<PR ID>: (activity this week / total activity) summary
There were 3 Prioritized Active pull requests:
-
463: (5/624) machine-api: Describing steps to support out-of-tree providers (Danil-Grigorev)
approved, do-not-merge/hold, priority/important-soonThis enhancement proposal describes the migration of cloud platforms from the deprecated in-tree cloud providers to Cloud Controller Manager services that implement the
external cloud providerinterface. -
593: (3/135) general: Add proposal for hiding container mountpoints from systemd (lack)
priority/important-soonThe current implementation of Kubelet and CRI-O both use the top-level namespace for all container and Kubelet mountpoints. However, moving these container-specific mountpoints into a private namespace reduced systemd overhead with no difference in functionality.
-
643: (1/66) update: Add Reduced Reboots enhancement (sdodson)
lifecycle/stale, priority/important-soonThis enhancement is intended to reduce host reboots when upgrading across two or more OpenShift minor versions by enabling an N-2 version skew policy between all host components and cluster scoped resources.
<PR ID>: (activity this week / total activity) summary
There were 3 Other Merged pull requests:
-
690: (15/70) api-review: Add repositoryMirrors spec to ImageContentSourcePolicy (QiWang19)
Today, the ImageContentSourcePolicy object sets up mirror with
mirror-by-digest-onlyproperty set to true. Requires images be pulled by digest only. This enhancement plans to add new spec to ImageContentSourcePolicy with configurable fieldallowMirrorByTags, so thatmirror-by-digest-onlycan be configured by ImageContentSourcePolicy. -
701: (110/394) monitoring: metrics scraping with local authentication and authorization (deads2k)
Monitoring needs to be reliable and is the very useful when trying to debug clusters in an already degraded state. We want to ensure that metrics scraping can always work if the scraper can reach the target, even if the kube-apiserver is unavailable or unreachable. To do this, we will combine a local authorizer (already merged in many binaries and the rbac-proxy) and client-cert based authentication to have a fully local authentication and authorization path for scraper targets.
-
793: (4/116) authentication: describe group syncing for OIDC identity providers (stlaz)
OpenShift should be capable of synchronizing user groups from a 3rd party identity provider upon a user logging in to their OpenShift cluster.
<PR ID>: (activity this week / total activity) summary
There were 5 Other New pull requests:
-
826: (30/30) cluster-logging: Creating initial skeleton of eo v2 api proposal (ewolinetz)
approved, do-not-merge/holdCurrently when interacting with the Elasticsearch Operator via the Elasticsearch CRD, one needs to have a lot of knowledge on how to best configure the Elasticsearch cluster node's roles, memory/cpu, and replication count. In order to continue to improve the user experience of the operator and provide a performant cluster that can operate at scale we should simplify the API and move the knowledge of desired infrastructure into the operator itself.
-
827: (7/7) machine-api: Backport the
pausefeature for MachineHealthChecks (slintes)Enable opt in for automated health checking and remediation of unhealthy nodes backed by machines. a.k.a. node auto repair.
-
828: (3/3) update: Bug 1978376: Add ack based upgrade blocker (jottofar)
bugzilla/severity-urgent, bugzilla/valid-bug, do-not-merge/work-in-progressCVO currently blocks minor level upgrades when overrides are set, a resource deletion is pending, or an operator has set its upgradeable condition to false. This enhancement adds a generic upgrade blocking mechanism for blocking minor level upgrades. This generic upgrade blocker can consist of one or more items each of which will block a minor level upgrade. Each generic upgrade blocker item will be associated with some well-defined task to be completed by an administrator. Once the task has been completed the administrator will acknowledge completion and its associated item will no longer block minor level upgrades.
- 823: (3/3) cluster-logging: Remove tenant configuration from loki output configuration. (alanconway)
- 824: (3/3) authentication: auth: add sur and stlaz to group sync approvers (stlaz)
<PR ID>: (activity this week / total activity) summary
There were 10 Other Active pull requests:
- 821: (39/40) update: enhancements/update/targeted-update-edge-blocking: Propose a new enhancement (wking)
- 817: (34/116) network: Baremetal IPI Network Configuration for Day-1 (cybertron)
- 706: (19/154) api-review: apply user defined tags to all resources (gregsheremeta)
- 732: (6/147) network: Add Smart NIC OVN offload enhancement (zshi-redhat)
- 660: (2/21) cluster-logging: Flow control API enhancements, first draft. (alanconway)
- 771: (2/12) update: add eus MCO enhancement (rphillips)
- 709: (2/89) installer: Add proposal for credentials management outside the openshift cluster for new platforms (akhil-rane)
- 683: (2/52) insights: Insights Operator pulling and exposing data from the OCM API (tremes)
- 812: (1/44) node: Add proposal about Node Operator (saschagrunert)
- 815: (5/39) console: CONSOLE-2425: Support localization of dynamic plugins (jhadvig)
<PR ID>: (activity this week / total activity) summary
There were 7 Other Closed pull requests:
- 124: (2/77) update: enhancements/update/automatic-updates: Propose a new enhancement (wking)
- 380: (2/40) kube-apiserver: describe delete protection for resources to avoid client-side delete coordination (deads2k)
- 486: (2/80) local-storage: Adds proposal for auto partitioning in LSO (rohan47)
- 676: (3/5) kube-apiserver: api compatibility (sanchezl)
- 825: (1/1) console: expose CNI type (mariomac)
- 406: (2/20) kube-apiserver: Add preliminary data section to network check enhancement. (sanchezl)
- 623: (2/5) storage: Confirm Azure Disk names (huffmanca)
<PR ID>: (activity this week / total activity) summary
There was 1 Revived (closed more than 7 days ago, but with new comments) pull request:
- 549: (0/157) storage: Add proposal for CSI migration (bertinatto)
<PR ID>: (activity this week / total activity) summary
There were 13 Other lifecycle/stale pull requests:
- 137: (0/300) general: CLI in-cluster management (sallyom)
- 302: (0/30) kube-apiserver: [thought-experiment] single-node cluster static pod creation (deads2k)
- 567: (0/107) machine-api: Added proposal for remediation history (slintes)
- 571: (0/232) network: Cloud API component for egress IP (alexanderConstantinescu)
- 613: (0/19) network: NetworkPolicies for System Namespaces (danwinship)
- 626: (0/39) machine-config: enhancements/machine-config: securing MCS (crawford)
- 661: (0/119) operator-framework-api: New OpenshiftCatalogueValidator (camilamacedo86)
- 673: (0/54) machine-api: short-circuiting-backoff (mshitrit)
- 682: (0/32) alerting: alerting as a feature (dofinn)
- 687: (0/108) storage: Add AWS EFS CSI driver operator (jsafrane)
- 695: (0/26) cluster-version-operator: move CVO upgrades doc to enhancements (deads2k)
- 693: (0/28) general: CONVENTIONS: Add section on limits (smarterclayton)
- 711: (0/4) olm: add "fail open" risk/mitigation (njhale)
<PR ID>: (activity this week / total activity) summary
There were 56 Idle (no comments for at least 7 days) pull requests:
- 146: (0/215) installer: openstack: Add Baremetal Compute Nodes RFE (pierreprinetti)
- 201: (0/95) general: bootimages: Downloading and updating bootimages via release image (cgwalters)
- 292: (0/203) machine-api: Add Managing Control Plane machines proposal (enxebre)
- 341: (0/80) maintenance: Machine-maintenance operator proposal (dofinn)
- 343: (0/43) authentication: cluster-wide oauth-proxy settings (deads2k)
- 346: (0/85) installer: Installer pre-flight validations (mandre)
- 357: (0/241) accelerators: Supporting out-of-tree drivers on OpenShift (zvonkok)
- 363: (0/201) cvo: Enhancement for adding upgrade preflight checks for operators (LalatenduMohanty)
- 371: (0/22) ingress: Add forwarded-header-policy enhancement (Miciah)
- 427: (0/54) update: enhancements/update/phased-rollouts: Propose a new enhancement (wking)
- 460: (0/17) ingress: Add empty-requests-policy enhancement (Miciah)
- 461: (0/9) ingress: Add aws-elb-idle-timeout enhancement (Miciah)
- 468: (0/54) machine-api: Add dedicated instances proposal (alexander-demichev)
- 475: (0/31) general: enhancements/update/update-blocker-lifecycle: Propose a new enhancement (wking)
- 520: (0/15) network: Static IP Addresses from DHCP (cybertron)
- 547: (0/38) baremetal: Propose BMC-less remediation enhancement (AKA poison pill) (n1r1)
- 562: (0/152) security: Enhancing SCC to Gate Runtime Classes (haircommander)
- 575: (0/76) installer: Installer Enhacement Proposal: Manifests from STDIN (oglok)
- 624: (0/21) update: Add: upgrade-blocker-operator (michaelgugino)
- 652: (0/4) node: Enable cgroup v2 support (harche)
- 654: (0/20) dns: ARO private DNS zone resource removal (jim-minter)
- 707: (0/28) installer: Add Enhancement for Installing to Alibaba Cloud (lemondlut)
- 722: (0/7) multi-arch: Add "Build OKD for ppc64le" proposal (mjturek)
- 725: (0/12) distributed-tracing: distributed tracing (sallyom)
- 730: (0/7) network: mtu: ability to change running cluster's mtu setting (msherif1234)
- 736: (0/104) installer: Add enhancement - IBM Cloud provider for Power Virtual Server platform (jaypoulz)
- 738: (0/103) network: Installing OCP on ARM-Based Smart NICs (danwinship)
- 745: (0/99) security: Security Profiles Operator integration in OpenShift (JAORMX)
- 747: (0/60) network: Enable Kubernetes NMstate by default for selected platforms (yboaron)
- 748: (0/4) cluster-logging: New proposal: Forwarder output parameter templates (alanconway)
- 749: (0/183) ingress: NE-310 Enhancement proposal for HSTS route admission plugin (candita)
- 751: (0/50) builds: WIP - Disable Jenkins Pipeline Build Strategy (adambkaplan)
- 753: (0/136) workload-partitioning: add plan for configuration and enablement ownership (dhellmann)
- 758: (0/20) security: Security Context Constraints for CSI Volumes (adambkaplan)
- 773: (0/40) installer: Enhancement proposal for OpenShift IPI on IBM Cloud (jeffnowicki)
- 775: (0/9) network: Drop Node Hostname Resolution (cybertron)
- 781: (0/67) installer: CORS-1650: RHEL 8 Server Worker/Infra Node Support (mtnbikenc)
- 784: (0/44) installer: Allow installer to include/exclude components based on user select install solution (bparees)
- 787: (0/8) update: Add no drain upgrade filter (michaelgugino)
- 791: (0/19) baremetal: Support RAID and BIOS configuration for baremetal IPI deployments (hs0210)
- 802: (0/37) workload-partitioning: WIP Workload partitioning API enhancement (MarSik)
- 804: (0/28) workload-partitioning: PAO render initial draft (MarSik)
- 806: (0/1) ingress: Ingress: Add ingress operator and operand logging level API (sgreene570)
- 811: (0/2) network: Enhancement proposal for OVN secondary networks (maiqueb)
- 816: (0/1) ingress: Ingress: Add API for configuring ingress connection timeouts (rfredette)
- 522: (0/40) olm: Update OLM managed operator metrics enhancement (awgreene)
- 538: (0/16) machine-api: update machine-api-usage-telemetry (elmiko)
- 618: (0/15) network: Add more details about host port ownership (danwinship)
- 666: (0/27) kube-apiserver: adding new userequest audit policy (EmilyM1)
- 742: (0/93) cluster-scope-secret-volumes: Update projected resource CSI driver proposal (adambkaplan)
- 774: (0/6) network: Remove OpenShift-SDN requirement for Bare Metal Load Balancer (markdgray)
- 779: (0/1) general: Update High Availability Conventions (ravisantoshgudimetla)
- 797: (0/18) ingress: custom routes: set up an explicit trust to the oauth-server (stlaz)
- 800: (0/11) update: updates: capture offline discussion on eus-upgrades-mvp (dhellmann)
- 805: (0/3) general: CONVENTIONS.md: add runlevel documentation (mcoops)
- 810: (0/2) general: tools: update make dependency to build lint image (dhellmann)