{"version":1,"nodes":[{"version":"4.19.6","payload":"quay.io/openshift-release-dev/ocp-release@sha256:02ec914b5380b9e4e048b830c9521e8d11f7f613d4ff3977147107770288a595","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"4.18.*|^4[.](18[.](1?[0-9]|2[0-1])|19[.][0-3])[+].*$|4[.]18[.].*|4[.]18[.].*|4[.]18[.].*","io.openshift.upgrades.graph.release.channels":"candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:02ec914b5380b9e4e048b830c9521e8d11f7f613d4ff3977147107770288a595","url":"https://access.redhat.com/errata/RHSA-2025:11673"}},{"version":"4.19.24","payload":"quay.io/openshift-release-dev/ocp-release@sha256:3ef832b8bb0d56331035ba54af36c36be46d6c6dc1a41e300055692f02bb001d","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"^4[.](18[.][0-9]*|19[.]([0-9]|1[0-7]))[+].*$|4[.]18[.].*","io.openshift.upgrades.graph.release.channels":"candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:3ef832b8bb0d56331035ba54af36c36be46d6c6dc1a41e300055692f02bb001d","url":"https://access.redhat.com/errata/RHSA-2026:2651"}},{"version":"4.20.1","payload":"quay.io/openshift-release-dev/ocp-release@sha256:cbde13fe6ed4db88796be201fbdb2bbb63df5763ae038a9eb20bc793d5740416","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"4[.]19[.].*|^4[.]19[.]([0-9]|1[0-7])[+].*$","io.openshift.upgrades.graph.release.channels":"candidate-4.20,eus-4.20,fast-4.20,stable-4.20,candidate-4.21,fast-4.21,stable-4.21,candidate-4.22,fast-4.22","io.openshift.upgrades.graph.release.manifestref":"sha256:cbde13fe6ed4db88796be201fbdb2bbb63df5763ae038a9eb20bc793d5740416","url":"https://access.redhat.com/errata/RHSA-2025:19003"}},{"version":"4.19.0","payload":"quay.io/openshift-release-dev/ocp-release@sha256:3482dbdce3a6fb2239684d217bba6fc87453eff3bdb72f5237be4beb22a2160b","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"4.18.*|^4[.]18[.]1[6-8][+].*$|^4[.]18[.](1[01]|[0-9])[+].*$|4.18[.].*|4.18[.].*|4[.]18[.].*|4[.]18[.].*|4[.]18[.].*|4[.]18[.].*|4[.]18[.].*","io.openshift.upgrades.graph.release.channels":"candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:3482dbdce3a6fb2239684d217bba6fc87453eff3bdb72f5237be4beb22a2160b","url":"https://access.redhat.com/errata/RHSA-2024:11038"}},{"version":"4.18.1","payload":"quay.io/openshift-release-dev/ocp-release@sha256:d9c985464c0315160971b3e79f5fbec628d403a572f7a6d893c04627c066c0bb","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":".*|4[.]17[.].*|4[.](17[.](1[01]|0-.*|[0-9])|18.0-(ec[.].*|rc[.][0-3]))|4[.]18[.]0-ec[.]4[+].*|^4[.](17[.]([0-9]|1[0-6]))[+].*$|4[.]17[.].*|4[.]17[.].*|4[.]17[.].*","io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:d9c985464c0315160971b3e79f5fbec628d403a572f7a6d893c04627c066c0bb","url":"https://access.redhat.com/errata/RHSA-2024:6122"}},{"version":"4.20.12","payload":"quay.io/openshift-release-dev/ocp-release@sha256:c9bae4933c711d664e15da5b98e6e057fda51697aef4f3ec8e932922aa969373","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"4[.]19[.].*|^4[.]19[.]([0-9]|1[0-7])[+].*$","io.openshift.upgrades.graph.release.channels":"candidate-4.20,eus-4.20,fast-4.20,stable-4.20,candidate-4.21,fast-4.21,stable-4.21,candidate-4.22,fast-4.22","io.openshift.upgrades.graph.release.manifestref":"sha256:c9bae4933c711d664e15da5b98e6e057fda51697aef4f3ec8e932922aa969373","url":"https://access.redhat.com/errata/RHSA-2026:1000"}},{"version":"4.19.28","payload":"quay.io/openshift-release-dev/ocp-release@sha256:b274766f7194a7dc825e335a54078790519c0dbe3431c029fd08dbba1c431855","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"4[.]18[.].*|.*","io.openshift.upgrades.graph.release.channels":"candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:b274766f7194a7dc825e335a54078790519c0dbe3431c029fd08dbba1c431855","url":"https://access.redhat.com/errata/RHSA-2026:7249"}},{"version":"4.18.20","payload":"quay.io/openshift-release-dev/ocp-release@sha256:5e06105a6ba80d04eb5d8d3f9a672fb743ce4710876d99a375c2d9f7b7eaa783","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"4[.]17[.].*|4[.]17[.].*","io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:5e06105a6ba80d04eb5d8d3f9a672fb743ce4710876d99a375c2d9f7b7eaa783","url":"https://access.redhat.com/errata/RHSA-2025:10767"}},{"version":"4.19.9","payload":"quay.io/openshift-release-dev/ocp-release@sha256:b6f3a6e7cab0bb6e2590f6e6612a3edec75e3b28d32a4e55325bdeeb7d836662","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"^4[.](18[.].*|19[.][0-6])[+].*$|^4[.](18[.](1?[0-9]|2[0-2])|19[.][0-8])[+].*$|^4[.](18[.](1?[0-9]|2[0-1])|19[.][0-3])[+].*$|4[.]18[.].*|^4[.](18[.]([0-9]|1[0-9]|2[0-1])|19[.][0-7])[+].*$|4[.]18[.].*","io.openshift.upgrades.graph.release.channels":"candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:b6f3a6e7cab0bb6e2590f6e6612a3edec75e3b28d32a4e55325bdeeb7d836662","url":"https://access.redhat.com/errata/RHSA-2025:13848"}},{"version":"4.18.34","payload":"quay.io/openshift-release-dev/ocp-release@sha256:14bd3c04daa885009785d48f4973e2890751a7ec116cc14d17627245cda54d7b","metadata":{"io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:14bd3c04daa885009785d48f4973e2890751a7ec116cc14d17627245cda54d7b","url":"https://access.redhat.com/errata/RHSA-2026:2977"}},{"version":"4.19.20","payload":"quay.io/openshift-release-dev/ocp-release@sha256:90a6c7e4e570bd1914578a2b5b6c9847a2b877c466e29c97e75f28de73228a3b","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"^4[.](18[.][0-9]*|19[.]([0-9]|1[0-7]))[+].*$|4[.]18[.].*|.*","io.openshift.upgrades.graph.release.channels":"candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:90a6c7e4e570bd1914578a2b5b6c9847a2b877c466e29c97e75f28de73228a3b","url":"https://access.redhat.com/errata/RHBA-2025:22278"}},{"version":"4.19.16","payload":"quay.io/openshift-release-dev/ocp-release@sha256:8f57c0a381695f49c15e4b337f0259a02de2cfa10be3882a6fb795c34217d212","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"^4[.](18[.](1?[0-9]|2[0-2])|19[.][0-8])[+].*$|4[.]18[.].*|^4[.](18[.][0-9]*|19[.]([0-9]|1[0-2]))[+].*$","io.openshift.upgrades.graph.release.channels":"candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:8f57c0a381695f49c15e4b337f0259a02de2cfa10be3882a6fb795c34217d212","url":"https://access.redhat.com/errata/RHBA-2025:17662"}},{"version":"4.20.19","payload":"quay.io/openshift-release-dev/ocp-release@sha256:e37bcdba07c7312607363ddf5a8e317e4b6952b1465704b38c9a081d095697be","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":".*","io.openshift.upgrades.graph.release.channels":"candidate-4.20,eus-4.20,fast-4.20,stable-4.20,candidate-4.21,fast-4.21,stable-4.21,candidate-4.22,fast-4.22","io.openshift.upgrades.graph.release.manifestref":"sha256:e37bcdba07c7312607363ddf5a8e317e4b6952b1465704b38c9a081d095697be","url":"https://access.redhat.com/errata/RHBA-2026:8430"}},{"version":"4.19.10","payload":"quay.io/openshift-release-dev/ocp-release@sha256:2f9145136fb387d43c7fff55b30a036c14eb96b0992c292274b6f543c6c33857","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"^4[.](18[.].*|19[.][0-6])[+].*$|^4[.](18[.](1?[0-9]|2[0-2])|19[.][0-8])[+].*$|^4[.](18[.](1?[0-9]|2[0-1])|19[.][0-3])[+].*$|4[.]18[.].*|^4[.](18[.]([0-9]|1[0-9]|2[0-1])|19[.][0-7])[+].*$","io.openshift.upgrades.graph.release.channels":"candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:2f9145136fb387d43c7fff55b30a036c14eb96b0992c292274b6f543c6c33857","url":"https://access.redhat.com/errata/RHBA-2025:14823"}},{"version":"4.20.20","payload":"quay.io/openshift-release-dev/ocp-release@sha256:f3d952e9a20de0c5db249c6c7771d6b71d4eaa9d269d5da8868e6652f6dbec0d","metadata":{"io.openshift.upgrades.graph.release.channels":"candidate-4.20,eus-4.20,fast-4.20,stable-4.20,candidate-4.21,fast-4.21,stable-4.21,candidate-4.22,fast-4.22","io.openshift.upgrades.graph.release.manifestref":"sha256:f3d952e9a20de0c5db249c6c7771d6b71d4eaa9d269d5da8868e6652f6dbec0d","url":"https://access.redhat.com/errata/RHBA-2026:12066"}},{"version":"4.18.21","payload":"quay.io/openshift-release-dev/ocp-release@sha256:9d1b107adad76f023493b8c2b74902639f66273cc120e255454ad447a9ef27d9","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"4[.]17[.].*|4[.]17[.].*","io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:9d1b107adad76f023493b8c2b74902639f66273cc120e255454ad447a9ef27d9","url":"https://access.redhat.com/errata/RHSA-2025:11677"}},{"version":"4.20.22","payload":"quay.io/openshift-release-dev/ocp-release@sha256:1b8a542fb7b17aa2999387caacf3b6601827a7fa7c630c9449964ac32d743caa","metadata":{"io.openshift.upgrades.graph.release.channels":"candidate-4.20,eus-4.20,fast-4.20,stable-4.20,candidate-4.21,fast-4.21,stable-4.21,candidate-4.22,fast-4.22","io.openshift.upgrades.graph.release.manifestref":"sha256:1b8a542fb7b17aa2999387caacf3b6601827a7fa7c630c9449964ac32d743caa","url":"https://access.redhat.com/errata/RHBA-2026:16163"}},{"version":"4.19.25","payload":"quay.io/openshift-release-dev/ocp-release@sha256:02dc35500ba334f341cccbd671471d0941417d135c958a357fb17de61c3ec743","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"^4[.](18[.][0-9]*|19[.]([0-9]|1[0-7]))[+].*$|4[.]18[.].*","io.openshift.upgrades.graph.release.channels":"candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:02dc35500ba334f341cccbd671471d0941417d135c958a357fb17de61c3ec743","url":"https://access.redhat.com/errata/RHBA-2026:3394"}},{"version":"4.20.21","payload":"quay.io/openshift-release-dev/ocp-release@sha256:54c81ab130a264829c9a3434df1005074cc9b2edc8e31ead40ac94faf3debf72","metadata":{"io.openshift.upgrades.graph.release.channels":"candidate-4.20,eus-4.20,fast-4.20,stable-4.20,candidate-4.21,fast-4.21,stable-4.21,candidate-4.22,fast-4.22","io.openshift.upgrades.graph.release.manifestref":"sha256:54c81ab130a264829c9a3434df1005074cc9b2edc8e31ead40ac94faf3debf72","url":"https://access.redhat.com/errata/RHBA-2026:13863"}},{"version":"4.18.35","payload":"quay.io/openshift-release-dev/ocp-release@sha256:59727c4b3fef19e5149675cf3350735bbfe2c6588a57654b2e4552dd719f58b1","metadata":{"io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:59727c4b3fef19e5149675cf3350735bbfe2c6588a57654b2e4552dd719f58b1","url":"https://access.redhat.com/errata/RHSA-2026:3905"}},{"version":"4.18.22","payload":"quay.io/openshift-release-dev/ocp-release@sha256:16078b671c7f5490a2136f2cd9a694d48bb38af1280ef9e2ae9ce28af075cca5","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":".*|^4[.](17[.].*|18[.](1?[0-9]|2[0-1]))[+].*$|^4[.](18[.]([0-9]|1[0-9]|2[0-1])|17[.](([0-9]|[1-2][0-9]|3[0-7])))[+].*$","io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:16078b671c7f5490a2136f2cd9a694d48bb38af1280ef9e2ae9ce28af075cca5","url":"https://access.redhat.com/errata/RHSA-2025:13325"}},{"version":"4.18.36","payload":"quay.io/openshift-release-dev/ocp-release@sha256:7486ca2ec3bce0ee41dd2c03d75e120b6f660929ea50240463937ae1c4b118f7","metadata":{"io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:7486ca2ec3bce0ee41dd2c03d75e120b6f660929ea50240463937ae1c4b118f7","url":"https://access.redhat.com/errata/RHSA-2026:5133"}},{"version":"4.19.15","payload":"quay.io/openshift-release-dev/ocp-release@sha256:d96bf58288bfe00d347707ba0b9fa5455ee0d506ae4dfe417518473197ee16ab","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"^4[.](18[.](1?[0-9]|2[0-2])|19[.][0-8])[+].*$|4[.]18[.].*|^4[.](18[.][0-9]*|19[.]([0-9]|1[0-2]))[+].*$|.*","io.openshift.upgrades.graph.release.channels":"candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:d96bf58288bfe00d347707ba0b9fa5455ee0d506ae4dfe417518473197ee16ab","url":"https://access.redhat.com/errata/RHBA-2025:17237"}},{"version":"4.20.13","payload":"quay.io/openshift-release-dev/ocp-release@sha256:280ffe256696c1b3699a5d0bc9c520b785a0c6acff0ed58073adbd206185c4b9","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"4[.]19[.].*|^4[.]19[.]([0-9]|1[0-7])[+].*$","io.openshift.upgrades.graph.release.channels":"candidate-4.20,eus-4.20,fast-4.20,stable-4.20,candidate-4.21,fast-4.21,stable-4.21,candidate-4.22,fast-4.22","io.openshift.upgrades.graph.release.manifestref":"sha256:280ffe256696c1b3699a5d0bc9c520b785a0c6acff0ed58073adbd206185c4b9","url":"https://access.redhat.com/errata/RHSA-2026:1555"}},{"version":"4.18.5","payload":"quay.io/openshift-release-dev/ocp-release@sha256:93879f84b3165c5b5bd1fdf4563a11155dc61ea35cd93e67dc61c2b66e11c8bb","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":".*|4[.]17[.].*|4[.](17[.](1[01]|0-.*|[0-9])|18.0-(ec[.].*|rc[.][0-3]))|^4[.](17[.]([0-9]|1[0-6]))[+].*$|4[.]17[.].*|4[.]17[.].*|4[.]17[.].*","io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:93879f84b3165c5b5bd1fdf4563a11155dc61ea35cd93e67dc61c2b66e11c8bb","url":"https://access.redhat.com/errata/RHSA-2025:2705"}},{"version":"4.20.11","payload":"quay.io/openshift-release-dev/ocp-release@sha256:bbe1ffd9b28cbe6814cb6cecef844733f38aba1a3d400b1bc5aff5865cfe665e","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"4[.]19[.].*|^4[.]19[.]([0-9]|1[0-7])[+].*$","io.openshift.upgrades.graph.release.channels":"candidate-4.20,eus-4.20,fast-4.20,stable-4.20,candidate-4.21,fast-4.21,stable-4.21,candidate-4.22,fast-4.22","io.openshift.upgrades.graph.release.manifestref":"sha256:bbe1ffd9b28cbe6814cb6cecef844733f38aba1a3d400b1bc5aff5865cfe665e","url":"https://access.redhat.com/errata/RHSA-2026:0663"}},{"version":"4.18.37","payload":"quay.io/openshift-release-dev/ocp-release@sha256:9b7068aa6f6087c2f0a7cefa241c5dbb0ede0efaad783607dff0da98cac432d2","metadata":{"io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:9b7068aa6f6087c2f0a7cefa241c5dbb0ede0efaad783607dff0da98cac432d2","url":"https://access.redhat.com/errata/RHSA-2026:6554"}},{"version":"4.20.23","payload":"quay.io/openshift-release-dev/ocp-release@sha256:4a03c010c9c554dc86066a7130002cc8c0bdd13da6207a7eab299f1013690dbd","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":".*","io.openshift.upgrades.graph.release.channels":"candidate-4.20,eus-4.20,fast-4.20,stable-4.20,candidate-4.21,fast-4.21,stable-4.21,candidate-4.22,fast-4.22","io.openshift.upgrades.graph.release.manifestref":"sha256:4a03c010c9c554dc86066a7130002cc8c0bdd13da6207a7eab299f1013690dbd","url":"https://access.redhat.com/errata/RHSA-2026:17468"}},{"version":"4.20.24","payload":"quay.io/openshift-release-dev/ocp-release@sha256:27c93d3b308e9c3694dd7e448d71f61e4e3c033ad8905031736bd1912c1f41fc","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":".*","io.openshift.upgrades.graph.release.channels":"candidate-4.20,eus-4.20,fast-4.20,stable-4.20,candidate-4.21,fast-4.21,stable-4.21,candidate-4.22,fast-4.22","io.openshift.upgrades.graph.release.manifestref":"sha256:27c93d3b308e9c3694dd7e448d71f61e4e3c033ad8905031736bd1912c1f41fc","url":"https://access.redhat.com/errata/RHSA-2026:21703"}},{"version":"4.18.6","payload":"quay.io/openshift-release-dev/ocp-release@sha256:61fdad894f035a8b192647c224faf565279518255bdbf60a91db4ee0479adaa6","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":".*|4[.]17[.].*|^4[.](17[.]([0-9]|1[0-6]))[+].*$|4[.]17[.].*|4[.]17[.].*|^4[.](17[.]([1]?[0-9]|2[0-1])|18[.][0-5])[+].*$|4[.]17[.].*","io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:61fdad894f035a8b192647c224faf565279518255bdbf60a91db4ee0479adaa6","url":"https://access.redhat.com/errata/RHSA-2025:3066"}},{"version":"4.18.23","payload":"quay.io/openshift-release-dev/ocp-release@sha256:0bf2e8c1edf16de717c330b94d85f6d463c7208956b0a545cbb3fcf715e14c38","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":".*|^4[.](17[.].*|18[.](1?[0-9]|2[0-2]))[+].*$|^4[.](17[.].*|18[.](1?[0-9]|2[0-1]))[+].*$|^4[.](18[.]([0-9]|1[0-9]|2[0-1])|17[.](([0-9]|[1-2][0-9]|3[0-7])))[+].*$","io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:0bf2e8c1edf16de717c330b94d85f6d463c7208956b0a545cbb3fcf715e14c38","url":"https://access.redhat.com/errata/RHSA-2025:14820"}},{"version":"4.18.4","payload":"quay.io/openshift-release-dev/ocp-release@sha256:61dffd292f6689a3381dd05f7845dcd5d27c099fce2f460aa03d760d535f81e6","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":".*|4[.]17[.].*|4[.](17[.](1[01]|0-.*|[0-9])|18.0-(ec[.].*|rc[.][0-3]))|^4[.](17[.]([0-9]|1[0-6]))[+].*$|4[.]17[.].*|4[.]17[.].*|4[.]17[.].*","io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:61dffd292f6689a3381dd05f7845dcd5d27c099fce2f460aa03d760d535f81e6","url":"https://access.redhat.com/errata/RHSA-2025:2449"}},{"version":"4.19.11","payload":"quay.io/openshift-release-dev/ocp-release@sha256:d28dff1fd2bbbf7e923d24da21c921c53b61089690fbbe9d4b03c847487c2b5f","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"^4[.](18[.].*|19[.][0-6])[+].*$|^4[.](18[.](1?[0-9]|2[0-2])|19[.][0-8])[+].*$|^4[.](18[.](1?[0-9]|2[0-1])|19[.][0-3])[+].*$|4[.]18[.].*|^4[.](18[.]([0-9]|1[0-9]|2[0-1])|19[.][0-7])[+].*$","io.openshift.upgrades.graph.release.channels":"candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:d28dff1fd2bbbf7e923d24da21c921c53b61089690fbbe9d4b03c847487c2b5f","url":"https://access.redhat.com/errata/RHBA-2025:15293"}},{"version":"4.19.21","payload":"quay.io/openshift-release-dev/ocp-release@sha256:7c2001c24aa550aa228cd2d0fc0b5d9ac6656cd4267cd7c156ec758d0687758e","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"^4[.](18[.][0-9]*|19[.]([0-9]|1[0-7]))[+].*$|4[.]18[.].*","io.openshift.upgrades.graph.release.channels":"candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:7c2001c24aa550aa228cd2d0fc0b5d9ac6656cd4267cd7c156ec758d0687758e","url":"https://access.redhat.com/errata/RHBA-2025:22786"}},{"version":"4.18.7","payload":"quay.io/openshift-release-dev/ocp-release@sha256:91037938dc2ebc2732e7baa6eb4192fa4376abab19f0f545848a87ab7c91931d","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"4[.]17[.].*|^4[.](17[.]([0-9]|1[0-6]))[+].*$|4[.]17[.].*|4[.]17[.].*|^4[.](17[.]([1]?[0-9]|2[0-1])|18[.][0-5])[+].*$|4[.]17[.].*","io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:91037938dc2ebc2732e7baa6eb4192fa4376abab19f0f545848a87ab7c91931d","url":"https://access.redhat.com/errata/RHBA-2025:3293"}},{"version":"4.20.14","payload":"quay.io/openshift-release-dev/ocp-release@sha256:682e85bfe8034924e596b281ed8fefe4451e6f6c5bac07b5ec300443eeb23566","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"^4[.]19[.]([0-9]|1[0-7])[+].*$","io.openshift.upgrades.graph.release.channels":"candidate-4.20,eus-4.20,fast-4.20,stable-4.20,candidate-4.21,fast-4.21,stable-4.21,candidate-4.22,fast-4.22","io.openshift.upgrades.graph.release.manifestref":"sha256:682e85bfe8034924e596b281ed8fefe4451e6f6c5bac07b5ec300443eeb23566","url":"https://access.redhat.com/errata/RHSA-2026:2119"}},{"version":"4.19.7","payload":"quay.io/openshift-release-dev/ocp-release@sha256:bd4cd954feebfe3a6b2847c20271e8f3ba21e99ac1e234db6ce4cf2207f8955a","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"4.18.*|^4[.](18[.].*|19[.][0-6])[+].*$|^4[.](18[.](1?[0-9]|2[0-1])|19[.][0-3])[+].*$|4[.]18[.].*|4[.]18[.].*|4[.]18[.].*","io.openshift.upgrades.graph.release.channels":"candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:bd4cd954feebfe3a6b2847c20271e8f3ba21e99ac1e234db6ce4cf2207f8955a","url":"https://access.redhat.com/errata/RHSA-2025:12341"}},{"version":"4.19.33","payload":"quay.io/openshift-release-dev/ocp-release@sha256:f7c8010c24807273c8b9e77064d4a7089c8fcf6585749d864b55b98176ba745f","metadata":{"io.openshift.upgrades.graph.release.channels":"candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:f7c8010c24807273c8b9e77064d4a7089c8fcf6585749d864b55b98176ba745f","url":"https://access.redhat.com/errata/RHSA-2026:23246"}},{"version":"4.19.29","payload":"quay.io/openshift-release-dev/ocp-release@sha256:4e97f1a9f5f5e751c7795ab6638723b064447106845f3d75d35b03a1a6c9488c","metadata":{"io.openshift.upgrades.graph.release.channels":"candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:4e97f1a9f5f5e751c7795ab6638723b064447106845f3d75d35b03a1a6c9488c","url":"https://access.redhat.com/errata/RHSA-2026:10093"}},{"version":"4.20.6","payload":"quay.io/openshift-release-dev/ocp-release@sha256:a29bcbc9f286d68b394ffa0288c5de7e487c90077c06cbaf7a4cadeb0398ce28","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"4[.]19[.].*|^4[.]19[.]([0-9]|1[0-7])[+].*$|.*","io.openshift.upgrades.graph.release.channels":"candidate-4.20,eus-4.20,fast-4.20,stable-4.20,candidate-4.21,fast-4.21,stable-4.21,candidate-4.22,fast-4.22","io.openshift.upgrades.graph.release.manifestref":"sha256:a29bcbc9f286d68b394ffa0288c5de7e487c90077c06cbaf7a4cadeb0398ce28","url":"https://access.redhat.com/errata/RHSA-2025:22257"}},{"version":"4.19.12","payload":"quay.io/openshift-release-dev/ocp-release@sha256:f0ca7c0e9ede6440119f3fd90abdd87e77cf99b7e68d6c1f95ec1872c62cbb17","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"^4[.](18[.].*|19[.][0-6])[+].*$|^4[.](18[.](1?[0-9]|2[0-2])|19[.][0-8])[+].*$|^4[.](18[.](1?[0-9]|2[0-1])|19[.][0-3])[+].*$|4[.]18[.].*|.*|^4[.](18[.]([0-9]|1[0-9]|2[0-1])|19[.][0-7])[+].*$|.*","io.openshift.upgrades.graph.release.channels":"candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:f0ca7c0e9ede6440119f3fd90abdd87e77cf99b7e68d6c1f95ec1872c62cbb17","url":"https://access.redhat.com/errata/RHBA-2025:15694"}},{"version":"4.18.38","payload":"quay.io/openshift-release-dev/ocp-release@sha256:deacb4132f024a8c364ab8589b7b3f391b887ca4ae92bd4b37df2efa5b1e2145","metadata":{"io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:deacb4132f024a8c364ab8589b7b3f391b887ca4ae92bd4b37df2efa5b1e2145","url":"https://access.redhat.com/errata/RHSA-2026:8448"}},{"version":"4.20.8","payload":"quay.io/openshift-release-dev/ocp-release@sha256:91606a5f04331ed3293f71034d4f480e38645560534805fe5a821e6b64a3f203","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"4[.]19[.].*|^4[.]19[.]([0-9]|1[0-7])[+].*$","io.openshift.upgrades.graph.release.channels":"candidate-4.20,eus-4.20,fast-4.20,stable-4.20,candidate-4.21,fast-4.21,stable-4.21,candidate-4.22,fast-4.22","io.openshift.upgrades.graph.release.manifestref":"sha256:91606a5f04331ed3293f71034d4f480e38645560534805fe5a821e6b64a3f203","url":"https://access.redhat.com/errata/RHBA-2025:23103"}},{"version":"4.18.39","payload":"quay.io/openshift-release-dev/ocp-release@sha256:7f01fc38ab2019240de14a093b1a603ed5817b5fffb4a8029325395b1d071175","metadata":{"io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:7f01fc38ab2019240de14a093b1a603ed5817b5fffb4a8029325395b1d071175","url":"https://access.redhat.com/errata/RHSA-2026:12118"}},{"version":"4.18.25","payload":"quay.io/openshift-release-dev/ocp-release@sha256:ba6f0f2eca65cd386a5109ddbbdb3bab9bb9801e32de56ef34f80e634a7787be","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"^4[.](17[.]([1-3]?[0-9])|18[.](1?[0-9]|2[0-3]))[+].*$|^4[.](17[.].*|18[.](1?[0-9]|2[0-2]))[+].*$","io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:ba6f0f2eca65cd386a5109ddbbdb3bab9bb9801e32de56ef34f80e634a7787be","url":"https://access.redhat.com/errata/RHBA-2025:16732"}},{"version":"4.19.18","payload":"quay.io/openshift-release-dev/ocp-release@sha256:3fb2c0faf6cc35dae23fd9fb4182c89df3e7c5272505652c7e6dced31c416daf","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"^4[.](18[.][0-9]*|19[.]([0-9]|1[0-7]))[+].*$|4[.]18[.].*|^4[.](18[.][0-9]*|19[.]([0-9]|1[0-2]))[+].*$|.*","io.openshift.upgrades.graph.release.channels":"candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:3fb2c0faf6cc35dae23fd9fb4182c89df3e7c5272505652c7e6dced31c416daf","url":"https://access.redhat.com/errata/RHBA-2025:19301"}},{"version":"4.18.24","payload":"quay.io/openshift-release-dev/ocp-release@sha256:2db093f063ad5310fa4e5ed2d2eda4bad5215c47092b72d1cfafbcfdbf1f4dd2","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"^4[.](17[.]([1-3]?[0-9])|18[.](1?[0-9]|2[0-3]))[+].*$|^4[.](17[.].*|18[.](1?[0-9]|2[0-2]))[+].*$|^4[.](17[.].*|18[.](1?[0-9]|2[0-1]))[+].*$|^4[.](18[.]([0-9]|1[0-9]|2[0-1])|17[.](([0-9]|[1-2][0-9]|3[0-7])))[+].*$","io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:2db093f063ad5310fa4e5ed2d2eda4bad5215c47092b72d1cfafbcfdbf1f4dd2","url":"https://access.redhat.com/errata/RHBA-2025:15714"}},{"version":"4.20.25","payload":"quay.io/openshift-release-dev/ocp-release@sha256:490002f6d1363683178f4b9999f52602588f3cb75a9267a190fdfdee06e2db7a","metadata":{"io.openshift.upgrades.graph.release.channels":"candidate-4.20,eus-4.20,fast-4.20,stable-4.20,candidate-4.21,fast-4.21,stable-4.21,candidate-4.22,fast-4.22","io.openshift.upgrades.graph.release.manifestref":"sha256:490002f6d1363683178f4b9999f52602588f3cb75a9267a190fdfdee06e2db7a","url":"https://access.redhat.com/errata/RHSA-2026:25194"}},{"version":"4.18.8","payload":"quay.io/openshift-release-dev/ocp-release@sha256:509888097ba7d3b4eeb5aac0586acff2ec13fff07004ac692e0dcf5cf4fe2690","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"4[.]17[.].*|^4[.](17[.]([0-9]|1[0-6]))[+].*$|4[.]17[.].*|4[.]17[.].*|^4[.](17[.]([1]?[0-9]|2[0-1])|18[.][0-5])[+].*$|4[.]17[.].*","io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:509888097ba7d3b4eeb5aac0586acff2ec13fff07004ac692e0dcf5cf4fe2690","url":"https://access.redhat.com/errata/RHSA-2025:3577"}},{"version":"4.18.26","payload":"quay.io/openshift-release-dev/ocp-release@sha256:dcd5fce7701d1e568ffb1065800a4aa34c911910400209224e702b951412171d","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"^4[.](17[.]([1-3]?[0-9])|18[.](1?[0-9]|2[0-3]))[+].*$|^4[.](17[.].*|18[.](1?[0-9]|2[0-2]))[+].*$","io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:dcd5fce7701d1e568ffb1065800a4aa34c911910400209224e702b951412171d","url":"https://access.redhat.com/errata/RHSA-2025:17657"}},{"version":"4.19.17","payload":"quay.io/openshift-release-dev/ocp-release@sha256:5c01281c55d75a1569440f91d2708125f14533c675b96d7be67b7a1badd759e5","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"4[.]18[.].*|^4[.](18[.][0-9]*|19[.]([0-9]|1[0-2]))[+].*$","io.openshift.upgrades.graph.release.channels":"candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:5c01281c55d75a1569440f91d2708125f14533c675b96d7be67b7a1badd759e5","url":"https://access.redhat.com/errata/RHSA-2025:18233"}},{"version":"4.19.30","payload":"quay.io/openshift-release-dev/ocp-release@sha256:7a772b30ed4234520e722cbdf2078d05254a7bc38735abc11f7019fb507deeda","metadata":{"io.openshift.upgrades.graph.release.channels":"candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:7a772b30ed4234520e722cbdf2078d05254a7bc38735abc11f7019fb507deeda","url":"https://access.redhat.com/errata/RHBA-2026:13720"}},{"version":"4.19.31","payload":"quay.io/openshift-release-dev/ocp-release@sha256:41d78bcdd63e491ea471eaec9b837ff49d39f4dd1189ffa6c6ed198f2689acd3","metadata":{"io.openshift.upgrades.graph.release.channels":"candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:41d78bcdd63e491ea471eaec9b837ff49d39f4dd1189ffa6c6ed198f2689acd3","url":"https://access.redhat.com/errata/RHBA-2026:16165"}},{"version":"4.18.27","payload":"quay.io/openshift-release-dev/ocp-release@sha256:4686c8d26194f890c2a241271d41a762d4be26af0be60e9cfd0c563f61b3beab","metadata":{"io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:4686c8d26194f890c2a241271d41a762d4be26af0be60e9cfd0c563f61b3beab","url":"https://access.redhat.com/errata/RHSA-2025:19047"}},{"version":"4.18.3","payload":"quay.io/openshift-release-dev/ocp-release@sha256:fdcb3da3a1086d664df31a1fa2a629c77780f844d458af956928cca297da343c","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":".*|4[.]17[.].*|4[.](17[.](1[01]|0-.*|[0-9])|18.0-(ec[.].*|rc[.][0-3]))|^4[.](17[.]([0-9]|1[0-6]))[+].*$|4[.]17[.].*|4[.]17[.].*|4[.]17[.].*","io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:fdcb3da3a1086d664df31a1fa2a629c77780f844d458af956928cca297da343c","url":"https://access.redhat.com/errata/RHBA-2025:2229"}},{"version":"4.18.10","payload":"quay.io/openshift-release-dev/ocp-release@sha256:be8bcea2ab176321a4e1e54caab4709f9024bc437e52ca5bc088e729367cd0cf","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"4[.]17[.].*|.*|^4[.](17[.]([0-9]|1[0-6]))[+].*$|4[.]17[.].*|^4[.](17[.]([1]?[0-9]|2[0-1])|18[.][0-5])[+].*$|4[.]17[.].*","io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:be8bcea2ab176321a4e1e54caab4709f9024bc437e52ca5bc088e729367cd0cf","url":"https://access.redhat.com/errata/RHSA-2025:4019"}},{"version":"4.20.15","payload":"quay.io/openshift-release-dev/ocp-release@sha256:a60fbe523d8ad802ab9bcbb4c505f5fe4467283fc748e4978fe9a3b280145d75","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"^4[.]19[.]([0-9]|1[0-7])[+].*$","io.openshift.upgrades.graph.release.channels":"candidate-4.20,eus-4.20,fast-4.20,stable-4.20,candidate-4.21,fast-4.21,stable-4.21,candidate-4.22,fast-4.22","io.openshift.upgrades.graph.release.manifestref":"sha256:a60fbe523d8ad802ab9bcbb4c505f5fe4467283fc748e4978fe9a3b280145d75","url":"https://access.redhat.com/errata/RHBA-2026:2987"}},{"version":"4.20.3","payload":"quay.io/openshift-release-dev/ocp-release@sha256:24da924c84a1dfa28525f85525356cf1ac4fbe23faec7c66d1890e0b3bcba7a0","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"4[.]19[.].*|^4[.]19[.]([0-9]|1[0-7])[+].*$","io.openshift.upgrades.graph.release.channels":"candidate-4.20,eus-4.20,fast-4.20,stable-4.20,candidate-4.21,fast-4.21,stable-4.21,candidate-4.22,fast-4.22","io.openshift.upgrades.graph.release.manifestref":"sha256:24da924c84a1dfa28525f85525356cf1ac4fbe23faec7c66d1890e0b3bcba7a0","url":"https://access.redhat.com/errata/RHSA-2025:19890"}},{"version":"4.19.5","payload":"quay.io/openshift-release-dev/ocp-release@sha256:bc79be35e8b8a3719a3e16c91b64e5945c6c4ff1a9c9d0816339f14e2b004385","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"4.18.*|^4[.](18[.](1?[0-9]|2[0-1])|19[.][0-3])[+].*$|4[.]18[.].*|4[.]18[.].*|4[.]18[.].*","io.openshift.upgrades.graph.release.channels":"candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:bc79be35e8b8a3719a3e16c91b64e5945c6c4ff1a9c9d0816339f14e2b004385","url":"https://access.redhat.com/errata/RHSA-2025:11363"}},{"version":"4.18.11","payload":"quay.io/openshift-release-dev/ocp-release@sha256:b3c76706606940d84964095aaab1a8ed4eca0d1bd6833b4eb718115842ef6850","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"4[.]17[.].*|.*|^4[.](17[.]([0-9]|1[0-6]))[+].*$|4[.]17[.].*|^4[.](17[.]([1]?[0-9]|2[0-1])|18[.][0-5])[+].*$|4[.]17[.].*","io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:b3c76706606940d84964095aaab1a8ed4eca0d1bd6833b4eb718115842ef6850","url":"https://access.redhat.com/errata/RHSA-2025:4211"}},{"version":"4.18.40","payload":"quay.io/openshift-release-dev/ocp-release@sha256:b2e85618a5a68065589d092f1894e1327e30615333ec315039aadb7908266ad4","metadata":{"io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:b2e85618a5a68065589d092f1894e1327e30615333ec315039aadb7908266ad4","url":"https://access.redhat.com/errata/RHSA-2026:13736"}},{"version":"4.19.26","payload":"quay.io/openshift-release-dev/ocp-release@sha256:64d312cc715ccb58e44b7ed0a7a1a24ad407b72be2cb865512f9bf8ff7578524","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"4[.]18[.].*","io.openshift.upgrades.graph.release.channels":"candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:64d312cc715ccb58e44b7ed0a7a1a24ad407b72be2cb865512f9bf8ff7578524","url":"https://access.redhat.com/errata/RHSA-2026:4434"}},{"version":"4.18.28","payload":"quay.io/openshift-release-dev/ocp-release@sha256:98c80d92a2ef8d44ee625b229b77b7bfdb1b06cbfe0d4df9e2ca2cba904467f7","metadata":{"io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:98c80d92a2ef8d44ee625b229b77b7bfdb1b06cbfe0d4df9e2ca2cba904467f7","url":"https://access.redhat.com/errata/RHBA-2025:19865"}},{"version":"4.19.13","payload":"quay.io/openshift-release-dev/ocp-release@sha256:b221339d28377e7654ecfa76debf7cd11eccc4e45516cca393df6a5ca4dbc736","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"^4[.](18[.].*|19[.][0-6])[+].*$|^4[.](18[.](1?[0-9]|2[0-2])|19[.][0-8])[+].*$|^4[.](18[.](1?[0-9]|2[0-1])|19[.][0-3])[+].*$|4[.]18[.].*|.*|^4[.](18[.]([0-9]|1[0-9]|2[0-1])|19[.][0-7])[+].*$|^4[.](18[.][0-9]*|19[.]([0-9]|1[0-2]))[+].*$|.*","io.openshift.upgrades.graph.release.channels":"candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:b221339d28377e7654ecfa76debf7cd11eccc4e45516cca393df6a5ca4dbc736","url":"https://access.redhat.com/errata/RHBA-2025:16148"}},{"version":"4.18.9","payload":"quay.io/openshift-release-dev/ocp-release@sha256:720f89718effd16de7d77e5533c9608f1845295a2e00dfff543d0cf9aa09b2a0","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"4[.]17[.].*|^4[.](17[.]([0-9]|1[0-6]))[+].*$|4[.]17[.].*|^4[.](17[.]([1]?[0-9]|2[0-1])|18[.][0-5])[+].*$|4[.]17[.].*","io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:720f89718effd16de7d77e5533c9608f1845295a2e00dfff543d0cf9aa09b2a0","url":"https://access.redhat.com/errata/RHSA-2025:3775"}},{"version":"4.18.29","payload":"quay.io/openshift-release-dev/ocp-release@sha256:8c885ea0b3c5124989f0a9b93eba98eb9fca6bbd0262772d85d90bf713a4d572","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":".*","io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:8c885ea0b3c5124989f0a9b93eba98eb9fca6bbd0262772d85d90bf713a4d572","url":"https://access.redhat.com/errata/RHBA-2025:21797"}},{"version":"4.18.12","payload":"quay.io/openshift-release-dev/ocp-release@sha256:31e8978d1f7a24c3e70dcc12c93dd5e73311b78e528f73beb020ddbe3270e07d","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"^4[.](17[.](2[0-8]|[1]?[0-9])|18[.](1[01]|[0-9]))[+].*$|4[.]17[.].*|^4[.](17[.]([0-9]|1[0-6]))[+].*$|4[.]17[.].*|^4[.](17[.]([1]?[0-9]|2[0-1])|18[.][0-5])[+].*$|4[.]17[.].*","io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:31e8978d1f7a24c3e70dcc12c93dd5e73311b78e528f73beb020ddbe3270e07d","url":"https://access.redhat.com/errata/RHSA-2025:4427"}},{"version":"4.20.4","payload":"quay.io/openshift-release-dev/ocp-release@sha256:5b87a665045cdfe0a1b271024be936a0c46de17b25a112d6a136c5af89d861c4","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"4[.]19[.].*|^4[.]19[.]([0-9]|1[0-7])[+].*$|.*","io.openshift.upgrades.graph.release.channels":"candidate-4.20,eus-4.20,fast-4.20,stable-4.20,candidate-4.21,fast-4.21,stable-4.21,candidate-4.22,fast-4.22","io.openshift.upgrades.graph.release.manifestref":"sha256:5b87a665045cdfe0a1b271024be936a0c46de17b25a112d6a136c5af89d861c4","url":"https://access.redhat.com/errata/RHBA-2025:21228"}},{"version":"4.18.41","payload":"quay.io/openshift-release-dev/ocp-release@sha256:c8e3c1e17e36ddcc788ce9cba8d5b7c506c0f913f576049c387039244571f2bd","metadata":{"io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:c8e3c1e17e36ddcc788ce9cba8d5b7c506c0f913f576049c387039244571f2bd","url":"https://access.redhat.com/errata/RHBA-2026:16164"}},{"version":"4.19.22","payload":"quay.io/openshift-release-dev/ocp-release@sha256:e4377ba202c97eccba15c3a428cd4e532a02d5420d5b8918cdd3284404abb1ba","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"^4[.](18[.][0-9]*|19[.]([0-9]|1[0-7]))[+].*$|4[.]18[.].*","io.openshift.upgrades.graph.release.channels":"candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:e4377ba202c97eccba15c3a428cd4e532a02d5420d5b8918cdd3284404abb1ba","url":"https://access.redhat.com/errata/RHBA-2026:0682"}},{"version":"4.18.2","payload":"quay.io/openshift-release-dev/ocp-release@sha256:46f9db00dac167897378825ea5f3cce0867743ac90498bbb61b0816daedd0d00","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":".*|4[.]17[.].*|4[.](17[.](1[01]|0-.*|[0-9])|18.0-(ec[.].*|rc[.][0-3]))|^4[.](17[.]([0-9]|1[0-6]))[+].*$|4[.]17[.].*|4[.]17[.].*|4[.]17[.].*","io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:46f9db00dac167897378825ea5f3cce0867743ac90498bbb61b0816daedd0d00","url":"https://access.redhat.com/errata/RHBA-2025:1904"}},{"version":"4.20.17","payload":"quay.io/openshift-release-dev/ocp-release@sha256:e0e62ca0bf43f7e9c18551fb8907c882c60cfa0c76392d3a8115a628da02d693","metadata":{"io.openshift.upgrades.graph.release.channels":"candidate-4.20,eus-4.20,fast-4.20,stable-4.20,candidate-4.21,fast-4.21,stable-4.21,candidate-4.22,fast-4.22","io.openshift.upgrades.graph.release.manifestref":"sha256:e0e62ca0bf43f7e9c18551fb8907c882c60cfa0c76392d3a8115a628da02d693","url":"https://access.redhat.com/errata/RHSA-2026:5142"}},{"version":"4.18.13","payload":"quay.io/openshift-release-dev/ocp-release@sha256:a93c65b0f9de1d2e29641fbeebc07178733db1cacc7bde178033d7b9183540bc","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"^4[.](17[.](2[0-8]|[1]?[0-9])|18[.](1[01]|[0-9]))[+].*$|^4[.](17[.]([0-9]|1[0-6]))[+].*$|4[.]17[.].*|^4[.](17[.]([1]?[0-9]|2[0-1])|18[.][0-5])[+].*$|4[.]17[.].*","io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:a93c65b0f9de1d2e29641fbeebc07178733db1cacc7bde178033d7b9183540bc","url":"https://access.redhat.com/errata/RHSA-2025:4712"}},{"version":"4.19.34","payload":"quay.io/openshift-release-dev/ocp-release@sha256:12ba901e472743bd79695772e65a451ac80ac29200cc06076471c42ed0956675","metadata":{"io.openshift.upgrades.graph.release.channels":"candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:12ba901e472743bd79695772e65a451ac80ac29200cc06076471c42ed0956675","url":"https://access.redhat.com/errata/RHSA-2026:25201"}},{"version":"4.19.19","payload":"quay.io/openshift-release-dev/ocp-release@sha256:dedfa946ff3535dfe5b3f682306d533f00aa07cbe237d6df472dfb6fb88f5bb4","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"^4[.](18[.][0-9]*|19[.]([0-9]|1[0-7]))[+].*$|4[.]18[.].*|.*","io.openshift.upgrades.graph.release.channels":"candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:dedfa946ff3535dfe5b3f682306d533f00aa07cbe237d6df472dfb6fb88f5bb4","url":"https://access.redhat.com/errata/RHBA-2025:21363"}},{"version":"4.20.16","payload":"quay.io/openshift-release-dev/ocp-release@sha256:5e2fb7977a82237e497443e2bb53fd1c196e083fc5095294699399b61ce02746","metadata":{"io.openshift.upgrades.graph.release.channels":"candidate-4.20,eus-4.20,fast-4.20,stable-4.20,candidate-4.21,fast-4.21,stable-4.21,candidate-4.22,fast-4.22","io.openshift.upgrades.graph.release.manifestref":"sha256:5e2fb7977a82237e497443e2bb53fd1c196e083fc5095294699399b61ce02746","url":"https://access.redhat.com/errata/RHSA-2026:3855"}},{"version":"4.19.23","payload":"quay.io/openshift-release-dev/ocp-release@sha256:7bf7c5dabc70518b89130ff7cfe62d14a61ed800adb418359bd9dcaa17b50206","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"^4[.](18[.][0-9]*|19[.]([0-9]|1[0-7]))[+].*$|4[.]18[.].*","io.openshift.upgrades.graph.release.channels":"candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:7bf7c5dabc70518b89130ff7cfe62d14a61ed800adb418359bd9dcaa17b50206","url":"https://access.redhat.com/errata/RHSA-2026:1552"}},{"version":"4.18.43","payload":"quay.io/openshift-release-dev/ocp-release@sha256:27eafee2d15ebe7d66cf14aeefbb79f91512669ecee1facf3ee5f06019dca651","metadata":{"io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:27eafee2d15ebe7d66cf14aeefbb79f91512669ecee1facf3ee5f06019dca651","url":"https://access.redhat.com/errata/RHSA-2026:21657"}},{"version":"4.18.14","payload":"quay.io/openshift-release-dev/ocp-release@sha256:78c0475ba249e03b0ed5b3d3cca619020a2996fb75efb9e7b5a2d5972fbdac7c","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"^4[.](17[.](2[0-8]|[1]?[0-9])|18[.](1[01]|[0-9]))[+].*$|^4[.](17[.]([0-9]|1[0-6]))[+].*$|4[.]17[.].*|^4[.](17[.]([1]?[0-9]|2[0-1])|18[.][0-5])[+].*$|4[.]17[.].*","io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:78c0475ba249e03b0ed5b3d3cca619020a2996fb75efb9e7b5a2d5972fbdac7c","url":"https://access.redhat.com/errata/RHSA-2025:7863"}},{"version":"4.18.30","payload":"quay.io/openshift-release-dev/ocp-release@sha256:349912ef80ff71bdb591b36d8b3eca9df2446fa2497af08058d1777b8e0cf3ca","metadata":{"io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:349912ef80ff71bdb591b36d8b3eca9df2446fa2497af08058d1777b8e0cf3ca","url":"https://access.redhat.com/errata/RHBA-2025:22696"}},{"version":"4.20.0","payload":"quay.io/openshift-release-dev/ocp-release@sha256:d1dc76522d1e235b97675b28e977cb8c452f47d39c0eb519cde02114925f91d2","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"4[.]19[.].*|^4[.]19[.]([0-9]|1[0-7])[+].*$|4[.]19[.]1[67][+].*","io.openshift.upgrades.graph.release.channels":"candidate-4.20,eus-4.20,fast-4.20,stable-4.20,candidate-4.21,fast-4.21,stable-4.21,candidate-4.22,fast-4.22","io.openshift.upgrades.graph.release.manifestref":"sha256:d1dc76522d1e235b97675b28e977cb8c452f47d39c0eb519cde02114925f91d2","url":"https://access.redhat.com/errata/RHSA-2025:9562"}},{"version":"4.19.14","payload":"quay.io/openshift-release-dev/ocp-release@sha256:f8e21e76897b3f9b8a76a07b5a9426ba8def9b2e56b18d8b40ad65931b8bbf78","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"^4[.](18[.](1?[0-9]|2[0-2])|19[.][0-8])[+].*$|4[.]18[.].*|^4[.](18[.][0-9]*|19[.]([0-9]|1[0-2]))[+].*$|.*","io.openshift.upgrades.graph.release.channels":"candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:f8e21e76897b3f9b8a76a07b5a9426ba8def9b2e56b18d8b40ad65931b8bbf78","url":"https://access.redhat.com/errata/RHBA-2025:16693"}},{"version":"4.18.42","payload":"quay.io/openshift-release-dev/ocp-release@sha256:6d06289d04fe358bc23dcadb3bfdc46b3aaadf2d189a0fecbf3e521bd740378a","metadata":{"io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:6d06289d04fe358bc23dcadb3bfdc46b3aaadf2d189a0fecbf3e521bd740378a","url":"https://access.redhat.com/errata/RHSA-2026:17448"}},{"version":"4.19.3","payload":"quay.io/openshift-release-dev/ocp-release@sha256:0b44c4b526b4743e744cb989c6fc768fdfd9ac9abffc8f43a014bb90b7bf522d","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"4.18.*|^4[.]18[.]1[6-8][+].*$|4.18[.].*|4.18[.].*|4[.]18[.].*|4[.]18[.].*|4[.]18[.].*|4[.]18[.].*","io.openshift.upgrades.graph.release.channels":"candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:0b44c4b526b4743e744cb989c6fc768fdfd9ac9abffc8f43a014bb90b7bf522d","url":"https://access.redhat.com/errata/RHBA-2025:10290"}},{"version":"4.18.16","payload":"quay.io/openshift-release-dev/ocp-release@sha256:0dac222584991f89a123d85e8c3055f0056e5876fc209b8d4bea7a59e7504d59","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"^4[.](17[.](2[0-8]|[1]?[0-9])|18[.](1[01]|[0-9]))[+].*$|4[.]17[.].*|^4[.](17[.]([1]?[0-9]|2[0-1])|18[.][0-5])[+].*$|4[.]17[.].*","io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:0dac222584991f89a123d85e8c3055f0056e5876fc209b8d4bea7a59e7504d59","url":"https://access.redhat.com/errata/RHSA-2025:8284"}},{"version":"4.19.27","payload":"quay.io/openshift-release-dev/ocp-release@sha256:67559510d25d5024c374d67104b99d88f83746f615fa8232ae778d9e7fec14f8","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"4[.]18[.].*|.*","io.openshift.upgrades.graph.release.channels":"candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:67559510d25d5024c374d67104b99d88f83746f615fa8232ae778d9e7fec14f8","url":"https://access.redhat.com/errata/RHSA-2026:5878"}},{"version":"4.18.31","payload":"quay.io/openshift-release-dev/ocp-release@sha256:64e8c4cbd3199beb1ebb8d6a208cb81fdfe62f4e52d7586033f534d35f981244","metadata":{"io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:64e8c4cbd3199beb1ebb8d6a208cb81fdfe62f4e52d7586033f534d35f981244","url":"https://access.redhat.com/errata/RHSA-2026:338"}},{"version":"4.20.10","payload":"quay.io/openshift-release-dev/ocp-release@sha256:2d228e6d0b5a5ef2d7eb40bc171ad44f06b990d7adb678914e5d9d047e72568d","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"4[.]19[.].*|^4[.]19[.]([0-9]|1[0-7])[+].*$","io.openshift.upgrades.graph.release.channels":"candidate-4.20,eus-4.20,fast-4.20,stable-4.20,candidate-4.21,fast-4.21,stable-4.21,candidate-4.22,fast-4.22","io.openshift.upgrades.graph.release.manifestref":"sha256:2d228e6d0b5a5ef2d7eb40bc171ad44f06b990d7adb678914e5d9d047e72568d","url":"https://access.redhat.com/errata/RHBA-2026:370"}},{"version":"4.19.2","payload":"quay.io/openshift-release-dev/ocp-release@sha256:1293f5ccad2a2776241344faecaf7320f60ee91882df4e24b309f3a7cefc04be","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"4.18.*|^4[.]18[.]1[6-8][+].*$|4.18[.].*|4.18[.].*|4[.]18[.].*|4[.]18[.].*|4[.]18[.].*|4[.]18[.].*|4[.]18[.].*","io.openshift.upgrades.graph.release.channels":"candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:1293f5ccad2a2776241344faecaf7320f60ee91882df4e24b309f3a7cefc04be","url":"https://access.redhat.com/errata/RHSA-2025:9750"}},{"version":"4.18.44","payload":"quay.io/openshift-release-dev/ocp-release@sha256:2a7a95814b1b307813552472d18ef7aee7930748f707d730c4e816bdced1dac9","metadata":{"io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:2a7a95814b1b307813552472d18ef7aee7930748f707d730c4e816bdced1dac9","url":"https://access.redhat.com/errata/RHSA-2026:25182"}},{"version":"4.18.17","payload":"quay.io/openshift-release-dev/ocp-release@sha256:9d24a8cdd67b8f18c99547d5910e4863e7aab5bd888e26670a00dbda0a9d4687","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"^4[.](17[.](2[0-8]|[1]?[0-9])|18[.](1[01]|[0-9]))[+].*$|4[.]17[.].*|4[.]17[.].*","io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:9d24a8cdd67b8f18c99547d5910e4863e7aab5bd888e26670a00dbda0a9d4687","url":"https://access.redhat.com/errata/RHSA-2025:8560"}},{"version":"4.18.15","payload":"quay.io/openshift-release-dev/ocp-release@sha256:0ebcecebc52a63285669ed74f0e591865b702de34c0a488cbba02dfb53d71cbe","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"^4[.](17[.](2[0-8]|[1]?[0-9])|18[.](1[01]|[0-9]))[+].*$|^4[.](17[.]([0-9]|1[0-6]))[+].*$|4[.]17[.].*|^4[.](17[.]([1]?[0-9]|2[0-1])|18[.][0-5])[+].*$|4[.]17[.].*","io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:0ebcecebc52a63285669ed74f0e591865b702de34c0a488cbba02dfb53d71cbe","url":"https://access.redhat.com/errata/RHBA-2025:8104"}},{"version":"4.18.18","payload":"quay.io/openshift-release-dev/ocp-release@sha256:eca2e3f7de2bd92b18f69547c8f0ad842fdb83f0821f76b8692f2716a86b0bde","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"4[.]17[.].*|4[.]17[.].*","io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:eca2e3f7de2bd92b18f69547c8f0ad842fdb83f0821f76b8692f2716a86b0bde","url":"https://access.redhat.com/errata/RHSA-2025:9269"}},{"version":"4.20.2","payload":"quay.io/openshift-release-dev/ocp-release@sha256:0e232879e27fb821eeb1d0e34f9bd8f85e28533836e59cc7fee96fcc9f3851cd","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"4[.]19[.].*|^4[.]19[.]([0-9]|1[0-7])[+].*$","io.openshift.upgrades.graph.release.channels":"candidate-4.20,eus-4.20,fast-4.20,stable-4.20,candidate-4.21,fast-4.21,stable-4.21,candidate-4.22,fast-4.22","io.openshift.upgrades.graph.release.manifestref":"sha256:0e232879e27fb821eeb1d0e34f9bd8f85e28533836e59cc7fee96fcc9f3851cd","url":"https://access.redhat.com/errata/RHSA-2025:19296"}},{"version":"4.19.32","payload":"quay.io/openshift-release-dev/ocp-release@sha256:1bd5ad0745f446a798a4038e4d04cf651213f71bc4e76dd9349f5c6968135f9b","metadata":{"io.openshift.upgrades.graph.release.channels":"candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:1bd5ad0745f446a798a4038e4d04cf651213f71bc4e76dd9349f5c6968135f9b","url":"https://access.redhat.com/errata/RHSA-2026:20041"}},{"version":"4.19.1","payload":"quay.io/openshift-release-dev/ocp-release@sha256:4d7f10e383deb0c5402f871bf66ebdcad6bb670cb3cf1668bfec5166c56f3196","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"4.18.*|^4[.]18[.]1[6-8][+].*$|4.18[.].*|4.18[.].*|4[.]18[.].*|4[.]18[.].*|4[.]18[.].*|4[.]18[.].*|4[.]18[.].*","io.openshift.upgrades.graph.release.channels":"candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:4d7f10e383deb0c5402f871bf66ebdcad6bb670cb3cf1668bfec5166c56f3196","url":"https://access.redhat.com/errata/RHSA-2025:9278"}},{"version":"4.18.19","payload":"quay.io/openshift-release-dev/ocp-release@sha256:e6d80b9ab85b17b47e90cb8de1b9ad0e3fe457780148629d329d532ef902d222","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"4[.]17[.].*|4[.]17[.].*","io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:e6d80b9ab85b17b47e90cb8de1b9ad0e3fe457780148629d329d532ef902d222","url":"https://access.redhat.com/errata/RHSA-2025:9725"}},{"version":"4.18.32","payload":"quay.io/openshift-release-dev/ocp-release@sha256:6177c447b98c36a42fd45fa2ba413da73d14d0a7ad3aecfa977554f5ae9583cc","metadata":{"io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:6177c447b98c36a42fd45fa2ba413da73d14d0a7ad3aecfa977554f5ae9583cc","url":"https://access.redhat.com/errata/RHSA-2026:1062"}},{"version":"4.20.18","payload":"quay.io/openshift-release-dev/ocp-release@sha256:2dab927fd20984e247301b2483083b71f942a1f550f5d8a1db42897edc042e39","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":".*","io.openshift.upgrades.graph.release.channels":"candidate-4.20,eus-4.20,fast-4.20,stable-4.20,candidate-4.21,fast-4.21,stable-4.21,candidate-4.22,fast-4.22","io.openshift.upgrades.graph.release.manifestref":"sha256:2dab927fd20984e247301b2483083b71f942a1f550f5d8a1db42897edc042e39","url":"https://access.redhat.com/errata/RHSA-2026:6564"}},{"version":"4.20.5","payload":"quay.io/openshift-release-dev/ocp-release@sha256:c1568bf00f149d16b4cbe5cd8aedf3bef110c1460a91f81688aca8e338806a2c","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"4[.]19[.].*|^4[.]19[.]([0-9]|1[0-7])[+].*$|.*","io.openshift.upgrades.graph.release.channels":"candidate-4.20,eus-4.20,fast-4.20,stable-4.20,candidate-4.21,fast-4.21,stable-4.21,candidate-4.22,fast-4.22","io.openshift.upgrades.graph.release.manifestref":"sha256:c1568bf00f149d16b4cbe5cd8aedf3bef110c1460a91f81688aca8e338806a2c","url":"https://access.redhat.com/errata/RHBA-2025:21811"}},{"version":"4.18.33","payload":"quay.io/openshift-release-dev/ocp-release@sha256:40bb7cf7c637bf9efd8fb0157839d325a019d67cc7d7279665fcf90dbb7f3f33","metadata":{"io.openshift.upgrades.graph.release.channels":"candidate-4.18,eus-4.18,fast-4.18,stable-4.18,candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:40bb7cf7c637bf9efd8fb0157839d325a019d67cc7d7279665fcf90dbb7f3f33","url":"https://access.redhat.com/errata/RHSA-2026:2078"}},{"version":"4.19.4","payload":"quay.io/openshift-release-dev/ocp-release@sha256:8153a8c010b292c0c4ca7d8b4ca13ebeb634d449982c66568764511c736281b8","metadata":{"io.openshift.upgrades.graph.previous.remove_regex":"4.18.*|4.18[.].*|^4[.](18[.](1?[0-9]|2[0-1])|19[.][0-3])[+].*$|4[.]18[.].*|4[.]18[.].*|4[.]18[.].*|4[.]18[.].*","io.openshift.upgrades.graph.release.channels":"candidate-4.19,fast-4.19,stable-4.19,candidate-4.20,eus-4.20,fast-4.20,stable-4.20","io.openshift.upgrades.graph.release.manifestref":"sha256:8153a8c010b292c0c4ca7d8b4ca13ebeb634d449982c66568764511c736281b8","url":"https://access.redhat.com/errata/RHSA-2025:10771"}}],"edges":[[41,73],[76,94],[20,86],[96,100],[28,47],[38,14],[90,97],[58,61],[80,5],[81,50],[10,47],[41,60],[20,68],[86,26],[86,43],[61,47],[69,35],[4,15],[8,52],[44,62],[45,52],[63,73],[21,68],[65,60],[24,60],[9,68],[35,18],[15,21],[93,57],[91,82],[64,100],[3,94],[61,37],[68,77],[79,26],[68,82],[21,94],[66,100],[49,21],[34,77],[12,47],[46,43],[48,9],[55,15],[34,21],[2,87],[26,52],[6,16],[99,47],[92,82],[2,5],[93,42],[67,56],[90,9],[78,97],[40,73],[44,51],[25,5],[11,52],[72,41],[44,68],[25,16],[39,75],[71,18],[32,52],[79,19],[91,26],[63,52],[34,9],[19,68],[7,89],[22,94],[34,100],[40,94],[90,7],[49,43],[7,82],[79,52],[49,60],[78,26],[96,15],[41,94],[2,47],[55,9],[91,97],[96,21],[29,92],[76,18],[84,9],[62,26],[48,89],[42,75],[74,33],[55,68],[30,89],[7,37],[96,43],[46,82],[79,37],[72,15],[67,47],[50,47],[24,96],[100,19],[53,52],[99,75],[30,100],[45,56],[12,16],[5,23],[97,100],[92,89],[16,47],[15,89],[78,7],[93,56],[54,41],[70,92],[5,71],[59,26],[30,77],[70,9],[95,83],[53,86],[31,79],[39,5],[44,86],[49,86],[0,52],[32,38],[96,53],[45,33],[86,68],[6,14],[66,26],[66,19],[21,73],[85,94],[56,16],[66,9],[17,38],[64,79],[65,97],[69,37],[46,97],[36,52],[63,61],[101,0],[38,37],[4,92],[90,79],[72,19],[19,52],[90,43],[86,97],[30,52],[65,100],[72,21],[90,26],[72,7],[13,52],[31,62],[33,71],[2,75],[91,53],[83,38],[1,61],[35,56],[39,71],[57,75],[70,97],[97,73],[2,57],[31,41],[4,96],[24,82],[34,43],[29,100],[92,19],[15,19],[34,92],[30,41],[88,94],[75,14],[76,35],[93,5],[100,38],[3,61],[75,47],[58,37],[53,38],[83,94],[13,32],[84,100],[66,96],[90,53],[97,19],[53,9],[55,19],[44,49],[92,62],[100,94],[70,21],[10,18],[35,14],[50,75],[97,37],[19,82],[53,19],[30,94],[91,100],[19,89],[93,35],[53,97],[15,94],[79,82],[24,86],[97,60],[80,23],[46,94],[7,60],[74,94],[15,43],[15,68],[87,47],[37,47],[91,79],[60,82],[67,14],[22,75],[60,94],[48,41],[69,14],[4,77],[84,53],[5,16],[15,97],[34,79],[74,52],[51,37],[96,19],[62,97],[1,94],[72,89],[65,38],[34,15],[15,9],[7,38],[88,51],[99,23],[78,96],[34,89],[64,89],[46,62],[48,100],[63,94],[36,51],[11,75],[94,47],[87,35],[31,68],[36,94],[10,17],[17,14],[92,9],[64,60],[94,37],[80,14],[10,1],[12,18],[13,61],[42,25],[1,52],[66,15],[80,87],[49,79],[51,18],[53,77],[49,41],[43,77],[20,19],[38,18],[81,37],[42,35],[65,89],[54,100],[43,52],[29,97],[31,100],[59,7],[38,73],[21,77],[79,38],[33,35],[59,21],[76,37],[85,18],[70,60],[95,37],[101,73],[84,21],[90,82],[17,16],[22,47],[96,94],[48,62],[64,19],[78,68],[0,61],[54,97],[54,82],[62,94],[79,51],[55,43],[44,97],[62,37],[59,68],[67,35],[70,15],[0,73],[74,35],[77,37],[70,68],[4,97],[49,53],[34,96],[91,7],[54,21],[1,75],[95,61],[56,18],[14,16],[20,9],[82,73],[4,68],[49,52],[90,19],[96,38],[25,71],[78,41],[86,73],[86,94],[33,51],[60,73],[88,38],[40,61],[4,43],[24,41],[26,73],[90,92],[29,34],[84,96],[84,60],[34,19],[20,77],[20,89],[10,35],[22,50],[33,17],[60,52],[24,77],[2,14],[8,38],[79,41],[86,89],[7,15],[101,37],[23,47],[4,9],[36,38],[52,73],[45,71],[61,51],[52,16],[29,68],[7,68],[96,51],[15,41],[84,82],[9,38],[92,68],[4,7],[4,21],[0,38],[93,25],[51,52],[71,14],[96,86],[53,60],[33,14],[15,53],[53,41],[91,77],[58,94],[70,53],[3,73],[8,61],[53,51],[72,96],[55,79],[15,51],[70,77],[97,94],[25,56],[30,73],[97,51],[39,47],[11,50],[49,26],[4,82],[59,79],[79,86],[88,52],[100,9],[74,38],[9,82],[46,52],[87,14],[23,18],[24,62],[55,82],[100,21],[62,68],[33,73],[31,7],[20,21],[39,56],[62,82],[45,35],[20,82],[21,38],[49,38],[63,50],[55,26],[91,92],[78,43],[62,38],[76,75],[84,77],[97,9],[96,60],[48,86],[44,82],[50,73],[19,94],[70,100],[79,94],[85,16],[99,5],[44,43],[2,18],[19,21],[69,18],[9,60],[100,77],[24,100],[74,1],[9,19],[10,16],[15,100],[64,41],[97,26],[32,94],[65,19],[79,77],[29,96],[55,77],[29,15],[51,94],[54,26],[78,53],[17,37],[66,78],[29,19],[17,47],[91,9],[70,89],[23,14],[69,1],[9,21],[67,16],[91,41],[44,89],[49,82],[1,73],[31,92],[8,94],[48,21],[74,14],[22,71],[76,56],[78,79],[87,75],[62,51],[17,71],[100,73],[59,100],[44,73],[58,38],[46,21],[22,61],[100,26],[76,1],[96,77],[92,60],[50,94],[49,94],[15,37],[24,68],[33,1],[34,97],[41,89],[100,37],[45,14],[4,86],[65,94],[52,47],[2,42],[34,7],[59,9],[8,37],[6,37],[24,89],[20,43],[21,60],[72,82],[26,51],[23,71],[44,77],[20,60],[65,68],[46,37],[30,21],[84,15],[83,61],[10,14],[91,90],[74,37],[74,47],[78,62],[41,43],[70,96],[86,82],[46,51],[79,60],[62,19],[87,23],[26,68],[84,7],[82,94],[67,18],[85,47],[68,73],[72,79],[53,94],[36,73],[55,7],[72,91],[53,21],[42,56],[7,97],[41,82],[60,77],[62,60],[4,41],[46,86],[19,77],[76,52],[30,43],[45,37],[5,14],[92,43],[4,26],[42,18],[50,16],[90,68],[48,43],[26,77],[45,69],[7,26],[76,61],[93,47],[19,26],[17,18],[65,73],[29,64],[46,38],[4,60],[66,90],[36,61],[69,75],[48,64],[78,15],[58,51],[56,71],[66,21],[98,18],[96,73],[72,9],[78,92],[74,16],[93,18],[100,41],[72,62],[49,68],[57,16],[31,26],[81,73],[68,89],[68,52],[23,56],[45,51],[3,37],[34,26],[69,52],[6,94],[87,56],[43,89],[55,41],[78,89],[26,37],[79,97],[21,52],[53,73],[59,60],[78,77],[10,71],[29,77],[7,43],[93,23],[48,15],[41,68],[15,52],[83,37],[15,77],[31,21],[41,38],[61,18],[99,25],[5,47],[56,75],[24,9],[34,82],[35,75],[20,51],[29,79],[7,77],[25,75],[69,51],[30,38],[61,73],[69,47],[29,82],[76,51],[2,16],[1,17],[51,47],[22,18],[73,47],[50,52],[6,52],[66,43],[34,64],[26,43],[96,79],[1,47],[55,100],[95,73],[17,61],[85,73],[34,53],[62,41],[7,51],[99,18],[1,51],[56,14],[9,77],[24,15],[78,90],[46,68],[86,9],[84,89],[59,15],[15,26],[49,73],[22,14],[9,37],[10,52],[54,92],[61,94],[54,7],[70,26],[59,19],[49,62],[93,75],[76,14],[25,18],[13,37],[11,61],[86,21],[48,79],[86,52],[54,96],[26,60],[29,26],[29,89],[57,56],[50,61],[72,26],[78,19],[80,18],[54,89],[29,41],[59,97],[5,56],[92,77],[91,62],[90,62],[50,71],[48,77],[87,5],[92,86],[7,73],[46,77],[97,68],[48,68],[80,56],[78,82],[64,86],[100,43],[48,7],[39,25],[30,26],[34,68],[29,86],[81,61],[91,84],[7,79],[62,43],[44,52],[10,94],[44,79],[27,47],[33,37],[80,57],[13,73],[81,52],[82,37],[65,21],[99,14],[33,52],[31,97],[87,25],[66,53],[54,9],[15,82],[84,90],[95,88],[21,89],[82,77],[24,7],[62,77],[95,52],[101,58],[19,41],[99,56],[10,38],[64,92],[80,75],[70,43],[80,35],[42,23],[33,76],[96,62],[87,71],[86,19],[88,83],[74,76],[65,79],[90,21],[24,79],[97,89],[75,16],[45,76],[9,73],[46,19],[17,94],[96,82],[48,96],[54,62],[52,37],[91,21],[33,16],[2,56],[24,92],[99,16],[46,41],[91,19],[93,16],[97,38],[19,51],[49,89],[2,25],[100,68],[66,72],[60,37],[74,56],[20,41],[1,71],[10,76],[92,96],[60,89],[9,52],[19,43],[70,62],[46,44],[58,73],[25,14],[19,38],[96,52],[39,42],[91,96],[18,16],[74,75],[1,38],[55,92],[98,14],[30,62],[45,73],[97,77],[39,18],[43,94],[33,18],[31,19],[22,16],[46,73],[74,73],[92,15],[53,79],[84,79],[99,71],[10,56],[72,97],[80,16],[33,47],[90,96],[69,61],[92,100],[67,5],[96,26],[44,60],[23,35],[65,9],[31,77],[77,73],[74,61],[10,33],[38,16],[33,94],[50,37],[44,53],[79,21],[50,51],[91,68],[63,11],[7,19],[21,26],[33,56],[80,2],[101,61],[57,23],[90,89],[62,100],[31,60],[35,16],[15,73],[20,97],[41,77],[2,23],[31,43],[84,26],[45,61],[44,9],[69,73],[62,73],[78,86],[25,35],[81,11],[11,94],[66,7],[64,21],[75,71],[34,86],[87,16],[70,82],[62,52],[2,71],[9,41],[84,19],[11,14],[59,96],[21,43],[20,73],[59,86],[33,61],[4,53],[84,62],[86,77],[76,16],[14,47],[30,60],[57,71],[48,97],[29,21],[54,19],[101,38],[96,89],[92,41],[92,53],[98,16],[13,38],[34,48],[71,16],[24,21],[21,41],[93,14],[26,41],[70,79],[66,77],[79,68],[3,83],[42,87],[22,51],[42,47],[15,38],[30,19],[24,43],[64,7],[41,51],[37,73],[46,53],[45,17],[35,71],[96,7],[96,9],[31,82],[78,100],[46,60],[44,19],[59,62],[10,61],[66,41],[101,51],[11,38],[101,94],[95,51],[64,15],[65,51],[50,14],[72,60],[72,90],[74,51],[40,37],[80,42],[55,97],[13,94],[57,18],[67,25],[80,71],[6,73],[74,17],[86,38],[74,71],[52,94],[35,47],[55,53],[31,86],[48,60],[30,53],[53,37],[8,73],[78,9],[11,18],[8,32],[39,16],[30,86],[67,42],[99,35],[65,86],[66,89],[1,14],[86,100],[15,60],[22,37],[3,95],[33,38],[84,68],[49,100],[7,62],[10,51],[39,87],[11,51],[30,37],[57,42],[23,16],[44,41],[24,53],[48,82],[100,82],[11,47],[25,23],[17,52],[62,89],[34,60],[74,69],[84,43],[48,26],[48,53],[38,51],[93,71],[32,61],[65,37],[46,9],[7,52],[63,38],[59,77],[92,7],[3,88],[53,89],[79,9],[6,38],[61,52],[3,38],[44,21],[24,97],[54,15],[40,52],[21,37],[54,79],[9,43],[10,75],[45,47],[88,61],[39,14],[49,97],[15,86],[4,100],[48,92],[20,94],[51,73],[11,37],[67,23],[22,11],[49,51],[97,52],[78,91],[17,51],[78,21],[30,68],[2,35],[84,97],[66,60],[45,1],[33,75],[55,86],[39,35],[76,47],[10,69],[43,37],[7,86],[84,41],[96,37],[48,19],[14,18],[0,94],[50,38],[61,71],[90,77],[97,41],[67,87],[81,51],[20,52],[20,53],[23,75],[30,79],[72,78],[63,37],[30,82],[59,41],[65,43],[44,100],[49,37],[55,60],[22,52],[100,60],[45,16],[72,53],[29,9],[26,82],[62,79],[70,19],[10,73],[79,73],[29,53],[31,89],[30,9],[64,77],[7,94],[22,73],[70,41],[92,97],[19,73],[30,51],[64,43],[90,86],[7,100],[53,100],[60,68],[65,52],[79,43],[20,100],[7,41],[26,38],[65,41],[86,41],[82,89],[43,60],[54,86],[11,73],[61,38],[66,86],[80,25],[20,26],[3,52],[53,62],[90,41],[72,84],[51,16],[41,52],[72,43],[34,41],[11,71],[69,16],[5,75],[9,26],[74,18],[50,18],[92,21],[101,52],[66,92],[100,51],[42,71],[20,62],[64,97],[49,9],[65,82],[45,18],[6,47],[66,62],[59,53],[43,73],[29,43],[15,62],[1,16],[66,68],[83,52],[69,71],[46,79],[68,37],[0,37],[24,19],[76,17],[64,62],[81,94],[34,62],[57,14],[31,53],[66,97],[20,37],[92,26],[66,91],[85,51],[66,79],[85,37],[21,82],[69,17],[45,94],[69,94],[26,94],[69,38],[72,86],[75,18],[31,9],[94,73],[55,62],[76,73],[21,51],[45,38],[61,14],[5,18],[91,60],[33,69],[24,26],[76,38],[70,7],[97,21],[53,82],[85,38],[65,77],[46,100],[84,86],[99,87],[63,51],[4,19],[18,47],[90,15],[4,62],[29,48],[80,93],[78,60],[77,89],[10,37],[62,21],[54,77],[88,73],[8,51],[4,79],[71,47],[29,7],[46,49],[39,23],[1,37],[38,52],[32,73],[55,96],[57,5],[7,21],[95,94],[96,97],[57,87],[40,51],[91,43],[42,16],[67,75],[20,38],[9,89],[91,15],[40,38],[57,47],[4,89],[2,93],[31,96],[64,53],[78,84],[20,79],[45,75],[79,89],[6,18],[54,53],[81,38],[53,43],[6,51],[49,19],[59,92],[42,5],[26,89],[90,60],[31,15],[42,14],[8,13],[32,37],[29,60],[99,42],[43,68],[53,26],[58,0],[38,94],[54,68],[62,86],[80,47],[86,51],[44,37],[97,43],[83,73],[49,77],[3,51],[59,82],[91,86],[85,14],[19,60],[44,38],[86,60],[79,100],[86,37],[7,53],[44,94],[59,43],[13,51],[22,38],[70,86],[61,16],[46,26],[100,52],[98,47],[84,92],[55,21],[76,71],[72,77],[7,9],[29,62],[64,9],[66,84],[54,60],[90,100],[65,26],[17,73],[89,73],[1,18],[100,89],[97,82],[30,97],[72,92],[96,68],[9,51],[36,37],[72,100],[43,82],[25,47],[69,76],[66,82],[96,41],[41,37],[62,9],[1,56],[64,68],[64,26],[87,18],[11,16],[67,71],[44,26],[53,68],[59,89],[88,37],[68,94],[91,89],[56,47],[69,56],[19,37],[12,14],[64,96],[83,51],[9,94],[38,47],[72,68],[55,89],[5,35],[15,79],[57,25],[58,52],[92,79],[93,87],[32,51],[57,35],[64,82],[0,51],[46,89],[95,38],[54,43],[85,52]],"conditionalEdges":[{"edges":[{"from":"4.18.1","to":"4.18.24"},{"from":"4.18.15","to":"4.18.24"},{"from":"4.18.12","to":"4.18.24"},{"from":"4.18.17","to":"4.18.24"},{"from":"4.18.20","to":"4.18.24"},{"from":"4.18.2","to":"4.18.24"},{"from":"4.18.10","to":"4.18.24"},{"from":"4.18.18","to":"4.18.24"},{"from":"4.18.21","to":"4.18.24"},{"from":"4.18.7","to":"4.18.24"},{"from":"4.18.13","to":"4.18.24"},{"from":"4.18.6","to":"4.18.24"},{"from":"4.18.11","to":"4.18.24"},{"from":"4.18.19","to":"4.18.24"},{"from":"4.18.3","to":"4.18.24"},{"from":"4.18.14","to":"4.18.24"},{"from":"4.18.5","to":"4.18.24"},{"from":"4.18.4","to":"4.18.24"},{"from":"4.18.9","to":"4.18.24"},{"from":"4.18.8","to":"4.18.24"},{"from":"4.18.16","to":"4.18.24"}],"risks":[{"url":"https://issues.redhat.com/browse/COS-3700","name":"ContinuousNodeRebootingDueToKernelPanic","message":"OCP nodes get rebooted continuously due to kernel panic by loading of third party modules.","matchingRules":[{"type":"Always"}]},{"url":"https://issues.redhat.com/browse/OTA-1705","name":"HyperShiftClusterVersionOperatorMetrics","message":"Hosted/HyperShift clusters in exposed releases will fail to scrape cluster-version operator metrics.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/CNTRLPLANE-1407","name":"HyperShiftProxyScheme","message":"Hosted/HyperShift clusters where HostedCluster has a configured proxy needed for IDP or ingress canary probes may lose the ability to login.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6419","name":"NMStateServiceFailure","message":"The NMState service can fail on baremetal cluster nodes, causing node scaleups and re-deployment failures.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=~\"None|BareMetal\"})\n  or\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal\"})\n)\n"}}]}]},{"edges":[{"from":"4.18.20","to":"4.19.16"},{"from":"4.18.19","to":"4.19.16"},{"from":"4.18.21","to":"4.19.16"},{"from":"4.18.22","to":"4.19.16"}],"risks":[{"url":"https://issues.redhat.com/browse/OTA-1705","name":"HyperShiftClusterVersionOperatorMetrics","message":"Hosted/HyperShift clusters in exposed releases will fail to scrape cluster-version operator metrics.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6196","name":"IPsecLargeClusterConnectivity","message":"Large clusters with enabled IPsec might experience intermittent loss of pod-to-pod connectivity. This prevents some pods on certain nodes from reaching services on other nodes, resulting in connection timeouts.","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"enabled\", \"\", \"\") == 1)\n  or on (_id)\n  0 * group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"disabled\", \"\", \"\") == 0)\n) and on (_id) (\n  group by (resource) (max_over_time(apiserver_storage_objects{_id=\"\",resource=\"nodes\"}[1h]) > 120)\n)\nor on (_id)\n0 * group(max_over_time(apiserver_storage_objects{_id=\"\"}[1h]))\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6483","name":"NetworkManagerOVNBridgeMapping","message":"On some clusters, the NetworkManager may delete ovs-ports on RHCOS updates, breaking Kubernetes access to those Nodes and wedging the update into the exposed release.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=~\"None|BareMetal|OpenStack|VSphere\"})\n  or on (_id)\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal|OpenStack|VSphere\"})\n)\n* on (_id) group_left (name)\n(\n  group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"\", name=\"ovn.bridge-mappings\"} > 0)\n  or on (_id)\n  0 * group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"\", name=\"ovn.bridge-mappings\"})\n  or on (_id)\n  group by (_id, name) (csv_succeeded{_id=\"\", name=~\"kubevirt-hyperconverged-operator[.].*\"})\n  or on (_id)\n  0 * label_replace(group by (_id) (csv_succeeded{_id=\"\"}), \"name\", \"hyperconverged operator not installed\", \"\", \"\")\n  or on (_id)\n  0 * label_replace(group by (_id) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal|OpenStack|VSphere\"}), \"name\", \"not sure about hyperconverged or ovn.bridge-mappings, but the whole platform is safe\", \"\", \"\")\n)\n"}}]}]},{"edges":[{"from":"4.19.13","to":"4.19.18"},{"from":"4.19.17","to":"4.19.18"},{"from":"4.19.14","to":"4.19.18"},{"from":"4.19.15","to":"4.19.18"},{"from":"4.19.16","to":"4.19.18"}],"risks":[{"url":"https://issues.redhat.com/browse/CNTRLPLANE-2254","name":"HyperShiftRedundantRouter","message":"Hosted/HyperShift clusters on bare metal or KubeVirt may fail to complete the update. This affects clusters where the HostedCluster has services (e.g., OAuthServer, Ignition) configured with 'servicePublishingStrategy.type: Route' and a route.hostname that is a subdomain of the management cluster's .apps domain.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/COS-3765","name":"SCOSBootImage","message":"The coreos-bootimages ConfigMap in the openshift-machine-config-operator Namespace thrashes between RHCOS and SCOS content.","matchingRules":[{"type":"Always"}]}]},{"edges":[{"from":"4.18.20","to":"4.19.7"},{"from":"4.18.21","to":"4.19.7"},{"from":"4.18.19","to":"4.19.7"}],"risks":[{"url":"https://access.redhat.com/solutions/7128495","name":"AROMissingInternalLBSAN","message":"ARO clusters on 4.19 experience issues creating new Machines due to missing the Internal LB SAN in the certificate provisioned by MCO. See https://issues.redhat.com/browse/OCPBUGS-59780","matchingRules":[{"type":"PromQL","promql":{"promql":"group(cluster_operator_conditions{_id=\"\",name=\"aro\"})\nor\n0 * group(cluster_operator_conditions{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/CONSOLE-4762","name":"ConsoleCrashOnMissingPlugin","message":"If a Console Operator configuration resource references a plugin name for which there is no corresponding ConsolePlugin resource, the Console may crashloop after the cluster is updated to an affected version.","matchingRules":[{"type":"Always"}]},{"url":"https://issues.redhat.com/browse/CNTRLPLANE-1407","name":"HyperShiftProxyScheme","message":"Hosted/HyperShift clusters where HostedCluster has a configured proxy needed for IDP or ingress canary probes may lose the ability to login.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6196","name":"IPsecLargeClusterConnectivity","message":"Large clusters with enabled IPsec might experience intermittent loss of pod-to-pod connectivity. This prevents some pods on certain nodes from reaching services on other nodes, resulting in connection timeouts.","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"enabled\", \"\", \"\") == 1)\n  or on (_id)\n  0 * group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"disabled\", \"\", \"\") == 0)\n) and on (_id) (\n  group by (resource) (max_over_time(apiserver_storage_objects{_id=\"\",resource=\"nodes\"}[1h]) > 120)\n)\nor on (_id)\n0 * group(max_over_time(apiserver_storage_objects{_id=\"\"}[1h]))\n"}}]},{"url":"https://issues.redhat.com/browse/MCO-1834","name":"InvalidArchitectureValueOfMachinesetsAnnotation","message":"Degrade machine-config cluster operator blocks the cluster update if a GCP or AWS cluster has machinesets with \nmultiple labels embedded within their \"capacity.cluster-autoscaler.kubernetes.io/labels\" annotation.\n","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (type) (cluster_infrastructure_provider{_id=\"\",type=\"AWS|GCP\"})\n  or\n  0 * group by (type) (cluster_infrastructure_provider{_id=\"\"})\n)\n"}}]},{"url":"https://issues.redhat.com/browse/OCPCLOUD-3052","name":"NoCloudConfConfigMap","message":"Upgrade to 4.19 will complete due to an absent cloud-conf ConfigMap in AWS clusters born in 4.13 or earlier.","matchingRules":[{"type":"PromQL","promql":{"promql":"bottomk by (_id) (1,\n  0 * group by (_id, namespace, configmap) (kube_configmap_info{_id=\"\",namespace=\"openshift-cloud-controller-manager\",configmap=\"cloud-conf\"})\n  or\n  group by (_id, namespace, configmap) (kube_configmap_info{_id=\"\",namespace=\"openshift-cloud-controller-manager\"})\n)\n* on (_id) group_left (type)\ntopk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=\"AWS\"})\n  or\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!=\"AWS\"})\n)\n"}}]}]},{"edges":[{"from":"4.19.6","to":"4.19.13"},{"from":"4.19.4","to":"4.19.13"},{"from":"4.19.5","to":"4.19.13"}],"risks":[{"url":"https://issues.redhat.com/browse/CONSOLE-4762","name":"ConsoleCrashOnMissingPlugin","message":"If a Console Operator configuration resource references a plugin name for which there is no corresponding ConsolePlugin resource, the Console may crashloop after the cluster is updated to an affected version.","matchingRules":[{"type":"Always"}]},{"url":"https://issues.redhat.com/browse/OTA-1705","name":"HyperShiftClusterVersionOperatorMetrics","message":"Hosted/HyperShift clusters in exposed releases will fail to scrape cluster-version operator metrics.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/MCO-1890","name":"MachineConfigNodesV1AlphaControlPlaneLabels","message":"Standalone clusters born in 4.11 or earlier whose control-plane nodes lack the control-plane role may need that role added to update to the target release.","matchingRules":[{"type":"PromQL","promql":{"promql":"0 * group by (role) (kube_node_role{_id=\"\",role=\"control-plane\"})\nor on ()\n1 * group by (role) (kube_node_role{_id=\"\",role=\"master\"})\nor on ()\n0 * topk(1, count by (role) (kube_node_role{_id=\"\"}))\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6419","name":"NMStateServiceFailure","message":"The NMState service can fail on baremetal cluster nodes, causing node scaleups and re-deployment failures.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=~\"None|BareMetal\"})\n  or\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal\"})\n)\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6483","name":"NetworkManagerOVNBridgeMapping","message":"On some clusters, the NetworkManager may delete ovs-ports on RHCOS updates, breaking Kubernetes access to those Nodes and wedging the update into the exposed release.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=~\"None|BareMetal|OpenStack|VSphere\"})\n  or on (_id)\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal|OpenStack|VSphere\"})\n)\n* on (_id) group_left (name)\n(\n  group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"\", name=\"ovn.bridge-mappings\"} > 0)\n  or on (_id)\n  0 * group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"\", name=\"ovn.bridge-mappings\"})\n  or on (_id)\n  group by (_id, name) (csv_succeeded{_id=\"\", name=~\"kubevirt-hyperconverged-operator[.].*\"})\n  or on (_id)\n  0 * label_replace(group by (_id) (csv_succeeded{_id=\"\"}), \"name\", \"hyperconverged operator not installed\", \"\", \"\")\n  or on (_id)\n  0 * label_replace(group by (_id) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal|OpenStack|VSphere\"}), \"name\", \"not sure about hyperconverged or ovn.bridge-mappings, but the whole platform is safe\", \"\", \"\")\n)\n"}}]},{"url":"https://issues.redhat.com/browse/MCO-1896","name":"OSUpdateFailureDueToImagePullPolicy","message":"Clusters with restrictive image policies may struggle with OS updates when the OS image is already on the local disk.","matchingRules":[{"type":"PromQL","promql":{"promql":"0 * group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\ngroup by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]}]},{"edges":[{"from":"4.18.2","to":"4.18.3"},{"from":"4.18.1","to":"4.18.2"},{"from":"4.18.1","to":"4.18.5"},{"from":"4.18.2","to":"4.18.4"},{"from":"4.18.1","to":"4.18.3"},{"from":"4.18.3","to":"4.18.5"},{"from":"4.18.4","to":"4.18.5"},{"from":"4.18.2","to":"4.18.5"},{"from":"4.18.1","to":"4.18.4"},{"from":"4.18.3","to":"4.18.4"}],"risks":[{"url":"https://issues.redhat.com/browse/OCPNODE-3074","name":"CRIOLayerCompressionPulls","message":"The CRI-O container runtime may fail to pull images with certain layer compression characteristics","matchingRules":[{"type":"Always"}]}]},{"edges":[{"from":"4.20.14","to":"4.20.23"},{"from":"4.19.28","to":"4.20.24"},{"from":"4.19.31","to":"4.20.23"},{"from":"4.19.24","to":"4.20.23"},{"from":"4.19.19","to":"4.20.24"},{"from":"4.19.31","to":"4.20.24"},{"from":"4.20.19","to":"4.20.24"},{"from":"4.20.10","to":"4.20.24"},{"from":"4.19.22","to":"4.20.24"},{"from":"4.19.24","to":"4.20.24"},{"from":"4.20.11","to":"4.20.24"},{"from":"4.19.30","to":"4.20.24"},{"from":"4.20.1","to":"4.20.24"},{"from":"4.19.17","to":"4.20.23"},{"from":"4.19.29","to":"4.20.24"},{"from":"4.20.12","to":"4.20.24"},{"from":"4.20.19","to":"4.20.23"},{"from":"4.20.22","to":"4.20.24"},{"from":"4.19.25","to":"4.20.23"},{"from":"4.20.2","to":"4.20.24"},{"from":"4.20.3","to":"4.20.23"},{"from":"4.19.23","to":"4.20.23"},{"from":"4.19.21","to":"4.20.24"},{"from":"4.19.27","to":"4.20.23"},{"from":"4.19.25","to":"4.20.24"},{"from":"4.20.21","to":"4.20.24"},{"from":"4.19.19","to":"4.20.23"},{"from":"4.19.18","to":"4.20.23"},{"from":"4.19.15","to":"4.20.24"},{"from":"4.20.13","to":"4.20.23"},{"from":"4.20.14","to":"4.20.24"},{"from":"4.20.5","to":"4.20.23"},{"from":"4.20.18","to":"4.20.24"},{"from":"4.20.18","to":"4.20.23"},{"from":"4.19.29","to":"4.20.23"},{"from":"4.19.26","to":"4.20.23"},{"from":"4.19.32","to":"4.20.24"},{"from":"4.20.17","to":"4.20.24"},{"from":"4.19.21","to":"4.20.23"},{"from":"4.20.6","to":"4.20.23"},{"from":"4.19.22","to":"4.20.23"},{"from":"4.19.26","to":"4.20.24"},{"from":"4.20.16","to":"4.20.24"},{"from":"4.19.28","to":"4.20.23"},{"from":"4.20.2","to":"4.20.23"},{"from":"4.20.10","to":"4.20.23"},{"from":"4.20.23","to":"4.20.24"},{"from":"4.20.8","to":"4.20.23"},{"from":"4.20.8","to":"4.20.24"},{"from":"4.19.16","to":"4.20.24"},{"from":"4.20.0","to":"4.20.24"},{"from":"4.20.21","to":"4.20.23"},{"from":"4.20.3","to":"4.20.24"},{"from":"4.19.23","to":"4.20.24"},{"from":"4.20.15","to":"4.20.24"},{"from":"4.20.4","to":"4.20.24"},{"from":"4.20.6","to":"4.20.24"},{"from":"4.20.22","to":"4.20.23"},{"from":"4.20.1","to":"4.20.23"},{"from":"4.20.0","to":"4.20.23"},{"from":"4.20.5","to":"4.20.24"},{"from":"4.20.12","to":"4.20.23"},{"from":"4.19.20","to":"4.20.24"},{"from":"4.20.4","to":"4.20.23"},{"from":"4.20.20","to":"4.20.23"},{"from":"4.19.18","to":"4.20.24"},{"from":"4.19.27","to":"4.20.24"},{"from":"4.20.11","to":"4.20.23"},{"from":"4.19.15","to":"4.20.23"},{"from":"4.19.17","to":"4.20.24"},{"from":"4.19.30","to":"4.20.23"},{"from":"4.20.20","to":"4.20.24"},{"from":"4.20.16","to":"4.20.23"},{"from":"4.20.15","to":"4.20.23"},{"from":"4.19.16","to":"4.20.23"},{"from":"4.20.17","to":"4.20.23"},{"from":"4.19.20","to":"4.20.23"},{"from":"4.20.13","to":"4.20.24"}],"risks":[{"url":"https://redhat.atlassian.net/browse/CONSOLE-5337","name":"ControlPlaneStatusGreyIcon","message":"Control plane status indicator remains grey and never shows green, even when cluster operators are healthy.\n","matchingRules":[{"type":"PromQL","promql":{"promql":"0 * group by (invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor on ()\ngroup by (invoker) (cluster_installer{_id=\"\"})\n"}}]}]},{"edges":[{"from":"4.19.7","to":"4.19.10"},{"from":"4.19.7","to":"4.19.9"},{"from":"4.19.7","to":"4.19.11"}],"risks":[{"url":"https://issues.redhat.com/browse/OTA-1705","name":"HyperShiftClusterVersionOperatorMetrics","message":"Hosted/HyperShift clusters in exposed releases will fail to scrape cluster-version operator metrics.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6419","name":"NMStateServiceFailure","message":"The NMState service can fail on baremetal cluster nodes, causing node scaleups and re-deployment failures.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=~\"None|BareMetal\"})\n  or\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal\"})\n)\n"}}]}]},{"edges":[{"from":"4.18.20","to":"4.19.4"},{"from":"4.18.19","to":"4.19.4"}],"risks":[{"url":"https://access.redhat.com/solutions/7128495","name":"AROMissingInternalLBSAN","message":"ARO clusters on 4.19 experience issues creating new Machines due to missing the Internal LB SAN in the certificate provisioned by MCO. See https://issues.redhat.com/browse/OCPBUGS-59780","matchingRules":[{"type":"PromQL","promql":{"promql":"group(cluster_operator_conditions{_id=\"\",name=\"aro\"})\nor\n0 * group(cluster_operator_conditions{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/CNTRLPLANE-1110","name":"HCPServiceHealthCheckDisruption","message":"When Hosted Control Plane (HCP/HyperShift) clusters running on AWS update a node pool, the Services of type\nLoadBalancer may experience temporary availability disruption because health checks are not set up properly to monitor\nNode readiness state.","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\n  or\n  0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n)\n* on (_id) group_left (type) (\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=\"AWS\"})\n  or\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\"})\n)\n"}}]},{"url":"https://issues.redhat.com/browse/CNTRLPLANE-1407","name":"HyperShiftProxyScheme","message":"Hosted/HyperShift clusters where HostedCluster has a configured proxy needed for IDP or ingress canary probes may lose the ability to login.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6196","name":"IPsecLargeClusterConnectivity","message":"Large clusters with enabled IPsec might experience intermittent loss of pod-to-pod connectivity. This prevents some pods on certain nodes from reaching services on other nodes, resulting in connection timeouts.","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"enabled\", \"\", \"\") == 1)\n  or on (_id)\n  0 * group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"disabled\", \"\", \"\") == 0)\n) and on (_id) (\n  group by (resource) (max_over_time(apiserver_storage_objects{_id=\"\",resource=\"nodes\"}[1h]) > 120)\n)\nor on (_id)\n0 * group(max_over_time(apiserver_storage_objects{_id=\"\"}[1h]))\n"}}]},{"url":"https://issues.redhat.com/browse/MCO-1834","name":"InvalidArchitectureValueOfMachinesetsAnnotation","message":"Degrade machine-config cluster operator blocks the cluster update if a GCP or AWS cluster has machinesets with \nmultiple labels embedded within their \"capacity.cluster-autoscaler.kubernetes.io/labels\" annotation.\n","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (type) (cluster_infrastructure_provider{_id=\"\",type=\"AWS|GCP\"})\n  or\n  0 * group by (type) (cluster_infrastructure_provider{_id=\"\"})\n)\n"}}]},{"url":"https://issues.redhat.com/browse/OCPCLOUD-3052","name":"NoCloudConfConfigMap","message":"Upgrade to 4.19 will complete due to an absent cloud-conf ConfigMap in AWS clusters born in 4.13 or earlier.","matchingRules":[{"type":"PromQL","promql":{"promql":"bottomk by (_id) (1,\n  0 * group by (_id, namespace, configmap) (kube_configmap_info{_id=\"\",namespace=\"openshift-cloud-controller-manager\",configmap=\"cloud-conf\"})\n  or\n  group by (_id, namespace, configmap) (kube_configmap_info{_id=\"\",namespace=\"openshift-cloud-controller-manager\"})\n)\n* on (_id) group_left (type)\ntopk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=\"AWS\"})\n  or\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!=\"AWS\"})\n)\n"}}]},{"url":"https://issues.redhat.com/browse/COS-3357","name":"OldBootImagesComposeFSvsGrubProbe","message":"Upgrade to 4.19 will fail due to a boot image incompatibility issue if a cluster was born in 4.2 or earlier.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk(1,\n  label_replace(group by (version) (cluster_version{_id=\"\",type=\"initial\",version=~\"4[.][0-9][.].*\"}),\"born_by_4_9\", \"yes, so possibly actually born in 4.2 or earlier\", \"\", \"\")\n  or\n  label_replace(0 * group by (version) (cluster_version{_id=\"\",type=\"initial\",version!~\"4[.][0-9][.].*\"}),\"born_by_4_9\", \"no, born in 4.10 or later\", \"\", \"\")\n)\n"}}]}]},{"edges":[{"from":"4.18.28","to":"4.19.26"},{"from":"4.18.27","to":"4.19.26"},{"from":"4.18.19","to":"4.19.26"},{"from":"4.18.26","to":"4.19.26"},{"from":"4.18.31","to":"4.19.26"},{"from":"4.18.20","to":"4.19.26"},{"from":"4.18.34","to":"4.19.26"},{"from":"4.18.32","to":"4.19.26"},{"from":"4.18.33","to":"4.19.26"},{"from":"4.18.25","to":"4.19.26"},{"from":"4.18.30","to":"4.19.26"},{"from":"4.18.21","to":"4.19.26"},{"from":"4.18.23","to":"4.19.26"},{"from":"4.18.22","to":"4.19.26"},{"from":"4.18.35","to":"4.19.26"},{"from":"4.18.29","to":"4.19.26"},{"from":"4.18.24","to":"4.19.26"}],"risks":[{"url":"https://issues.redhat.com/browse/CORENET-6196","name":"IPsecLargeClusterConnectivity","message":"Large clusters with enabled IPsec might experience intermittent loss of pod-to-pod connectivity. This prevents some pods on certain nodes from reaching services on other nodes, resulting in connection timeouts.","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"enabled\", \"\", \"\") == 1)\n  or on (_id)\n  0 * group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"disabled\", \"\", \"\") == 0)\n) and on (_id) (\n  group by (resource) (max_over_time(apiserver_storage_objects{_id=\"\",resource=\"nodes\"}[1h]) > 120)\n)\nor on (_id)\n0 * group(max_over_time(apiserver_storage_objects{_id=\"\"}[1h]))\n"}}]}]},{"edges":[{"from":"4.18.9","to":"4.18.12"},{"from":"4.18.6","to":"4.18.12"},{"from":"4.18.7","to":"4.18.12"},{"from":"4.18.2","to":"4.18.17"},{"from":"4.18.9","to":"4.18.14"},{"from":"4.18.9","to":"4.18.15"},{"from":"4.18.11","to":"4.18.12"},{"from":"4.18.11","to":"4.18.17"},{"from":"4.18.8","to":"4.18.15"},{"from":"4.18.11","to":"4.18.13"},{"from":"4.18.8","to":"4.18.12"},{"from":"4.18.11","to":"4.18.15"},{"from":"4.18.5","to":"4.18.17"},{"from":"4.18.11","to":"4.18.16"},{"from":"4.18.10","to":"4.18.14"},{"from":"4.18.6","to":"4.18.14"},{"from":"4.18.6","to":"4.18.13"},{"from":"4.18.8","to":"4.18.17"},{"from":"4.18.10","to":"4.18.16"},{"from":"4.18.7","to":"4.18.17"},{"from":"4.18.7","to":"4.18.15"},{"from":"4.18.10","to":"4.18.15"},{"from":"4.18.8","to":"4.18.13"},{"from":"4.18.10","to":"4.18.17"},{"from":"4.18.9","to":"4.18.16"},{"from":"4.18.8","to":"4.18.16"},{"from":"4.18.10","to":"4.18.13"},{"from":"4.18.9","to":"4.18.17"},{"from":"4.18.7","to":"4.18.13"},{"from":"4.18.7","to":"4.18.14"},{"from":"4.18.6","to":"4.18.16"},{"from":"4.18.8","to":"4.18.14"},{"from":"4.18.7","to":"4.18.16"},{"from":"4.18.6","to":"4.18.15"},{"from":"4.18.1","to":"4.18.17"},{"from":"4.18.3","to":"4.18.17"},{"from":"4.18.10","to":"4.18.12"},{"from":"4.18.9","to":"4.18.13"},{"from":"4.18.11","to":"4.18.14"},{"from":"4.18.4","to":"4.18.17"},{"from":"4.18.6","to":"4.18.17"}],"risks":[{"url":"https://issues.redhat.com/browse/CONSOLE-4632","name":"ConsoleEnabledTargetDownAlert","message":"The alert TargetDown is triggered if the capability Console is enabled on the cluster.","matchingRules":[{"type":"PromQL","promql":{"promql":"max(cluster_version_capability{name=\"Console\"})"}}]}]},{"edges":[{"from":"4.19.0","to":"4.19.15"},{"from":"4.19.7","to":"4.19.14"},{"from":"4.19.5","to":"4.19.14"},{"from":"4.19.1","to":"4.19.14"},{"from":"4.19.6","to":"4.19.15"},{"from":"4.19.3","to":"4.19.15"},{"from":"4.19.4","to":"4.19.15"},{"from":"4.19.5","to":"4.19.15"},{"from":"4.19.6","to":"4.19.14"},{"from":"4.19.1","to":"4.19.15"},{"from":"4.19.4","to":"4.19.14"},{"from":"4.19.2","to":"4.19.15"},{"from":"4.19.0","to":"4.19.14"},{"from":"4.19.2","to":"4.19.14"},{"from":"4.19.7","to":"4.19.15"},{"from":"4.19.3","to":"4.19.14"}],"risks":[{"url":"https://issues.redhat.com/browse/OTA-1705","name":"HyperShiftClusterVersionOperatorMetrics","message":"Hosted/HyperShift clusters in exposed releases will fail to scrape cluster-version operator metrics.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6483","name":"NetworkManagerOVNBridgeMapping","message":"On some clusters, the NetworkManager may delete ovs-ports on RHCOS updates, breaking Kubernetes access to those Nodes and wedging the update into the exposed release.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=~\"None|BareMetal|OpenStack|VSphere\"})\n  or on (_id)\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal|OpenStack|VSphere\"})\n)\n* on (_id) group_left (name)\n(\n  group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"\", name=\"ovn.bridge-mappings\"} > 0)\n  or on (_id)\n  0 * group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"\", name=\"ovn.bridge-mappings\"})\n  or on (_id)\n  group by (_id, name) (csv_succeeded{_id=\"\", name=~\"kubevirt-hyperconverged-operator[.].*\"})\n  or on (_id)\n  0 * label_replace(group by (_id) (csv_succeeded{_id=\"\"}), \"name\", \"hyperconverged operator not installed\", \"\", \"\")\n  or on (_id)\n  0 * label_replace(group by (_id) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal|OpenStack|VSphere\"}), \"name\", \"not sure about hyperconverged or ovn.bridge-mappings, but the whole platform is safe\", \"\", \"\")\n)\n"}}]},{"url":"https://issues.redhat.com/browse/MCO-1896","name":"OSUpdateFailureDueToImagePullPolicy","message":"Clusters with restrictive image policies may struggle with OS updates when the OS image is already on the local disk.","matchingRules":[{"type":"PromQL","promql":{"promql":"0 * group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\ngroup by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]}]},{"edges":[{"from":"4.19.2","to":"4.19.7"},{"from":"4.19.0","to":"4.19.7"},{"from":"4.19.3","to":"4.19.7"},{"from":"4.19.1","to":"4.19.7"}],"risks":[{"url":"https://issues.redhat.com/browse/CONSOLE-4762","name":"ConsoleCrashOnMissingPlugin","message":"If a Console Operator configuration resource references a plugin name for which there is no corresponding ConsolePlugin resource, the Console may crashloop after the cluster is updated to an affected version.","matchingRules":[{"type":"Always"}]},{"url":"https://issues.redhat.com/browse/CNTRLPLANE-1407","name":"HyperShiftProxyScheme","message":"Hosted/HyperShift clusters where HostedCluster has a configured proxy needed for IDP or ingress canary probes may lose the ability to login.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]}]},{"edges":[{"from":"4.19.0","to":"4.19.11"},{"from":"4.19.0","to":"4.19.9"},{"from":"4.19.1","to":"4.19.9"},{"from":"4.19.2","to":"4.19.9"},{"from":"4.19.0","to":"4.19.10"},{"from":"4.19.2","to":"4.19.10"},{"from":"4.19.3","to":"4.19.11"},{"from":"4.19.3","to":"4.19.9"},{"from":"4.19.1","to":"4.19.10"},{"from":"4.19.2","to":"4.19.11"},{"from":"4.19.1","to":"4.19.11"},{"from":"4.19.3","to":"4.19.10"}],"risks":[{"url":"https://issues.redhat.com/browse/CONSOLE-4762","name":"ConsoleCrashOnMissingPlugin","message":"If a Console Operator configuration resource references a plugin name for which there is no corresponding ConsolePlugin resource, the Console may crashloop after the cluster is updated to an affected version.","matchingRules":[{"type":"Always"}]},{"url":"https://issues.redhat.com/browse/OTA-1705","name":"HyperShiftClusterVersionOperatorMetrics","message":"Hosted/HyperShift clusters in exposed releases will fail to scrape cluster-version operator metrics.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/CNTRLPLANE-1407","name":"HyperShiftProxyScheme","message":"Hosted/HyperShift clusters where HostedCluster has a configured proxy needed for IDP or ingress canary probes may lose the ability to login.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6419","name":"NMStateServiceFailure","message":"The NMState service can fail on baremetal cluster nodes, causing node scaleups and re-deployment failures.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=~\"None|BareMetal\"})\n  or\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal\"})\n)\n"}}]}]},{"edges":[{"from":"4.19.1","to":"4.19.13"},{"from":"4.19.2","to":"4.19.13"},{"from":"4.19.0","to":"4.19.13"},{"from":"4.19.3","to":"4.19.13"}],"risks":[{"url":"https://issues.redhat.com/browse/CONSOLE-4762","name":"ConsoleCrashOnMissingPlugin","message":"If a Console Operator configuration resource references a plugin name for which there is no corresponding ConsolePlugin resource, the Console may crashloop after the cluster is updated to an affected version.","matchingRules":[{"type":"Always"}]},{"url":"https://issues.redhat.com/browse/OTA-1705","name":"HyperShiftClusterVersionOperatorMetrics","message":"Hosted/HyperShift clusters in exposed releases will fail to scrape cluster-version operator metrics.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/CNTRLPLANE-1407","name":"HyperShiftProxyScheme","message":"Hosted/HyperShift clusters where HostedCluster has a configured proxy needed for IDP or ingress canary probes may lose the ability to login.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/MCO-1890","name":"MachineConfigNodesV1AlphaControlPlaneLabels","message":"Standalone clusters born in 4.11 or earlier whose control-plane nodes lack the control-plane role may need that role added to update to the target release.","matchingRules":[{"type":"PromQL","promql":{"promql":"0 * group by (role) (kube_node_role{_id=\"\",role=\"control-plane\"})\nor on ()\n1 * group by (role) (kube_node_role{_id=\"\",role=\"master\"})\nor on ()\n0 * topk(1, count by (role) (kube_node_role{_id=\"\"}))\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6419","name":"NMStateServiceFailure","message":"The NMState service can fail on baremetal cluster nodes, causing node scaleups and re-deployment failures.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=~\"None|BareMetal\"})\n  or\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal\"})\n)\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6483","name":"NetworkManagerOVNBridgeMapping","message":"On some clusters, the NetworkManager may delete ovs-ports on RHCOS updates, breaking Kubernetes access to those Nodes and wedging the update into the exposed release.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=~\"None|BareMetal|OpenStack|VSphere\"})\n  or on (_id)\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal|OpenStack|VSphere\"})\n)\n* on (_id) group_left (name)\n(\n  group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"\", name=\"ovn.bridge-mappings\"} > 0)\n  or on (_id)\n  0 * group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"\", name=\"ovn.bridge-mappings\"})\n  or on (_id)\n  group by (_id, name) (csv_succeeded{_id=\"\", name=~\"kubevirt-hyperconverged-operator[.].*\"})\n  or on (_id)\n  0 * label_replace(group by (_id) (csv_succeeded{_id=\"\"}), \"name\", \"hyperconverged operator not installed\", \"\", \"\")\n  or on (_id)\n  0 * label_replace(group by (_id) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal|OpenStack|VSphere\"}), \"name\", \"not sure about hyperconverged or ovn.bridge-mappings, but the whole platform is safe\", \"\", \"\")\n)\n"}}]},{"url":"https://issues.redhat.com/browse/MCO-1896","name":"OSUpdateFailureDueToImagePullPolicy","message":"Clusters with restrictive image policies may struggle with OS updates when the OS image is already on the local disk.","matchingRules":[{"type":"PromQL","promql":{"promql":"0 * group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\ngroup by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]}]},{"edges":[{"from":"4.19.7","to":"4.19.13"}],"risks":[{"url":"https://issues.redhat.com/browse/OTA-1705","name":"HyperShiftClusterVersionOperatorMetrics","message":"Hosted/HyperShift clusters in exposed releases will fail to scrape cluster-version operator metrics.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/MCO-1890","name":"MachineConfigNodesV1AlphaControlPlaneLabels","message":"Standalone clusters born in 4.11 or earlier whose control-plane nodes lack the control-plane role may need that role added to update to the target release.","matchingRules":[{"type":"PromQL","promql":{"promql":"0 * group by (role) (kube_node_role{_id=\"\",role=\"control-plane\"})\nor on ()\n1 * group by (role) (kube_node_role{_id=\"\",role=\"master\"})\nor on ()\n0 * topk(1, count by (role) (kube_node_role{_id=\"\"}))\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6419","name":"NMStateServiceFailure","message":"The NMState service can fail on baremetal cluster nodes, causing node scaleups and re-deployment failures.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=~\"None|BareMetal\"})\n  or\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal\"})\n)\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6483","name":"NetworkManagerOVNBridgeMapping","message":"On some clusters, the NetworkManager may delete ovs-ports on RHCOS updates, breaking Kubernetes access to those Nodes and wedging the update into the exposed release.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=~\"None|BareMetal|OpenStack|VSphere\"})\n  or on (_id)\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal|OpenStack|VSphere\"})\n)\n* on (_id) group_left (name)\n(\n  group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"\", name=\"ovn.bridge-mappings\"} > 0)\n  or on (_id)\n  0 * group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"\", name=\"ovn.bridge-mappings\"})\n  or on (_id)\n  group by (_id, name) (csv_succeeded{_id=\"\", name=~\"kubevirt-hyperconverged-operator[.].*\"})\n  or on (_id)\n  0 * label_replace(group by (_id) (csv_succeeded{_id=\"\"}), \"name\", \"hyperconverged operator not installed\", \"\", \"\")\n  or on (_id)\n  0 * label_replace(group by (_id) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal|OpenStack|VSphere\"}), \"name\", \"not sure about hyperconverged or ovn.bridge-mappings, but the whole platform is safe\", \"\", \"\")\n)\n"}}]},{"url":"https://issues.redhat.com/browse/MCO-1896","name":"OSUpdateFailureDueToImagePullPolicy","message":"Clusters with restrictive image policies may struggle with OS updates when the OS image is already on the local disk.","matchingRules":[{"type":"PromQL","promql":{"promql":"0 * group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\ngroup by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]}]},{"edges":[{"from":"4.18.5","to":"4.18.29"},{"from":"4.18.24","to":"4.18.29"},{"from":"4.19.18","to":"4.19.20"},{"from":"4.18.16","to":"4.18.29"},{"from":"4.20.2","to":"4.20.4"},{"from":"4.20.1","to":"4.20.6"},{"from":"4.20.0","to":"4.20.6"},{"from":"4.18.14","to":"4.18.29"},{"from":"4.18.13","to":"4.18.29"},{"from":"4.18.10","to":"4.18.29"},{"from":"4.18.8","to":"4.18.29"},{"from":"4.19.18","to":"4.19.19"},{"from":"4.18.26","to":"4.18.29"},{"from":"4.18.15","to":"4.18.29"},{"from":"4.18.6","to":"4.18.29"},{"from":"4.20.5","to":"4.20.6"},{"from":"4.18.19","to":"4.18.29"},{"from":"4.20.3","to":"4.20.6"},{"from":"4.20.0","to":"4.20.5"},{"from":"4.20.4","to":"4.20.5"},{"from":"4.20.2","to":"4.20.5"},{"from":"4.18.11","to":"4.18.29"},{"from":"4.18.18","to":"4.18.29"},{"from":"4.18.22","to":"4.18.29"},{"from":"4.18.3","to":"4.18.29"},{"from":"4.18.21","to":"4.18.29"},{"from":"4.20.4","to":"4.20.6"},{"from":"4.18.9","to":"4.18.29"},{"from":"4.20.3","to":"4.20.5"},{"from":"4.18.7","to":"4.18.29"},{"from":"4.18.12","to":"4.18.29"},{"from":"4.18.1","to":"4.18.29"},{"from":"4.20.1","to":"4.20.4"},{"from":"4.18.28","to":"4.18.29"},{"from":"4.18.2","to":"4.18.29"},{"from":"4.18.20","to":"4.18.29"},{"from":"4.18.4","to":"4.18.29"},{"from":"4.18.27","to":"4.18.29"},{"from":"4.18.25","to":"4.18.29"},{"from":"4.20.1","to":"4.20.5"},{"from":"4.20.2","to":"4.20.6"},{"from":"4.20.0","to":"4.20.4"},{"from":"4.19.19","to":"4.19.20"},{"from":"4.18.17","to":"4.18.29"},{"from":"4.18.23","to":"4.18.29"},{"from":"4.20.3","to":"4.20.4"}],"risks":[{"url":"https://issues.redhat.com/browse/RUN-3748","name":"RuncShareProcessNamespace","message":"Some runc 1.2 releases fail to launch containers in some Pods where shareProcessNamespace is explicitly set true.","matchingRules":[{"type":"Always"}]}]},{"edges":[{"from":"4.18.22","to":"4.19.9"}],"risks":[{"url":"https://issues.redhat.com/browse/CONSOLE-4762","name":"ConsoleCrashOnMissingPlugin","message":"If a Console Operator configuration resource references a plugin name for which there is no corresponding ConsolePlugin resource, the Console may crashloop after the cluster is updated to an affected version.","matchingRules":[{"type":"Always"}]},{"url":"https://issues.redhat.com/browse/OTA-1705","name":"HyperShiftClusterVersionOperatorMetrics","message":"Hosted/HyperShift clusters in exposed releases will fail to scrape cluster-version operator metrics.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6196","name":"IPsecLargeClusterConnectivity","message":"Large clusters with enabled IPsec might experience intermittent loss of pod-to-pod connectivity. This prevents some pods on certain nodes from reaching services on other nodes, resulting in connection timeouts.","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"enabled\", \"\", \"\") == 1)\n  or on (_id)\n  0 * group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"disabled\", \"\", \"\") == 0)\n) and on (_id) (\n  group by (resource) (max_over_time(apiserver_storage_objects{_id=\"\",resource=\"nodes\"}[1h]) > 120)\n)\nor on (_id)\n0 * group(max_over_time(apiserver_storage_objects{_id=\"\"}[1h]))\n"}}]},{"url":"https://issues.redhat.com/browse/OCPCLOUD-3052","name":"NoCloudConfConfigMap","message":"Upgrade to 4.19 will complete due to an absent cloud-conf ConfigMap in AWS clusters born in 4.13 or earlier.","matchingRules":[{"type":"PromQL","promql":{"promql":"bottomk by (_id) (1,\n  0 * group by (_id, namespace, configmap) (kube_configmap_info{_id=\"\",namespace=\"openshift-cloud-controller-manager\",configmap=\"cloud-conf\"})\n  or\n  group by (_id, namespace, configmap) (kube_configmap_info{_id=\"\",namespace=\"openshift-cloud-controller-manager\"})\n)\n* on (_id) group_left (type)\ntopk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=\"AWS\"})\n  or\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!=\"AWS\"})\n)\n"}}]}]},{"edges":[{"from":"4.19.4","to":"4.19.16"},{"from":"4.19.3","to":"4.19.16"},{"from":"4.19.7","to":"4.19.16"},{"from":"4.19.6","to":"4.19.16"},{"from":"4.19.5","to":"4.19.16"},{"from":"4.19.0","to":"4.19.16"},{"from":"4.19.1","to":"4.19.16"},{"from":"4.19.2","to":"4.19.16"}],"risks":[{"url":"https://issues.redhat.com/browse/OTA-1705","name":"HyperShiftClusterVersionOperatorMetrics","message":"Hosted/HyperShift clusters in exposed releases will fail to scrape cluster-version operator metrics.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6483","name":"NetworkManagerOVNBridgeMapping","message":"On some clusters, the NetworkManager may delete ovs-ports on RHCOS updates, breaking Kubernetes access to those Nodes and wedging the update into the exposed release.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=~\"None|BareMetal|OpenStack|VSphere\"})\n  or on (_id)\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal|OpenStack|VSphere\"})\n)\n* on (_id) group_left (name)\n(\n  group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"\", name=\"ovn.bridge-mappings\"} > 0)\n  or on (_id)\n  0 * group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"\", name=\"ovn.bridge-mappings\"})\n  or on (_id)\n  group by (_id, name) (csv_succeeded{_id=\"\", name=~\"kubevirt-hyperconverged-operator[.].*\"})\n  or on (_id)\n  0 * label_replace(group by (_id) (csv_succeeded{_id=\"\"}), \"name\", \"hyperconverged operator not installed\", \"\", \"\")\n  or on (_id)\n  0 * label_replace(group by (_id) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal|OpenStack|VSphere\"}), \"name\", \"not sure about hyperconverged or ovn.bridge-mappings, but the whole platform is safe\", \"\", \"\")\n)\n"}}]}]},{"edges":[{"from":"4.19.5","to":"4.19.11"},{"from":"4.19.5","to":"4.19.9"},{"from":"4.19.6","to":"4.19.10"},{"from":"4.19.6","to":"4.19.11"},{"from":"4.19.4","to":"4.19.10"},{"from":"4.19.4","to":"4.19.9"},{"from":"4.19.4","to":"4.19.11"},{"from":"4.19.6","to":"4.19.9"},{"from":"4.19.5","to":"4.19.10"}],"risks":[{"url":"https://issues.redhat.com/browse/CONSOLE-4762","name":"ConsoleCrashOnMissingPlugin","message":"If a Console Operator configuration resource references a plugin name for which there is no corresponding ConsolePlugin resource, the Console may crashloop after the cluster is updated to an affected version.","matchingRules":[{"type":"Always"}]},{"url":"https://issues.redhat.com/browse/OTA-1705","name":"HyperShiftClusterVersionOperatorMetrics","message":"Hosted/HyperShift clusters in exposed releases will fail to scrape cluster-version operator metrics.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6419","name":"NMStateServiceFailure","message":"The NMState service can fail on baremetal cluster nodes, causing node scaleups and re-deployment failures.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=~\"None|BareMetal\"})\n  or\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal\"})\n)\n"}}]}]},{"edges":[{"from":"4.18.19","to":"4.19.9"},{"from":"4.18.20","to":"4.19.9"},{"from":"4.18.21","to":"4.19.9"}],"risks":[{"url":"https://issues.redhat.com/browse/CONSOLE-4762","name":"ConsoleCrashOnMissingPlugin","message":"If a Console Operator configuration resource references a plugin name for which there is no corresponding ConsolePlugin resource, the Console may crashloop after the cluster is updated to an affected version.","matchingRules":[{"type":"Always"}]},{"url":"https://issues.redhat.com/browse/OTA-1705","name":"HyperShiftClusterVersionOperatorMetrics","message":"Hosted/HyperShift clusters in exposed releases will fail to scrape cluster-version operator metrics.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/CNTRLPLANE-1407","name":"HyperShiftProxyScheme","message":"Hosted/HyperShift clusters where HostedCluster has a configured proxy needed for IDP or ingress canary probes may lose the ability to login.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6196","name":"IPsecLargeClusterConnectivity","message":"Large clusters with enabled IPsec might experience intermittent loss of pod-to-pod connectivity. This prevents some pods on certain nodes from reaching services on other nodes, resulting in connection timeouts.","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"enabled\", \"\", \"\") == 1)\n  or on (_id)\n  0 * group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"disabled\", \"\", \"\") == 0)\n) and on (_id) (\n  group by (resource) (max_over_time(apiserver_storage_objects{_id=\"\",resource=\"nodes\"}[1h]) > 120)\n)\nor on (_id)\n0 * group(max_over_time(apiserver_storage_objects{_id=\"\"}[1h]))\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6419","name":"NMStateServiceFailure","message":"The NMState service can fail on baremetal cluster nodes, causing node scaleups and re-deployment failures.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=~\"None|BareMetal\"})\n  or\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal\"})\n)\n"}}]},{"url":"https://issues.redhat.com/browse/OCPCLOUD-3052","name":"NoCloudConfConfigMap","message":"Upgrade to 4.19 will complete due to an absent cloud-conf ConfigMap in AWS clusters born in 4.13 or earlier.","matchingRules":[{"type":"PromQL","promql":{"promql":"bottomk by (_id) (1,\n  0 * group by (_id, namespace, configmap) (kube_configmap_info{_id=\"\",namespace=\"openshift-cloud-controller-manager\",configmap=\"cloud-conf\"})\n  or\n  group by (_id, namespace, configmap) (kube_configmap_info{_id=\"\",namespace=\"openshift-cloud-controller-manager\"})\n)\n* on (_id) group_left (type)\ntopk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=\"AWS\"})\n  or\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!=\"AWS\"})\n)\n"}}]}]},{"edges":[{"from":"4.19.21","to":"4.20.13"},{"from":"4.19.21","to":"4.20.12"},{"from":"4.19.19","to":"4.20.13"},{"from":"4.19.21","to":"4.20.10"},{"from":"4.19.23","to":"4.20.13"},{"from":"4.19.18","to":"4.20.10"},{"from":"4.19.20","to":"4.20.12"},{"from":"4.19.19","to":"4.20.11"},{"from":"4.19.19","to":"4.20.10"},{"from":"4.19.20","to":"4.20.11"},{"from":"4.19.18","to":"4.20.3"},{"from":"4.19.21","to":"4.20.8"},{"from":"4.19.22","to":"4.20.11"},{"from":"4.19.20","to":"4.20.10"},{"from":"4.19.20","to":"4.20.13"},{"from":"4.19.18","to":"4.20.13"},{"from":"4.19.22","to":"4.20.13"},{"from":"4.19.21","to":"4.20.11"},{"from":"4.19.19","to":"4.20.8"},{"from":"4.19.18","to":"4.20.12"},{"from":"4.19.22","to":"4.20.12"},{"from":"4.19.18","to":"4.20.11"},{"from":"4.19.19","to":"4.20.12"},{"from":"4.19.18","to":"4.20.8"},{"from":"4.19.20","to":"4.20.8"}],"risks":[{"url":"https://access.redhat.com/solutions/7133826","name":"ARO420UDRWorkerNodesFail","message":"Disconnected ARO clusters or clusters with a UDR 0.0.0.0/0 route definition are not be able to add or replace nodes after an upgrade","matchingRules":[{"type":"PromQL","promql":{"promql":"topk(1,\n  group by (_id, name) (cluster_operator_conditions{_id=\"\",name=\"aro\"})\n  or\n  0 * group by (_id, name) (cluster_operator_conditions{_id=\"\"})\n)\n"}}]}]},{"edges":[{"from":"4.19.1","to":"4.19.12"},{"from":"4.19.3","to":"4.19.12"},{"from":"4.19.0","to":"4.19.12"},{"from":"4.19.2","to":"4.19.12"}],"risks":[{"url":"https://issues.redhat.com/browse/CONSOLE-4762","name":"ConsoleCrashOnMissingPlugin","message":"If a Console Operator configuration resource references a plugin name for which there is no corresponding ConsolePlugin resource, the Console may crashloop after the cluster is updated to an affected version.","matchingRules":[{"type":"Always"}]},{"url":"https://issues.redhat.com/browse/OTA-1705","name":"HyperShiftClusterVersionOperatorMetrics","message":"Hosted/HyperShift clusters in exposed releases will fail to scrape cluster-version operator metrics.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/CNTRLPLANE-1407","name":"HyperShiftProxyScheme","message":"Hosted/HyperShift clusters where HostedCluster has a configured proxy needed for IDP or ingress canary probes may lose the ability to login.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/MCO-1890","name":"MachineConfigNodesV1AlphaControlPlaneLabels","message":"Standalone clusters born in 4.11 or earlier whose control-plane nodes lack the control-plane role may need that role added to update to the target release.","matchingRules":[{"type":"PromQL","promql":{"promql":"0 * group by (role) (kube_node_role{_id=\"\",role=\"control-plane\"})\nor on ()\n1 * group by (role) (kube_node_role{_id=\"\",role=\"master\"})\nor on ()\n0 * topk(1, count by (role) (kube_node_role{_id=\"\"}))\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6419","name":"NMStateServiceFailure","message":"The NMState service can fail on baremetal cluster nodes, causing node scaleups and re-deployment failures.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=~\"None|BareMetal\"})\n  or\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal\"})\n)\n"}}]},{"url":"https://issues.redhat.com/browse/MCO-1896","name":"OSUpdateFailureDueToImagePullPolicy","message":"Clusters with restrictive image policies may struggle with OS updates when the OS image is already on the local disk.","matchingRules":[{"type":"PromQL","promql":{"promql":"0 * group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\ngroup by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]}]},{"edges":[{"from":"4.19.18","to":"4.20.4"},{"from":"4.19.20","to":"4.20.6"},{"from":"4.19.19","to":"4.20.6"},{"from":"4.19.18","to":"4.20.6"},{"from":"4.19.19","to":"4.20.5"},{"from":"4.19.18","to":"4.20.5"}],"risks":[{"url":"https://access.redhat.com/solutions/7133826","name":"ARO420UDRWorkerNodesFail","message":"Disconnected ARO clusters or clusters with a UDR 0.0.0.0/0 route definition are not be able to add or replace nodes after an upgrade","matchingRules":[{"type":"PromQL","promql":{"promql":"topk(1,\n  group by (_id, name) (cluster_operator_conditions{_id=\"\",name=\"aro\"})\n  or\n  0 * group by (_id, name) (cluster_operator_conditions{_id=\"\"})\n)\n"}}]},{"url":"https://issues.redhat.com/browse/RUN-3748","name":"RuncShareProcessNamespace","message":"Some runc 1.2 releases fail to launch containers in some Pods where shareProcessNamespace is explicitly set true.","matchingRules":[{"type":"Always"}]}]},{"edges":[{"from":"4.19.17","to":"4.20.5"},{"from":"4.19.17","to":"4.20.6"},{"from":"4.19.15","to":"4.20.6"},{"from":"4.19.16","to":"4.20.5"},{"from":"4.19.15","to":"4.20.5"},{"from":"4.19.16","to":"4.20.6"},{"from":"4.19.17","to":"4.20.4"},{"from":"4.19.16","to":"4.20.4"},{"from":"4.19.15","to":"4.20.4"}],"risks":[{"url":"https://access.redhat.com/solutions/7133826","name":"ARO420UDRWorkerNodesFail","message":"Disconnected ARO clusters or clusters with a UDR 0.0.0.0/0 route definition are not be able to add or replace nodes after an upgrade","matchingRules":[{"type":"PromQL","promql":{"promql":"topk(1,\n  group by (_id, name) (cluster_operator_conditions{_id=\"\",name=\"aro\"})\n  or\n  0 * group by (_id, name) (cluster_operator_conditions{_id=\"\"})\n)\n"}}]},{"url":"https://issues.redhat.com/browse/CNTRLPLANE-2254","name":"HyperShiftRedundantRouter","message":"Hosted/HyperShift clusters on bare metal or KubeVirt may fail to complete the update. This affects clusters where the HostedCluster has services (e.g., OAuthServer, Ignition) configured with 'servicePublishingStrategy.type: Route' and a route.hostname that is a subdomain of the management cluster's .apps domain.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/RUN-3748","name":"RuncShareProcessNamespace","message":"Some runc 1.2 releases fail to launch containers in some Pods where shareProcessNamespace is explicitly set true.","matchingRules":[{"type":"Always"}]}]},{"edges":[{"from":"4.19.12","to":"4.19.14"},{"from":"4.19.10","to":"4.19.14"},{"from":"4.19.12","to":"4.19.15"},{"from":"4.19.11","to":"4.19.14"},{"from":"4.19.10","to":"4.19.15"},{"from":"4.19.9","to":"4.19.15"},{"from":"4.19.9","to":"4.19.14"},{"from":"4.19.11","to":"4.19.15"}],"risks":[{"url":"https://issues.redhat.com/browse/CORENET-6483","name":"NetworkManagerOVNBridgeMapping","message":"On some clusters, the NetworkManager may delete ovs-ports on RHCOS updates, breaking Kubernetes access to those Nodes and wedging the update into the exposed release.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=~\"None|BareMetal|OpenStack|VSphere\"})\n  or on (_id)\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal|OpenStack|VSphere\"})\n)\n* on (_id) group_left (name)\n(\n  group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"\", name=\"ovn.bridge-mappings\"} > 0)\n  or on (_id)\n  0 * group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"\", name=\"ovn.bridge-mappings\"})\n  or on (_id)\n  group by (_id, name) (csv_succeeded{_id=\"\", name=~\"kubevirt-hyperconverged-operator[.].*\"})\n  or on (_id)\n  0 * label_replace(group by (_id) (csv_succeeded{_id=\"\"}), \"name\", \"hyperconverged operator not installed\", \"\", \"\")\n  or on (_id)\n  0 * label_replace(group by (_id) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal|OpenStack|VSphere\"}), \"name\", \"not sure about hyperconverged or ovn.bridge-mappings, but the whole platform is safe\", \"\", \"\")\n)\n"}}]},{"url":"https://issues.redhat.com/browse/MCO-1896","name":"OSUpdateFailureDueToImagePullPolicy","message":"Clusters with restrictive image policies may struggle with OS updates when the OS image is already on the local disk.","matchingRules":[{"type":"PromQL","promql":{"promql":"0 * group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\ngroup by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]}]},{"edges":[{"from":"4.18.22","to":"4.18.26"},{"from":"4.18.9","to":"4.18.25"},{"from":"4.18.6","to":"4.18.26"},{"from":"4.18.12","to":"4.18.26"},{"from":"4.18.4","to":"4.18.26"},{"from":"4.18.16","to":"4.18.25"},{"from":"4.18.8","to":"4.18.25"},{"from":"4.18.17","to":"4.18.25"},{"from":"4.18.5","to":"4.18.25"},{"from":"4.18.8","to":"4.18.26"},{"from":"4.18.20","to":"4.18.26"},{"from":"4.18.10","to":"4.18.26"},{"from":"4.18.3","to":"4.18.25"},{"from":"4.18.1","to":"4.18.25"},{"from":"4.18.1","to":"4.18.26"},{"from":"4.18.13","to":"4.18.25"},{"from":"4.18.22","to":"4.18.25"},{"from":"4.18.4","to":"4.18.25"},{"from":"4.18.11","to":"4.18.26"},{"from":"4.18.2","to":"4.18.25"},{"from":"4.18.9","to":"4.18.26"},{"from":"4.18.18","to":"4.18.26"},{"from":"4.18.12","to":"4.18.25"},{"from":"4.18.20","to":"4.18.25"},{"from":"4.18.15","to":"4.18.26"},{"from":"4.18.3","to":"4.18.26"},{"from":"4.18.19","to":"4.18.25"},{"from":"4.18.22","to":"4.18.24"},{"from":"4.18.5","to":"4.18.26"},{"from":"4.18.19","to":"4.18.26"},{"from":"4.18.13","to":"4.18.26"},{"from":"4.18.11","to":"4.18.25"},{"from":"4.18.7","to":"4.18.25"},{"from":"4.18.6","to":"4.18.25"},{"from":"4.18.14","to":"4.18.26"},{"from":"4.18.21","to":"4.18.25"},{"from":"4.18.10","to":"4.18.25"},{"from":"4.18.17","to":"4.18.26"},{"from":"4.18.18","to":"4.18.25"},{"from":"4.18.15","to":"4.18.25"},{"from":"4.18.14","to":"4.18.25"},{"from":"4.18.7","to":"4.18.26"},{"from":"4.18.21","to":"4.18.26"},{"from":"4.18.2","to":"4.18.26"},{"from":"4.18.16","to":"4.18.26"}],"risks":[{"url":"https://issues.redhat.com/browse/COS-3700","name":"ContinuousNodeRebootingDueToKernelPanic","message":"OCP nodes get rebooted continuously due to kernel panic by loading of third party modules.","matchingRules":[{"type":"Always"}]},{"url":"https://issues.redhat.com/browse/OTA-1705","name":"HyperShiftClusterVersionOperatorMetrics","message":"Hosted/HyperShift clusters in exposed releases will fail to scrape cluster-version operator metrics.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]}]},{"edges":[{"from":"4.18.19","to":"4.19.3"}],"risks":[{"url":"https://access.redhat.com/solutions/7128495","name":"AROMissingInternalLBSAN","message":"ARO clusters on 4.19 experience issues creating new Machines due to missing the Internal LB SAN in the certificate provisioned by MCO. See https://issues.redhat.com/browse/OCPBUGS-59780","matchingRules":[{"type":"PromQL","promql":{"promql":"group(cluster_operator_conditions{_id=\"\",name=\"aro\"})\nor\n0 * group(cluster_operator_conditions{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/CNTRLPLANE-1109","name":"HCPMetallbCNOCannotDeployFRRK8S","message":"On Hosted Control Plane (HCP/HyperShift) clusters with installed MetalLB operator, Cluster Network Operator fails to\ndeploy a critical component FRR-k8s when updated. MetalLB will stop working properly and stop advertising services,\nmaking them potentially unreachable from outside the cluster.","matchingRules":[{"type":"PromQL","promql":{"promql":"(\ngroup by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n)\nand on (_id) (\n  group by (_id, name) (csv_succeeded{_id=\"\", name=~\"metallb-operator[.].*\"})\n)\nor on (_id) (\n  0 * label_replace(group by (_id) (csv_succeeded{_id=\"\"}), \"name\", \"metallb operator not installed\", \"name\", \".*\")\n)\n"}}]},{"url":"https://issues.redhat.com/browse/CNTRLPLANE-1110","name":"HCPServiceHealthCheckDisruption","message":"When Hosted Control Plane (HCP/HyperShift) clusters running on AWS update a node pool, the Services of type\nLoadBalancer may experience temporary availability disruption because health checks are not set up properly to monitor\nNode readiness state.","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\n  or\n  0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n)\n* on (_id) group_left (type) (\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=\"AWS\"})\n  or\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\"})\n)\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6196","name":"IPsecLargeClusterConnectivity","message":"Large clusters with enabled IPsec might experience intermittent loss of pod-to-pod connectivity. This prevents some pods on certain nodes from reaching services on other nodes, resulting in connection timeouts.","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"enabled\", \"\", \"\") == 1)\n  or on (_id)\n  0 * group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"disabled\", \"\", \"\") == 0)\n) and on (_id) (\n  group by (resource) (max_over_time(apiserver_storage_objects{_id=\"\",resource=\"nodes\"}[1h]) > 120)\n)\nor on (_id)\n0 * group(max_over_time(apiserver_storage_objects{_id=\"\"}[1h]))\n"}}]},{"url":"https://issues.redhat.com/browse/MCO-1834","name":"InvalidArchitectureValueOfMachinesetsAnnotation","message":"Degrade machine-config cluster operator blocks the cluster update if a GCP or AWS cluster has machinesets with \nmultiple labels embedded within their \"capacity.cluster-autoscaler.kubernetes.io/labels\" annotation.\n","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (type) (cluster_infrastructure_provider{_id=\"\",type=\"AWS|GCP\"})\n  or\n  0 * group by (type) (cluster_infrastructure_provider{_id=\"\"})\n)\n"}}]},{"url":"https://issues.redhat.com/browse/OCPCLOUD-3052","name":"NoCloudConfConfigMap","message":"Upgrade to 4.19 will complete due to an absent cloud-conf ConfigMap in AWS clusters born in 4.13 or earlier.","matchingRules":[{"type":"PromQL","promql":{"promql":"bottomk by (_id) (1,\n  0 * group by (_id, namespace, configmap) (kube_configmap_info{_id=\"\",namespace=\"openshift-cloud-controller-manager\",configmap=\"cloud-conf\"})\n  or\n  group by (_id, namespace, configmap) (kube_configmap_info{_id=\"\",namespace=\"openshift-cloud-controller-manager\"})\n)\n* on (_id) group_left (type)\ntopk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=\"AWS\"})\n  or\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!=\"AWS\"})\n)\n"}}]},{"url":"https://issues.redhat.com/browse/COS-3357","name":"OldBootImagesComposeFSvsGrubProbe","message":"Upgrade to 4.19 will fail due to a boot image incompatibility issue if a cluster was born in 4.2 or earlier.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk(1,\n  label_replace(group by (version) (cluster_version{_id=\"\",type=\"initial\",version=~\"4[.][0-9][.].*\"}),\"born_by_4_9\", \"yes, so possibly actually born in 4.2 or earlier\", \"\", \"\")\n  or\n  label_replace(0 * group by (version) (cluster_version{_id=\"\",type=\"initial\",version!~\"4[.][0-9][.].*\"}),\"born_by_4_9\", \"no, born in 4.10 or later\", \"\", \"\")\n)\n"}}]}]},{"edges":[{"from":"4.18.19","to":"4.19.2"}],"risks":[{"url":"https://access.redhat.com/solutions/7128495","name":"AROMissingInternalLBSAN","message":"ARO clusters on 4.19 experience issues creating new Machines due to missing the Internal LB SAN in the certificate provisioned by MCO. See https://issues.redhat.com/browse/OCPBUGS-59780","matchingRules":[{"type":"PromQL","promql":{"promql":"group(cluster_operator_conditions{_id=\"\",name=\"aro\"})\nor\n0 * group(cluster_operator_conditions{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/CNTRLPLANE-1109","name":"HCPMetallbCNOCannotDeployFRRK8S","message":"On Hosted Control Plane (HCP/HyperShift) clusters with installed MetalLB operator, Cluster Network Operator fails to\ndeploy a critical component FRR-k8s when updated. MetalLB will stop working properly and stop advertising services,\nmaking them potentially unreachable from outside the cluster.","matchingRules":[{"type":"PromQL","promql":{"promql":"(\ngroup by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n)\nand on (_id) (\n  group by (_id, name) (csv_succeeded{_id=\"\", name=~\"metallb-operator[.].*\"})\n)\nor on (_id) (\n  0 * label_replace(group by (_id) (csv_succeeded{_id=\"\"}), \"name\", \"metallb operator not installed\", \"name\", \".*\")\n)\n"}}]},{"url":"https://issues.redhat.com/browse/CNTRLPLANE-1110","name":"HCPServiceHealthCheckDisruption","message":"When Hosted Control Plane (HCP/HyperShift) clusters running on AWS update a node pool, the Services of type\nLoadBalancer may experience temporary availability disruption because health checks are not set up properly to monitor\nNode readiness state.","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\n  or\n  0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n)\n* on (_id) group_left (type) (\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=\"AWS\"})\n  or\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\"})\n)\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6196","name":"IPsecLargeClusterConnectivity","message":"Large clusters with enabled IPsec might experience intermittent loss of pod-to-pod connectivity. This prevents some pods on certain nodes from reaching services on other nodes, resulting in connection timeouts.","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"enabled\", \"\", \"\") == 1)\n  or on (_id)\n  0 * group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"disabled\", \"\", \"\") == 0)\n) and on (_id) (\n  group by (resource) (max_over_time(apiserver_storage_objects{_id=\"\",resource=\"nodes\"}[1h]) > 120)\n)\nor on (_id)\n0 * group(max_over_time(apiserver_storage_objects{_id=\"\"}[1h]))\n"}}]},{"url":"https://issues.redhat.com/browse/MCO-1834","name":"InvalidArchitectureValueOfMachinesetsAnnotation","message":"Degrade machine-config cluster operator blocks the cluster update if a GCP or AWS cluster has machinesets with \nmultiple labels embedded within their \"capacity.cluster-autoscaler.kubernetes.io/labels\" annotation.\n","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (type) (cluster_infrastructure_provider{_id=\"\",type=\"AWS|GCP\"})\n  or\n  0 * group by (type) (cluster_infrastructure_provider{_id=\"\"})\n)\n"}}]},{"url":"https://issues.redhat.com/browse/OCPCLOUD-3052","name":"NoCloudConfConfigMap","message":"Upgrade to 4.19 will complete due to an absent cloud-conf ConfigMap in AWS clusters born in 4.13 or earlier.","matchingRules":[{"type":"PromQL","promql":{"promql":"bottomk by (_id) (1,\n  0 * group by (_id, namespace, configmap) (kube_configmap_info{_id=\"\",namespace=\"openshift-cloud-controller-manager\",configmap=\"cloud-conf\"})\n  or\n  group by (_id, namespace, configmap) (kube_configmap_info{_id=\"\",namespace=\"openshift-cloud-controller-manager\"})\n)\n* on (_id) group_left (type)\ntopk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=\"AWS\"})\n  or\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!=\"AWS\"})\n)\n"}}]},{"url":"https://issues.redhat.com/browse/COS-3357","name":"OldBootImagesComposeFSvsGrubProbe","message":"Upgrade to 4.19 will fail due to a boot image incompatibility issue if a cluster was born in 4.2 or earlier.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk(1,\n  label_replace(group by (version) (cluster_version{_id=\"\",type=\"initial\",version=~\"4[.][0-9][.].*\"}),\"born_by_4_9\", \"yes, so possibly actually born in 4.2 or earlier\", \"\", \"\")\n  or\n  label_replace(0 * group by (version) (cluster_version{_id=\"\",type=\"initial\",version!~\"4[.][0-9][.].*\"}),\"born_by_4_9\", \"no, born in 4.10 or later\", \"\", \"\")\n)\n"}}]},{"url":"https://issues.redhat.com/browse/STOR-2486","name":"VSphereStorageMountIssues","message":"vSphere customers using vSAN file volumes can't mount vSphere shared volumes and NFS volumes which server do not set NFS4ERR_ATTRNOTSUPP","matchingRules":[{"type":"PromQL","promql":{"promql":"group(cluster_infrastructure_provider{type=~\"VSphere|None\"})\nor\n0 * group(cluster_infrastructure_provider)\n"}}]}]},{"edges":[{"from":"4.18.24","to":"4.19.15"},{"from":"4.18.25","to":"4.19.15"},{"from":"4.18.25","to":"4.19.14"},{"from":"4.18.23","to":"4.19.14"},{"from":"4.18.24","to":"4.19.14"},{"from":"4.18.23","to":"4.19.15"}],"risks":[{"url":"https://issues.redhat.com/browse/CORENET-6196","name":"IPsecLargeClusterConnectivity","message":"Large clusters with enabled IPsec might experience intermittent loss of pod-to-pod connectivity. This prevents some pods on certain nodes from reaching services on other nodes, resulting in connection timeouts.","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"enabled\", \"\", \"\") == 1)\n  or on (_id)\n  0 * group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"disabled\", \"\", \"\") == 0)\n) and on (_id) (\n  group by (resource) (max_over_time(apiserver_storage_objects{_id=\"\",resource=\"nodes\"}[1h]) > 120)\n)\nor on (_id)\n0 * group(max_over_time(apiserver_storage_objects{_id=\"\"}[1h]))\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6483","name":"NetworkManagerOVNBridgeMapping","message":"On some clusters, the NetworkManager may delete ovs-ports on RHCOS updates, breaking Kubernetes access to those Nodes and wedging the update into the exposed release.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=~\"None|BareMetal|OpenStack|VSphere\"})\n  or on (_id)\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal|OpenStack|VSphere\"})\n)\n* on (_id) group_left (name)\n(\n  group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"\", name=\"ovn.bridge-mappings\"} > 0)\n  or on (_id)\n  0 * group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"\", name=\"ovn.bridge-mappings\"})\n  or on (_id)\n  group by (_id, name) (csv_succeeded{_id=\"\", name=~\"kubevirt-hyperconverged-operator[.].*\"})\n  or on (_id)\n  0 * label_replace(group by (_id) (csv_succeeded{_id=\"\"}), \"name\", \"hyperconverged operator not installed\", \"\", \"\")\n  or on (_id)\n  0 * label_replace(group by (_id) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal|OpenStack|VSphere\"}), \"name\", \"not sure about hyperconverged or ovn.bridge-mappings, but the whole platform is safe\", \"\", \"\")\n)\n"}}]},{"url":"https://issues.redhat.com/browse/MCO-1896","name":"OSUpdateFailureDueToImagePullPolicy","message":"Clusters with restrictive image policies may struggle with OS updates when the OS image is already on the local disk.","matchingRules":[{"type":"PromQL","promql":{"promql":"0 * group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\ngroup by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]}]},{"edges":[{"from":"4.18.23","to":"4.19.13"},{"from":"4.18.24","to":"4.19.13"}],"risks":[{"url":"https://issues.redhat.com/browse/CONSOLE-4762","name":"ConsoleCrashOnMissingPlugin","message":"If a Console Operator configuration resource references a plugin name for which there is no corresponding ConsolePlugin resource, the Console may crashloop after the cluster is updated to an affected version.","matchingRules":[{"type":"Always"}]},{"url":"https://issues.redhat.com/browse/CORENET-6196","name":"IPsecLargeClusterConnectivity","message":"Large clusters with enabled IPsec might experience intermittent loss of pod-to-pod connectivity. This prevents some pods on certain nodes from reaching services on other nodes, resulting in connection timeouts.","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"enabled\", \"\", \"\") == 1)\n  or on (_id)\n  0 * group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"disabled\", \"\", \"\") == 0)\n) and on (_id) (\n  group by (resource) (max_over_time(apiserver_storage_objects{_id=\"\",resource=\"nodes\"}[1h]) > 120)\n)\nor on (_id)\n0 * group(max_over_time(apiserver_storage_objects{_id=\"\"}[1h]))\n"}}]},{"url":"https://issues.redhat.com/browse/MCO-1890","name":"MachineConfigNodesV1AlphaControlPlaneLabels","message":"Standalone clusters born in 4.11 or earlier whose control-plane nodes lack the control-plane role may need that role added to update to the target release.","matchingRules":[{"type":"PromQL","promql":{"promql":"0 * group by (role) (kube_node_role{_id=\"\",role=\"control-plane\"})\nor on ()\n1 * group by (role) (kube_node_role{_id=\"\",role=\"master\"})\nor on ()\n0 * topk(1, count by (role) (kube_node_role{_id=\"\"}))\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6483","name":"NetworkManagerOVNBridgeMapping","message":"On some clusters, the NetworkManager may delete ovs-ports on RHCOS updates, breaking Kubernetes access to those Nodes and wedging the update into the exposed release.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=~\"None|BareMetal|OpenStack|VSphere\"})\n  or on (_id)\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal|OpenStack|VSphere\"})\n)\n* on (_id) group_left (name)\n(\n  group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"\", name=\"ovn.bridge-mappings\"} > 0)\n  or on (_id)\n  0 * group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"\", name=\"ovn.bridge-mappings\"})\n  or on (_id)\n  group by (_id, name) (csv_succeeded{_id=\"\", name=~\"kubevirt-hyperconverged-operator[.].*\"})\n  or on (_id)\n  0 * label_replace(group by (_id) (csv_succeeded{_id=\"\"}), \"name\", \"hyperconverged operator not installed\", \"\", \"\")\n  or on (_id)\n  0 * label_replace(group by (_id) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal|OpenStack|VSphere\"}), \"name\", \"not sure about hyperconverged or ovn.bridge-mappings, but the whole platform is safe\", \"\", \"\")\n)\n"}}]},{"url":"https://issues.redhat.com/browse/MCO-1896","name":"OSUpdateFailureDueToImagePullPolicy","message":"Clusters with restrictive image policies may struggle with OS updates when the OS image is already on the local disk.","matchingRules":[{"type":"PromQL","promql":{"promql":"0 * group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\ngroup by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]}]},{"edges":[{"from":"4.19.12","to":"4.19.20"},{"from":"4.19.4","to":"4.19.20"},{"from":"4.19.1","to":"4.19.20"},{"from":"4.19.16","to":"4.19.20"},{"from":"4.19.4","to":"4.19.19"},{"from":"4.19.11","to":"4.19.19"},{"from":"4.19.5","to":"4.19.20"},{"from":"4.19.9","to":"4.19.19"},{"from":"4.19.9","to":"4.19.20"},{"from":"4.19.0","to":"4.19.20"},{"from":"4.19.12","to":"4.19.19"},{"from":"4.19.14","to":"4.19.19"},{"from":"4.19.15","to":"4.19.20"},{"from":"4.19.1","to":"4.19.19"},{"from":"4.19.7","to":"4.19.19"},{"from":"4.19.13","to":"4.19.19"},{"from":"4.19.13","to":"4.19.20"},{"from":"4.19.16","to":"4.19.19"},{"from":"4.19.3","to":"4.19.19"},{"from":"4.19.7","to":"4.19.20"},{"from":"4.19.10","to":"4.19.19"},{"from":"4.19.15","to":"4.19.19"},{"from":"4.19.17","to":"4.19.19"},{"from":"4.19.2","to":"4.19.19"},{"from":"4.19.6","to":"4.19.20"},{"from":"4.19.17","to":"4.19.20"},{"from":"4.19.11","to":"4.19.20"},{"from":"4.19.14","to":"4.19.20"},{"from":"4.19.6","to":"4.19.19"},{"from":"4.19.3","to":"4.19.20"},{"from":"4.19.10","to":"4.19.20"},{"from":"4.19.5","to":"4.19.19"},{"from":"4.19.0","to":"4.19.19"},{"from":"4.19.2","to":"4.19.20"}],"risks":[{"url":"https://issues.redhat.com/browse/CNTRLPLANE-2254","name":"HyperShiftRedundantRouter","message":"Hosted/HyperShift clusters on bare metal or KubeVirt may fail to complete the update. This affects clusters where the HostedCluster has services (e.g., OAuthServer, Ignition) configured with 'servicePublishingStrategy.type: Route' and a route.hostname that is a subdomain of the management cluster's .apps domain.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/RUN-3748","name":"RuncShareProcessNamespace","message":"Some runc 1.2 releases fail to launch containers in some Pods where shareProcessNamespace is explicitly set true.","matchingRules":[{"type":"Always"}]}]},{"edges":[{"from":"4.19.5","to":"4.19.12"},{"from":"4.19.4","to":"4.19.12"},{"from":"4.19.6","to":"4.19.12"}],"risks":[{"url":"https://issues.redhat.com/browse/CONSOLE-4762","name":"ConsoleCrashOnMissingPlugin","message":"If a Console Operator configuration resource references a plugin name for which there is no corresponding ConsolePlugin resource, the Console may crashloop after the cluster is updated to an affected version.","matchingRules":[{"type":"Always"}]},{"url":"https://issues.redhat.com/browse/OTA-1705","name":"HyperShiftClusterVersionOperatorMetrics","message":"Hosted/HyperShift clusters in exposed releases will fail to scrape cluster-version operator metrics.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/MCO-1890","name":"MachineConfigNodesV1AlphaControlPlaneLabels","message":"Standalone clusters born in 4.11 or earlier whose control-plane nodes lack the control-plane role may need that role added to update to the target release.","matchingRules":[{"type":"PromQL","promql":{"promql":"0 * group by (role) (kube_node_role{_id=\"\",role=\"control-plane\"})\nor on ()\n1 * group by (role) (kube_node_role{_id=\"\",role=\"master\"})\nor on ()\n0 * topk(1, count by (role) (kube_node_role{_id=\"\"}))\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6419","name":"NMStateServiceFailure","message":"The NMState service can fail on baremetal cluster nodes, causing node scaleups and re-deployment failures.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=~\"None|BareMetal\"})\n  or\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal\"})\n)\n"}}]},{"url":"https://issues.redhat.com/browse/MCO-1896","name":"OSUpdateFailureDueToImagePullPolicy","message":"Clusters with restrictive image policies may struggle with OS updates when the OS image is already on the local disk.","matchingRules":[{"type":"PromQL","promql":{"promql":"0 * group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\ngroup by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]}]},{"edges":[{"from":"4.18.22","to":"4.18.23"}],"risks":[{"url":"https://issues.redhat.com/browse/RUN-3446","name":"CrunConflictsWithNVIDIA","message":"Some crun 1.23 releases conflict with the NVIDIA GPU Operator over eBPF, causing issues with GPU workloads.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (name) (csv_succeeded{_id=\"\", name=~\"gpu-operator-certified[.].*\"})\nor on (_id)\n0 * group(csv_count{_id=\"\"})"}}]},{"url":"https://issues.redhat.com/browse/OTA-1705","name":"HyperShiftClusterVersionOperatorMetrics","message":"Hosted/HyperShift clusters in exposed releases will fail to scrape cluster-version operator metrics.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]}]},{"edges":[{"from":"4.19.10","to":"4.19.12"},{"from":"4.19.9","to":"4.19.12"},{"from":"4.19.11","to":"4.19.12"}],"risks":[{"url":"https://issues.redhat.com/browse/MCO-1890","name":"MachineConfigNodesV1AlphaControlPlaneLabels","message":"Standalone clusters born in 4.11 or earlier whose control-plane nodes lack the control-plane role may need that role added to update to the target release.","matchingRules":[{"type":"PromQL","promql":{"promql":"0 * group by (role) (kube_node_role{_id=\"\",role=\"control-plane\"})\nor on ()\n1 * group by (role) (kube_node_role{_id=\"\",role=\"master\"})\nor on ()\n0 * topk(1, count by (role) (kube_node_role{_id=\"\"}))\n"}}]},{"url":"https://issues.redhat.com/browse/MCO-1896","name":"OSUpdateFailureDueToImagePullPolicy","message":"Clusters with restrictive image policies may struggle with OS updates when the OS image is already on the local disk.","matchingRules":[{"type":"PromQL","promql":{"promql":"0 * group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\ngroup by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]}]},{"edges":[{"from":"4.19.12","to":"4.19.13"},{"from":"4.19.9","to":"4.19.13"},{"from":"4.19.10","to":"4.19.13"},{"from":"4.19.11","to":"4.19.13"}],"risks":[{"url":"https://issues.redhat.com/browse/MCO-1890","name":"MachineConfigNodesV1AlphaControlPlaneLabels","message":"Standalone clusters born in 4.11 or earlier whose control-plane nodes lack the control-plane role may need that role added to update to the target release.","matchingRules":[{"type":"PromQL","promql":{"promql":"0 * group by (role) (kube_node_role{_id=\"\",role=\"control-plane\"})\nor on ()\n1 * group by (role) (kube_node_role{_id=\"\",role=\"master\"})\nor on ()\n0 * topk(1, count by (role) (kube_node_role{_id=\"\"}))\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6483","name":"NetworkManagerOVNBridgeMapping","message":"On some clusters, the NetworkManager may delete ovs-ports on RHCOS updates, breaking Kubernetes access to those Nodes and wedging the update into the exposed release.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=~\"None|BareMetal|OpenStack|VSphere\"})\n  or on (_id)\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal|OpenStack|VSphere\"})\n)\n* on (_id) group_left (name)\n(\n  group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"\", name=\"ovn.bridge-mappings\"} > 0)\n  or on (_id)\n  0 * group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"\", name=\"ovn.bridge-mappings\"})\n  or on (_id)\n  group by (_id, name) (csv_succeeded{_id=\"\", name=~\"kubevirt-hyperconverged-operator[.].*\"})\n  or on (_id)\n  0 * label_replace(group by (_id) (csv_succeeded{_id=\"\"}), \"name\", \"hyperconverged operator not installed\", \"\", \"\")\n  or on (_id)\n  0 * label_replace(group by (_id) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal|OpenStack|VSphere\"}), \"name\", \"not sure about hyperconverged or ovn.bridge-mappings, but the whole platform is safe\", \"\", \"\")\n)\n"}}]},{"url":"https://issues.redhat.com/browse/MCO-1896","name":"OSUpdateFailureDueToImagePullPolicy","message":"Clusters with restrictive image policies may struggle with OS updates when the OS image is already on the local disk.","matchingRules":[{"type":"PromQL","promql":{"promql":"0 * group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\ngroup by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]}]},{"edges":[{"from":"4.18.5","to":"4.18.22"},{"from":"4.18.1","to":"4.18.22"},{"from":"4.18.16","to":"4.18.22"},{"from":"4.18.21","to":"4.18.22"},{"from":"4.18.11","to":"4.18.22"},{"from":"4.18.10","to":"4.18.22"},{"from":"4.18.7","to":"4.18.22"},{"from":"4.18.2","to":"4.18.22"},{"from":"4.18.13","to":"4.18.22"},{"from":"4.18.4","to":"4.18.22"},{"from":"4.18.9","to":"4.18.22"},{"from":"4.18.14","to":"4.18.22"},{"from":"4.18.3","to":"4.18.22"},{"from":"4.18.20","to":"4.18.22"},{"from":"4.18.6","to":"4.18.22"},{"from":"4.18.8","to":"4.18.22"},{"from":"4.18.19","to":"4.18.22"},{"from":"4.18.18","to":"4.18.22"},{"from":"4.18.17","to":"4.18.22"},{"from":"4.18.12","to":"4.18.22"},{"from":"4.18.15","to":"4.18.22"}],"risks":[{"url":"https://issues.redhat.com/browse/RUN-3446","name":"CrunConflictsWithNVIDIA","message":"Some crun 1.23 releases conflict with the NVIDIA GPU Operator over eBPF, causing issues with GPU workloads.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (name) (csv_succeeded{_id=\"\", name=~\"gpu-operator-certified[.].*\"})\nor on (_id)\n0 * group(csv_count{_id=\"\"})"}}]},{"url":"https://issues.redhat.com/browse/CNTRLPLANE-1407","name":"HyperShiftProxyScheme","message":"Hosted/HyperShift clusters where HostedCluster has a configured proxy needed for IDP or ingress canary probes may lose the ability to login.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6419","name":"NMStateServiceFailure","message":"The NMState service can fail on baremetal cluster nodes, causing node scaleups and re-deployment failures.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=~\"None|BareMetal\"})\n  or\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal\"})\n)\n"}}]}]},{"edges":[{"from":"4.18.20","to":"4.19.10"},{"from":"4.18.19","to":"4.19.10"},{"from":"4.18.19","to":"4.19.11"},{"from":"4.18.21","to":"4.19.11"},{"from":"4.18.21","to":"4.19.10"},{"from":"4.18.20","to":"4.19.11"}],"risks":[{"url":"https://issues.redhat.com/browse/CONSOLE-4762","name":"ConsoleCrashOnMissingPlugin","message":"If a Console Operator configuration resource references a plugin name for which there is no corresponding ConsolePlugin resource, the Console may crashloop after the cluster is updated to an affected version.","matchingRules":[{"type":"Always"}]},{"url":"https://issues.redhat.com/browse/OTA-1705","name":"HyperShiftClusterVersionOperatorMetrics","message":"Hosted/HyperShift clusters in exposed releases will fail to scrape cluster-version operator metrics.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/CNTRLPLANE-1407","name":"HyperShiftProxyScheme","message":"Hosted/HyperShift clusters where HostedCluster has a configured proxy needed for IDP or ingress canary probes may lose the ability to login.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6196","name":"IPsecLargeClusterConnectivity","message":"Large clusters with enabled IPsec might experience intermittent loss of pod-to-pod connectivity. This prevents some pods on certain nodes from reaching services on other nodes, resulting in connection timeouts.","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"enabled\", \"\", \"\") == 1)\n  or on (_id)\n  0 * group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"disabled\", \"\", \"\") == 0)\n) and on (_id) (\n  group by (resource) (max_over_time(apiserver_storage_objects{_id=\"\",resource=\"nodes\"}[1h]) > 120)\n)\nor on (_id)\n0 * group(max_over_time(apiserver_storage_objects{_id=\"\"}[1h]))\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6419","name":"NMStateServiceFailure","message":"The NMState service can fail on baremetal cluster nodes, causing node scaleups and re-deployment failures.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=~\"None|BareMetal\"})\n  or\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal\"})\n)\n"}}]}]},{"edges":[{"from":"4.18.21","to":"4.19.15"},{"from":"4.18.21","to":"4.19.14"},{"from":"4.18.20","to":"4.19.15"},{"from":"4.18.22","to":"4.19.14"},{"from":"4.18.19","to":"4.19.14"},{"from":"4.18.20","to":"4.19.14"},{"from":"4.18.19","to":"4.19.15"},{"from":"4.18.22","to":"4.19.15"}],"risks":[{"url":"https://issues.redhat.com/browse/OTA-1705","name":"HyperShiftClusterVersionOperatorMetrics","message":"Hosted/HyperShift clusters in exposed releases will fail to scrape cluster-version operator metrics.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6196","name":"IPsecLargeClusterConnectivity","message":"Large clusters with enabled IPsec might experience intermittent loss of pod-to-pod connectivity. This prevents some pods on certain nodes from reaching services on other nodes, resulting in connection timeouts.","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"enabled\", \"\", \"\") == 1)\n  or on (_id)\n  0 * group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"disabled\", \"\", \"\") == 0)\n) and on (_id) (\n  group by (resource) (max_over_time(apiserver_storage_objects{_id=\"\",resource=\"nodes\"}[1h]) > 120)\n)\nor on (_id)\n0 * group(max_over_time(apiserver_storage_objects{_id=\"\"}[1h]))\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6483","name":"NetworkManagerOVNBridgeMapping","message":"On some clusters, the NetworkManager may delete ovs-ports on RHCOS updates, breaking Kubernetes access to those Nodes and wedging the update into the exposed release.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=~\"None|BareMetal|OpenStack|VSphere\"})\n  or on (_id)\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal|OpenStack|VSphere\"})\n)\n* on (_id) group_left (name)\n(\n  group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"\", name=\"ovn.bridge-mappings\"} > 0)\n  or on (_id)\n  0 * group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"\", name=\"ovn.bridge-mappings\"})\n  or on (_id)\n  group by (_id, name) (csv_succeeded{_id=\"\", name=~\"kubevirt-hyperconverged-operator[.].*\"})\n  or on (_id)\n  0 * label_replace(group by (_id) (csv_succeeded{_id=\"\"}), \"name\", \"hyperconverged operator not installed\", \"\", \"\")\n  or on (_id)\n  0 * label_replace(group by (_id) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal|OpenStack|VSphere\"}), \"name\", \"not sure about hyperconverged or ovn.bridge-mappings, but the whole platform is safe\", \"\", \"\")\n)\n"}}]},{"url":"https://issues.redhat.com/browse/MCO-1896","name":"OSUpdateFailureDueToImagePullPolicy","message":"Clusters with restrictive image policies may struggle with OS updates when the OS image is already on the local disk.","matchingRules":[{"type":"PromQL","promql":{"promql":"0 * group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\ngroup by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]}]},{"edges":[{"from":"4.19.17","to":"4.20.0"},{"from":"4.19.16","to":"4.20.0"}],"risks":[{"url":"https://access.redhat.com/solutions/7133826","name":"ARO420UDRWorkerNodesFail","message":"Disconnected ARO clusters or clusters with a UDR 0.0.0.0/0 route definition are not be able to add or replace nodes after an upgrade","matchingRules":[{"type":"PromQL","promql":{"promql":"topk(1,\n  group by (_id, name) (cluster_operator_conditions{_id=\"\",name=\"aro\"})\n  or\n  0 * group by (_id, name) (cluster_operator_conditions{_id=\"\"})\n)\n"}}]},{"url":"https://issues.redhat.com/browse/CNTRLPLANE-2254","name":"HyperShiftRedundantRouter","message":"Hosted/HyperShift clusters on bare metal or KubeVirt may fail to complete the update. This affects clusters where the HostedCluster has services (e.g., OAuthServer, Ignition) configured with 'servicePublishingStrategy.type: Route' and a route.hostname that is a subdomain of the management cluster's .apps domain.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/MCO-1896","name":"OSUpdateFailureDueToImagePullPolicy","message":"Clusters with restrictive image policies may struggle with OS updates when the OS image is already on the local disk.","matchingRules":[{"type":"PromQL","promql":{"promql":"0 * group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\ngroup by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]}]},{"edges":[{"from":"4.18.22","to":"4.19.12"}],"risks":[{"url":"https://issues.redhat.com/browse/CONSOLE-4762","name":"ConsoleCrashOnMissingPlugin","message":"If a Console Operator configuration resource references a plugin name for which there is no corresponding ConsolePlugin resource, the Console may crashloop after the cluster is updated to an affected version.","matchingRules":[{"type":"Always"}]},{"url":"https://issues.redhat.com/browse/OTA-1705","name":"HyperShiftClusterVersionOperatorMetrics","message":"Hosted/HyperShift clusters in exposed releases will fail to scrape cluster-version operator metrics.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6196","name":"IPsecLargeClusterConnectivity","message":"Large clusters with enabled IPsec might experience intermittent loss of pod-to-pod connectivity. This prevents some pods on certain nodes from reaching services on other nodes, resulting in connection timeouts.","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"enabled\", \"\", \"\") == 1)\n  or on (_id)\n  0 * group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"disabled\", \"\", \"\") == 0)\n) and on (_id) (\n  group by (resource) (max_over_time(apiserver_storage_objects{_id=\"\",resource=\"nodes\"}[1h]) > 120)\n)\nor on (_id)\n0 * group(max_over_time(apiserver_storage_objects{_id=\"\"}[1h]))\n"}}]},{"url":"https://issues.redhat.com/browse/MCO-1890","name":"MachineConfigNodesV1AlphaControlPlaneLabels","message":"Standalone clusters born in 4.11 or earlier whose control-plane nodes lack the control-plane role may need that role added to update to the target release.","matchingRules":[{"type":"PromQL","promql":{"promql":"0 * group by (role) (kube_node_role{_id=\"\",role=\"control-plane\"})\nor on ()\n1 * group by (role) (kube_node_role{_id=\"\",role=\"master\"})\nor on ()\n0 * topk(1, count by (role) (kube_node_role{_id=\"\"}))\n"}}]},{"url":"https://issues.redhat.com/browse/MCO-1896","name":"OSUpdateFailureDueToImagePullPolicy","message":"Clusters with restrictive image policies may struggle with OS updates when the OS image is already on the local disk.","matchingRules":[{"type":"PromQL","promql":{"promql":"0 * group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\ngroup by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]}]},{"edges":[{"from":"4.19.5","to":"4.19.17"},{"from":"4.19.6","to":"4.19.17"},{"from":"4.19.11","to":"4.19.17"},{"from":"4.19.10","to":"4.19.16"},{"from":"4.19.4","to":"4.19.17"},{"from":"4.19.9","to":"4.19.16"},{"from":"4.19.0","to":"4.19.17"},{"from":"4.19.11","to":"4.19.16"},{"from":"4.19.3","to":"4.19.17"},{"from":"4.19.12","to":"4.19.16"},{"from":"4.19.10","to":"4.19.17"},{"from":"4.19.12","to":"4.19.17"},{"from":"4.19.9","to":"4.19.17"},{"from":"4.19.7","to":"4.19.17"},{"from":"4.19.1","to":"4.19.17"},{"from":"4.19.2","to":"4.19.17"}],"risks":[{"url":"https://issues.redhat.com/browse/CORENET-6483","name":"NetworkManagerOVNBridgeMapping","message":"On some clusters, the NetworkManager may delete ovs-ports on RHCOS updates, breaking Kubernetes access to those Nodes and wedging the update into the exposed release.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=~\"None|BareMetal|OpenStack|VSphere\"})\n  or on (_id)\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal|OpenStack|VSphere\"})\n)\n* on (_id) group_left (name)\n(\n  group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"\", name=\"ovn.bridge-mappings\"} > 0)\n  or on (_id)\n  0 * group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"\", name=\"ovn.bridge-mappings\"})\n  or on (_id)\n  group by (_id, name) (csv_succeeded{_id=\"\", name=~\"kubevirt-hyperconverged-operator[.].*\"})\n  or on (_id)\n  0 * label_replace(group by (_id) (csv_succeeded{_id=\"\"}), \"name\", \"hyperconverged operator not installed\", \"\", \"\")\n  or on (_id)\n  0 * label_replace(group by (_id) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal|OpenStack|VSphere\"}), \"name\", \"not sure about hyperconverged or ovn.bridge-mappings, but the whole platform is safe\", \"\", \"\")\n)\n"}}]}]},{"edges":[{"from":"4.19.16","to":"4.20.3"},{"from":"4.19.17","to":"4.20.12"},{"from":"4.19.17","to":"4.20.1"},{"from":"4.19.17","to":"4.20.10"},{"from":"4.19.15","to":"4.20.1"},{"from":"4.19.16","to":"4.20.12"},{"from":"4.19.17","to":"4.20.3"},{"from":"4.19.15","to":"4.20.12"},{"from":"4.19.16","to":"4.20.11"},{"from":"4.19.16","to":"4.20.1"},{"from":"4.19.16","to":"4.20.10"},{"from":"4.19.15","to":"4.20.3"},{"from":"4.19.17","to":"4.20.2"},{"from":"4.19.17","to":"4.20.11"},{"from":"4.19.15","to":"4.20.0"},{"from":"4.19.16","to":"4.20.8"},{"from":"4.19.15","to":"4.20.13"},{"from":"4.19.17","to":"4.20.8"},{"from":"4.19.16","to":"4.20.13"},{"from":"4.19.17","to":"4.20.13"},{"from":"4.19.16","to":"4.20.2"},{"from":"4.19.15","to":"4.20.8"},{"from":"4.19.15","to":"4.20.2"},{"from":"4.19.15","to":"4.20.11"},{"from":"4.19.15","to":"4.20.10"}],"risks":[{"url":"https://access.redhat.com/solutions/7133826","name":"ARO420UDRWorkerNodesFail","message":"Disconnected ARO clusters or clusters with a UDR 0.0.0.0/0 route definition are not be able to add or replace nodes after an upgrade","matchingRules":[{"type":"PromQL","promql":{"promql":"topk(1,\n  group by (_id, name) (cluster_operator_conditions{_id=\"\",name=\"aro\"})\n  or\n  0 * group by (_id, name) (cluster_operator_conditions{_id=\"\"})\n)\n"}}]},{"url":"https://issues.redhat.com/browse/CNTRLPLANE-2254","name":"HyperShiftRedundantRouter","message":"Hosted/HyperShift clusters on bare metal or KubeVirt may fail to complete the update. This affects clusters where the HostedCluster has services (e.g., OAuthServer, Ignition) configured with 'servicePublishingStrategy.type: Route' and a route.hostname that is a subdomain of the management cluster's .apps domain.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]}]},{"edges":[{"from":"4.18.22","to":"4.19.25"},{"from":"4.18.26","to":"4.19.24"},{"from":"4.18.27","to":"4.19.24"},{"from":"4.18.23","to":"4.19.24"},{"from":"4.18.25","to":"4.19.23"},{"from":"4.18.24","to":"4.19.23"},{"from":"4.18.27","to":"4.19.25"},{"from":"4.18.31","to":"4.19.23"},{"from":"4.18.29","to":"4.19.24"},{"from":"4.18.34","to":"4.19.25"},{"from":"4.18.32","to":"4.19.24"},{"from":"4.18.23","to":"4.19.21"},{"from":"4.18.21","to":"4.19.21"},{"from":"4.18.28","to":"4.19.21"},{"from":"4.18.23","to":"4.19.25"},{"from":"4.18.22","to":"4.19.24"},{"from":"4.18.31","to":"4.19.22"},{"from":"4.18.23","to":"4.19.22"},{"from":"4.18.30","to":"4.19.25"},{"from":"4.18.26","to":"4.19.25"},{"from":"4.18.19","to":"4.19.25"},{"from":"4.18.25","to":"4.19.21"},{"from":"4.18.26","to":"4.19.23"},{"from":"4.18.26","to":"4.19.22"},{"from":"4.18.20","to":"4.19.21"},{"from":"4.18.27","to":"4.19.22"},{"from":"4.18.31","to":"4.19.25"},{"from":"4.18.33","to":"4.19.25"},{"from":"4.18.22","to":"4.19.21"},{"from":"4.18.32","to":"4.19.25"},{"from":"4.18.26","to":"4.19.21"},{"from":"4.18.20","to":"4.19.23"},{"from":"4.18.21","to":"4.19.25"},{"from":"4.18.30","to":"4.19.24"},{"from":"4.18.28","to":"4.19.25"},{"from":"4.18.25","to":"4.19.22"},{"from":"4.18.30","to":"4.19.23"},{"from":"4.18.31","to":"4.19.24"},{"from":"4.18.25","to":"4.19.25"},{"from":"4.18.24","to":"4.19.25"},{"from":"4.18.24","to":"4.19.22"},{"from":"4.18.24","to":"4.19.24"},{"from":"4.18.33","to":"4.19.24"},{"from":"4.18.20","to":"4.19.22"},{"from":"4.18.19","to":"4.19.23"},{"from":"4.18.22","to":"4.19.23"},{"from":"4.18.29","to":"4.19.21"},{"from":"4.18.29","to":"4.19.23"},{"from":"4.18.19","to":"4.19.21"},{"from":"4.18.28","to":"4.19.24"},{"from":"4.18.21","to":"4.19.24"},{"from":"4.18.27","to":"4.19.23"},{"from":"4.18.29","to":"4.19.22"},{"from":"4.18.22","to":"4.19.22"},{"from":"4.18.19","to":"4.19.22"},{"from":"4.18.29","to":"4.19.25"},{"from":"4.18.21","to":"4.19.22"},{"from":"4.18.23","to":"4.19.23"},{"from":"4.18.19","to":"4.19.24"},{"from":"4.18.30","to":"4.19.22"},{"from":"4.18.28","to":"4.19.22"},{"from":"4.18.24","to":"4.19.21"},{"from":"4.18.25","to":"4.19.24"},{"from":"4.18.28","to":"4.19.23"},{"from":"4.18.20","to":"4.19.24"},{"from":"4.18.27","to":"4.19.21"},{"from":"4.18.30","to":"4.19.21"},{"from":"4.18.20","to":"4.19.25"},{"from":"4.18.21","to":"4.19.23"}],"risks":[{"url":"https://issues.redhat.com/browse/CNTRLPLANE-2254","name":"HyperShiftRedundantRouter","message":"Hosted/HyperShift clusters on bare metal or KubeVirt may fail to complete the update. This affects clusters where the HostedCluster has services (e.g., OAuthServer, Ignition) configured with 'servicePublishingStrategy.type: Route' and a route.hostname that is a subdomain of the management cluster's .apps domain.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6196","name":"IPsecLargeClusterConnectivity","message":"Large clusters with enabled IPsec might experience intermittent loss of pod-to-pod connectivity. This prevents some pods on certain nodes from reaching services on other nodes, resulting in connection timeouts.","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"enabled\", \"\", \"\") == 1)\n  or on (_id)\n  0 * group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"disabled\", \"\", \"\") == 0)\n) and on (_id) (\n  group by (resource) (max_over_time(apiserver_storage_objects{_id=\"\",resource=\"nodes\"}[1h]) > 120)\n)\nor on (_id)\n0 * group(max_over_time(apiserver_storage_objects{_id=\"\"}[1h]))\n"}}]}]},{"edges":[{"from":"4.18.20","to":"4.19.13"},{"from":"4.18.21","to":"4.19.13"},{"from":"4.18.19","to":"4.19.13"}],"risks":[{"url":"https://issues.redhat.com/browse/CONSOLE-4762","name":"ConsoleCrashOnMissingPlugin","message":"If a Console Operator configuration resource references a plugin name for which there is no corresponding ConsolePlugin resource, the Console may crashloop after the cluster is updated to an affected version.","matchingRules":[{"type":"Always"}]},{"url":"https://issues.redhat.com/browse/OTA-1705","name":"HyperShiftClusterVersionOperatorMetrics","message":"Hosted/HyperShift clusters in exposed releases will fail to scrape cluster-version operator metrics.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/CNTRLPLANE-1407","name":"HyperShiftProxyScheme","message":"Hosted/HyperShift clusters where HostedCluster has a configured proxy needed for IDP or ingress canary probes may lose the ability to login.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6196","name":"IPsecLargeClusterConnectivity","message":"Large clusters with enabled IPsec might experience intermittent loss of pod-to-pod connectivity. This prevents some pods on certain nodes from reaching services on other nodes, resulting in connection timeouts.","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"enabled\", \"\", \"\") == 1)\n  or on (_id)\n  0 * group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"disabled\", \"\", \"\") == 0)\n) and on (_id) (\n  group by (resource) (max_over_time(apiserver_storage_objects{_id=\"\",resource=\"nodes\"}[1h]) > 120)\n)\nor on (_id)\n0 * group(max_over_time(apiserver_storage_objects{_id=\"\"}[1h]))\n"}}]},{"url":"https://issues.redhat.com/browse/MCO-1890","name":"MachineConfigNodesV1AlphaControlPlaneLabels","message":"Standalone clusters born in 4.11 or earlier whose control-plane nodes lack the control-plane role may need that role added to update to the target release.","matchingRules":[{"type":"PromQL","promql":{"promql":"0 * group by (role) (kube_node_role{_id=\"\",role=\"control-plane\"})\nor on ()\n1 * group by (role) (kube_node_role{_id=\"\",role=\"master\"})\nor on ()\n0 * topk(1, count by (role) (kube_node_role{_id=\"\"}))\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6419","name":"NMStateServiceFailure","message":"The NMState service can fail on baremetal cluster nodes, causing node scaleups and re-deployment failures.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=~\"None|BareMetal\"})\n  or\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal\"})\n)\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6483","name":"NetworkManagerOVNBridgeMapping","message":"On some clusters, the NetworkManager may delete ovs-ports on RHCOS updates, breaking Kubernetes access to those Nodes and wedging the update into the exposed release.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=~\"None|BareMetal|OpenStack|VSphere\"})\n  or on (_id)\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal|OpenStack|VSphere\"})\n)\n* on (_id) group_left (name)\n(\n  group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"\", name=\"ovn.bridge-mappings\"} > 0)\n  or on (_id)\n  0 * group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"\", name=\"ovn.bridge-mappings\"})\n  or on (_id)\n  group by (_id, name) (csv_succeeded{_id=\"\", name=~\"kubevirt-hyperconverged-operator[.].*\"})\n  or on (_id)\n  0 * label_replace(group by (_id) (csv_succeeded{_id=\"\"}), \"name\", \"hyperconverged operator not installed\", \"\", \"\")\n  or on (_id)\n  0 * label_replace(group by (_id) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal|OpenStack|VSphere\"}), \"name\", \"not sure about hyperconverged or ovn.bridge-mappings, but the whole platform is safe\", \"\", \"\")\n)\n"}}]},{"url":"https://issues.redhat.com/browse/MCO-1896","name":"OSUpdateFailureDueToImagePullPolicy","message":"Clusters with restrictive image policies may struggle with OS updates when the OS image is already on the local disk.","matchingRules":[{"type":"PromQL","promql":{"promql":"0 * group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\ngroup by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]}]},{"edges":[{"from":"4.18.23","to":"4.19.11"},{"from":"4.18.23","to":"4.19.10"}],"risks":[{"url":"https://issues.redhat.com/browse/CONSOLE-4762","name":"ConsoleCrashOnMissingPlugin","message":"If a Console Operator configuration resource references a plugin name for which there is no corresponding ConsolePlugin resource, the Console may crashloop after the cluster is updated to an affected version.","matchingRules":[{"type":"Always"}]},{"url":"https://issues.redhat.com/browse/CORENET-6196","name":"IPsecLargeClusterConnectivity","message":"Large clusters with enabled IPsec might experience intermittent loss of pod-to-pod connectivity. This prevents some pods on certain nodes from reaching services on other nodes, resulting in connection timeouts.","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"enabled\", \"\", \"\") == 1)\n  or on (_id)\n  0 * group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"disabled\", \"\", \"\") == 0)\n) and on (_id) (\n  group by (resource) (max_over_time(apiserver_storage_objects{_id=\"\",resource=\"nodes\"}[1h]) > 120)\n)\nor on (_id)\n0 * group(max_over_time(apiserver_storage_objects{_id=\"\"}[1h]))\n"}}]}]},{"edges":[{"from":"4.18.5","to":"4.18.10"},{"from":"4.18.4","to":"4.18.10"},{"from":"4.18.2","to":"4.18.11"},{"from":"4.18.1","to":"4.18.11"},{"from":"4.18.4","to":"4.18.11"},{"from":"4.18.5","to":"4.18.11"},{"from":"4.18.3","to":"4.18.11"},{"from":"4.18.3","to":"4.18.10"},{"from":"4.18.2","to":"4.18.10"},{"from":"4.18.1","to":"4.18.10"}],"risks":[{"url":"https://issues.redhat.com/browse/CNF-17689","name":"MetallbBgpBfdFrrRpm","message":"Clusters using MetalLB BFD capabilities alongside BGP can fail to establish BGP peering, reducing the availability of LoadBalancer services exposed by MetalLB, or even making them unreachable","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (_id, name) (csv_succeeded{_id=\"\", name=~\"metallb-operator[.].*\"})\n  or on (_id)\n  0 * label_replace(group by (_id) (csv_succeeded{_id=\"\"}), \"name\", \"metallb operator not installed\", \"name\", \".*\")\n)\n"}}]},{"url":"https://issues.redhat.com/browse/MCO-1702","name":"RHELFailedRebootMissingService","message":"RHEL worker nodes will fail to reboot during a node update due to a missing service.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk(1,\n  group by (label_node_openshift_io_os_id) (kube_node_labels{_id=\"\",label_node_openshift_io_os_id=\"rhel\"})\n  or\n  0 * group by (label_node_openshift_io_os_id) (kube_node_labels{_id=\"\"})\n)\n"}}]}]},{"edges":[{"from":"4.18.10","to":"4.18.11"},{"from":"4.18.8","to":"4.18.11"},{"from":"4.18.9","to":"4.18.11"},{"from":"4.18.8","to":"4.18.10"},{"from":"4.18.9","to":"4.18.10"},{"from":"4.18.6","to":"4.18.10"},{"from":"4.18.6","to":"4.18.11"},{"from":"4.18.7","to":"4.18.10"},{"from":"4.18.7","to":"4.18.11"}],"risks":[{"url":"https://issues.redhat.com/browse/CNF-17689","name":"MetallbBgpBfdFrrRpm","message":"Clusters using MetalLB BFD capabilities alongside BGP can fail to establish BGP peering, reducing the availability of LoadBalancer services exposed by MetalLB, or even making them unreachable","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (_id, name) (csv_succeeded{_id=\"\", name=~\"metallb-operator[.].*\"})\n  or on (_id)\n  0 * label_replace(group by (_id) (csv_succeeded{_id=\"\"}), \"name\", \"metallb operator not installed\", \"name\", \".*\")\n)\n"}}]}]},{"edges":[{"from":"4.19.4","to":"4.19.18"},{"from":"4.19.11","to":"4.19.18"},{"from":"4.19.2","to":"4.19.18"},{"from":"4.19.7","to":"4.19.18"},{"from":"4.19.12","to":"4.19.18"},{"from":"4.19.10","to":"4.19.18"},{"from":"4.19.1","to":"4.19.18"},{"from":"4.19.5","to":"4.19.18"},{"from":"4.19.3","to":"4.19.18"},{"from":"4.19.6","to":"4.19.18"},{"from":"4.19.9","to":"4.19.18"},{"from":"4.19.0","to":"4.19.18"}],"risks":[{"url":"https://issues.redhat.com/browse/CNTRLPLANE-2254","name":"HyperShiftRedundantRouter","message":"Hosted/HyperShift clusters on bare metal or KubeVirt may fail to complete the update. This affects clusters where the HostedCluster has services (e.g., OAuthServer, Ignition) configured with 'servicePublishingStrategy.type: Route' and a route.hostname that is a subdomain of the management cluster's .apps domain.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6483","name":"NetworkManagerOVNBridgeMapping","message":"On some clusters, the NetworkManager may delete ovs-ports on RHCOS updates, breaking Kubernetes access to those Nodes and wedging the update into the exposed release.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=~\"None|BareMetal|OpenStack|VSphere\"})\n  or on (_id)\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal|OpenStack|VSphere\"})\n)\n* on (_id) group_left (name)\n(\n  group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"\", name=\"ovn.bridge-mappings\"} > 0)\n  or on (_id)\n  0 * group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"\", name=\"ovn.bridge-mappings\"})\n  or on (_id)\n  group by (_id, name) (csv_succeeded{_id=\"\", name=~\"kubevirt-hyperconverged-operator[.].*\"})\n  or on (_id)\n  0 * label_replace(group by (_id) (csv_succeeded{_id=\"\"}), \"name\", \"hyperconverged operator not installed\", \"\", \"\")\n  or on (_id)\n  0 * label_replace(group by (_id) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal|OpenStack|VSphere\"}), \"name\", \"not sure about hyperconverged or ovn.bridge-mappings, but the whole platform is safe\", \"\", \"\")\n)\n"}}]},{"url":"https://issues.redhat.com/browse/COS-3765","name":"SCOSBootImage","message":"The coreos-bootimages ConfigMap in the openshift-machine-config-operator Namespace thrashes between RHCOS and SCOS content.","matchingRules":[{"type":"Always"}]}]},{"edges":[{"from":"4.19.2","to":"4.19.5"},{"from":"4.19.2","to":"4.19.4"},{"from":"4.19.3","to":"4.19.4"},{"from":"4.19.0","to":"4.19.4"},{"from":"4.19.3","to":"4.19.6"},{"from":"4.19.2","to":"4.19.6"},{"from":"4.19.1","to":"4.19.5"},{"from":"4.19.0","to":"4.19.6"},{"from":"4.19.3","to":"4.19.5"},{"from":"4.19.1","to":"4.19.6"},{"from":"4.19.0","to":"4.19.5"},{"from":"4.19.1","to":"4.19.4"}],"risks":[{"url":"https://issues.redhat.com/browse/CNTRLPLANE-1407","name":"HyperShiftProxyScheme","message":"Hosted/HyperShift clusters where HostedCluster has a configured proxy needed for IDP or ingress canary probes may lose the ability to login.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]}]},{"edges":[{"from":"4.18.4","to":"4.18.8"},{"from":"4.18.1","to":"4.18.7"},{"from":"4.18.2","to":"4.18.8"},{"from":"4.18.1","to":"4.18.8"},{"from":"4.18.4","to":"4.18.9"},{"from":"4.18.5","to":"4.18.9"},{"from":"4.18.3","to":"4.18.9"},{"from":"4.18.5","to":"4.18.8"},{"from":"4.18.3","to":"4.18.7"},{"from":"4.18.5","to":"4.18.7"},{"from":"4.18.4","to":"4.18.7"},{"from":"4.18.1","to":"4.18.9"},{"from":"4.18.2","to":"4.18.7"},{"from":"4.18.2","to":"4.18.9"},{"from":"4.18.3","to":"4.18.8"}],"risks":[{"url":"https://issues.redhat.com/browse/MCO-1702","name":"RHELFailedRebootMissingService","message":"RHEL worker nodes will fail to reboot during a node update due to a missing service.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk(1,\n  group by (label_node_openshift_io_os_id) (kube_node_labels{_id=\"\",label_node_openshift_io_os_id=\"rhel\"})\n  or\n  0 * group by (label_node_openshift_io_os_id) (kube_node_labels{_id=\"\"})\n)\n"}}]}]},{"edges":[{"from":"4.18.22","to":"4.19.11"},{"from":"4.18.22","to":"4.19.10"}],"risks":[{"url":"https://issues.redhat.com/browse/CONSOLE-4762","name":"ConsoleCrashOnMissingPlugin","message":"If a Console Operator configuration resource references a plugin name for which there is no corresponding ConsolePlugin resource, the Console may crashloop after the cluster is updated to an affected version.","matchingRules":[{"type":"Always"}]},{"url":"https://issues.redhat.com/browse/OTA-1705","name":"HyperShiftClusterVersionOperatorMetrics","message":"Hosted/HyperShift clusters in exposed releases will fail to scrape cluster-version operator metrics.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6196","name":"IPsecLargeClusterConnectivity","message":"Large clusters with enabled IPsec might experience intermittent loss of pod-to-pod connectivity. This prevents some pods on certain nodes from reaching services on other nodes, resulting in connection timeouts.","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"enabled\", \"\", \"\") == 1)\n  or on (_id)\n  0 * group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"disabled\", \"\", \"\") == 0)\n) and on (_id) (\n  group by (resource) (max_over_time(apiserver_storage_objects{_id=\"\",resource=\"nodes\"}[1h]) > 120)\n)\nor on (_id)\n0 * group(max_over_time(apiserver_storage_objects{_id=\"\"}[1h]))\n"}}]}]},{"edges":[{"from":"4.18.19","to":"4.19.28"},{"from":"4.18.27","to":"4.19.27"},{"from":"4.18.29","to":"4.19.27"},{"from":"4.18.30","to":"4.19.28"},{"from":"4.18.28","to":"4.19.28"},{"from":"4.18.24","to":"4.19.27"},{"from":"4.18.36","to":"4.19.27"},{"from":"4.18.33","to":"4.19.28"},{"from":"4.18.21","to":"4.19.28"},{"from":"4.18.35","to":"4.19.27"},{"from":"4.18.31","to":"4.19.27"},{"from":"4.18.34","to":"4.19.28"},{"from":"4.18.35","to":"4.19.28"},{"from":"4.18.31","to":"4.19.28"},{"from":"4.18.25","to":"4.19.28"},{"from":"4.18.24","to":"4.19.28"},{"from":"4.18.27","to":"4.19.28"},{"from":"4.18.23","to":"4.19.28"},{"from":"4.18.26","to":"4.19.27"},{"from":"4.18.32","to":"4.19.27"},{"from":"4.18.20","to":"4.19.27"},{"from":"4.18.32","to":"4.19.28"},{"from":"4.18.34","to":"4.19.27"},{"from":"4.18.29","to":"4.19.28"},{"from":"4.18.23","to":"4.19.27"},{"from":"4.18.30","to":"4.19.27"},{"from":"4.18.20","to":"4.19.28"},{"from":"4.18.26","to":"4.19.28"},{"from":"4.18.22","to":"4.19.28"},{"from":"4.18.19","to":"4.19.27"},{"from":"4.18.25","to":"4.19.27"},{"from":"4.18.22","to":"4.19.27"},{"from":"4.18.21","to":"4.19.27"},{"from":"4.18.37","to":"4.19.28"},{"from":"4.18.28","to":"4.19.27"},{"from":"4.18.36","to":"4.19.28"},{"from":"4.18.33","to":"4.19.27"}],"risks":[{"url":"https://issues.redhat.com/browse/CORENET-6196","name":"IPsecLargeClusterConnectivity","message":"Large clusters with enabled IPsec might experience intermittent loss of pod-to-pod connectivity. This prevents some pods on certain nodes from reaching services on other nodes, resulting in connection timeouts.","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"enabled\", \"\", \"\") == 1)\n  or on (_id)\n  0 * group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"disabled\", \"\", \"\") == 0)\n) and on (_id) (\n  group by (resource) (max_over_time(apiserver_storage_objects{_id=\"\",resource=\"nodes\"}[1h]) > 120)\n)\nor on (_id)\n0 * group(max_over_time(apiserver_storage_objects{_id=\"\"}[1h]))\n"}}]},{"url":"https://redhat.atlassian.net/browse/CORENET-6950","name":"PrecisionTimeProtocolDPLLPins","message":"Clusters using older PTP operators may struggle to synchronize system clocks and might not provide time to downstream clients.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, name) (csv_succeeded{_id=\"\", name=~\"ptp-operator[.]v4[.][0-9]*[.]0-(202[3-5]|20260[1-9])[0-9]*\"})\nor on (_id)\n0 * label_replace(group by (_id) (csv_succeeded{_id=\"\"}), \"name\", \"ptp-operator.v4.y.0-20260331... or older not installed\", \"\", \"\")\n"}}]}]},{"edges":[{"from":"4.19.16","to":"4.19.21"},{"from":"4.19.14","to":"4.19.22"},{"from":"4.19.11","to":"4.19.21"},{"from":"4.19.11","to":"4.19.23"},{"from":"4.19.7","to":"4.19.23"},{"from":"4.19.11","to":"4.19.22"},{"from":"4.19.13","to":"4.19.25"},{"from":"4.19.2","to":"4.19.22"},{"from":"4.19.17","to":"4.19.21"},{"from":"4.19.13","to":"4.19.22"},{"from":"4.19.16","to":"4.20.15"},{"from":"4.19.5","to":"4.19.21"},{"from":"4.19.0","to":"4.19.22"},{"from":"4.19.3","to":"4.19.23"},{"from":"4.19.4","to":"4.19.21"},{"from":"4.19.4","to":"4.19.23"},{"from":"4.19.5","to":"4.19.22"},{"from":"4.19.7","to":"4.19.25"},{"from":"4.19.12","to":"4.19.21"},{"from":"4.19.1","to":"4.19.23"},{"from":"4.19.4","to":"4.19.25"},{"from":"4.19.2","to":"4.19.25"},{"from":"4.19.16","to":"4.19.23"},{"from":"4.19.16","to":"4.20.14"},{"from":"4.19.1","to":"4.19.24"},{"from":"4.19.10","to":"4.19.22"},{"from":"4.19.5","to":"4.19.23"},{"from":"4.19.7","to":"4.19.24"},{"from":"4.19.14","to":"4.19.23"},{"from":"4.19.5","to":"4.19.24"},{"from":"4.19.3","to":"4.19.24"},{"from":"4.19.16","to":"4.19.22"},{"from":"4.19.12","to":"4.19.24"},{"from":"4.19.15","to":"4.19.25"},{"from":"4.19.6","to":"4.19.21"},{"from":"4.19.6","to":"4.19.25"},{"from":"4.19.12","to":"4.19.23"},{"from":"4.19.7","to":"4.19.22"},{"from":"4.19.3","to":"4.19.25"},{"from":"4.19.17","to":"4.19.24"},{"from":"4.19.10","to":"4.19.21"},{"from":"4.19.2","to":"4.19.21"},{"from":"4.19.17","to":"4.19.23"},{"from":"4.19.7","to":"4.19.21"},{"from":"4.19.15","to":"4.20.14"},{"from":"4.19.0","to":"4.19.25"},{"from":"4.19.6","to":"4.19.24"},{"from":"4.19.2","to":"4.19.24"},{"from":"4.19.16","to":"4.19.25"},{"from":"4.19.5","to":"4.19.25"},{"from":"4.19.1","to":"4.19.22"},{"from":"4.19.13","to":"4.19.23"},{"from":"4.19.11","to":"4.19.24"},{"from":"4.19.9","to":"4.19.22"},{"from":"4.19.15","to":"4.19.22"},{"from":"4.19.3","to":"4.19.21"},{"from":"4.19.15","to":"4.20.15"},{"from":"4.19.1","to":"4.19.21"},{"from":"4.19.15","to":"4.19.21"},{"from":"4.19.9","to":"4.19.25"},{"from":"4.19.0","to":"4.19.23"},{"from":"4.19.10","to":"4.19.25"},{"from":"4.19.14","to":"4.19.25"},{"from":"4.19.9","to":"4.19.24"},{"from":"4.19.15","to":"4.19.24"},{"from":"4.19.17","to":"4.20.14"},{"from":"4.19.0","to":"4.19.21"},{"from":"4.19.14","to":"4.19.24"},{"from":"4.19.0","to":"4.19.24"},{"from":"4.19.6","to":"4.19.22"},{"from":"4.19.13","to":"4.19.21"},{"from":"4.19.17","to":"4.19.22"},{"from":"4.19.2","to":"4.19.23"},{"from":"4.19.10","to":"4.19.23"},{"from":"4.19.12","to":"4.19.25"},{"from":"4.19.17","to":"4.19.25"},{"from":"4.19.4","to":"4.19.22"},{"from":"4.19.6","to":"4.19.23"},{"from":"4.19.3","to":"4.19.22"},{"from":"4.19.9","to":"4.19.21"},{"from":"4.19.12","to":"4.19.22"},{"from":"4.19.1","to":"4.19.25"},{"from":"4.19.16","to":"4.19.24"},{"from":"4.19.10","to":"4.19.24"},{"from":"4.19.17","to":"4.20.15"},{"from":"4.19.13","to":"4.19.24"},{"from":"4.19.14","to":"4.19.21"},{"from":"4.19.15","to":"4.19.23"},{"from":"4.19.11","to":"4.19.25"},{"from":"4.19.9","to":"4.19.23"},{"from":"4.19.4","to":"4.19.24"}],"risks":[{"url":"https://issues.redhat.com/browse/CNTRLPLANE-2254","name":"HyperShiftRedundantRouter","message":"Hosted/HyperShift clusters on bare metal or KubeVirt may fail to complete the update. This affects clusters where the HostedCluster has services (e.g., OAuthServer, Ignition) configured with 'servicePublishingStrategy.type: Route' and a route.hostname that is a subdomain of the management cluster's .apps domain.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]}]},{"edges":[{"from":"4.18.25","to":"4.19.20"},{"from":"4.18.19","to":"4.19.20"},{"from":"4.18.19","to":"4.19.19"},{"from":"4.18.29","to":"4.19.20"},{"from":"4.18.28","to":"4.19.19"},{"from":"4.18.28","to":"4.19.20"},{"from":"4.18.26","to":"4.19.19"},{"from":"4.18.24","to":"4.19.19"},{"from":"4.18.22","to":"4.19.20"},{"from":"4.18.27","to":"4.19.20"},{"from":"4.18.21","to":"4.19.20"},{"from":"4.18.26","to":"4.19.20"},{"from":"4.18.20","to":"4.19.19"},{"from":"4.18.25","to":"4.19.19"},{"from":"4.18.24","to":"4.19.20"},{"from":"4.18.23","to":"4.19.19"},{"from":"4.18.27","to":"4.19.19"},{"from":"4.18.23","to":"4.19.20"},{"from":"4.18.20","to":"4.19.20"},{"from":"4.18.22","to":"4.19.19"},{"from":"4.18.21","to":"4.19.19"}],"risks":[{"url":"https://issues.redhat.com/browse/CNTRLPLANE-2254","name":"HyperShiftRedundantRouter","message":"Hosted/HyperShift clusters on bare metal or KubeVirt may fail to complete the update. This affects clusters where the HostedCluster has services (e.g., OAuthServer, Ignition) configured with 'servicePublishingStrategy.type: Route' and a route.hostname that is a subdomain of the management cluster's .apps domain.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6196","name":"IPsecLargeClusterConnectivity","message":"Large clusters with enabled IPsec might experience intermittent loss of pod-to-pod connectivity. This prevents some pods on certain nodes from reaching services on other nodes, resulting in connection timeouts.","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"enabled\", \"\", \"\") == 1)\n  or on (_id)\n  0 * group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"disabled\", \"\", \"\") == 0)\n) and on (_id) (\n  group by (resource) (max_over_time(apiserver_storage_objects{_id=\"\",resource=\"nodes\"}[1h]) > 120)\n)\nor on (_id)\n0 * group(max_over_time(apiserver_storage_objects{_id=\"\"}[1h]))\n"}}]},{"url":"https://issues.redhat.com/browse/RUN-3748","name":"RuncShareProcessNamespace","message":"Some runc 1.2 releases fail to launch containers in some Pods where shareProcessNamespace is explicitly set true.","matchingRules":[{"type":"Always"}]}]},{"edges":[{"from":"4.19.4","to":"4.19.7"},{"from":"4.19.6","to":"4.19.7"},{"from":"4.19.5","to":"4.19.7"}],"risks":[{"url":"https://issues.redhat.com/browse/CONSOLE-4762","name":"ConsoleCrashOnMissingPlugin","message":"If a Console Operator configuration resource references a plugin name for which there is no corresponding ConsolePlugin resource, the Console may crashloop after the cluster is updated to an affected version.","matchingRules":[{"type":"Always"}]}]},{"edges":[{"from":"4.18.23","to":"4.18.26"},{"from":"4.18.23","to":"4.18.24"},{"from":"4.18.23","to":"4.18.25"}],"risks":[{"url":"https://issues.redhat.com/browse/COS-3700","name":"ContinuousNodeRebootingDueToKernelPanic","message":"OCP nodes get rebooted continuously due to kernel panic by loading of third party modules.","matchingRules":[{"type":"Always"}]}]},{"edges":[{"from":"4.18.3","to":"4.18.14"},{"from":"4.18.5","to":"4.18.13"},{"from":"4.18.2","to":"4.18.14"},{"from":"4.18.5","to":"4.18.12"},{"from":"4.18.1","to":"4.18.12"},{"from":"4.18.3","to":"4.18.12"},{"from":"4.18.1","to":"4.18.15"},{"from":"4.18.1","to":"4.18.13"},{"from":"4.18.4","to":"4.18.14"},{"from":"4.18.1","to":"4.18.16"},{"from":"4.18.1","to":"4.18.14"},{"from":"4.18.4","to":"4.18.12"},{"from":"4.18.2","to":"4.18.15"},{"from":"4.18.4","to":"4.18.16"},{"from":"4.18.4","to":"4.18.15"},{"from":"4.18.3","to":"4.18.15"},{"from":"4.18.5","to":"4.18.14"},{"from":"4.18.3","to":"4.18.16"},{"from":"4.18.2","to":"4.18.13"},{"from":"4.18.2","to":"4.18.16"},{"from":"4.18.2","to":"4.18.12"},{"from":"4.18.5","to":"4.18.16"},{"from":"4.18.3","to":"4.18.13"},{"from":"4.18.5","to":"4.18.15"},{"from":"4.18.4","to":"4.18.13"}],"risks":[{"url":"https://issues.redhat.com/browse/CONSOLE-4632","name":"ConsoleEnabledTargetDownAlert","message":"The alert TargetDown is triggered if the capability Console is enabled on the cluster.","matchingRules":[{"type":"PromQL","promql":{"promql":"max(cluster_version_capability{name=\"Console\"})"}}]},{"url":"https://issues.redhat.com/browse/MCO-1702","name":"RHELFailedRebootMissingService","message":"RHEL worker nodes will fail to reboot during a node update due to a missing service.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk(1,\n  group by (label_node_openshift_io_os_id) (kube_node_labels{_id=\"\",label_node_openshift_io_os_id=\"rhel\"})\n  or\n  0 * group by (label_node_openshift_io_os_id) (kube_node_labels{_id=\"\"})\n)\n"}}]}]},{"edges":[{"from":"4.20.15","to":"4.20.18"},{"from":"4.20.12","to":"4.20.18"},{"from":"4.19.3","to":"4.19.27"},{"from":"4.19.10","to":"4.19.27"},{"from":"4.20.14","to":"4.20.18"},{"from":"4.19.6","to":"4.19.27"},{"from":"4.19.21","to":"4.20.19"},{"from":"4.19.18","to":"4.20.19"},{"from":"4.19.19","to":"4.19.28"},{"from":"4.19.12","to":"4.19.28"},{"from":"4.19.10","to":"4.19.28"},{"from":"4.19.16","to":"4.20.18"},{"from":"4.20.11","to":"4.20.18"},{"from":"4.19.1","to":"4.19.27"},{"from":"4.19.18","to":"4.19.27"},{"from":"4.19.15","to":"4.19.28"},{"from":"4.20.6","to":"4.20.19"},{"from":"4.20.13","to":"4.20.18"},{"from":"4.19.22","to":"4.20.18"},{"from":"4.19.19","to":"4.20.19"},{"from":"4.19.27","to":"4.20.18"},{"from":"4.19.17","to":"4.19.27"},{"from":"4.19.24","to":"4.20.18"},{"from":"4.19.22","to":"4.19.28"},{"from":"4.19.27","to":"4.19.28"},{"from":"4.19.24","to":"4.20.19"},{"from":"4.19.21","to":"4.19.28"},{"from":"4.19.18","to":"4.20.18"},{"from":"4.19.15","to":"4.20.19"},{"from":"4.19.4","to":"4.19.28"},{"from":"4.19.25","to":"4.19.28"},{"from":"4.20.4","to":"4.20.18"},{"from":"4.19.12","to":"4.19.27"},{"from":"4.19.26","to":"4.19.27"},{"from":"4.19.24","to":"4.19.28"},{"from":"4.19.20","to":"4.19.28"},{"from":"4.19.23","to":"4.19.28"},{"from":"4.19.7","to":"4.19.28"},{"from":"4.20.8","to":"4.20.19"},{"from":"4.19.23","to":"4.20.19"},{"from":"4.20.1","to":"4.20.18"},{"from":"4.20.12","to":"4.20.19"},{"from":"4.19.20","to":"4.20.18"},{"from":"4.20.17","to":"4.20.18"},{"from":"4.20.10","to":"4.20.18"},{"from":"4.20.2","to":"4.20.19"},{"from":"4.19.5","to":"4.19.27"},{"from":"4.19.13","to":"4.19.28"},{"from":"4.19.24","to":"4.19.27"},{"from":"4.19.9","to":"4.19.28"},{"from":"4.19.1","to":"4.19.28"},{"from":"4.20.13","to":"4.20.19"},{"from":"4.19.26","to":"4.19.28"},{"from":"4.20.14","to":"4.20.19"},{"from":"4.20.16","to":"4.20.19"},{"from":"4.20.1","to":"4.20.19"},{"from":"4.20.17","to":"4.20.19"},{"from":"4.19.26","to":"4.20.18"},{"from":"4.19.22","to":"4.20.19"},{"from":"4.19.23","to":"4.20.18"},{"from":"4.19.20","to":"4.19.27"},{"from":"4.19.23","to":"4.19.27"},{"from":"4.20.5","to":"4.20.18"},{"from":"4.19.22","to":"4.19.27"},{"from":"4.19.2","to":"4.19.27"},{"from":"4.19.14","to":"4.19.28"},{"from":"4.20.0","to":"4.20.19"},{"from":"4.19.20","to":"4.20.19"},{"from":"4.19.19","to":"4.20.18"},{"from":"4.19.27","to":"4.20.19"},{"from":"4.19.25","to":"4.20.18"},{"from":"4.19.9","to":"4.19.27"},{"from":"4.19.3","to":"4.19.28"},{"from":"4.19.0","to":"4.19.28"},{"from":"4.20.0","to":"4.20.18"},{"from":"4.20.3","to":"4.20.18"},{"from":"4.19.11","to":"4.19.27"},{"from":"4.19.7","to":"4.19.27"},{"from":"4.20.6","to":"4.20.18"},{"from":"4.19.4","to":"4.19.27"},{"from":"4.19.25","to":"4.19.27"},{"from":"4.19.17","to":"4.20.19"},{"from":"4.19.16","to":"4.19.27"},{"from":"4.19.5","to":"4.19.28"},{"from":"4.19.28","to":"4.20.19"},{"from":"4.20.11","to":"4.20.19"},{"from":"4.20.3","to":"4.20.19"},{"from":"4.20.2","to":"4.20.18"},{"from":"4.20.15","to":"4.20.19"},{"from":"4.19.15","to":"4.19.27"},{"from":"4.20.16","to":"4.20.18"},{"from":"4.19.14","to":"4.19.27"},{"from":"4.19.17","to":"4.20.18"},{"from":"4.20.8","to":"4.20.18"},{"from":"4.20.18","to":"4.20.19"},{"from":"4.19.11","to":"4.19.28"},{"from":"4.20.10","to":"4.20.19"},{"from":"4.19.15","to":"4.20.18"},{"from":"4.19.6","to":"4.19.28"},{"from":"4.19.16","to":"4.20.19"},{"from":"4.19.25","to":"4.20.19"},{"from":"4.19.17","to":"4.19.28"},{"from":"4.19.19","to":"4.19.27"},{"from":"4.19.2","to":"4.19.28"},{"from":"4.20.5","to":"4.20.19"},{"from":"4.19.26","to":"4.20.19"},{"from":"4.19.18","to":"4.19.28"},{"from":"4.19.13","to":"4.19.27"},{"from":"4.19.0","to":"4.19.27"},{"from":"4.19.16","to":"4.19.28"},{"from":"4.20.4","to":"4.20.19"},{"from":"4.19.21","to":"4.19.27"},{"from":"4.19.21","to":"4.20.18"}],"risks":[{"url":"https://redhat.atlassian.net/browse/CORENET-6950","name":"PrecisionTimeProtocolDPLLPins","message":"Clusters using older PTP operators may struggle to synchronize system clocks and might not provide time to downstream clients.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, name) (csv_succeeded{_id=\"\", name=~\"ptp-operator[.]v4[.][0-9]*[.]0-(202[3-5]|20260[1-9])[0-9]*\"})\nor on (_id)\n0 * label_replace(group by (_id) (csv_succeeded{_id=\"\"}), \"name\", \"ptp-operator.v4.y.0-20260331... or older not installed\", \"\", \"\")\n"}}]}]},{"edges":[{"from":"4.19.7","to":"4.19.12"}],"risks":[{"url":"https://issues.redhat.com/browse/OTA-1705","name":"HyperShiftClusterVersionOperatorMetrics","message":"Hosted/HyperShift clusters in exposed releases will fail to scrape cluster-version operator metrics.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/MCO-1890","name":"MachineConfigNodesV1AlphaControlPlaneLabels","message":"Standalone clusters born in 4.11 or earlier whose control-plane nodes lack the control-plane role may need that role added to update to the target release.","matchingRules":[{"type":"PromQL","promql":{"promql":"0 * group by (role) (kube_node_role{_id=\"\",role=\"control-plane\"})\nor on ()\n1 * group by (role) (kube_node_role{_id=\"\",role=\"master\"})\nor on ()\n0 * topk(1, count by (role) (kube_node_role{_id=\"\"}))\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6419","name":"NMStateServiceFailure","message":"The NMState service can fail on baremetal cluster nodes, causing node scaleups and re-deployment failures.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=~\"None|BareMetal\"})\n  or\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal\"})\n)\n"}}]},{"url":"https://issues.redhat.com/browse/MCO-1896","name":"OSUpdateFailureDueToImagePullPolicy","message":"Clusters with restrictive image policies may struggle with OS updates when the OS image is already on the local disk.","matchingRules":[{"type":"PromQL","promql":{"promql":"0 * group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\ngroup by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]}]},{"edges":[{"from":"4.18.22","to":"4.19.13"}],"risks":[{"url":"https://issues.redhat.com/browse/CONSOLE-4762","name":"ConsoleCrashOnMissingPlugin","message":"If a Console Operator configuration resource references a plugin name for which there is no corresponding ConsolePlugin resource, the Console may crashloop after the cluster is updated to an affected version.","matchingRules":[{"type":"Always"}]},{"url":"https://issues.redhat.com/browse/OTA-1705","name":"HyperShiftClusterVersionOperatorMetrics","message":"Hosted/HyperShift clusters in exposed releases will fail to scrape cluster-version operator metrics.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6196","name":"IPsecLargeClusterConnectivity","message":"Large clusters with enabled IPsec might experience intermittent loss of pod-to-pod connectivity. This prevents some pods on certain nodes from reaching services on other nodes, resulting in connection timeouts.","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"enabled\", \"\", \"\") == 1)\n  or on (_id)\n  0 * group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"disabled\", \"\", \"\") == 0)\n) and on (_id) (\n  group by (resource) (max_over_time(apiserver_storage_objects{_id=\"\",resource=\"nodes\"}[1h]) > 120)\n)\nor on (_id)\n0 * group(max_over_time(apiserver_storage_objects{_id=\"\"}[1h]))\n"}}]},{"url":"https://issues.redhat.com/browse/MCO-1890","name":"MachineConfigNodesV1AlphaControlPlaneLabels","message":"Standalone clusters born in 4.11 or earlier whose control-plane nodes lack the control-plane role may need that role added to update to the target release.","matchingRules":[{"type":"PromQL","promql":{"promql":"0 * group by (role) (kube_node_role{_id=\"\",role=\"control-plane\"})\nor on ()\n1 * group by (role) (kube_node_role{_id=\"\",role=\"master\"})\nor on ()\n0 * topk(1, count by (role) (kube_node_role{_id=\"\"}))\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6483","name":"NetworkManagerOVNBridgeMapping","message":"On some clusters, the NetworkManager may delete ovs-ports on RHCOS updates, breaking Kubernetes access to those Nodes and wedging the update into the exposed release.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=~\"None|BareMetal|OpenStack|VSphere\"})\n  or on (_id)\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal|OpenStack|VSphere\"})\n)\n* on (_id) group_left (name)\n(\n  group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"\", name=\"ovn.bridge-mappings\"} > 0)\n  or on (_id)\n  0 * group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"\", name=\"ovn.bridge-mappings\"})\n  or on (_id)\n  group by (_id, name) (csv_succeeded{_id=\"\", name=~\"kubevirt-hyperconverged-operator[.].*\"})\n  or on (_id)\n  0 * label_replace(group by (_id) (csv_succeeded{_id=\"\"}), \"name\", \"hyperconverged operator not installed\", \"\", \"\")\n  or on (_id)\n  0 * label_replace(group by (_id) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal|OpenStack|VSphere\"}), \"name\", \"not sure about hyperconverged or ovn.bridge-mappings, but the whole platform is safe\", \"\", \"\")\n)\n"}}]},{"url":"https://issues.redhat.com/browse/MCO-1896","name":"OSUpdateFailureDueToImagePullPolicy","message":"Clusters with restrictive image policies may struggle with OS updates when the OS image is already on the local disk.","matchingRules":[{"type":"PromQL","promql":{"promql":"0 * group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\ngroup by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]}]},{"edges":[{"from":"4.18.19","to":"4.19.5"},{"from":"4.18.21","to":"4.19.6"},{"from":"4.18.19","to":"4.19.6"},{"from":"4.18.20","to":"4.19.5"},{"from":"4.18.20","to":"4.19.6"}],"risks":[{"url":"https://access.redhat.com/solutions/7128495","name":"AROMissingInternalLBSAN","message":"ARO clusters on 4.19 experience issues creating new Machines due to missing the Internal LB SAN in the certificate provisioned by MCO. See https://issues.redhat.com/browse/OCPBUGS-59780","matchingRules":[{"type":"PromQL","promql":{"promql":"group(cluster_operator_conditions{_id=\"\",name=\"aro\"})\nor\n0 * group(cluster_operator_conditions{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/CNTRLPLANE-1407","name":"HyperShiftProxyScheme","message":"Hosted/HyperShift clusters where HostedCluster has a configured proxy needed for IDP or ingress canary probes may lose the ability to login.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6196","name":"IPsecLargeClusterConnectivity","message":"Large clusters with enabled IPsec might experience intermittent loss of pod-to-pod connectivity. This prevents some pods on certain nodes from reaching services on other nodes, resulting in connection timeouts.","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"enabled\", \"\", \"\") == 1)\n  or on (_id)\n  0 * group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"disabled\", \"\", \"\") == 0)\n) and on (_id) (\n  group by (resource) (max_over_time(apiserver_storage_objects{_id=\"\",resource=\"nodes\"}[1h]) > 120)\n)\nor on (_id)\n0 * group(max_over_time(apiserver_storage_objects{_id=\"\"}[1h]))\n"}}]},{"url":"https://issues.redhat.com/browse/MCO-1834","name":"InvalidArchitectureValueOfMachinesetsAnnotation","message":"Degrade machine-config cluster operator blocks the cluster update if a GCP or AWS cluster has machinesets with \nmultiple labels embedded within their \"capacity.cluster-autoscaler.kubernetes.io/labels\" annotation.\n","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (type) (cluster_infrastructure_provider{_id=\"\",type=\"AWS|GCP\"})\n  or\n  0 * group by (type) (cluster_infrastructure_provider{_id=\"\"})\n)\n"}}]},{"url":"https://issues.redhat.com/browse/OCPCLOUD-3052","name":"NoCloudConfConfigMap","message":"Upgrade to 4.19 will complete due to an absent cloud-conf ConfigMap in AWS clusters born in 4.13 or earlier.","matchingRules":[{"type":"PromQL","promql":{"promql":"bottomk by (_id) (1,\n  0 * group by (_id, namespace, configmap) (kube_configmap_info{_id=\"\",namespace=\"openshift-cloud-controller-manager\",configmap=\"cloud-conf\"})\n  or\n  group by (_id, namespace, configmap) (kube_configmap_info{_id=\"\",namespace=\"openshift-cloud-controller-manager\"})\n)\n* on (_id) group_left (type)\ntopk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=\"AWS\"})\n  or\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!=\"AWS\"})\n)\n"}}]}]},{"edges":[{"from":"4.19.14","to":"4.19.15"},{"from":"4.19.13","to":"4.19.14"},{"from":"4.19.13","to":"4.19.15"}],"risks":[{"url":"https://issues.redhat.com/browse/MCO-1896","name":"OSUpdateFailureDueToImagePullPolicy","message":"Clusters with restrictive image policies may struggle with OS updates when the OS image is already on the local disk.","matchingRules":[{"type":"PromQL","promql":{"promql":"0 * group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\ngroup by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]}]},{"edges":[{"from":"4.18.17","to":"4.19.0"},{"from":"4.18.16","to":"4.19.1"},{"from":"4.18.18","to":"4.19.2"},{"from":"4.18.18","to":"4.19.1"},{"from":"4.18.17","to":"4.19.1"},{"from":"4.18.17","to":"4.19.2"},{"from":"4.18.16","to":"4.19.2"},{"from":"4.18.16","to":"4.19.0"}],"risks":[{"url":"https://access.redhat.com/solutions/7128495","name":"AROMissingInternalLBSAN","message":"ARO clusters on 4.19 experience issues creating new Machines due to missing the Internal LB SAN in the certificate provisioned by MCO. See https://issues.redhat.com/browse/OCPBUGS-59780","matchingRules":[{"type":"PromQL","promql":{"promql":"group(cluster_operator_conditions{_id=\"\",name=\"aro\"})\nor\n0 * group(cluster_operator_conditions{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/MON-4270","name":"AlertmanagerV1NotSupported","message":"Upgrade to OpenShift 4.19 will fail on cluster monitoring operator in case API version v1 of Alertmanager\nis still specified in the ConfigMaps \"cluster-monitoring-config\" or \"user-workload-monitoring-config\".","matchingRules":[{"type":"Always"}]},{"url":"https://issues.redhat.com/browse/CNTRLPLANE-1109","name":"HCPMetallbCNOCannotDeployFRRK8S","message":"On Hosted Control Plane (HCP/HyperShift) clusters with installed MetalLB operator, Cluster Network Operator fails to\ndeploy a critical component FRR-k8s when updated. MetalLB will stop working properly and stop advertising services,\nmaking them potentially unreachable from outside the cluster.","matchingRules":[{"type":"PromQL","promql":{"promql":"(\ngroup by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n)\nand on (_id) (\n  group by (_id, name) (csv_succeeded{_id=\"\", name=~\"metallb-operator[.].*\"})\n)\nor on (_id) (\n  0 * label_replace(group by (_id) (csv_succeeded{_id=\"\"}), \"name\", \"metallb operator not installed\", \"name\", \".*\")\n)\n"}}]},{"url":"https://issues.redhat.com/browse/CNTRLPLANE-1110","name":"HCPServiceHealthCheckDisruption","message":"When Hosted Control Plane (HCP/HyperShift) clusters running on AWS update a node pool, the Services of type\nLoadBalancer may experience temporary availability disruption because health checks are not set up properly to monitor\nNode readiness state.","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\n  or\n  0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n)\n* on (_id) group_left (type) (\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=\"AWS\"})\n  or\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\"})\n)\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6196","name":"IPsecLargeClusterConnectivity","message":"Large clusters with enabled IPsec might experience intermittent loss of pod-to-pod connectivity. This prevents some pods on certain nodes from reaching services on other nodes, resulting in connection timeouts.","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"enabled\", \"\", \"\") == 1)\n  or on (_id)\n  0 * group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"disabled\", \"\", \"\") == 0)\n) and on (_id) (\n  group by (resource) (max_over_time(apiserver_storage_objects{_id=\"\",resource=\"nodes\"}[1h]) > 120)\n)\nor on (_id)\n0 * group(max_over_time(apiserver_storage_objects{_id=\"\"}[1h]))\n"}}]},{"url":"https://issues.redhat.com/browse/MCO-1834","name":"InvalidArchitectureValueOfMachinesetsAnnotation","message":"Degrade machine-config cluster operator blocks the cluster update if a GCP or AWS cluster has machinesets with \nmultiple labels embedded within their \"capacity.cluster-autoscaler.kubernetes.io/labels\" annotation.\n","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (type) (cluster_infrastructure_provider{_id=\"\",type=\"AWS|GCP\"})\n  or\n  0 * group by (type) (cluster_infrastructure_provider{_id=\"\"})\n)\n"}}]},{"url":"https://issues.redhat.com/browse/OCPCLOUD-3052","name":"NoCloudConfConfigMap","message":"Upgrade to 4.19 will complete due to an absent cloud-conf ConfigMap in AWS clusters born in 4.13 or earlier.","matchingRules":[{"type":"PromQL","promql":{"promql":"bottomk by (_id) (1,\n  0 * group by (_id, namespace, configmap) (kube_configmap_info{_id=\"\",namespace=\"openshift-cloud-controller-manager\",configmap=\"cloud-conf\"})\n  or\n  group by (_id, namespace, configmap) (kube_configmap_info{_id=\"\",namespace=\"openshift-cloud-controller-manager\"})\n)\n* on (_id) group_left (type)\ntopk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=\"AWS\"})\n  or\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!=\"AWS\"})\n)\n"}}]},{"url":"https://issues.redhat.com/browse/COS-3357","name":"OldBootImagesComposeFSvsGrubProbe","message":"Upgrade to 4.19 will fail due to a boot image incompatibility issue if a cluster was born in 4.2 or earlier.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk(1,\n  label_replace(group by (version) (cluster_version{_id=\"\",type=\"initial\",version=~\"4[.][0-9][.].*\"}),\"born_by_4_9\", \"yes, so possibly actually born in 4.2 or earlier\", \"\", \"\")\n  or\n  label_replace(0 * group by (version) (cluster_version{_id=\"\",type=\"initial\",version!~\"4[.][0-9][.].*\"}),\"born_by_4_9\", \"no, born in 4.10 or later\", \"\", \"\")\n)\n"}}]},{"url":"https://issues.redhat.com/browse/STOR-2486","name":"VSphereStorageMountIssues","message":"vSphere customers using vSAN file volumes can't mount vSphere shared volumes and NFS volumes which server do not set NFS4ERR_ATTRNOTSUPP","matchingRules":[{"type":"PromQL","promql":{"promql":"group(cluster_infrastructure_provider{type=~\"VSphere|None\"})\nor\n0 * group(cluster_infrastructure_provider)\n"}}]}]},{"edges":[{"from":"4.18.22","to":"4.19.17"},{"from":"4.18.24","to":"4.19.16"},{"from":"4.18.23","to":"4.19.16"},{"from":"4.18.20","to":"4.19.17"},{"from":"4.18.26","to":"4.19.16"},{"from":"4.18.21","to":"4.19.17"},{"from":"4.18.23","to":"4.19.17"},{"from":"4.18.25","to":"4.19.17"},{"from":"4.18.24","to":"4.19.17"},{"from":"4.18.19","to":"4.19.17"},{"from":"4.18.25","to":"4.19.16"},{"from":"4.18.26","to":"4.19.17"}],"risks":[{"url":"https://issues.redhat.com/browse/CORENET-6196","name":"IPsecLargeClusterConnectivity","message":"Large clusters with enabled IPsec might experience intermittent loss of pod-to-pod connectivity. This prevents some pods on certain nodes from reaching services on other nodes, resulting in connection timeouts.","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"enabled\", \"\", \"\") == 1)\n  or on (_id)\n  0 * group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"disabled\", \"\", \"\") == 0)\n) and on (_id) (\n  group by (resource) (max_over_time(apiserver_storage_objects{_id=\"\",resource=\"nodes\"}[1h]) > 120)\n)\nor on (_id)\n0 * group(max_over_time(apiserver_storage_objects{_id=\"\"}[1h]))\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6483","name":"NetworkManagerOVNBridgeMapping","message":"On some clusters, the NetworkManager may delete ovs-ports on RHCOS updates, breaking Kubernetes access to those Nodes and wedging the update into the exposed release.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=~\"None|BareMetal|OpenStack|VSphere\"})\n  or on (_id)\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal|OpenStack|VSphere\"})\n)\n* on (_id) group_left (name)\n(\n  group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"\", name=\"ovn.bridge-mappings\"} > 0)\n  or on (_id)\n  0 * group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"\", name=\"ovn.bridge-mappings\"})\n  or on (_id)\n  group by (_id, name) (csv_succeeded{_id=\"\", name=~\"kubevirt-hyperconverged-operator[.].*\"})\n  or on (_id)\n  0 * label_replace(group by (_id) (csv_succeeded{_id=\"\"}), \"name\", \"hyperconverged operator not installed\", \"\", \"\")\n  or on (_id)\n  0 * label_replace(group by (_id) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal|OpenStack|VSphere\"}), \"name\", \"not sure about hyperconverged or ovn.bridge-mappings, but the whole platform is safe\", \"\", \"\")\n)\n"}}]}]},{"edges":[{"from":"4.18.20","to":"4.19.18"},{"from":"4.18.21","to":"4.19.18"},{"from":"4.18.27","to":"4.19.18"},{"from":"4.18.26","to":"4.19.18"},{"from":"4.18.22","to":"4.19.18"},{"from":"4.18.23","to":"4.19.18"},{"from":"4.18.25","to":"4.19.18"},{"from":"4.18.24","to":"4.19.18"},{"from":"4.18.19","to":"4.19.18"}],"risks":[{"url":"https://issues.redhat.com/browse/CNTRLPLANE-2254","name":"HyperShiftRedundantRouter","message":"Hosted/HyperShift clusters on bare metal or KubeVirt may fail to complete the update. This affects clusters where the HostedCluster has services (e.g., OAuthServer, Ignition) configured with 'servicePublishingStrategy.type: Route' and a route.hostname that is a subdomain of the management cluster's .apps domain.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6196","name":"IPsecLargeClusterConnectivity","message":"Large clusters with enabled IPsec might experience intermittent loss of pod-to-pod connectivity. This prevents some pods on certain nodes from reaching services on other nodes, resulting in connection timeouts.","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"enabled\", \"\", \"\") == 1)\n  or on (_id)\n  0 * group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"disabled\", \"\", \"\") == 0)\n) and on (_id) (\n  group by (resource) (max_over_time(apiserver_storage_objects{_id=\"\",resource=\"nodes\"}[1h]) > 120)\n)\nor on (_id)\n0 * group(max_over_time(apiserver_storage_objects{_id=\"\"}[1h]))\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6483","name":"NetworkManagerOVNBridgeMapping","message":"On some clusters, the NetworkManager may delete ovs-ports on RHCOS updates, breaking Kubernetes access to those Nodes and wedging the update into the exposed release.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=~\"None|BareMetal|OpenStack|VSphere\"})\n  or on (_id)\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal|OpenStack|VSphere\"})\n)\n* on (_id) group_left (name)\n(\n  group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"\", name=\"ovn.bridge-mappings\"} > 0)\n  or on (_id)\n  0 * group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"\", name=\"ovn.bridge-mappings\"})\n  or on (_id)\n  group by (_id, name) (csv_succeeded{_id=\"\", name=~\"kubevirt-hyperconverged-operator[.].*\"})\n  or on (_id)\n  0 * label_replace(group by (_id) (csv_succeeded{_id=\"\"}), \"name\", \"hyperconverged operator not installed\", \"\", \"\")\n  or on (_id)\n  0 * label_replace(group by (_id) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal|OpenStack|VSphere\"}), \"name\", \"not sure about hyperconverged or ovn.bridge-mappings, but the whole platform is safe\", \"\", \"\")\n)\n"}}]},{"url":"https://issues.redhat.com/browse/COS-3765","name":"SCOSBootImage","message":"The coreos-bootimages ConfigMap in the openshift-machine-config-operator Namespace thrashes between RHCOS and SCOS content.","matchingRules":[{"type":"Always"}]}]},{"edges":[{"from":"4.18.20","to":"4.19.12"},{"from":"4.18.19","to":"4.19.12"},{"from":"4.18.21","to":"4.19.12"}],"risks":[{"url":"https://issues.redhat.com/browse/CONSOLE-4762","name":"ConsoleCrashOnMissingPlugin","message":"If a Console Operator configuration resource references a plugin name for which there is no corresponding ConsolePlugin resource, the Console may crashloop after the cluster is updated to an affected version.","matchingRules":[{"type":"Always"}]},{"url":"https://issues.redhat.com/browse/OTA-1705","name":"HyperShiftClusterVersionOperatorMetrics","message":"Hosted/HyperShift clusters in exposed releases will fail to scrape cluster-version operator metrics.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/CNTRLPLANE-1407","name":"HyperShiftProxyScheme","message":"Hosted/HyperShift clusters where HostedCluster has a configured proxy needed for IDP or ingress canary probes may lose the ability to login.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6196","name":"IPsecLargeClusterConnectivity","message":"Large clusters with enabled IPsec might experience intermittent loss of pod-to-pod connectivity. This prevents some pods on certain nodes from reaching services on other nodes, resulting in connection timeouts.","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"enabled\", \"\", \"\") == 1)\n  or on (_id)\n  0 * group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"disabled\", \"\", \"\") == 0)\n) and on (_id) (\n  group by (resource) (max_over_time(apiserver_storage_objects{_id=\"\",resource=\"nodes\"}[1h]) > 120)\n)\nor on (_id)\n0 * group(max_over_time(apiserver_storage_objects{_id=\"\"}[1h]))\n"}}]},{"url":"https://issues.redhat.com/browse/MCO-1890","name":"MachineConfigNodesV1AlphaControlPlaneLabels","message":"Standalone clusters born in 4.11 or earlier whose control-plane nodes lack the control-plane role may need that role added to update to the target release.","matchingRules":[{"type":"PromQL","promql":{"promql":"0 * group by (role) (kube_node_role{_id=\"\",role=\"control-plane\"})\nor on ()\n1 * group by (role) (kube_node_role{_id=\"\",role=\"master\"})\nor on ()\n0 * topk(1, count by (role) (kube_node_role{_id=\"\"}))\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6419","name":"NMStateServiceFailure","message":"The NMState service can fail on baremetal cluster nodes, causing node scaleups and re-deployment failures.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=~\"None|BareMetal\"})\n  or\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal\"})\n)\n"}}]},{"url":"https://issues.redhat.com/browse/MCO-1896","name":"OSUpdateFailureDueToImagePullPolicy","message":"Clusters with restrictive image policies may struggle with OS updates when the OS image is already on the local disk.","matchingRules":[{"type":"PromQL","promql":{"promql":"0 * group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\ngroup by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]}]},{"edges":[{"from":"4.18.16","to":"4.19.3"},{"from":"4.18.17","to":"4.19.3"},{"from":"4.18.18","to":"4.19.3"}],"risks":[{"url":"https://access.redhat.com/solutions/7128495","name":"AROMissingInternalLBSAN","message":"ARO clusters on 4.19 experience issues creating new Machines due to missing the Internal LB SAN in the certificate provisioned by MCO. See https://issues.redhat.com/browse/OCPBUGS-59780","matchingRules":[{"type":"PromQL","promql":{"promql":"group(cluster_operator_conditions{_id=\"\",name=\"aro\"})\nor\n0 * group(cluster_operator_conditions{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/MON-4270","name":"AlertmanagerV1NotSupported","message":"Upgrade to OpenShift 4.19 will fail on cluster monitoring operator in case API version v1 of Alertmanager\nis still specified in the ConfigMaps \"cluster-monitoring-config\" or \"user-workload-monitoring-config\".","matchingRules":[{"type":"Always"}]},{"url":"https://issues.redhat.com/browse/CNTRLPLANE-1109","name":"HCPMetallbCNOCannotDeployFRRK8S","message":"On Hosted Control Plane (HCP/HyperShift) clusters with installed MetalLB operator, Cluster Network Operator fails to\ndeploy a critical component FRR-k8s when updated. MetalLB will stop working properly and stop advertising services,\nmaking them potentially unreachable from outside the cluster.","matchingRules":[{"type":"PromQL","promql":{"promql":"(\ngroup by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n)\nand on (_id) (\n  group by (_id, name) (csv_succeeded{_id=\"\", name=~\"metallb-operator[.].*\"})\n)\nor on (_id) (\n  0 * label_replace(group by (_id) (csv_succeeded{_id=\"\"}), \"name\", \"metallb operator not installed\", \"name\", \".*\")\n)\n"}}]},{"url":"https://issues.redhat.com/browse/CNTRLPLANE-1110","name":"HCPServiceHealthCheckDisruption","message":"When Hosted Control Plane (HCP/HyperShift) clusters running on AWS update a node pool, the Services of type\nLoadBalancer may experience temporary availability disruption because health checks are not set up properly to monitor\nNode readiness state.","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\n  or\n  0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n)\n* on (_id) group_left (type) (\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=\"AWS\"})\n  or\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\"})\n)\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6196","name":"IPsecLargeClusterConnectivity","message":"Large clusters with enabled IPsec might experience intermittent loss of pod-to-pod connectivity. This prevents some pods on certain nodes from reaching services on other nodes, resulting in connection timeouts.","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"enabled\", \"\", \"\") == 1)\n  or on (_id)\n  0 * group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"disabled\", \"\", \"\") == 0)\n) and on (_id) (\n  group by (resource) (max_over_time(apiserver_storage_objects{_id=\"\",resource=\"nodes\"}[1h]) > 120)\n)\nor on (_id)\n0 * group(max_over_time(apiserver_storage_objects{_id=\"\"}[1h]))\n"}}]},{"url":"https://issues.redhat.com/browse/MCO-1834","name":"InvalidArchitectureValueOfMachinesetsAnnotation","message":"Degrade machine-config cluster operator blocks the cluster update if a GCP or AWS cluster has machinesets with \nmultiple labels embedded within their \"capacity.cluster-autoscaler.kubernetes.io/labels\" annotation.\n","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (type) (cluster_infrastructure_provider{_id=\"\",type=\"AWS|GCP\"})\n  or\n  0 * group by (type) (cluster_infrastructure_provider{_id=\"\"})\n)\n"}}]},{"url":"https://issues.redhat.com/browse/OCPCLOUD-3052","name":"NoCloudConfConfigMap","message":"Upgrade to 4.19 will complete due to an absent cloud-conf ConfigMap in AWS clusters born in 4.13 or earlier.","matchingRules":[{"type":"PromQL","promql":{"promql":"bottomk by (_id) (1,\n  0 * group by (_id, namespace, configmap) (kube_configmap_info{_id=\"\",namespace=\"openshift-cloud-controller-manager\",configmap=\"cloud-conf\"})\n  or\n  group by (_id, namespace, configmap) (kube_configmap_info{_id=\"\",namespace=\"openshift-cloud-controller-manager\"})\n)\n* on (_id) group_left (type)\ntopk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=\"AWS\"})\n  or\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!=\"AWS\"})\n)\n"}}]},{"url":"https://issues.redhat.com/browse/COS-3357","name":"OldBootImagesComposeFSvsGrubProbe","message":"Upgrade to 4.19 will fail due to a boot image incompatibility issue if a cluster was born in 4.2 or earlier.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk(1,\n  label_replace(group by (version) (cluster_version{_id=\"\",type=\"initial\",version=~\"4[.][0-9][.].*\"}),\"born_by_4_9\", \"yes, so possibly actually born in 4.2 or earlier\", \"\", \"\")\n  or\n  label_replace(0 * group by (version) (cluster_version{_id=\"\",type=\"initial\",version!~\"4[.][0-9][.].*\"}),\"born_by_4_9\", \"no, born in 4.10 or later\", \"\", \"\")\n)\n"}}]}]},{"edges":[{"from":"4.18.9","to":"4.18.23"},{"from":"4.18.17","to":"4.18.23"},{"from":"4.18.20","to":"4.18.23"},{"from":"4.18.14","to":"4.18.23"},{"from":"4.18.18","to":"4.18.23"},{"from":"4.18.5","to":"4.18.23"},{"from":"4.18.2","to":"4.18.23"},{"from":"4.18.12","to":"4.18.23"},{"from":"4.18.10","to":"4.18.23"},{"from":"4.18.13","to":"4.18.23"},{"from":"4.18.21","to":"4.18.23"},{"from":"4.18.4","to":"4.18.23"},{"from":"4.18.8","to":"4.18.23"},{"from":"4.18.1","to":"4.18.23"},{"from":"4.18.11","to":"4.18.23"},{"from":"4.18.19","to":"4.18.23"},{"from":"4.18.16","to":"4.18.23"},{"from":"4.18.6","to":"4.18.23"},{"from":"4.18.7","to":"4.18.23"},{"from":"4.18.15","to":"4.18.23"},{"from":"4.18.3","to":"4.18.23"}],"risks":[{"url":"https://issues.redhat.com/browse/RUN-3446","name":"CrunConflictsWithNVIDIA","message":"Some crun 1.23 releases conflict with the NVIDIA GPU Operator over eBPF, causing issues with GPU workloads.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (name) (csv_succeeded{_id=\"\", name=~\"gpu-operator-certified[.].*\"})\nor on (_id)\n0 * group(csv_count{_id=\"\"})"}}]},{"url":"https://issues.redhat.com/browse/OTA-1705","name":"HyperShiftClusterVersionOperatorMetrics","message":"Hosted/HyperShift clusters in exposed releases will fail to scrape cluster-version operator metrics.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/CNTRLPLANE-1407","name":"HyperShiftProxyScheme","message":"Hosted/HyperShift clusters where HostedCluster has a configured proxy needed for IDP or ingress canary probes may lose the ability to login.","matchingRules":[{"type":"PromQL","promql":{"promql":"group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]},{"url":"https://issues.redhat.com/browse/CORENET-6419","name":"NMStateServiceFailure","message":"The NMState service can fail on baremetal cluster nodes, causing node scaleups and re-deployment failures.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk by (_id) (1,\n  group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type=~\"None|BareMetal\"})\n  or\n  0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"\",type!~\"None|BareMetal\"})\n)\n"}}]}]},{"edges":[{"from":"4.18.24","to":"4.19.12"},{"from":"4.18.23","to":"4.19.12"}],"risks":[{"url":"https://issues.redhat.com/browse/CONSOLE-4762","name":"ConsoleCrashOnMissingPlugin","message":"If a Console Operator configuration resource references a plugin name for which there is no corresponding ConsolePlugin resource, the Console may crashloop after the cluster is updated to an affected version.","matchingRules":[{"type":"Always"}]},{"url":"https://issues.redhat.com/browse/CORENET-6196","name":"IPsecLargeClusterConnectivity","message":"Large clusters with enabled IPsec might experience intermittent loss of pod-to-pod connectivity. This prevents some pods on certain nodes from reaching services on other nodes, resulting in connection timeouts.","matchingRules":[{"type":"PromQL","promql":{"promql":"(\n  group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"enabled\", \"\", \"\") == 1)\n  or on (_id)\n  0 * group by (ipsec) (label_replace(max_over_time(ovnkube_controller_ipsec_enabled{_id=\"\"}[1h]), \"ipsec\", \"disabled\", \"\", \"\") == 0)\n) and on (_id) (\n  group by (resource) (max_over_time(apiserver_storage_objects{_id=\"\",resource=\"nodes\"}[1h]) > 120)\n)\nor on (_id)\n0 * group(max_over_time(apiserver_storage_objects{_id=\"\"}[1h]))\n"}}]},{"url":"https://issues.redhat.com/browse/MCO-1890","name":"MachineConfigNodesV1AlphaControlPlaneLabels","message":"Standalone clusters born in 4.11 or earlier whose control-plane nodes lack the control-plane role may need that role added to update to the target release.","matchingRules":[{"type":"PromQL","promql":{"promql":"0 * group by (role) (kube_node_role{_id=\"\",role=\"control-plane\"})\nor on ()\n1 * group by (role) (kube_node_role{_id=\"\",role=\"master\"})\nor on ()\n0 * topk(1, count by (role) (kube_node_role{_id=\"\"}))\n"}}]},{"url":"https://issues.redhat.com/browse/MCO-1896","name":"OSUpdateFailureDueToImagePullPolicy","message":"Clusters with restrictive image policies may struggle with OS updates when the OS image is already on the local disk.","matchingRules":[{"type":"PromQL","promql":{"promql":"0 * group by (_id, invoker) (cluster_installer{_id=\"\",invoker=\"hypershift\"})\nor\ngroup by (_id, invoker) (cluster_installer{_id=\"\"})\n"}}]}]},{"edges":[{"from":"4.18.2","to":"4.18.6"},{"from":"4.18.1","to":"4.18.6"},{"from":"4.18.4","to":"4.18.6"},{"from":"4.18.5","to":"4.18.6"},{"from":"4.18.3","to":"4.18.6"}],"risks":[{"url":"https://issues.redhat.com/browse/OCPNODE-3074","name":"CRIOLayerCompressionPulls","message":"The CRI-O container runtime may fail to pull images with certain layer compression characteristics","matchingRules":[{"type":"Always"}]},{"url":"https://issues.redhat.com/browse/MCO-1702","name":"RHELFailedRebootMissingService","message":"RHEL worker nodes will fail to reboot during a node update due to a missing service.","matchingRules":[{"type":"PromQL","promql":{"promql":"topk(1,\n  group by (label_node_openshift_io_os_id) (kube_node_labels{_id=\"\",label_node_openshift_io_os_id=\"rhel\"})\n  or\n  0 * group by (label_node_openshift_io_os_id) (kube_node_labels{_id=\"\"})\n)\n"}}]}]}]}