[WIP] MCO-1669: add BootImageSkewEnforcement API

openapi/openapi.json

@@ -27587,6 +27587,24 @@
         }
       }
     },
+    "com.github.openshift.api.operator.v1.ClusterBootImage": {
+      "description": "ClusterBootImage describes the boot image of a cluster. It stores the RHCOS version of the boot image and the OCP release version which shipped with that RHCOS boot image.",
+      "type": "object",
+      "required": [
+        "ocpVersion"
+      ],
+      "properties": {
+        "ocpVersion": {
+          "description": "ocpVersion provides a string which represents the OCP version of the boot image",
+          "type": "string",
+          "default": ""
+        },
+        "rhcosVersion": {
+          "description": "rhcosVersion provides a string which represents the RHCOS version of the boot image",
+          "type": "string"
+        }
+      }
+    },
     "com.github.openshift.api.operator.v1.ClusterCSIDriver": {
       "description": "ClusterCSIDriver object allows management and configuration of a CSI driver operator installed by default in OpenShift. Name of the object must be name of the CSI driver it operates. See CSIDriverName type for list of allowed values.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).",
       "type": "object",
@@ -30928,6 +30946,11 @@
         "forceRedeploymentReason"
       ],
       "properties": {
+        "bootImageSkewEnforcement": {
+          "description": "bootImageSkewEnforcement allows an admin to set the behavior of the boot image skew enforcement mechanism.",
+          "default": {},
+          "$ref": "#/definitions/com.github.openshift.api.operator.v1.SkewEnforcementSelector"
+        },
         "failedRevisionLimit": {
           "description": "failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)",
           "type": "integer",
@@ -33280,6 +33303,32 @@
         }
       }
     },
+    "com.github.openshift.api.operator.v1.SkewEnforcementSelector": {
+      "type": "object",
+      "required": [
+        "mode"
+      ],
+      "properties": {
+        "clusterBootImage": {
+          "description": "clusterBootImage describes the current boot image of the cluster. This will be used to enforce the skew limit. Only permitted when mode is set to \"Automatic\" or \"Manual\".",
+          "default": {},
+          "$ref": "#/definitions/com.github.openshift.api.operator.v1.ClusterBootImage"
+        },
+        "mode": {
+          "description": "mode determines the underlying behavior of skew enforcement mechanism. Valid values are Automatic, Manual and Disabled. Automatic means that the MCO will store the OCP version associated with the last boot image update in the clusterBootImage field. Manual means that the cluster admin is expected to perform manual boot image updates and store OCP version associated with the last boot image update in the clusterBootImage field. In Automatic and Manual mode, the MCO will prevent upgrades when the boot image skew exceeds the skew limit described by the release image. Disabled means that the MCO will permit upgrades when the boot image exceeds the skew limit described by the release image. This may affect the cluster's ability to scale.",
+          "type": "string",
+          "default": ""
+        }
+      },
+      "x-kubernetes-unions": [
+        {
+          "discriminator": "mode",
+          "fields-to-discriminateBy": {
+            "clusterBootImage": "ClusterBootImage"
+          }
+        }
+      ]
+    },
     "com.github.openshift.api.operator.v1.StaticIPAMAddresses": {
       "description": "StaticIPAMAddresses provides IP address and Gateway for static IPAM addresses",
       "type": "object",

operator/v1/tests/machineconfigurations.operator.openshift.io/BootImageSkewEnforcement.yaml

@@ -0,0 +1,102 @@
+apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
+name: "MachineConfiguration"
+crdName: machineconfigurations.operator.openshift.io
+featureGates:
+- BootImageSkewEnforcement
+tests:
+  onCreate:
+    - name: Should be able to create a minimal MachineConfiguration
+      initial: |
+        apiVersion: operator.openshift.io/v1
+        kind: MachineConfiguration
+        spec: {} # No spec is required for a MachineConfiguration
+      expected: |
+        apiVersion: operator.openshift.io/v1
+        kind: MachineConfiguration
+        spec:
+          logLevel: Normal
+          operatorLogLevel: Normal
+    - name: Should be able to create an manual BootImageSkewEnforcement configuration knob
+      initial: |
+        apiVersion: operator.openshift.io/v1
+        kind: MachineConfiguration
+        spec:
+          bootImageSkewEnforcement:
+            mode: Manual
+            clusterBootImage:
+              ocpVersion: "4.18.2"
+              rhcosVersion: "9.6.20250523-1"
+      expected: |
+        apiVersion: operator.openshift.io/v1
+        kind: MachineConfiguration
+        spec:
+          logLevel: Normal
+          operatorLogLevel: Normal
+          bootImageSkewEnforcement:
+            mode: Manual
+            clusterBootImage:
+              ocpVersion: "4.18.2"
+              rhcosVersion: "9.6.20250523-1"
+    - name: Should be able to create an automatic BootImageSkewEnforcement configuration knob
+      initial: |
+        apiVersion: operator.openshift.io/v1
+        kind: MachineConfiguration
+        spec:
+          bootImageSkewEnforcement:
+            mode: Automatic
+            clusterBootImage:
+              ocpVersion: "4.18.2"
+              rhcosVersion: "9.6.20250523-1"
+      expected: |
+        apiVersion: operator.openshift.io/v1
+        kind: MachineConfiguration
+        spec:
+          logLevel: Normal
+          operatorLogLevel: Normal
+          bootImageSkewEnforcement:
+            mode: Automatic
+            clusterBootImage:
+              ocpVersion: "4.18.2"
+              rhcosVersion: "9.6.20250523-1"
+    - name: Should be able to create a disabled BootImageSkewEnforcement configuration knob
+      initial: |
+        apiVersion: operator.openshift.io/v1
+        kind: MachineConfiguration
+        spec:
+          bootImageSkewEnforcement:
+            mode: Disabled
+      expected: |
+        apiVersion: operator.openshift.io/v1
+        kind: MachineConfiguration
+        spec:
+          logLevel: Normal
+          operatorLogLevel: Normal
+          bootImageSkewEnforcement:
+            mode: Disabled
+    - name: Should not be able to add ClusterBootImage field if bootImageSkewEnforcement.mode is set to Disabled
+      initial: |
+        apiVersion: operator.openshift.io/v1
+        kind: MachineConfiguration
+        spec:
+          bootImageSkewEnforcement:
+            mode: Disabled
+            clusterBootImage:
+              ocpVersion: "4.18.2"
+              rhcosVersion: "9.6.20250523-1"
+      expectedError: "clusterBootImage is required when type is Automatic or Manual, and forbidden otherwise"
+    - name: ClusterBootImage field should be set if bootImageSkewEnforcement.mode is set to Automatic
+      initial: |
+        apiVersion: operator.openshift.io/v1
+        kind: MachineConfiguration
+        spec:
+          bootImageSkewEnforcement:
+            mode: Automatic
+      expectedError: "clusterBootImage is required when type is Automatic or Manual, and forbidden otherwise"
+    - name: ClusterBootImage field should be set if bootImageSkewEnforcement.mode is set to Manual
+      initial: |
+        apiVersion: operator.openshift.io/v1
+        kind: MachineConfiguration
+        spec:
+          bootImageSkewEnforcement:
+            mode: Manual
+      expectedError: "clusterBootImage is required when type is Automatic or Manual, and forbidden otherwise"                                                   

operator/v1/types_machineconfiguration.go

@@ -56,8 +56,66 @@ type MachineConfigurationSpec struct {
 	// +openshift:enable:FeatureGate=NodeDisruptionPolicy
 	// +optional
 	NodeDisruptionPolicy NodeDisruptionPolicyConfig `json:"nodeDisruptionPolicy"`
+	// bootImageSkewEnforcement allows an admin to set the behavior of the boot image skew enforcement mechanism.
+	// +openshift:enable:FeatureGate=BootImageSkewEnforcement
+	// +optional
+	BootImageSkewEnforcement SkewEnforcementSelector `json:"bootImageSkewEnforcement"`
+}
+
+// +kubebuilder:validation:XValidation:rule="has(self.mode) && (self.mode == 'Automatic' || self.mode =='Manual') ?  has(self.clusterBootImage) : !has(self.clusterBootImage)",message="clusterBootImage is required when type is Automatic or Manual, and forbidden otherwise"
+// +union
+type SkewEnforcementSelector struct {
+	// mode determines the underlying behavior of skew enforcement mechanism.
+	// Valid values are Automatic, Manual and Disabled.
+	// Automatic means that the MCO will store the OCP version associated with the last boot image update in the
+	// clusterBootImage field.
+	// Manual means that the cluster admin is expected to perform manual boot image updates and store OCP version
+	// associated with the last boot image update in the clusterBootImage field.
+	// In Automatic and Manual mode, the MCO will prevent upgrades when the boot image skew exceeds the
+	// skew limit described by the release image.
+	// Disabled means that the MCO will permit upgrades when the boot image exceeds the skew limit
+	// described by the release image. This may affect the cluster's ability to scale.
+	// +unionDiscriminator
+	// +required
+	Mode SkewEnforcementSelectorMode `json:"mode"`
+
+	// clusterBootImage describes the current boot image of the cluster. This will be used to enforce the skew limit.
+	// Only permitted when mode is set to "Automatic" or "Manual".
+	// +optional
+	ClusterBootImage ClusterBootImage `json:"clusterBootImage,omitempty"`
 }
 
+// ClusterBootImage describes the boot image of a cluster. It stores the RHCOS version of the boot image and
+// the OCP release version which shipped with that RHCOS boot image.
+type ClusterBootImage struct {
+	// ocpVersion provides a string which represents the OCP version of the boot image
+	// +kubebuilder:validation:XValidation:rule="self.matches('^[0-9]+\\\\.[0-9]+\\\\.[0-9]+$')",message="bootImageOCPVersion must match the OCP semver compatible format of x.y.z"
+	// +kubebuilder:validation:MaxLength:=8
+	// +required
+	OCPVersion string `json:"ocpVersion"`
+
+	// rhcosVersion provides a string which represents the RHCOS version of the boot image
+	// +kubebuilder:validation:XValidation:rule="self.matches('^[0-9]+\\\\.[0-9]+\\\\.[0-9]{8}-[0-9]+$')",message="rhcosVersion must match format [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber]"
+	// +kubebuilder:validation:MaxLength:=15
+	// +optional
+	RHCOSVersion string `json:"rhcosVersion,omitempty"`
+}
+
+// SkewEnforcementSelectorMode is a string enum used to indicate the cluster's boot image skew enforcement mode.
+// +kubebuilder:validation:Enum:="Automatic";"Manual";"Disabled"
+type SkewEnforcementSelectorMode string
+
+const (
+	// Automatic represents a configuration mode that allows automatic skew enforcement.
+	Automatic SkewEnforcementSelectorMode = "Automatic"
+
+	// Manual represents a configuration mode that allows manual skew enforcement.
+	Manual SkewEnforcementSelectorMode = "Manual"
+
+	// Disabled represents a configuration mode that disables boot image skew enforcement.
+	Disabled SkewEnforcementSelectorMode = "Disabled"
+)
+
 type MachineConfigurationStatus struct {
 	// observedGeneration is the last generation change you've dealt with
 	// +optional