Skip to content

Latest commit

 

History

History
262 lines (189 loc) · 19.1 KB

2021-10-08.md

File metadata and controls

262 lines (189 loc) · 19.1 KB

This Week in Enhancements - 2021-10-08

Enhancements for Release Priorities

Prioritized Active Changes

<PR ID>: (activity this week / total activity) summary

There were 2 Prioritized Active pull requests:

Prioritized Closed Changes

<PR ID>: (activity this week / total activity) summary

There was 1 Prioritized Closed pull request:

  • 593: (2/140) general: Add proposal for hiding container mountpoints from systemd (lack)

Other Enhancements

Other Merged Changes

<PR ID>: (activity this week / total activity) summary

There were 4 Other Merged pull requests:

  • 899: (46/46) authentication: pod-security initial commit (s-urbaniak)

    Kubernetes recently gained PodSecurity policy admission as part of KEP 2579 [1]. It is a new pod security admission plugin to enforce Kubernetes PodSecurity standards [2]. It is meant to replace the existing PodSecurityPolicy admission mechanism in Kubernetes.

    This enhancement describes the migration path to integrate PodSecurity admission inside OpenShift. Special interest is put to design a migration scheme which lets PodSecurity coexist with the existing Security Context Constraints (SCC) mechanism.

    [1] https://github.com/kubernetes/enhancements/tree/master/keps/sig-auth/2579-psp-replacement [2] https://kubernetes.io/docs/concepts/security/pod-security-standards/

  • 908: (28/71) kube-apiserver: Improving Supportability of API Webhooks (sttts)

    OpenShift supports the API extensions that upstream Kubernetes has built into the kube-apiserver. This especially involves webhooks for admission and for CRD conversion. This enhancement is about measures to increase supportability of clusters that use official Red Hat provided add-ons (like Istio, kubevirt or Open Policy Agent), but also 3rd-party add-ons (like Vault, or the community variants of previously mentioned software).

Other Merged Pull Requests Modifying Existing Documents

  • 914: (11/12) cluster-scope-secret-volumes: BUILD-353: update with latest CRD,group,csi driver renames (gabemontero)
  • 915: (68/72) console: CONSOLE-2892: Allow dynamic plugins to proxy to services on the cluster (jhadvig)

Other New Changes

<PR ID>: (activity this week / total activity) summary

There were 10 Other New pull requests:

  • 918: (2/2) installer: vsphere: add multiple datacenter and clusters (jcpowermac)

    do-not-merge/work-in-progress

    The goal of this enhancement is to provide the ability to install in a vSphere enviornment with multiple datacenters and clusters. Including configuration of regions and zones in the CCM.

  • 920: (19/19) etcd: ETCD-236: etcd: scaling etcd with raft learners (hexfusion)

    Over time as clusters live longer and workloads grow the ability to scale the control-plane and replace failed nodes becomes a critical part of the admins maintenance overhead. Today the cluster-etcd-operator manages scaling up of the etcd cluster. To provide the foundation for initiatives such as scale down and vertical control plane scaling[1]. The cluster-etcd-operator must ensure proper safety mechanisms exist to adjust membership of the etcd cluster.

    Introduced in etcd v3.4 the raft learner[2] provides mitigations which reduces quorum and stability issues during scaling. A learner is essentially an etcd member which is non voting thus can not impact quorum but like other members will receive log replications from the leader.

    This enhancement proposes:

    • Replacing the default scale up performed by the cluster-etcd-operator to use raft learners.
    • Deprecation and removal of the current discover-etcd-initial-cluster[3] command and replacing its functionality with the existing etcdenvvar controller and subcommands of the cluster-etcd-operator. By eliminating this code it also removes the teams largest carry against upstream etcd.
    • Ensuring that scale up only happens on control-plane nodes which have a quorum-guard pod monitoring health.
    • Adding a flag to etcd which allows configuration of maximum learners in cluster (--max-learners). Today the max is 1.

    POC: Functional proof of concept: openshift/cluster-etcd-operator#682

    [1] https://issues.redhat.com/browse/OCPPLAN-5712

    [2] https://etcd.io/docs/v3.4/learning/design-learner/

    [3] https://github.com/openshift/etcd/blob/openshift-4.10/openshift-tools/pkg/discover-etcd-initial-cluster/initial-cluster.go

  • 921: (20/20) general: Enhancement proposal for Network Observability (stleerh)

    Network Observability introduces a new category in OpenShift that provides networking information for a single cluster. It gives insight into what's on the network, when and what types of traffic and traffic flows are being made, and by whom. It gathers data to help design, plan, and answer questions about the network and provides a visual representation to help understand, diagnose, and troubleshoot networking issues.

  • 922: (12/12) installer: Allow installer to include/exclude components based on user select install solution (bparees)

    This enhancement proposes a mechanism for cluster installers to exclude one or more optional components for their installation which will determine which payload components are/are not installed in their cluster. Core components are defined as the set of Second Level Operators managed by the Cluster Version Operator which today cannot be disabled until after completing the install and editing a CVO override, or editing the CVO overrides as part of rendering+editing manifests.

    The proposed UX is to make this a first class part of the install config api with the implementation being arguments supplied to the CVO to filter the user-selected manifests.

  • 924: (33/33) oc: CLI Manager (deejross)

    This proposal is describing the mechanism for how authors of a Command Line Interface (CLI) such as oc, kubectl, odo, istio, tekton, or knative, can deliver tools to OpenShift clusters. A feature is needed to manage various CLIs available for OpenShift and related services. The goal is for a connected user to discover, install, and upgrade tools that are compatible with the current cluster version easily and from a single location.

  • 925: (23/23) reliability: Kubelet<->Controller Manager communication Profiles (harche)

    do-not-merge/work-in-progress

    To make sure Openshift cluster keeps running optimally under various circumstances where network latency, API Server latency, etcd latency, control plane load latency, etc. may not always be at their best (e.g. Edge cases), we can tweak the frequency of the status updates done by the Kubelet and the corresponding reaction times of the Controller Manager as well as Kube API Server.

  • 926: (7/7) network: Proposal to allow mtu changes (jcaamano)

    Customers may need to change the MTU post-installation. However these changes aren't trivial and may cause downtime, hence the CNO currently forbids them.

    We propose a procedure that will be launched on demand. These procedure will run pods on every node of the cluster and make the necessary changes in an ordered and coordinated manner with a service disruption within the least possible time and hopefully within TCP timeout (best effort).

Other New Pull Requests Modifying Existing Documents

  • 917: (1/1) dev-guide: host-port-registry: reserve a port for virtual media TLS (dtantsur)
  • 919: (11/11) cluster-logging: Multi-Container-Structured-Logging (alanconway)
  • 923: (7/7) windows-containers: [docs] remove invalid web links (selansen)

Other Active Changes

<PR ID>: (activity this week / total activity) summary

There were 19 Other Active pull requests:

  • 866: (21/261) general: Proposed OLM-based Monitoring Stack Solution for RH Managed Services and future needs. (bwplotka)
  • 894: (21/62) authentication: authentication/login-logout: initial enhancement (s-urbaniak)
  • 909: (19/76) baremetal: Include CoreOS ISO in the release payload (zaneb)
  • 876: (19/49) ingress: Add mutable-publishing-scope enhancement (Miciah)
  • 736: (14/157) installer: Add enhancement - IBM Cloud provider for Power Virtual Server platform (jaypoulz)
  • 871: (7/114) baremetal: Enable Baremetal on other Platforms to support centralized host management (asalkeld)
  • 912: (5/15) installer: Enhancement proposal for OpenShift IPI on Nutanix AOS with AHV (vnephologist)
  • 791: (2/70) baremetal: Support RAID and BIOS configuration for baremetal IPI deployments (hs0210)
  • 745: (2/120) security: Security Profiles Operator integration in OpenShift (JAORMX)
  • 913: (2/33) machine-api: Add cluster-api integration enhancement (alexander-demichev)
  • 850: (2/57) network: Enable flows collection (mariomac)
  • 773: (2/44) installer: Enhancement proposal for OpenShift IPI on IBM Cloud (jeffnowicki)
  • 855: (1/93) ingress: ingress: Add bind-options enhancement (m-yosefpor)
  • 812: (1/48) node: Add proposal about Node Operator (saschagrunert)
  • 836: (1/21) etcd: ETCD-58: Add enhancement for automated defragmentation (hexfusion)
  • 862: (1/110) machine-api: Add Machine Deletion Hooks Proposal (JoelSpeed)
  • 900: (1/2) network: Multus service abstraction enhancement (s1061123)
  • 371: (1/31) ingress: Add forwarded-header-policy enhancement (Miciah)

Other Active Pull Requests Modifying Existing Documents

  • 618: (1/23) dev-guide: Add more details about host port ownership (danwinship)

Other Closed Changes

<PR ID>: (activity this week / total activity) summary

There were 12 Other Closed pull requests:

  • 567: (2/114) machine-api: Added proposal for remediation history (slintes)
  • 660: (2/25) cluster-logging: Flow control API enhancements, first draft. (alanconway)
  • 732: (2/151) network: Add Smart NIC OVN offload enhancement (zshi-redhat)
  • 747: (2/64) network: Enable Kubernetes NMstate by default for selected platforms (yboaron)
  • 753: (2/140) workload-partitioning: add plan for configuration and enablement ownership (dhellmann)
  • 771: (2/20) update: add eus MCO enhancement (rphillips)
  • 781: (2/71) installer: CORS-1650: RHEL 8 Server Worker/Infra Node Support (mtnbikenc)
  • 787: (2/13) update: Add no drain upgrade filter (michaelgugino)
  • 802: (2/41) workload-partitioning: WIP Workload partitioning API enhancement (MarSik)
  • 804: (2/32) workload-partitioning: PAO render initial draft (MarSik)
  • 831: (4/105) single-node: aos-sno-pair enhancement (mshitrit)
  • 834: (2/86) machine-api: Propose new controller for pausing MHC during cluster upgrades (slintes)

Revived (closed more than 7 days ago, but with new comments) Changes

<PR ID>: (activity this week / total activity) summary

There were 2 Revived (closed more than 7 days ago, but with new comments) pull requests:

  • 784: (21/69) installer: Allow installer to include/exclude components based on user select install solution (bparees)

Revived (closed more than 7 days ago, but with new comments) Pull Requests Modifying Existing Documents

  • 522: (2/46) olm: Update OLM managed operator metrics enhancement (awgreene)

Idle (no comments for at least 7 days) Changes

<PR ID>: (activity this week / total activity) summary

There were 24 Idle (no comments for at least 7 days) pull requests:

  • 201: (0/101) general: bootimages: Downloading and updating bootimages via release image (cgwalters)
  • 292: (0/204) machine-api: Add Managing Control Plane machines proposal (enxebre)
  • 341: (0/81) maintenance: Machine-maintenance operator proposal (dofinn)
  • 343: (0/46) authentication: cluster-wide oauth-proxy settings (deads2k)
  • 363: (0/202) cvo: Enhancement for adding upgrade preflight checks for operators (LalatenduMohanty)
  • 427: (0/55) update: enhancements/update/phased-rollouts: Propose a new enhancement (wking)
  • 571: (0/269) network: Cloud API component for egress IP (alexanderConstantinescu)
  • 652: (0/15) node: Enable cgroup v2 support (harche)
  • 654: (0/22) dns: ARO private DNS zone resource removal (jim-minter)
  • 687: (0/123) storage: Add AWS EFS CSI driver operator (jsafrane)
  • 722: (0/13) multi-arch: Add "Build OKD for ppc64le" proposal (mjturek)
  • 725: (0/29) distributed-tracing: distributed tracing (sallyom)
  • 738: (0/141) general: Installing OCP on ARM-Based Smart NICs (danwinship)
  • 811: (0/63) network: Enhancement proposal for OVN secondary networks (maiqueb)
  • 817: (0/196) network: Baremetal IPI Network Configuration for Day-1 (cybertron)
  • 837: (0/111) insights: Conditional Data Gathering for Insights Operator (Sergey1011010)
  • 881: (0/45) cluster-logging: LOG-1514: LokiStack CR extension for the gateway configuration (sasagarw)
  • 887: (0/62) ingress: NE-542 Expose router compression variables (candita)
  • 890: (0/57) network: Introduce DPU OVNKube Operator (pliurh)
  • 895: (0/10) builds: WIP - Build CSI Volumes (adambkaplan)
  • 902: (0/4) kubelet: Add initial OpenShift swap enhancement (ehashman)
  • 905: (0/22) hypershift: Introduce konnectivity-socks5-proxy enhancement (awgreene)
  • 907: (0/13) console: CONSOLE-2894: Multi-cluster console (spadgett)

Idle (no comments for at least 7 days) Pull Requests Modifying Existing Documents

  • 893: (0/6) ingress: [fix] Ingress custom http error pages (lgchiaretto)

Other lifecycle/stale or lifecycle/rotten Changes

<PR ID>: (activity this week / total activity) summary

There were 3 Other lifecycle/stale or lifecycle/rotten pull requests:

  • 843: (1/123) general: Node Healthcheck Operator (rgolangh)
  • 864: (1/5) api-review: [OCPNODE-555] Add SignedRegistries to Image CR (QiWang19)
  • 883: (1/7) etcd: add general details for automated upgrade backup controller (hexfusion)