Updates since 2022-02-11
<PR ID>: (activity this week / total activity) summary
There was 1 Prioritized Active pull request:
-
1029: (25/211) network: OVN-Kubernetes on Hypershift (squeed)
priority/important-soonHypershift is a new deployment model for OpenShift which removes the requirement that clusters be "self-hosted". Rather, a given hosted cluster's control plane actually resides as pods on another "management" cluster.
Adapting the OVN networking plugin to the Hypershift model requires some careful design. Specifically, OVN provides its own control plane and datastore, all of which will be hosted external to the hosted cluster.
Thus, the OpenShift OVN deployment model must be updated to support split control planes. Likewise, the Network Operator must be able to manage components on both the control plane as well as the hosted cluster.
<PR ID>: (activity this week / total activity) summary
There were 7 Other Merged pull requests:
-
931: (8/80) dns: NE-367: Add logLevel and operatorLogLevel APIs for DNS (miheer)
This enhancement describes the API and code changes necessary to expose a means to change the DNS Operator and CoreDNS Logging Levels to cluster administrators.
-
1020: (14/110) ingress: Add enhancement for AWS Load Balancer operator (arjunrn)
Users would like to use Application Load Balancers (ALBs) for their Ingress resources so that they can use Amazon Certificate Manager (ACM) to manage certificates for the Ingress domains and also attach Web Application Firewalls (WAFs) to the ALB for security and traffic shaping. The OpenShift router uses a classic ELB or an NLB, which passes through all traffic to the router. TLS termination is done on the router or backend pod. A WAF cannot be attached to the ELB or NLB, and the router cannot be configured to perform TLS termination at the ELB or NLB.
- 1000: (191/341) api-review: Update enhancement proposal to support update of user-defined AWS tags (TrilokGeer)
- 1017: (9/22) helm3: helm: fix example in the documentation (zonggen)
- 1038: (13/13) installer: Refine how a resource specifies multiple capabilities (bparees)
- 1042: (3/3) installer: Change cap annotation delimiter to + (bparees)
- 1043: (3/3) installer: Drop incorrect statement about handling cluster profile resources (bparees)
<PR ID>: (activity this week / total activity) summary
There were 6 Other New pull requests:
-
1034: (36/36) testing: Ephemeral Agent Installer e2e Tests (lranjbar)
Create a new e2e testing framework for the new agent based installer project. Currently, for this project there would be potentially two existing e2e frameworks that could be used, dev-scripts and assisted-test-infra. However, both of these have significant challenges in re-purposing them for this new project.
The main challenge with either of these existing frameworks is that the environment setup, installation and subsequent tests they run are all highly coupled together. With the ephemeral agent installer image it is looking like parts of the potential e2e flow is in both of these frameworks. However, there is no way to mix and match the things we need to simply use them without significant re-factoring effort of both of these frameworks.
A more expected challenge is that some of the routines it is looking like we will need are completely new and thus I am taking the time to argue that it will be less risky to create a new framework for the ephemeral agent installer image.
These challenges will be explained in more detail in the User Stories section below.
-
1035: (50/50) network: Pods Egress DSCP QoS proposal (oribon)
Not all traffic has the same priority, and when there is contention for bandwidth, there should be a mechanism for objects outside the cluster to prioritize the traffic. To enable this, we will use Differentiated Services Code Point (DSCP) which allows us to classify packets by setting a 6-bit field in the IP header, effectively marking the priority of a given packet relative to other packets as "Critical", "High Priority", "Best Effort" and so on.
By introducing a new CRD
EgressQos, users could specify a DSCP value for packets originating from pods on a given namespace heading to a specified CIDR. The CRD will be Namespaced, with one resource allowed per namespace. The resources will be watched by ovn-k, which in turn will configure OVN's QoS Table. -
1036: (51/51) insights: Insights Operator Prometheus Alerts for Insights Recommendations (natiiix)
Insights recommendations are triggered based on data in the archives periodically uploaded by the Insights Operator. A report about these recommendations is available through the Insights Smart Proxy, and it is currently fetched by the Insights Operator after each successful archive upload in order for the Insights Operator to update Prometheus metrics containing the number of currently active recommendations in each severity category.
This enhancement aims to extend this functionality by not only making the number of recommendations available, but also providing specific information about each of the recommendations via Prometheus alerts. The currently suggested approach expects one info-level alert per active Insights recommendation, containing its ID, human-readable name, severity, and a link to detailed information about the recommendation and its remediation steps.
-
1037: (27/27) insights: New Insights config API proposal (tremes)
This enhancement extends the
config.openshift.ioAPI with a new Insights API. The new API will enable a more appropriate way of configuring as well as status reporting of the Insights operator. The Insights operator is currently configured (for some historical reasons) viasupportsecret (in theopenshift-confignamespace). This secret is not present in a cluster by default and more importantly it is not the appropriate way to configure a cluster operator. Providing a new configuration API for the Insights should bring a better user experience as well as easier way to introduce new configuration options (an example could be a way how to run only particular gatherers, which should help when running in non-standard environments as for example HyperShift) and the operator status reporting. -
1039: (2/2) ingress: Add tunable-router-kubelet-probes (Miciah)
This enhancement allows cluster administrators to modify the liveness and readiness probe timeout values of OpenShift router deployments.
-
1041: (7/7) single-node: Enhancement for enabling single-node-openshift with workers (omertuc)
do-not-merge/holdThis enhancement aims to enable adding workers to a single control-plane node cluster by attempting to tackle multiple issues that arise when worker nodes are added to such clusters.
<PR ID>: (activity this week / total activity) summary
There were 12 Other Active pull requests:
- 1005: (26/79) update: Synchronized upgrades in DPU clusters (danwinship)
- 1030: (20/30) monitoring: enhancements/monitoring: User-Defined Alerting and Relabeling Rules (bison)
- 987: (18/91) dns: Add the DNS-over-TLS enhancement initial draft (brandisher)
- 1010: (17/58) authentication: add enhancement on PSa autolabeling (stlaz)
- 1023: (11/19) ingress: Add route-subdomain enhancement (Miciah)
- 1009: (10/81) general: OpenStack Cloud Provider Config Upgrade (stephenfin)
- 929: (10/235) api-review: [OCPNODE-747] New CRD ImageDigestMirrorSet and ImageTagMirrorSet to support AllowMirrByTags (QiWang19)
- 1014: (9/273) multi-arch: Heterogeneous architecture clusters (Prashanth684)
- 995: (7/231) machine-api: Add enhancement for AWS Placement Groups in Machine API (JoelSpeed)
- 981: (3/139) general: Added proposal for HyperShift monitoring. (bwplotka)
- 1002: (2/80) ingress: CFE-10: Add host-network-bind-options (Elbehery)
- 745: (2/133) security: Security Profiles Operator integration in OpenShift (JAORMX)
<PR ID>: (activity this week / total activity) summary
There were 3 Other Closed pull requests:
- 812: (10/66) node: Add proposal about Node Operator (saschagrunert)
- 900: (6/94) network: Multus service abstraction enhancement (s1061123)
- 986: (3/8) windows-containers: WIP WINC-712: Windows CSI Storage Enablement (alinaryan)
<PR ID>: (activity this week / total activity) summary
There was 1 Revived (closed more than 14 days ago, but with new comments) pull request:
- 736: (0/248) installer: Add enhancement - IBM Cloud provider for Power Virtual Server platform (jaypoulz)
<PR ID>: (activity this week / total activity) summary
There were 12 Idle (no comments for at least 14 days) pull requests:
- 811: (0/71) network: Enhancement proposal for OVN secondary networks (maiqueb)
- 943: (0/110) etcd: [OCPCLOUD-1244] Add proposal for etcd protection mechanism during control plane scaling (JoelSpeed)
- 952: (0/44) ingress: NE-585 Expose HealthCheck Interval (candita)
- 958: (0/108) monitoring: enhancements/monitoring: User-defined alerting rules proposal (bison)
- 994: (0/7) authentication: auth: add enhancement about pinning SCCs to pods (stlaz)
- 1006: (0/3) storage: CSI Inline Ephemeral Volume Security (adambkaplan)
- 1008: (0/185) machine-api: [OCPCLOUD-1248] Add initial iteration of ControlPlaneMachineSet operator enhancement (JoelSpeed)
- 1019: (0/19) node-tuning: Enhancement for improving image pull via shortname security (umohnani8)
- 1025: (0/47) kube-apiserver: Introduce detection of stale clusteroperator conditions (mfojtik)
- 1027: (0/2) general: Enable ProjectRequestLimit on OpenShift 4.x (josefkarasek)
- 1028: (0/11) cluster-logging: flow-control-api spec (pmoogi-redhat)
- 1032: (0/2) general: OpenShift CoreOS Layering (provisional) (cgwalters)
<PR ID>: (activity this week / total activity) summary
There were 6 With lifecycle/stale or lifecycle/rotten pull requests:
- 912: (15/42) installer: Enhancement proposal for OpenShift IPI on Nutanix AOS with AHV (vnephologist)
- 918: (1/93) installer: vsphere: add multiple datacenter and clusters (jcpowermac)
- 937: (1/132) monitoring: support configuration of alerting notifications by application owners (simonpasquier)
- 980: (6/79) authentication: enhancements/authentication: detect invalid certificates (s-urbaniak)
- 992: (1/17) authentication: auth: add enhancement for direct kube-apiserver oidc config (stlaz)
- 1003: (1/3) authentication: add log level, stage and request uri mask (ibihim)