Impact statement for the OCPBUGS-34870 series:

Which 4.y.z to 4.y'.z' updates increase vulnerability?

4.14.29+ and 4.15.15+ clusters are vulnerable.

Which types of clusters?

Openstack-platform OCP clusters where the hosting OpenStack has more compute AZs than storage AZs, and all the storage AZ have an identical names to a compute AZ.

There's no point in trying to scope it more than "platform==openstack" since customers might trigger the bug after an upgrade simply by adding new compute AZs.

What is the impact? Is it serious enough to warrant removing update recommendations?

The Cinder CSI operator becomes degraded, and it's no longer possible to provision or deprovision volumes. The Shift on Stack team believe it's serious enough to block upgrade to affected versions for OpenStack platform.

How involved is remediation?

Add more storage AZs or update into a release with the fix (once those have been released).

Is this a regression?

Yes. We introduced this regression in 4.14.29 and 4.15.15.