What?

The purpose of this task is to block cluster upgrades if Gateway API CRDs are present, until the exact schema/version we expect are present.

Why?

See the description of NE-1898.

How?

A pre-upgrade check will be added to the Cluster Ingress Operator (CIO) that sets Upgradable=False until the state of the CRDs is validated.

The check logic should verify whether any Gateway API CRDs exist. If they don't then just set Upgradable=True and we're done. If they do, the logic for the check should follow these guidelines:

• block until ONLY the standard CRDs exist
  • GatewayClass, Gateway, HTTPRoute, GRPCRoute and ReferenceGrant are allowed
  • ALL other APIs in the same group are not
  • Older versions (e.g. v1alpha1.HTTPRoute) are NOT allowed
• block until the schema of the standard CRDs matches the version we expect
  • the version we're targeting at the time of writing is `v1.2.1`, but this is subject to change
  • this will disallow the use of experimental versions of these APIs
  • we can probably use the crd-schema-checker's check logic here

The check logic will be added only to 4.18.z clusters. From 4.19 onward, the cluster ingress operator will ensure the desired CRDs.

Helpful Links

The OpenShift CRD Schema Checker can be used as a library, and will likely be helpful here.