{"results":[{"id":"additional-trusted-ca-in-openshift-config","text":"The `additionalTrustedCA` ConfigMap referenced by image.config.openshift.io/cluster must be in the `openshift-config` namespace","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"alerting-pipeline-rules-to-routing","text":"OpenShift alerting operates as a multi-stage pipeline: PrometheusRules define both recording and alerting rules (evaluated at 30s default intervals), AlertRelabelConfigs modify alerts before routing (supporting Replace/Keep/Drop/HashMod/LabelMap actions), Alertmanager routes and groups alerts (with inhibit rules suppressing targets when sources fire), and silences persist across pod restarts only with persistent storage — each stage transforms or filters the alert stream.","truth_value":"IN","justification_count":1,"dependent_count":1,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"alertingrule-must-be-in-openshift-monitoring-ns","text":"AlertingRule and AlertRelabelConfig resources must be created in the openshift-monitoring namespace; they use apiVersion monitoring.openshift.io/v1.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"alertingrule-namespace-openshift-monitoring","text":"AlertingRule resources for Network Observability alerts must be created in the `openshift-monitoring` namespace","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"alertingrule-openshift-specific","text":"AlertingRule is an OpenShift-specific CRD (`monitoring.openshift.io/v1`) that only supports alerting rules (NOT recording rules) and auto-creates a corresponding PrometheusRule in the `openshift-monitoring` namespace.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"alibaba-cloud-supported-platform","text":"Alibaba Cloud is a supported installation target for OpenShift Container Platform.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"allnamespaces-mode-global-operators-group","text":"For AllNamespaces install mode, the `openshift-operators` namespace has a default OperatorGroup called `global-operators`; no additional OperatorGroup is needed.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"allnamespaces-mode-uses-openshift-operators","text":"AllNamespaces install mode uses namespace `openshift-operators`; SingleNamespace mode requires creating an OperatorGroup in the target namespace","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"allnamespaces-mode-uses-openshift-operators-namespace","text":"For AllNamespaces install mode, the Subscription goes in the `openshift-operators` namespace which already has the `global-operators` OperatorGroup — no manual OperatorGroup creation needed.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"allowed-blocked-registries-mutually-exclusive","text":"`allowedRegistries` and `blockedRegistries` in image.config.openshift.io/cluster are mutually exclusive — you cannot set both","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"allowed-registries-must-include-system","text":"When using `allowedRegistries`, you must explicitly include registry.redhat.io, quay.io, and the internal registry (image-registry.openshift-image-registry.svc:5000) — otherwise pods will fail","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"any-platform-upi-installation","text":"OpenShift supports \"any platform\" (platform-agnostic) installation for infrastructure without a dedicated installation method, requiring the administrator to manually provision all infrastructure components (DNS, load balancers, compute, networking).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"api-governance-enforces-stability-and-immutability","text":"OpenShift API governance operates through two complementary enforcement mechanisms: a tiered stability model (Level 1–4) with webhook admission control governs API behavioral contracts, while resource-field and platform-level immutability prevents destructive drift after creation — together ensuring that both the API surface and its instantiated resources maintain consistency.","truth_value":"IN","justification_count":1,"dependent_count":1,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"api-governance-spans-stability-and-admission","text":"OpenShift API governance operates across two dimensions: a tiered stability model (Level 1 through Level 4) defines compatibility guarantees and deprecation timelines, while the webhook admission system (TLS-required, 13s hard timeout, CEL match conditions) enforces runtime policy — together they govern both the evolution and the enforcement of the API surface.","truth_value":"IN","justification_count":1,"dependent_count":1,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"api-stability-tiered-guarantee-model","text":"OpenShift APIs follow a tiered stability model: Level 1 provides 12-month/3-release stability (ConsolePlugin, SCC), Level 4 has no guarantees (ICSP), and unassigned groups default to Tier 3.","truth_value":"IN","justification_count":1,"dependent_count":1,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"apirequestcount-instance-naming-pattern","text":"APIRequestCount (`apiserver.openshift.io/v1`) instance names must follow the pattern `resource.version.group` (e.g., `pods.v1`). This is an OpenShift-specific resource.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"apirequestcount-openshift-specific-resource","text":"APIRequestCount is an OpenShift-specific resource (`apiserver.openshift.io/v1`), not part of upstream Kubernetes.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"apirequestcount-removedinrelease-field","text":"The `removedInRelease` status field on APIRequestCount indicates in which OpenShift release the tracked API will be removed, used for deprecated API migration planning before upgrades.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"apiserver-clientca-openshift-config","text":"The APIServer `clientCA` ConfigMap must reside in the `openshift-config` namespace with key `ca-bundle.crt`; serving certificate Secrets must be `kubernetes.io/tls` type in `openshift-config`.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"apiserver-resource-singleton-cluster","text":"The APIServer resource (`config.openshift.io/v1`) is cluster-scoped and the canonical instance is always named `cluster`.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null}],"count":1187,"limit":20,"offset":0}