{ "apiVersion": "v1", "items": [ { "apiVersion": "config.openshift.io/v1", "kind": "ClusterVersion", "metadata": { "annotations": { "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"config.openshift.io/v1\",\"kind\":\"ClusterVersion\",\"metadata\":{\"annotations\":{},\"creationTimestamp\":null,\"name\":\"version\"},\"spec\":{\"clusterID\":\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\",\"signatureStores\":null},\"status\":{\"availableUpdates\":null,\"capabilities\":{},\"desired\":{\"image\":\"\",\"version\":\"\"},\"observedGeneration\":0,\"versionHash\":\"\"}}\n" }, "creationTimestamp": "2026-05-12T17:08:06Z", "generation": 2, "labels": { "hypershift.openshift.io/managed": "true" }, "name": "version", "resourceVersion": "14270", "uid": "3ca113aa-463e-4d03-b06f-c7f5adf11921" }, "spec": { "channel": "stable-4.19", "clusterID": "2b1c5f68-4136-4661-ad45-df3bb06d9ab4" }, "status": { "availableUpdates": [ { "channels": [ "candidate-4.19", "candidate-4.20", "eus-4.20", "fast-4.19", "fast-4.20", "stable-4.19", "stable-4.20" ], "image": "quay.io/openshift-release-dev/ocp-release@sha256:4f3ad97039b72ea2f966e036ed5ac1371cedcd65668c9c810b90b15cd85b89cf", "url": "https://access.redhat.com/errata/RHBA-2026:13720", "version": "4.19.30" }, { "channels": [ "candidate-4.19", "candidate-4.20", "eus-4.20", "fast-4.19", "fast-4.20", "stable-4.19", "stable-4.20" ], "image": "quay.io/openshift-release-dev/ocp-release@sha256:8b72a645159bce343bd23b0223c227dc7d87855233e6aef94d569467ca62f8e9", "url": "https://access.redhat.com/errata/RHSA-2026:10093", "version": "4.19.29" }, { "channels": [ "candidate-4.19", "candidate-4.20", "eus-4.20", "fast-4.19", "fast-4.20", "stable-4.19", "stable-4.20" ], "image": "quay.io/openshift-release-dev/ocp-release@sha256:612dbe4bfe8232fe1a272660e15925bec05965842514c1680599c29901d3aed2", "url": "https://access.redhat.com/errata/RHSA-2026:4434", "version": "4.19.26" }, { "channels": [ "candidate-4.19", "candidate-4.20", "eus-4.20", "fast-4.19", "fast-4.20", "stable-4.19", "stable-4.20" ], "image": "quay.io/openshift-release-dev/ocp-release@sha256:d909f94e2a0a72414184cf802e42fb466172ddcc0a3ab6cfcf73f238d783697e", "url": "https://access.redhat.com/errata/RHBA-2025:15293", "version": "4.19.11" }, { "channels": [ "candidate-4.19", "candidate-4.20", "eus-4.20", "fast-4.19", "fast-4.20", "stable-4.19", "stable-4.20" ], "image": "quay.io/openshift-release-dev/ocp-release@sha256:00e31a4bb3131a9994810488352c9a7419bb90bebedc5fcc4daeb53a2fe7b408", "url": "https://access.redhat.com/errata/RHBA-2025:14823", "version": "4.19.10" } ], "capabilities": { "enabledCapabilities": [ "Build", "CSISnapshot", "CloudControllerManager", "CloudCredential", "Console", "DeploymentConfig", "ImageRegistry", "Ingress", "Insights", "MachineAPI", "NodeTuning", "OperatorLifecycleManager", "OperatorLifecycleManagerV1", "Storage", "baremetal", "marketplace", "openshift-samples" ], "knownCapabilities": [ "Build", "CSISnapshot", "CloudControllerManager", "CloudCredential", "Console", "DeploymentConfig", "ImageRegistry", "Ingress", "Insights", "MachineAPI", "NodeTuning", "OperatorLifecycleManager", "OperatorLifecycleManagerV1", "Storage", "baremetal", "marketplace", "openshift-samples" ] }, "conditionalUpdates": [ { "conditions": [ { "lastTransitionTime": "2026-05-12T17:08:34Z", "message": "Could not evaluate exposure to update risk PrecisionTimeProtocolDPLLPins (failure determine thanos IP: services \"thanos-querier\" not found)\n PrecisionTimeProtocolDPLLPins description: Clusters using older PTP operators may struggle to synchronize system clocks and might not provide time to downstream clients.\n PrecisionTimeProtocolDPLLPins URL: https://redhat.atlassian.net/browse/CORENET-6950", "reason": "EvaluationFailed", "status": "Unknown", "type": "Recommended" } ], "release": { "channels": [ "candidate-4.19", "candidate-4.20", "eus-4.20", "fast-4.19", "fast-4.20", "stable-4.19", "stable-4.20" ], "image": "quay.io/openshift-release-dev/ocp-release@sha256:d9670d92d6ac3eb3a90eebf6b78cf0d433ac9ea9189659e5ca1e6f8390c3a42b", "url": "https://access.redhat.com/errata/RHSA-2026:7249", "version": "4.19.28" }, "risks": [ { "matchingRules": [ { "promql": { "promql": "group by (_id, name) (csv_succeeded{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\", name=~\"ptp-operator[.]v4[.][0-9]*[.]0-(202[3-5]|20260[1-9])[0-9]*\"})\nor on (_id)\n0 * label_replace(group by (_id) (csv_succeeded{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\"}), \"name\", \"ptp-operator.v4.y.0-20260331... or older not installed\", \"\", \"\")\n" }, "type": "PromQL" } ], "message": "Clusters using older PTP operators may struggle to synchronize system clocks and might not provide time to downstream clients.", "name": "PrecisionTimeProtocolDPLLPins", "url": "https://redhat.atlassian.net/browse/CORENET-6950" } ] }, { "conditions": [ { "lastTransitionTime": "2026-05-12T17:08:34Z", "message": "Could not evaluate exposure to update risk PrecisionTimeProtocolDPLLPins (failure determine thanos IP: services \"thanos-querier\" not found)\n PrecisionTimeProtocolDPLLPins description: Clusters using older PTP operators may struggle to synchronize system clocks and might not provide time to downstream clients.\n PrecisionTimeProtocolDPLLPins URL: https://redhat.atlassian.net/browse/CORENET-6950", "reason": "EvaluationFailed", "status": "Unknown", "type": "Recommended" } ], "release": { "channels": [ "candidate-4.19", "candidate-4.20", "eus-4.20", "fast-4.19", "fast-4.20", "stable-4.19", "stable-4.20" ], "image": "quay.io/openshift-release-dev/ocp-release@sha256:f68f4be96b09d7feabafb7b60a9a37664693eb191a3a15659e203f8d442c5b49", "url": "https://access.redhat.com/errata/RHSA-2026:5878", "version": "4.19.27" }, "risks": [ { "matchingRules": [ { "promql": { "promql": "group by (_id, name) (csv_succeeded{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\", name=~\"ptp-operator[.]v4[.][0-9]*[.]0-(202[3-5]|20260[1-9])[0-9]*\"})\nor on (_id)\n0 * label_replace(group by (_id) (csv_succeeded{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\"}), \"name\", \"ptp-operator.v4.y.0-20260331... or older not installed\", \"\", \"\")\n" }, "type": "PromQL" } ], "message": "Clusters using older PTP operators may struggle to synchronize system clocks and might not provide time to downstream clients.", "name": "PrecisionTimeProtocolDPLLPins", "url": "https://redhat.atlassian.net/browse/CORENET-6950" } ] }, { "conditions": [ { "lastTransitionTime": "2026-05-12T17:08:34Z", "message": "Could not evaluate exposure to update risk HyperShiftRedundantRouter (failure determine thanos IP: services \"thanos-querier\" not found)\n HyperShiftRedundantRouter description: Hosted/HyperShift clusters on bare metal or KubeVirt may fail to complete the update. This affects clusters where the HostedCluster has services (e.g., OAuthServer, Ignition) configured with 'servicePublishingStrategy.type: Route' and a route.hostname that is a subdomain of the management cluster's .apps domain.\n HyperShiftRedundantRouter URL: https://issues.redhat.com/browse/CNTRLPLANE-2254", "reason": "EvaluationFailed", "status": "Unknown", "type": "Recommended" } ], "release": { "channels": [ "candidate-4.19", "candidate-4.20", "eus-4.20", "fast-4.19", "fast-4.20", "stable-4.19", "stable-4.20" ], "image": "quay.io/openshift-release-dev/ocp-release@sha256:6d75cb3abd01e51a7195bab6e4bbbfeda1feca4adb3744865b644bf06ddab770", "url": "https://access.redhat.com/errata/RHBA-2026:3394", "version": "4.19.25" }, "risks": [ { "matchingRules": [ { "promql": { "promql": "group by (_id, invoker) (cluster_installer{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\"})\n" }, "type": "PromQL" } ], "message": "Hosted/HyperShift clusters on bare metal or KubeVirt may fail to complete the update. This affects clusters where the HostedCluster has services (e.g., OAuthServer, Ignition) configured with 'servicePublishingStrategy.type: Route' and a route.hostname that is a subdomain of the management cluster's .apps domain.", "name": "HyperShiftRedundantRouter", "url": "https://issues.redhat.com/browse/CNTRLPLANE-2254" } ] }, { "conditions": [ { "lastTransitionTime": "2026-05-12T17:08:34Z", "message": "Could not evaluate exposure to update risk HyperShiftRedundantRouter (failure determine thanos IP: services \"thanos-querier\" not found)\n HyperShiftRedundantRouter description: Hosted/HyperShift clusters on bare metal or KubeVirt may fail to complete the update. This affects clusters where the HostedCluster has services (e.g., OAuthServer, Ignition) configured with 'servicePublishingStrategy.type: Route' and a route.hostname that is a subdomain of the management cluster's .apps domain.\n HyperShiftRedundantRouter URL: https://issues.redhat.com/browse/CNTRLPLANE-2254", "reason": "EvaluationFailed", "status": "Unknown", "type": "Recommended" } ], "release": { "channels": [ "candidate-4.19", "candidate-4.20", "eus-4.20", "fast-4.19", "fast-4.20", "stable-4.19", "stable-4.20" ], "image": "quay.io/openshift-release-dev/ocp-release@sha256:1fc0331f489781abe3efc7de0b2691ba2f4874ac9aee2407088ba2307259c9a8", "url": "https://access.redhat.com/errata/RHSA-2026:2651", "version": "4.19.24" }, "risks": [ { "matchingRules": [ { "promql": { "promql": "group by (_id, invoker) (cluster_installer{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\"})\n" }, "type": "PromQL" } ], "message": "Hosted/HyperShift clusters on bare metal or KubeVirt may fail to complete the update. This affects clusters where the HostedCluster has services (e.g., OAuthServer, Ignition) configured with 'servicePublishingStrategy.type: Route' and a route.hostname that is a subdomain of the management cluster's .apps domain.", "name": "HyperShiftRedundantRouter", "url": "https://issues.redhat.com/browse/CNTRLPLANE-2254" } ] }, { "conditions": [ { "lastTransitionTime": "2026-05-12T17:08:34Z", "message": "Could not evaluate exposure to update risk HyperShiftRedundantRouter (failure determine thanos IP: services \"thanos-querier\" not found)\n HyperShiftRedundantRouter description: Hosted/HyperShift clusters on bare metal or KubeVirt may fail to complete the update. This affects clusters where the HostedCluster has services (e.g., OAuthServer, Ignition) configured with 'servicePublishingStrategy.type: Route' and a route.hostname that is a subdomain of the management cluster's .apps domain.\n HyperShiftRedundantRouter URL: https://issues.redhat.com/browse/CNTRLPLANE-2254", "reason": "EvaluationFailed", "status": "Unknown", "type": "Recommended" } ], "release": { "channels": [ "candidate-4.19", "candidate-4.20", "eus-4.20", "fast-4.19", "fast-4.20", "stable-4.19", "stable-4.20" ], "image": "quay.io/openshift-release-dev/ocp-release@sha256:3556d887edaa911d94af1572ea3c5163050b40095660cff5d17cb43a681d3ddc", "url": "https://access.redhat.com/errata/RHSA-2026:1552", "version": "4.19.23" }, "risks": [ { "matchingRules": [ { "promql": { "promql": "group by (_id, invoker) (cluster_installer{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\"})\n" }, "type": "PromQL" } ], "message": "Hosted/HyperShift clusters on bare metal or KubeVirt may fail to complete the update. This affects clusters where the HostedCluster has services (e.g., OAuthServer, Ignition) configured with 'servicePublishingStrategy.type: Route' and a route.hostname that is a subdomain of the management cluster's .apps domain.", "name": "HyperShiftRedundantRouter", "url": "https://issues.redhat.com/browse/CNTRLPLANE-2254" } ] }, { "conditions": [ { "lastTransitionTime": "2026-05-12T17:08:34Z", "message": "Could not evaluate exposure to update risk HyperShiftRedundantRouter (failure determine thanos IP: services \"thanos-querier\" not found)\n HyperShiftRedundantRouter description: Hosted/HyperShift clusters on bare metal or KubeVirt may fail to complete the update. This affects clusters where the HostedCluster has services (e.g., OAuthServer, Ignition) configured with 'servicePublishingStrategy.type: Route' and a route.hostname that is a subdomain of the management cluster's .apps domain.\n HyperShiftRedundantRouter URL: https://issues.redhat.com/browse/CNTRLPLANE-2254", "reason": "EvaluationFailed", "status": "Unknown", "type": "Recommended" } ], "release": { "channels": [ "candidate-4.19", "candidate-4.20", "eus-4.20", "fast-4.19", "fast-4.20", "stable-4.19", "stable-4.20" ], "image": "quay.io/openshift-release-dev/ocp-release@sha256:d37f43108de9fb1ccbb3810cfc2a6a7ec0d21390a0c4fdb807ad6587af29b443", "url": "https://access.redhat.com/errata/RHBA-2026:0682", "version": "4.19.22" }, "risks": [ { "matchingRules": [ { "promql": { "promql": "group by (_id, invoker) (cluster_installer{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\"})\n" }, "type": "PromQL" } ], "message": "Hosted/HyperShift clusters on bare metal or KubeVirt may fail to complete the update. This affects clusters where the HostedCluster has services (e.g., OAuthServer, Ignition) configured with 'servicePublishingStrategy.type: Route' and a route.hostname that is a subdomain of the management cluster's .apps domain.", "name": "HyperShiftRedundantRouter", "url": "https://issues.redhat.com/browse/CNTRLPLANE-2254" } ] }, { "conditions": [ { "lastTransitionTime": "2026-05-12T17:08:34Z", "message": "Could not evaluate exposure to update risk HyperShiftRedundantRouter (failure determine thanos IP: services \"thanos-querier\" not found)\n HyperShiftRedundantRouter description: Hosted/HyperShift clusters on bare metal or KubeVirt may fail to complete the update. This affects clusters where the HostedCluster has services (e.g., OAuthServer, Ignition) configured with 'servicePublishingStrategy.type: Route' and a route.hostname that is a subdomain of the management cluster's .apps domain.\n HyperShiftRedundantRouter URL: https://issues.redhat.com/browse/CNTRLPLANE-2254", "reason": "EvaluationFailed", "status": "Unknown", "type": "Recommended" } ], "release": { "channels": [ "candidate-4.19", "candidate-4.20", "eus-4.20", "fast-4.19", "fast-4.20", "stable-4.19", "stable-4.20" ], "image": "quay.io/openshift-release-dev/ocp-release@sha256:ce9df9d832592e262159af5676cee3636f93c5580f576bcb6544d343601c6095", "url": "https://access.redhat.com/errata/RHBA-2025:22786", "version": "4.19.21" }, "risks": [ { "matchingRules": [ { "promql": { "promql": "group by (_id, invoker) (cluster_installer{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\"})\n" }, "type": "PromQL" } ], "message": "Hosted/HyperShift clusters on bare metal or KubeVirt may fail to complete the update. This affects clusters where the HostedCluster has services (e.g., OAuthServer, Ignition) configured with 'servicePublishingStrategy.type: Route' and a route.hostname that is a subdomain of the management cluster's .apps domain.", "name": "HyperShiftRedundantRouter", "url": "https://issues.redhat.com/browse/CNTRLPLANE-2254" } ] }, { "conditions": [ { "lastTransitionTime": "2026-05-12T17:08:34Z", "message": "Could not evaluate exposure to update risk HyperShiftRedundantRouter (failure determine thanos IP: services \"thanos-querier\" not found)\n HyperShiftRedundantRouter description: Hosted/HyperShift clusters on bare metal or KubeVirt may fail to complete the update. This affects clusters where the HostedCluster has services (e.g., OAuthServer, Ignition) configured with 'servicePublishingStrategy.type: Route' and a route.hostname that is a subdomain of the management cluster's .apps domain.\n HyperShiftRedundantRouter URL: https://issues.redhat.com/browse/CNTRLPLANE-2254\n\nSome runc 1.2 releases fail to launch containers in some Pods where shareProcessNamespace is explicitly set true. https://issues.redhat.com/browse/RUN-3748", "reason": "MultipleReasons", "status": "False", "type": "Recommended" } ], "release": { "channels": [ "candidate-4.19", "candidate-4.20", "eus-4.20", "fast-4.19", "fast-4.20", "stable-4.19", "stable-4.20" ], "image": "quay.io/openshift-release-dev/ocp-release@sha256:a40cb2822e1a18fb17f37640afab9f5d22764f754f6497e11234fd287cbaa031", "url": "https://access.redhat.com/errata/RHBA-2025:22278", "version": "4.19.20" }, "risks": [ { "matchingRules": [ { "promql": { "promql": "group by (_id, invoker) (cluster_installer{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\"})\n" }, "type": "PromQL" } ], "message": "Hosted/HyperShift clusters on bare metal or KubeVirt may fail to complete the update. This affects clusters where the HostedCluster has services (e.g., OAuthServer, Ignition) configured with 'servicePublishingStrategy.type: Route' and a route.hostname that is a subdomain of the management cluster's .apps domain.", "name": "HyperShiftRedundantRouter", "url": "https://issues.redhat.com/browse/CNTRLPLANE-2254" }, { "matchingRules": [ { "type": "Always" } ], "message": "Some runc 1.2 releases fail to launch containers in some Pods where shareProcessNamespace is explicitly set true.", "name": "RuncShareProcessNamespace", "url": "https://issues.redhat.com/browse/RUN-3748" } ] }, { "conditions": [ { "lastTransitionTime": "2026-05-12T17:08:34Z", "message": "Could not evaluate exposure to update risk HyperShiftRedundantRouter (failure determine thanos IP: services \"thanos-querier\" not found)\n HyperShiftRedundantRouter description: Hosted/HyperShift clusters on bare metal or KubeVirt may fail to complete the update. This affects clusters where the HostedCluster has services (e.g., OAuthServer, Ignition) configured with 'servicePublishingStrategy.type: Route' and a route.hostname that is a subdomain of the management cluster's .apps domain.\n HyperShiftRedundantRouter URL: https://issues.redhat.com/browse/CNTRLPLANE-2254\n\nSome runc 1.2 releases fail to launch containers in some Pods where shareProcessNamespace is explicitly set true. https://issues.redhat.com/browse/RUN-3748", "reason": "MultipleReasons", "status": "False", "type": "Recommended" } ], "release": { "channels": [ "candidate-4.19", "candidate-4.20", "eus-4.20", "fast-4.19", "fast-4.20", "stable-4.19", "stable-4.20" ], "image": "quay.io/openshift-release-dev/ocp-release@sha256:2dcf2bcfba50afd9e73e27448a66b628b3afb84c4e4d95bd49a493807d4099b6", "url": "https://access.redhat.com/errata/RHBA-2025:21363", "version": "4.19.19" }, "risks": [ { "matchingRules": [ { "promql": { "promql": "group by (_id, invoker) (cluster_installer{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\"})\n" }, "type": "PromQL" } ], "message": "Hosted/HyperShift clusters on bare metal or KubeVirt may fail to complete the update. This affects clusters where the HostedCluster has services (e.g., OAuthServer, Ignition) configured with 'servicePublishingStrategy.type: Route' and a route.hostname that is a subdomain of the management cluster's .apps domain.", "name": "HyperShiftRedundantRouter", "url": "https://issues.redhat.com/browse/CNTRLPLANE-2254" }, { "matchingRules": [ { "type": "Always" } ], "message": "Some runc 1.2 releases fail to launch containers in some Pods where shareProcessNamespace is explicitly set true.", "name": "RuncShareProcessNamespace", "url": "https://issues.redhat.com/browse/RUN-3748" } ] }, { "conditions": [ { "lastTransitionTime": "2026-05-12T17:08:34Z", "message": "Could not evaluate exposure to update risk HyperShiftRedundantRouter (failure determine thanos IP: services \"thanos-querier\" not found)\n HyperShiftRedundantRouter description: Hosted/HyperShift clusters on bare metal or KubeVirt may fail to complete the update. This affects clusters where the HostedCluster has services (e.g., OAuthServer, Ignition) configured with 'servicePublishingStrategy.type: Route' and a route.hostname that is a subdomain of the management cluster's .apps domain.\n HyperShiftRedundantRouter URL: https://issues.redhat.com/browse/CNTRLPLANE-2254\n\nCould not evaluate exposure to update risk NetworkManagerOVNBridgeMapping (failure determine thanos IP: services \"thanos-querier\" not found)\n NetworkManagerOVNBridgeMapping description: On some clusters, the NetworkManager may delete ovs-ports on RHCOS updates, breaking Kubernetes access to those Nodes and wedging the update into the exposed release.\n NetworkManagerOVNBridgeMapping URL: https://issues.redhat.com/browse/CORENET-6483\n\nThe coreos-bootimages ConfigMap in the openshift-machine-config-operator Namespace thrashes between RHCOS and SCOS content. https://issues.redhat.com/browse/COS-3765", "reason": "MultipleReasons", "status": "False", "type": "Recommended" } ], "release": { "channels": [ "candidate-4.19", "candidate-4.20", "eus-4.20", "fast-4.19", "fast-4.20", "stable-4.19", "stable-4.20" ], "image": "quay.io/openshift-release-dev/ocp-release@sha256:eef1007b491a06505d8931e2c1d51325437e17d92f470a3ca4232e615f88a902", "url": "https://access.redhat.com/errata/RHBA-2025:19301", "version": "4.19.18" }, "risks": [ { "matchingRules": [ { "promql": { "promql": "group by (_id, invoker) (cluster_installer{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\",invoker=\"hypershift\"})\nor\n0 * group by (_id, invoker) (cluster_installer{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\"})\n" }, "type": "PromQL" } ], "message": "Hosted/HyperShift clusters on bare metal or KubeVirt may fail to complete the update. This affects clusters where the HostedCluster has services (e.g., OAuthServer, Ignition) configured with 'servicePublishingStrategy.type: Route' and a route.hostname that is a subdomain of the management cluster's .apps domain.", "name": "HyperShiftRedundantRouter", "url": "https://issues.redhat.com/browse/CNTRLPLANE-2254" }, { "matchingRules": [ { "promql": { "promql": "topk by (_id) (1,\n group by (_id, type) (cluster_infrastructure_provider{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\",type=~\"None|BareMetal|OpenStack|VSphere\"})\n or on (_id)\n 0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\",type!~\"None|BareMetal|OpenStack|VSphere\"})\n)\n* on (_id) group_left (name)\n(\n group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\", name=\"ovn.bridge-mappings\"} \u003e 0)\n or on (_id)\n 0 * group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\", name=\"ovn.bridge-mappings\"})\n or on (_id)\n group by (_id, name) (csv_succeeded{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\", name=~\"kubevirt-hyperconverged-operator[.].*\"})\n or on (_id)\n 0 * label_replace(group by (_id) (csv_succeeded{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\"}), \"name\", \"hyperconverged operator not installed\", \"\", \"\")\n or on (_id)\n 0 * label_replace(group by (_id) (cluster_infrastructure_provider{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\",type!~\"None|BareMetal|OpenStack|VSphere\"}), \"name\", \"not sure about hyperconverged or ovn.bridge-mappings, but the whole platform is safe\", \"\", \"\")\n)\n" }, "type": "PromQL" } ], "message": "On some clusters, the NetworkManager may delete ovs-ports on RHCOS updates, breaking Kubernetes access to those Nodes and wedging the update into the exposed release.", "name": "NetworkManagerOVNBridgeMapping", "url": "https://issues.redhat.com/browse/CORENET-6483" }, { "matchingRules": [ { "type": "Always" } ], "message": "The coreos-bootimages ConfigMap in the openshift-machine-config-operator Namespace thrashes between RHCOS and SCOS content.", "name": "SCOSBootImage", "url": "https://issues.redhat.com/browse/COS-3765" } ] }, { "conditions": [ { "lastTransitionTime": "2026-05-12T17:08:34Z", "message": "Could not evaluate exposure to update risk NetworkManagerOVNBridgeMapping (failure determine thanos IP: services \"thanos-querier\" not found)\n NetworkManagerOVNBridgeMapping description: On some clusters, the NetworkManager may delete ovs-ports on RHCOS updates, breaking Kubernetes access to those Nodes and wedging the update into the exposed release.\n NetworkManagerOVNBridgeMapping URL: https://issues.redhat.com/browse/CORENET-6483", "reason": "EvaluationFailed", "status": "Unknown", "type": "Recommended" } ], "release": { "channels": [ "candidate-4.19", "candidate-4.20", "eus-4.20", "fast-4.19", "fast-4.20", "stable-4.19", "stable-4.20" ], "image": "quay.io/openshift-release-dev/ocp-release@sha256:2128e8aeb605ef6360fd48d25172ccbaaf3450122e1fc0131fe6c39a0f217282", "url": "https://access.redhat.com/errata/RHSA-2025:18233", "version": "4.19.17" }, "risks": [ { "matchingRules": [ { "promql": { "promql": "topk by (_id) (1,\n group by (_id, type) (cluster_infrastructure_provider{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\",type=~\"None|BareMetal|OpenStack|VSphere\"})\n or on (_id)\n 0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\",type!~\"None|BareMetal|OpenStack|VSphere\"})\n)\n* on (_id) group_left (name)\n(\n group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\", name=\"ovn.bridge-mappings\"} \u003e 0)\n or on (_id)\n 0 * group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\", name=\"ovn.bridge-mappings\"})\n or on (_id)\n group by (_id, name) (csv_succeeded{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\", name=~\"kubevirt-hyperconverged-operator[.].*\"})\n or on (_id)\n 0 * label_replace(group by (_id) (csv_succeeded{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\"}), \"name\", \"hyperconverged operator not installed\", \"\", \"\")\n or on (_id)\n 0 * label_replace(group by (_id) (cluster_infrastructure_provider{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\",type!~\"None|BareMetal|OpenStack|VSphere\"}), \"name\", \"not sure about hyperconverged or ovn.bridge-mappings, but the whole platform is safe\", \"\", \"\")\n)\n" }, "type": "PromQL" } ], "message": "On some clusters, the NetworkManager may delete ovs-ports on RHCOS updates, breaking Kubernetes access to those Nodes and wedging the update into the exposed release.", "name": "NetworkManagerOVNBridgeMapping", "url": "https://issues.redhat.com/browse/CORENET-6483" } ] }, { "conditions": [ { "lastTransitionTime": "2026-05-12T17:08:34Z", "message": "Could not evaluate exposure to update risk NetworkManagerOVNBridgeMapping (failure determine thanos IP: services \"thanos-querier\" not found)\n NetworkManagerOVNBridgeMapping description: On some clusters, the NetworkManager may delete ovs-ports on RHCOS updates, breaking Kubernetes access to those Nodes and wedging the update into the exposed release.\n NetworkManagerOVNBridgeMapping URL: https://issues.redhat.com/browse/CORENET-6483", "reason": "EvaluationFailed", "status": "Unknown", "type": "Recommended" } ], "release": { "channels": [ "candidate-4.19", "candidate-4.20", "eus-4.20", "fast-4.19", "fast-4.20", "stable-4.19", "stable-4.20" ], "image": "quay.io/openshift-release-dev/ocp-release@sha256:92bbf82553fe2b2e52bf3263364e8506d7c1c4ba8c271c99f3c0f2fd6000e8b0", "url": "https://access.redhat.com/errata/RHBA-2025:17662", "version": "4.19.16" }, "risks": [ { "matchingRules": [ { "promql": { "promql": "topk by (_id) (1,\n group by (_id, type) (cluster_infrastructure_provider{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\",type=~\"None|BareMetal|OpenStack|VSphere\"})\n or on (_id)\n 0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\",type!~\"None|BareMetal|OpenStack|VSphere\"})\n)\n* on (_id) group_left (name)\n(\n group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\", name=\"ovn.bridge-mappings\"} \u003e 0)\n or on (_id)\n 0 * group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\", name=\"ovn.bridge-mappings\"})\n or on (_id)\n group by (_id, name) (csv_succeeded{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\", name=~\"kubevirt-hyperconverged-operator[.].*\"})\n or on (_id)\n 0 * label_replace(group by (_id) (csv_succeeded{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\"}), \"name\", \"hyperconverged operator not installed\", \"\", \"\")\n or on (_id)\n 0 * label_replace(group by (_id) (cluster_infrastructure_provider{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\",type!~\"None|BareMetal|OpenStack|VSphere\"}), \"name\", \"not sure about hyperconverged or ovn.bridge-mappings, but the whole platform is safe\", \"\", \"\")\n)\n" }, "type": "PromQL" } ], "message": "On some clusters, the NetworkManager may delete ovs-ports on RHCOS updates, breaking Kubernetes access to those Nodes and wedging the update into the exposed release.", "name": "NetworkManagerOVNBridgeMapping", "url": "https://issues.redhat.com/browse/CORENET-6483" } ] }, { "conditions": [ { "lastTransitionTime": "2026-05-12T17:08:34Z", "message": "Could not evaluate exposure to update risk NetworkManagerOVNBridgeMapping (failure determine thanos IP: services \"thanos-querier\" not found)\n NetworkManagerOVNBridgeMapping description: On some clusters, the NetworkManager may delete ovs-ports on RHCOS updates, breaking Kubernetes access to those Nodes and wedging the update into the exposed release.\n NetworkManagerOVNBridgeMapping URL: https://issues.redhat.com/browse/CORENET-6483\n\nCould not evaluate exposure to update risk OSUpdateFailureDueToImagePullPolicy (failure determine thanos IP: services \"thanos-querier\" not found)\n OSUpdateFailureDueToImagePullPolicy description: Clusters with restrictive image policies may struggle with OS updates when the OS image is already on the local disk.\n OSUpdateFailureDueToImagePullPolicy URL: https://issues.redhat.com/browse/MCO-1896", "reason": "EvaluationFailed", "status": "Unknown", "type": "Recommended" } ], "release": { "channels": [ "candidate-4.19", "candidate-4.20", "eus-4.20", "fast-4.19", "fast-4.20", "stable-4.19", "stable-4.20" ], "image": "quay.io/openshift-release-dev/ocp-release@sha256:f2302a88ad5dfae2e3b975c771a6999d02e405a2e9dc97570f50c85ac9f0abfc", "url": "https://access.redhat.com/errata/RHBA-2025:17237", "version": "4.19.15" }, "risks": [ { "matchingRules": [ { "promql": { "promql": "topk by (_id) (1,\n group by (_id, type) (cluster_infrastructure_provider{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\",type=~\"None|BareMetal|OpenStack|VSphere\"})\n or on (_id)\n 0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\",type!~\"None|BareMetal|OpenStack|VSphere\"})\n)\n* on (_id) group_left (name)\n(\n group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\", name=\"ovn.bridge-mappings\"} \u003e 0)\n or on (_id)\n 0 * group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\", name=\"ovn.bridge-mappings\"})\n or on (_id)\n group by (_id, name) (csv_succeeded{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\", name=~\"kubevirt-hyperconverged-operator[.].*\"})\n or on (_id)\n 0 * label_replace(group by (_id) (csv_succeeded{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\"}), \"name\", \"hyperconverged operator not installed\", \"\", \"\")\n or on (_id)\n 0 * label_replace(group by (_id) (cluster_infrastructure_provider{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\",type!~\"None|BareMetal|OpenStack|VSphere\"}), \"name\", \"not sure about hyperconverged or ovn.bridge-mappings, but the whole platform is safe\", \"\", \"\")\n)\n" }, "type": "PromQL" } ], "message": "On some clusters, the NetworkManager may delete ovs-ports on RHCOS updates, breaking Kubernetes access to those Nodes and wedging the update into the exposed release.", "name": "NetworkManagerOVNBridgeMapping", "url": "https://issues.redhat.com/browse/CORENET-6483" }, { "matchingRules": [ { "promql": { "promql": "0 * group by (_id, invoker) (cluster_installer{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\",invoker=\"hypershift\"})\nor\ngroup by (_id, invoker) (cluster_installer{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\"})\n" }, "type": "PromQL" } ], "message": "Clusters with restrictive image policies may struggle with OS updates when the OS image is already on the local disk.", "name": "OSUpdateFailureDueToImagePullPolicy", "url": "https://issues.redhat.com/browse/MCO-1896" } ] }, { "conditions": [ { "lastTransitionTime": "2026-05-12T17:08:34Z", "message": "Could not evaluate exposure to update risk NetworkManagerOVNBridgeMapping (failure determine thanos IP: services \"thanos-querier\" not found)\n NetworkManagerOVNBridgeMapping description: On some clusters, the NetworkManager may delete ovs-ports on RHCOS updates, breaking Kubernetes access to those Nodes and wedging the update into the exposed release.\n NetworkManagerOVNBridgeMapping URL: https://issues.redhat.com/browse/CORENET-6483\n\nCould not evaluate exposure to update risk OSUpdateFailureDueToImagePullPolicy (failure determine thanos IP: services \"thanos-querier\" not found)\n OSUpdateFailureDueToImagePullPolicy description: Clusters with restrictive image policies may struggle with OS updates when the OS image is already on the local disk.\n OSUpdateFailureDueToImagePullPolicy URL: https://issues.redhat.com/browse/MCO-1896", "reason": "EvaluationFailed", "status": "Unknown", "type": "Recommended" } ], "release": { "channels": [ "candidate-4.19", "candidate-4.20", "eus-4.20", "fast-4.19", "fast-4.20", "stable-4.19", "stable-4.20" ], "image": "quay.io/openshift-release-dev/ocp-release@sha256:8a14c89a1ac9afc9d696a7c2996a7110b75b48ce1ad49526f744538ecb0530ce", "url": "https://access.redhat.com/errata/RHBA-2025:16693", "version": "4.19.14" }, "risks": [ { "matchingRules": [ { "promql": { "promql": "topk by (_id) (1,\n group by (_id, type) (cluster_infrastructure_provider{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\",type=~\"None|BareMetal|OpenStack|VSphere\"})\n or on (_id)\n 0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\",type!~\"None|BareMetal|OpenStack|VSphere\"})\n)\n* on (_id) group_left (name)\n(\n group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\", name=\"ovn.bridge-mappings\"} \u003e 0)\n or on (_id)\n 0 * group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\", name=\"ovn.bridge-mappings\"})\n or on (_id)\n group by (_id, name) (csv_succeeded{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\", name=~\"kubevirt-hyperconverged-operator[.].*\"})\n or on (_id)\n 0 * label_replace(group by (_id) (csv_succeeded{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\"}), \"name\", \"hyperconverged operator not installed\", \"\", \"\")\n or on (_id)\n 0 * label_replace(group by (_id) (cluster_infrastructure_provider{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\",type!~\"None|BareMetal|OpenStack|VSphere\"}), \"name\", \"not sure about hyperconverged or ovn.bridge-mappings, but the whole platform is safe\", \"\", \"\")\n)\n" }, "type": "PromQL" } ], "message": "On some clusters, the NetworkManager may delete ovs-ports on RHCOS updates, breaking Kubernetes access to those Nodes and wedging the update into the exposed release.", "name": "NetworkManagerOVNBridgeMapping", "url": "https://issues.redhat.com/browse/CORENET-6483" }, { "matchingRules": [ { "promql": { "promql": "0 * group by (_id, invoker) (cluster_installer{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\",invoker=\"hypershift\"})\nor\ngroup by (_id, invoker) (cluster_installer{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\"})\n" }, "type": "PromQL" } ], "message": "Clusters with restrictive image policies may struggle with OS updates when the OS image is already on the local disk.", "name": "OSUpdateFailureDueToImagePullPolicy", "url": "https://issues.redhat.com/browse/MCO-1896" } ] }, { "conditions": [ { "lastTransitionTime": "2026-05-12T17:08:34Z", "message": "Could not evaluate exposure to update risk MachineConfigNodesV1AlphaControlPlaneLabels (failure determine thanos IP: services \"thanos-querier\" not found)\n MachineConfigNodesV1AlphaControlPlaneLabels description: Standalone clusters born in 4.11 or earlier whose control-plane nodes lack the control-plane role may need that role added to update to the target release.\n MachineConfigNodesV1AlphaControlPlaneLabels URL: https://issues.redhat.com/browse/MCO-1890\n\nCould not evaluate exposure to update risk NetworkManagerOVNBridgeMapping (failure determine thanos IP: services \"thanos-querier\" not found)\n NetworkManagerOVNBridgeMapping description: On some clusters, the NetworkManager may delete ovs-ports on RHCOS updates, breaking Kubernetes access to those Nodes and wedging the update into the exposed release.\n NetworkManagerOVNBridgeMapping URL: https://issues.redhat.com/browse/CORENET-6483\n\nCould not evaluate exposure to update risk OSUpdateFailureDueToImagePullPolicy (failure determine thanos IP: services \"thanos-querier\" not found)\n OSUpdateFailureDueToImagePullPolicy description: Clusters with restrictive image policies may struggle with OS updates when the OS image is already on the local disk.\n OSUpdateFailureDueToImagePullPolicy URL: https://issues.redhat.com/browse/MCO-1896", "reason": "EvaluationFailed", "status": "Unknown", "type": "Recommended" } ], "release": { "channels": [ "candidate-4.19", "candidate-4.20", "eus-4.20", "fast-4.19", "fast-4.20", "stable-4.19", "stable-4.20" ], "image": "quay.io/openshift-release-dev/ocp-release@sha256:a3f546e89872e9f363d491c665ebd68f2af1660f7df4e52507054b9a6f3d5b34", "url": "https://access.redhat.com/errata/RHBA-2025:16148", "version": "4.19.13" }, "risks": [ { "matchingRules": [ { "promql": { "promql": "0 * group by (role) (kube_node_role{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\",role=\"control-plane\"})\nor on ()\n1 * group by (role) (kube_node_role{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\",role=\"master\"})\nor on ()\n0 * topk(1, count by (role) (kube_node_role{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\"}))\n" }, "type": "PromQL" } ], "message": "Standalone clusters born in 4.11 or earlier whose control-plane nodes lack the control-plane role may need that role added to update to the target release.", "name": "MachineConfigNodesV1AlphaControlPlaneLabels", "url": "https://issues.redhat.com/browse/MCO-1890" }, { "matchingRules": [ { "promql": { "promql": "topk by (_id) (1,\n group by (_id, type) (cluster_infrastructure_provider{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\",type=~\"None|BareMetal|OpenStack|VSphere\"})\n or on (_id)\n 0 * group by (_id, type) (cluster_infrastructure_provider{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\",type!~\"None|BareMetal|OpenStack|VSphere\"})\n)\n* on (_id) group_left (name)\n(\n group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\", name=\"ovn.bridge-mappings\"} \u003e 0)\n or on (_id)\n 0 * group by (_id, name) (kubernetes_nmstate_features_applied{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\", name=\"ovn.bridge-mappings\"})\n or on (_id)\n group by (_id, name) (csv_succeeded{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\", name=~\"kubevirt-hyperconverged-operator[.].*\"})\n or on (_id)\n 0 * label_replace(group by (_id) (csv_succeeded{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\"}), \"name\", \"hyperconverged operator not installed\", \"\", \"\")\n or on (_id)\n 0 * label_replace(group by (_id) (cluster_infrastructure_provider{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\",type!~\"None|BareMetal|OpenStack|VSphere\"}), \"name\", \"not sure about hyperconverged or ovn.bridge-mappings, but the whole platform is safe\", \"\", \"\")\n)\n" }, "type": "PromQL" } ], "message": "On some clusters, the NetworkManager may delete ovs-ports on RHCOS updates, breaking Kubernetes access to those Nodes and wedging the update into the exposed release.", "name": "NetworkManagerOVNBridgeMapping", "url": "https://issues.redhat.com/browse/CORENET-6483" }, { "matchingRules": [ { "promql": { "promql": "0 * group by (_id, invoker) (cluster_installer{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\",invoker=\"hypershift\"})\nor\ngroup by (_id, invoker) (cluster_installer{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\"})\n" }, "type": "PromQL" } ], "message": "Clusters with restrictive image policies may struggle with OS updates when the OS image is already on the local disk.", "name": "OSUpdateFailureDueToImagePullPolicy", "url": "https://issues.redhat.com/browse/MCO-1896" } ] }, { "conditions": [ { "lastTransitionTime": "2026-05-12T17:08:34Z", "message": "Could not evaluate exposure to update risk MachineConfigNodesV1AlphaControlPlaneLabels (failure determine thanos IP: services \"thanos-querier\" not found)\n MachineConfigNodesV1AlphaControlPlaneLabels description: Standalone clusters born in 4.11 or earlier whose control-plane nodes lack the control-plane role may need that role added to update to the target release.\n MachineConfigNodesV1AlphaControlPlaneLabels URL: https://issues.redhat.com/browse/MCO-1890\n\nCould not evaluate exposure to update risk OSUpdateFailureDueToImagePullPolicy (failure determine thanos IP: services \"thanos-querier\" not found)\n OSUpdateFailureDueToImagePullPolicy description: Clusters with restrictive image policies may struggle with OS updates when the OS image is already on the local disk.\n OSUpdateFailureDueToImagePullPolicy URL: https://issues.redhat.com/browse/MCO-1896", "reason": "EvaluationFailed", "status": "Unknown", "type": "Recommended" } ], "release": { "channels": [ "candidate-4.19", "candidate-4.20", "eus-4.20", "fast-4.19", "fast-4.20", "stable-4.19", "stable-4.20" ], "image": "quay.io/openshift-release-dev/ocp-release@sha256:dbb7a2e2f7cd301ea24539fb03dfa716b905813c199e6b381ecad0a6006e9de4", "url": "https://access.redhat.com/errata/RHBA-2025:15694", "version": "4.19.12" }, "risks": [ { "matchingRules": [ { "promql": { "promql": "0 * group by (role) (kube_node_role{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\",role=\"control-plane\"})\nor on ()\n1 * group by (role) (kube_node_role{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\",role=\"master\"})\nor on ()\n0 * topk(1, count by (role) (kube_node_role{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\"}))\n" }, "type": "PromQL" } ], "message": "Standalone clusters born in 4.11 or earlier whose control-plane nodes lack the control-plane role may need that role added to update to the target release.", "name": "MachineConfigNodesV1AlphaControlPlaneLabels", "url": "https://issues.redhat.com/browse/MCO-1890" }, { "matchingRules": [ { "promql": { "promql": "0 * group by (_id, invoker) (cluster_installer{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\",invoker=\"hypershift\"})\nor\ngroup by (_id, invoker) (cluster_installer{_id=\"2b1c5f68-4136-4661-ad45-df3bb06d9ab4\"})\n" }, "type": "PromQL" } ], "message": "Clusters with restrictive image policies may struggle with OS updates when the OS image is already on the local disk.", "name": "OSUpdateFailureDueToImagePullPolicy", "url": "https://issues.redhat.com/browse/MCO-1896" } ] } ], "conditions": [ { "lastTransitionTime": "2026-05-12T17:08:34Z", "status": "True", "type": "RetrievedUpdates" }, { "lastTransitionTime": "2026-05-12T17:08:14Z", "message": "Capabilities match configured spec", "reason": "AsExpected", "status": "False", "type": "ImplicitlyEnabledCapabilities" }, { "lastTransitionTime": "2026-05-12T17:08:14Z", "message": "Payload loaded version=\"4.19.9\" image=\"quay.io/openshift-release-dev/ocp-release@sha256:fda39a9c5701bf35da74263177d8976d4bd9205e69b9a9d5834389f71005d51a\" architecture=\"Multi\"", "reason": "PayloadLoaded", "status": "True", "type": "ReleaseAccepted" }, { "lastTransitionTime": "2026-05-12T17:19:11Z", "message": "Done applying 4.19.9", "status": "True", "type": "Available" }, { "lastTransitionTime": "2026-05-12T17:19:11Z", "status": "False", "type": "Failing" }, { "lastTransitionTime": "2026-05-12T17:19:11Z", "message": "Cluster version is 4.19.9", "status": "False", "type": "Progressing" } ], "desired": { "channels": [ "candidate-4.19", "candidate-4.20", "eus-4.20", "fast-4.19", "fast-4.20", "stable-4.19", "stable-4.20" ], "image": "quay.io/openshift-release-dev/ocp-release@sha256:fda39a9c5701bf35da74263177d8976d4bd9205e69b9a9d5834389f71005d51a", "url": "https://access.redhat.com/errata/RHSA-2025:13848", "version": "4.19.9" }, "history": [ { "completionTime": "2026-05-12T17:19:11Z", "image": "quay.io/openshift-release-dev/ocp-release@sha256:fda39a9c5701bf35da74263177d8976d4bd9205e69b9a9d5834389f71005d51a", "startedTime": "2026-05-12T17:08:14Z", "state": "Completed", "verified": false, "version": "4.19.9" } ], "observedGeneration": 2, "versionHash": "qSElyoD0mIc=" } } ], "kind": "List", "metadata": { "resourceVersion": "" } }