.release, optr.getAvailableUpdates, optr.enabledFeatureGates, validationErrs)
+	updateClusterVersionStatus(&config.Status, status, optr.release, optr.getAvailableUpdates, optr.enabledFeatureGates, validationErrs, optr.shouldReconcileAcceptRisks)
 
 	if klog.V(6).Enabled() {
 		klog.Infof("Apply config: %s", cmp.Diff(original, config))
@@ -191,9 +188,15 @@ func (optr *Operator) syncStatus(ctx context.Context, original, config *configv1
 }
 
 // updateClusterVersionStatus updates the passed cvStatus with the latest status information
-func updateClusterVersionStatus(cvStatus *configv1.ClusterVersionStatus, status *SyncWorkerStatus,
-	release configv1.Release, getAvailableUpdates func() *availableUpdates, enabledGates featuregates.CvoGateChecker,
-	validationErrs field.ErrorList) {
+func updateClusterVersionStatus(
+	cvStatus *configv1.ClusterVersionStatus,
+	status *SyncWorkerStatus,
+	release configv1.Release,
+	getAvailableUpdates func() *availableUpdates,
+	enabledGates featuregates.CvoGateChecker,
+	validationErrs field.ErrorList,
+	shouldReconcileAcceptRisks func() bool,
+) {
 
 	cvStatus.ObservedGeneration = status.Generation
 	if len(status.VersionHash) > 0 {
@@ -222,9 +225,22 @@ func updateClusterVersionStatus(cvStatus *configv1.ClusterVersionStatus, status
 		desired.Architecture = configv1.ClusterVersionArchitecture("")
 	}
 
+	var riskNamesForDesiredImage []string
+	if shouldReconcileAcceptRisks() {
+		cvStatus.ConditionalUpdates, riskNamesForDesiredImage = conditionalUpdateWithRiskNamesAndRiskConditions(cvStatus.ConditionalUpdates, getAvailableUpdates, desired.Image)
+		cvStatus.ConditionalUpdateRisks = conditionalUpdateRisks(cvStatus.ConditionalUpdates)
+	}
+
 	risksMsg := ""
 	if desired.Image == status.loadPayloadStatus.Update.Image {
 		risksMsg = status.loadPayloadStatus.AcceptedRisks
+		if shouldReconcileAcceptRisks() && len(riskNamesForDesiredImage) > 0 {
+			if risksMsg == "" {
+				risksMsg = fmt.Sprintf("The target release %s is exposed to the risks [%s] and accepted by CVO because either the risk is considered acceptable by the cluster admin or it does not apply to the cluster.", desired.Image, strings.Join(riskNamesForDesiredImage, ","))
+			} else {
+				risksMsg = fmt.Sprintf("%s; It is exposed to the risks [%s] and accepted by CVO because either the risk is considered acceptable by the cluster admin or it does not apply to the cluster.", risksMsg, strings.Join(riskNamesForDesiredImage, ","))
+			}
+		}
 	}
 
 	mergeOperatorHistory(cvStatus, desired, status.Verified, now, status.Completed > 0, risksMsg, status.loadPayloadStatus.Local)
@@ -402,6 +418,52 @@ func updateClusterVersionStatus(cvStatus *configv1.ClusterVersionStatus, status
 	}
 }
 
+func conditionalUpdateWithRiskNamesAndRiskConditions(conditionalUpdates []configv1.ConditionalUpdate, getAvailableUpdates func() *availableUpdates, desiredImage string) ([]configv1.ConditionalUpdate, []string) {
+	var result []configv1.ConditionalUpdate
+	var riskNamesForDesiredImage []string
+	riskConditions := getAvailableUpdates().RiskConditions
+	for _, conditionalUpdate := range conditionalUpdates {
+		if desiredImage == conditionalUpdate.Release.Image {
+			riskNamesForDesiredImage = conditionalUpdate.RiskNames
+		}
+		riskNames := sets.New[string]()
+		for _, risk := range conditionalUpdate.Risks {
+			riskNames.Insert(risk.Name)
+			riskTypesToRemove := sets.New[string]()
+			conditions := riskConditions[risk.Name]
+			for _, condition := range risk.Conditions {
+				if found := meta.FindStatusCondition(conditions, condition.Type); found == nil {
+					riskTypesToRemove.Insert(condition.Type)
+				}
+			}
+			for riskTypeToRemove := range riskTypesToRemove {
+				meta.RemoveStatusCondition(&risk.Conditions, riskTypeToRemove)
+			}
+			for _, condition := range conditions {
+				meta.SetStatusCondition(&risk.Conditions, condition)
+			}
+		}
+		conditionalUpdate.RiskNames = sets.List[string](riskNames)
+		result = append(result, conditionalUpdate)
+	}
+	return result, riskNamesForDesiredImage
+}
+
+func conditionalUpdateRisks(conditionalUpdates []configv1.ConditionalUpdate) []configv1.ConditionalUpdateRisk {
+	var result []configv1.ConditionalUpdateRisk
+	riskNames := sets.New[string]()
+	for _, conditionalUpdate := range conditionalUpdates {
+		for _, risk := range conditionalUpdate.Risks {
+			if riskNames.Has(risk.Name) {
+				continue
+			}
+			riskNames.Insert(risk.Name)
+			result = append(result, risk)
+		}
+	}
+	return result
+}
+
 // getReasonMessageFromError returns the reason and the message from an error.
 // If the reason or message is not available, an empty string is returned.
 func getReasonMessageFromError(err error) (reason, message string) {

pkg/featuregates/featuregates.go

@@ -35,6 +35,9 @@ type CvoGateChecker interface {
 	// CVOConfiguration controls whether the CVO reconciles the ClusterVersionOperator resource that corresponds
 	// to its configuration.
 	CVOConfiguration() bool
+
+	// AcceptRisks controls whether the CVO reconciles spec.desiredUpdate.acceptRisks.
+	AcceptRisks() bool
 }
 
 // CvoGates contains flags that control CVO functionality gated by product feature gates. The
@@ -49,6 +52,7 @@ type CvoGates struct {
 	unknownVersion            bool
 	statusReleaseArchitecture bool
 	cvoConfiguration          bool
+	acceptRisks               bool
 }
 
 func (c CvoGates) StatusReleaseArchitecture() bool {
@@ -63,13 +67,18 @@ func (c CvoGates) CVOConfiguration() bool {
 	return c.cvoConfiguration
 }
 
+func (c CvoGates) AcceptRisks() bool {
+	return c.acceptRisks
+}
+
 // DefaultCvoGates apply when actual features for given version are unknown
 func DefaultCvoGates(version string) CvoGates {
 	return CvoGates{
 		desiredVersion:            version,
 		unknownVersion:            true,
 		statusReleaseArchitecture: false,
 		cvoConfiguration:          false,
+		acceptRisks:               false,
 	}
 }
 
@@ -91,6 +100,8 @@ func CvoGatesFromFeatureGate(gate *configv1.FeatureGate, version string) CvoGate
 				enabledGates.statusReleaseArchitecture = true
 			case features.FeatureGateCVOConfiguration:
 				enabledGates.cvoConfiguration = true
+			case features.FeatureGateClusterUpdateAcceptRisks:
+				enabledGates.acceptRisks = true
 			}
 		}
 		for _, disabled := range g.Disabled {
@@ -99,6 +110,8 @@ func CvoGatesFromFeatureGate(gate *configv1.FeatureGate, version string) CvoGate
 				enabledGates.statusReleaseArchitecture = false
 			case features.FeatureGateCVOConfiguration:
 				enabledGates.cvoConfiguration = false
+			case features.FeatureGateClusterUpdateAcceptRisks:
+				enabledGates.acceptRisks = false
 			}
 		}
 	}

pkg/internal/constants.go

@@ -70,4 +70,12 @@ const (
 
 	// UpgradeableUpgradeInProgress is True if an update is in progress
 	UpgradeableUpgradeInProgress configv1.ClusterStatusConditionType = "UpgradeableUpgradeInProgress"
+
+	// ConditionalUpdateConditionTypeRecommended is a type of the condition present on a conditional update
+	// that indicates whether the conditional update is recommended or not
+	ConditionalUpdateConditionTypeRecommended = "Recommended"
+
+	// ConditionalUpdateRiskConditionTypeApplies is a type of the condition present on a conditional update risk
+	// that indicates whether the conditional update risk applies to the cluster
+	ConditionalUpdateRiskConditionTypeApplies = "Applies"
 )

pkg/payload/precondition/clusterversion/recommendedupdate.go

@@ -11,6 +11,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	"github.com/openshift/cluster-version-operator/lib/resourcemerge"
+	"github.com/openshift/cluster-version-operator/pkg/internal"
 	precondition "github.com/openshift/cluster-version-operator/pkg/payload/precondition"
 )
 
@@ -51,7 +52,7 @@ func (ru *RecommendedUpdate) Run(ctx context.Context, releaseContext preconditio
 	for _, conditionalUpdate := range clusterVersion.Status.ConditionalUpdates {
 		if conditionalUpdate.Release.Version == releaseContext.DesiredVersion {
 			for _, condition := range conditionalUpdate.Conditions {
-				if condition.Type == "Recommended" {
+				if condition.Type == internal.ConditionalUpdateConditionTypeRecommended {
 					switch condition.Status {
 					case metav1.ConditionTrue:
 						return nil