Skip to content

Latest commit

 

History

History
295 lines (214 loc) · 21.1 KB

2021-02-12.md

File metadata and controls

295 lines (214 loc) · 21.1 KB

This Week in Enhancements - 2021-02-12

Enhancements for Release Priorities

Prioritized Merged Enhancements

<PR ID>: (activity this week / total activity) summary

There was 1 Prioritized Merged pull request:

  • 585: (12/146) update: EUS Upgrades MVP (sdodson)

    This enhancement outlines a set of cross platform improvements meant to ensure the safety of multiple back-to-back minor version upgrades associated with EUS to EUS upgrades. Additionally, we outline improvements applicable to all upgrades meant to reduce the duration of upgrades and workload disruption.

    All of the work detailed herein is prerequisite to enabling upgrades which skip reboots. However where non-overlapping resources exist we can pursue reboot removal in parallel such as the Node team validating upstream's stated Kubelet version skew policies.

Prioritized New Enhancements

<PR ID>: (activity this week / total activity) summary

There were 2 Prioritized New pull requests:

  • 641: (25/25) general: EP: Support for Cluster High-availability mode API (varshaprasad96)

    The goal of this enhancement is to describe the support for [cluster high-availability mode API][enhancement_cluster_operators] introduced by OpenShift. The enhancement proposes to introduce necessary helper functions which will enable users to identify if the OpenShift cluster can support high availability deployment mode of their operator or not.

  • 643: (5/5) update: Add Reduced Reboots enhancement (sdodson)

    This enhancement is intended to reduce host reboots when upgrading across two or more OpenShift minor versions by enabling an N-2 version skew policy between all host components and cluster scoped resources.

Prioritized Active Enhancements

<PR ID>: (activity this week / total activity) summary

There were 2 Prioritized Active pull requests:

  • 593: (39/107) general: Add proposal for hiding container mountpoints from systemd (lack)

    The current implementation of Kubelet and CRI-O both use the top-level namespace for all container and Kubelet mountpoints. However, moving these container-specific mountpoints into a private namespace reduced systemd overhead with no difference in functionality.

  • 628: (29/50) general: automated resource request scaling (dhellmann)

    This enhancement describes an approach to allow us to scale the resource requests for the control plane services to reduce consumption for constrained environments. This will be especially useful for single-node production deployments, where the user wants to reserve most of the CPU resources for their own workloads and needs to configure OpenShift to run on a fixed number of CPUs within the host.

    One example of this use case is seen in telecommunication service providers implementation of a Radio Access Network (RAN). This use case is discussed in more detail below.

Other Enhancements

Other Merged Enhancements

<PR ID>: (activity this week / total activity) summary

There were 4 Other Merged pull requests:

  • 78: (4/91) general: Add "Build OKD-on-Fedora-CoreOS in Prow" proposal (LorbusChris)

    OKD is the OpenShift community distribution of Kubernetes.

    As part of the version 4 effort, the OKD working group has decided to target Fedora CoreOS (FCOS) as the primary base operating system for OKD control plane and worker nodes.

    This document contains a proposal to add missing FCOS support to key components, create OKD artifacts in OpenShift's Prow instance from the canonical OpenShift master and release branches alongside OCP CI artifacts, and regularily create OKD release payloads from there.

    • 644: (5/5) general: OKD: Move proposal to implementable, clarify summary (LorbusChris)

  • 473: (10/211) network: Enable IPsec support in OVNKubernetes (markdgray)

    The scope of this work is to encrypt all traffic between pods on the cluster network when that traffic leaves the node (and correspondingly decrypt traffic that enters the node) using IPsec. It will not encrypt traffic between pods on the host network, as this traffic does not traverse OVN. However, as a side effect, this will also encrypt pod traffic that originates from pods on the host network and is destined for the cluster network as this network does traverse OVN. In order to simplify terminology, this encrypted traffic will be referred to as inter-node traffic throughout the document.

  • 608: (0/29) windows-containers: WINC-482: Bring Your Own Windows Host design (aravindhp)

    The intent of this enhancement is to allow customers to add their existing Windows instances to an OpenShift 4.7+ cluster using the Windows Machine Config Operator (WMCO).

Other New Enhancements

<PR ID>: (activity this week / total activity) summary

There were 7 Other New pull requests:

  • 635: (8/8) manifestlist: IR-57: API changes for manifest list support (ricardomaraschini)

    A manifest list is a group of image manifests, it is used to keep track of references to images targeting different platforms/architectures in a single entity. OpenShift does not support this type of manifest, it currently supports only an 1 to 1 mapping (one manifest pointing to one image).

    This enhancement propose designs a plan to add support for this new type of manifest in OpenShift.

  • 636: (27/27) kube-apiserver: API Removal Notifications (sanchezl)

    Notify customers that an API that will be removed in the next release is in use.

  • 637: (169/169) monitoring: Add: Alerting Standards (michaelgugino)

    Clear and actionable alerts are a key component of a smooth operational experience. Ensuring we have clear and concise guidelines for our alerts will allow developers to better inform users of problem situations and how to resolve them.

  • 640: (2/2) ingress: Ingress: Add GCP Global Access LB Proposal (sgreene570)

    This enhancement extends the IngressController API to allow the user to enable the "Global Access" option for Ingress Controllers exposed via an Internal Load Balancer on GCP.

  • 642: (25/25) kubelet: Dynamic node sizing (harche)

    Kubelet should have an automatic sizing calculation mechanism, which could give kubelet an ability to dynamically set sizing values for memory and cpu system reserved.

    Today the sizing values are passed manually to kubelet using --kube-reserved and --system-reserved flags. Many cloud providers provide reference values for their customers to help them select optimal values based on the node sizes. e.g. GKE, AKS

    This enhancement proposes a mechanism to automatically determine the optimal sizing values for any node size irrespective of the cloud provider.

  • 645: (6/6) update: eus-upgrades-mvp: Fix MCO constraints examples (sdodson)

    This enhancement outlines a set of cross platform improvements meant to ensure the safety of multiple back-to-back minor version upgrades associated with EUS to EUS upgrades. Additionally, we outline improvements applicable to all upgrades meant to reduce the duration of upgrades and workload disruption.

    All of the work detailed herein is prerequisite to enabling upgrades which skip reboots. However where non-overlapping resources exist we can pursue reboot removal in parallel such as the Node team validating upstream's stated Kubelet version skew policies.

  • 647: (2/2) windows-containers: Enhancement proposal for monitoring (VaishnaviHire)

    The intent of this enhancement is to enable monitoring on Windows nodes created by Windows Machine Config Operator(WMCO) in OpenShift cluster.

Other Active Enhancements

<PR ID>: (activity this week / total activity) summary

There were 25 Other Active pull requests:

  • 524: (78/283) network: New method for providing configurable self-hosted LB/DNS/VIP for on-prem (yboaron)
  • 574: (61/299) installer: First iteration of running the Assisted Installer in end-user clusters. (mhrivnak)
  • 549: (33/68) storage: Add proposal for CSI migration (bertinatto)
  • 576: (25/115) cluster-logging: Move ES cert management into Elasticsearch Operator (ewolinetz)
  • 581: (25/44) network: Add network flows export support proposal (rcarrillocruz)
  • 626: (23/31) machine-config: enhancements/machine-config: securing MCS (crawford)
  • 617: (12/89) network: [SDN-1364] Add Network Policy audit logging Enhancement (astoycos)
  • 403: (8/16) authentication: webhook authentication: kubeconfig auth specification, 0-ttl cache (stlaz)
  • 571: (7/186) network: Cloud API component for egress IP (alexanderConstantinescu)
  • 577: (7/146) ingress: describe one-stop-shopping for exposing customized routes (deads2k)
  • 618: (7/14) network: Add more details about host port ownership (danwinship)
  • 625: (7/8) cluster-logging: Simplify JSON forwarding proposal (alanconway)
  • 366: (5/32) kata-containers: kata containers enhancement proposal (ariel-adam)
  • 357: (4/197) general: Supporting out-of-tree drivers on OpenShift (zvonkok)
  • 137: (3/286) general: CLI in-cluster management (sallyom)
  • 603: (2/42) network: Initial proposal of allow mtu and overlay port changes (juanluisvaladas)
  • 624: (2/7) update: Add: upgrade-blocker-operator (michaelgugino)
  • 449: (2/4) ingress: Add Tunable Router Buffer Sizes EP (sgreene570)
  • 567: (2/59) machine-api: Added proposal for remediation history (slintes)
  • 590: (2/5) authentication: add 'Allowing URI Scheme in OIDC sub claims' (stlaz)
  • 371: (2/15) ingress: Add forwarded-header-policy enhancement (Miciah)
  • 497: (1/11) cloud-integration: Initial draft of Cloud Credentials Rotation. (dgoodwin)
  • 483: (1/21) machine-api: Add proposal for API to automatically spread MachineSets across AZs. (dgoodwin)
  • 343: (1/43) authentication: cluster-wide oauth-proxy settings (deads2k)
  • 447: (1/30) insights: Insights-gateway (iNecas)

Other Closed Enhancements

<PR ID>: (activity this week / total activity) summary

There were 7 Other Closed pull requests:

  • 327: (1/34) security: Add enhancement proposal for selinux-operator (JAORMX)
  • 416: (2/69) installer: draft of install CA management proposal (bparees)
  • 440: (2/53) installer: Create single node control plane based on installer bootstrap (eranco74)
  • 456: (2/10) ingress: Adds ExternalDNS Operator Enhancement Proposal (danehans)
  • 458: (2/15) network: Whereabouts IPAM CNI Sticky IP Addresses Enhancement (dougbtv)
  • 460: (2/13) ingress: Add empty-requests-policy enhancement (Miciah)
  • 461: (2/5) ingress: Add aws-elb-idle-timeout enhancement (Miciah)

Revived (closed more than 7 days ago, but with new comments) Enhancements

<PR ID>: (activity this week / total activity) summary

There were 2 Revived (closed more than 7 days ago, but with new comments) pull requests:

  • 561: (0/40) network: Initial proposal of "allow-from-router" NetworkPolicy (danwinship)
  • 592: (10/164) olm: Safer Cluster Upgrades for OLM Managed Operators (awgreene)

Old (labeled as stale, but discussion in last 7 days) Enhancements

<PR ID>: (activity this week / total activity) summary

There were 3 Old (labeled as stale, but discussion in last 7 days) pull requests:

  • 296: (1/180) network: Add ovs-hardware-offload enhancement (zshi-redhat)
  • 415: (2/10) etcd: add backup config controller (hexfusion)
  • 531: (1/14) update: enhancements/update/channel-metadata: Distribute channel description strings (wking)

Other lifecycle/stale Enhancements

<PR ID>: (activity this week / total activity) summary

There was 1 Other lifecycle/stale pull request:

  • 411: (0/61) installer: run the Assisted Installer on-premise as opposed to utilizing a cloud service (mhrivnak)

Idle (no comments for at least 7 days) Enhancements

<PR ID>: (activity this week / total activity) summary

There were 47 Idle (no comments for at least 7 days) pull requests:

  • 124: (0/75) update: enhancements/update/automatic-updates: Propose a new enhancement (wking)
  • 146: (0/213) installer: openstack: Add Baremetal Compute Nodes RFE (pierreprinetti)
  • 174: (0/58) builds: first draft of configmap/secret injection via volumes enhancement (bparees)
  • 177: (0/38) olm: Library for OLM operator-inspect functionality (shawn-hurley)
  • 198: (0/23) kube-controller-manager: stability: add quota to all namespaces (deads2k)
  • 201: (0/80) general: bootimages: Downloading and updating bootimages via release image (cgwalters)
  • 255: (0/108) monitoring: add restart metrics enhancement (rphillips)
  • 265: (0/137) general: Signal cluster deletion (abutcher)
  • 292: (0/195) machine-api: Add Managing Control Plane machines proposal (enxebre)
  • 302: (0/27) kube-apiserver: [thought-experiment] single-node cluster static pod creation (deads2k)
  • 341: (0/80) maintenance: Machine-maintenance operator proposal (dofinn)
  • 346: (0/81) installer: Installer pre-flight validations (mandre)
  • 361: (0/109) baremetal: Minimise Baremetal footprint, live-iso bootstrap (hardys)
  • 363: (0/201) cvo: Enhancement for adding upgrade preflight checks for operators (LalatenduMohanty)
  • 400: (0/18) general: OpenStack AZ Support (iamemilio)
  • 406: (0/16) kube-apiserver: Add preliminary data section to network check enhancement. (sanchezl)
  • 417: (0/114) installer: Add enhancement: IPI kubevirt provider (ravidbro)
  • 426: (0/124) general: enhancements/update/targeted-update-edge-blocking: Propose a new enhancement (wking)
  • 427: (0/54) update: enhancements/update/phased-rollouts: Propose a new enhancement (wking)
  • 438: (0/41) ingress: Add ingress fault detection proposal (sgreene570)
  • 443: (0/94) machine-config: Support a provisioning token for the Machine Config Server (cgwalters)
  • 462: (0/34) ingress: Add client-tls enhancement (Miciah)
  • 463: (0/570) machine-api: Describing steps to support out-of-tree providers (Danil-Grigorev)
  • 465: (0/42) insights: Insights operator up to date gathering (martinkunc)
  • 468: (0/48) machine-api: Add dedicated instances proposal (alexander-demichev)
  • 475: (0/6) general: enhancements/update/update-blocker-lifecycle: Propose a new enhancement (wking)
  • 477: (0/41) update: enhancements/update/manifest-install-levels: Propose a new enhancement (wking)
  • 480: (0/84) etcd: enhancements/etcd: support assisted install (hexfusion)
  • 486: (0/71) local-storage: Adds proposal for auto partitioning in LSO (rohan47)
  • 489: (0/3) kube-apiserver: p2pnc: update (sanchezl)
  • 492: (0/44) rhcos: add rhcos-inject enhancement (crawford)
  • 520: (0/10) network: Static IP Addresses from DHCP (cybertron)
  • 522: (0/13) olm: Update OLM managed operator metrics enhancement (awgreene)
  • 525: (0/5) machine-config: Add FCCT support in MC proposal (LorbusChris)
  • 527: (0/72) installer: enhancement/installer: check OpenStack versions (EmilienM)
  • 538: (0/5) machine-api: update machine-api-usage-telemetry (elmiko)
  • 545: (0/1) network: Add BGP design section (markdgray)
  • 547: (0/36) baremetal: Propose BMC-less remediation enhancement (AKA poison pill) (n1r1)
  • 551: (0/30) machine-api: Propose to backport the "external remediation template" feature (slintes)
  • 554: (0/7) general: conventions: Clarify when workload disruption is allowed (smarterclayton)
  • 562: (0/146) security: Enhancing SCC to Gate Runtime Classes (haircommander)
  • 564: (0/16) cluster-logging: Allowing users to specify a delete policy based on amount of storage used within the ES cluster (ewolinetz)
  • 566: (0/44) general: Separating provider-specific code in the installer (janoszen)
  • 575: (0/45) installer: Installer Enhacement Proposal: Manifests from STDIN (oglok)
  • 612: (0/2) cluster-logging: Simplify initial cloudwatch proposal based on feedback. (alanconway)
  • 613: (0/2) network: NetworkPolicies for System Namespaces (danwinship)
  • 623: (0/1) storage: Confirm Azure Disk names (huffmanca)