Add a metric and an alert for conditional risk condtions

[hongkailiu]

Follow up #1284 (comment)

The new metic is cluster_version_risk_conditions{name, condition, risk} and the alert is firing if some risk applies to the cluster.

[coderabbitai]

Walkthrough

Adds a new PrometheusRule alert (RiskApplies) and a new Prometheus GaugeVec metric cluster_version_risk_conditions with collection logic and tests to expose cluster version conditional update risk conditions.

Changes

Cohort / File(s)	Summary
Service Monitor Configuration install/0000_90_cluster-version-operator_02_servicemonitor.yaml	Inserted a new PrometheusRule alert RiskApplies in the cluster-version group that fires when cluster_version_risk_conditions{condition="Applies"} is true for 10m; includes summary, description, severity, and runbook_url.
Metric Implementation pkg/cvo/metrics.go	Added clusterVersionRiskConditions *prometheus.GaugeVec to operatorMetrics, initialized it, exposed its descriptor in Describe, added collectConditionalUpdateRisks to convert ConditionalUpdateRisk entries into labeled 0/1 metrics, and wired the collector into the per-ClusterVersion and main Collect flows.
Metric Tests pkg/cvo/metrics_test.go	Added Test_collectConditionalUpdateRisks to validate metric emission for multiple ConditionalUpdateRisk scenarios (no risks, unknown, Applies true/false/unknown). Note: the test was added twice (duplicate definitions present).

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

No actionable comments were generated in the recent review. 🎉

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: hongkailiu

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [hongkailiu]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@install/0000_90_cluster-version-operator_02_servicemonitor.yaml`:
- Around line 86-95: The runbook_url for the alert RiskApplies points to a
non-existent path; update the runbook_url field in the RiskApplies alert stanza
to use the cluster-version-operator runbook path used by similar alerts (e.g.,
match the URL used by ClusterVersionOperatorDown) — i.e., replace
https://github.com/openshift/runbooks/blob/master/alerts/cluster-monitoring-operator/RiskApplies.md
with
https://github.com/openshift/runbooks/blob/master/alerts/cluster-version-operator/RiskApplies.md
or alternatively create the missing runbook at the original path so the current
URL remains valid.

In `@pkg/cvo/metrics_test.go`:
- Line 976: The test function named Test_collectConditionalUpdates is testing
collectConditionalUpdateRisks (not collectConditionalUpdates), which is
misleading and conflicts with TestCollectUnknownConditionalUpdates; rename the
test to something like Test_collectConditionalUpdateRisks (or
TestCollectConditionalUpdateRisks) and update any references so the test name
clearly matches the function under test (collectConditionalUpdateRisks) and does
not collide with the existing TestCollectUnknownConditionalUpdates that targets
collectConditionalUpdates.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

# Check the actual file content around lines 86-95
cat -n install/0000_90_cluster-version-operator_02_servicemonitor.yaml | sed -n '80,100p'

Repository: openshift/cluster-version-operator

Length of output: 1817

---

🏁 Script executed:

# Look at all runbook_url entries in the file to understand the pattern
rg "runbook_url:" install/0000_90_cluster-version-operator_02_servicemonitor.yaml -A 1 -B 1

Repository: openshift/cluster-version-operator

Length of output: 2565

---

🏁 Script executed:

# Check the structure around line 47 to compare ClusterVersionOperatorDown
cat -n install/0000_90_cluster-version-operator_02_servicemonitor.yaml | sed -n '40,55p'

Repository: openshift/cluster-version-operator

Length of output: 1279

---

🏁 Script executed:

# Try to access the runbooks repository to check file existence
# Since we can't clone, we'll use a different approach to check GitHub

# Check if the cluster-monitoring-operator path exists
curl -s -I "https://raw.githubusercontent.com/openshift/runbooks/master/alerts/cluster-monitoring-operator/RiskApplies.md" | head -1

# Check if the cluster-version-operator path exists  
curl -s -I "https://raw.githubusercontent.com/openshift/runbooks/master/alerts/cluster-version-operator/RiskApplies.md" | head -1

Repository: openshift/cluster-version-operator

Length of output: 102

---

🏁 Script executed:

# Verify if the ClusterVersionOperatorDown runbook exists (which is referenced at line 47)
curl -s -I "https://raw.githubusercontent.com/openshift/runbooks/master/alerts/cluster-version-operator/ClusterVersionOperatorDown.md" | head -1

# Also check the cluster-monitoring-operator directory structure
curl -s -I "https://raw.githubusercontent.com/openshift/runbooks/master/alerts/cluster-monitoring-operator/ClusterOperatorDown.md" | head -1

Repository: openshift/cluster-version-operator

Length of output: 102

---

The runbook URL references a non-existent file.

The runbook_url at line 90 points to a non-existent path. Neither cluster-monitoring-operator/RiskApplies.md nor cluster-version-operator/RiskApplies.md exist in the runbooks repository.

Since RiskApplies is a cluster-version-operator-specific alert (it monitors cluster_version_risk_conditions), it should follow the pattern of other CVO alerts like ClusterVersionOperatorDown at line 47, which uses:
https://github.com/openshift/runbooks/blob/master/alerts/cluster-version-operator/RiskApplies.md

Either create the runbook at that location or update the URL to reference an existing runbook.

🤖 Prompt for AI Agents

In `@install/0000_90_cluster-version-operator_02_servicemonitor.yaml` around lines
86 - 95, The runbook_url for the alert RiskApplies points to a non-existent
path; update the runbook_url field in the RiskApplies alert stanza to use the
cluster-version-operator runbook path used by similar alerts (e.g., match the
URL used by ClusterVersionOperatorDown) — i.e., replace
https://github.com/openshift/runbooks/blob/master/alerts/cluster-monitoring-operator/RiskApplies.md
with
https://github.com/openshift/runbooks/blob/master/alerts/cluster-version-operator/RiskApplies.md
or alternatively create the missing runbook at the original path so the current
URL remains valid.

[hongkailiu]

I am working on it.

[coderabbitai]

@hongkailiu, thank you for confirming! I'll wait for the update to the runbook URL.

[hongkailiu]

Testing with 129bc80:

launch 4.22,openshift/cluster-version-operator#1318 aws,techpreview

Then

$ oc patch clusterversion/version --patch '{"spec":{"upstream":"https://fauxinnati-fauxinnati.apps.ota-stage.q2z4.p1.openshiftapps.com/api/upgrades_info/graph"}}' --type=merge

$ oc adm upgrade channel risks-always

The alert is Pending.

and

[openshift-ci]

@hongkailiu: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[hongkailiu]

/hold

This feature has to be gated by TP.