This week's newsletter covers changes since 2021-09-10.
<PR ID>: (activity this week / total activity) summary
There were 2 Prioritized Merged pull requests:
-
821: (59/339) update: enhancements/update/targeted-update-edge-blocking: Propose a new enhancement (wking)
This enhancement proposes a mechanism for blocking edges for the subset of clusters considered vulnerable to known issues with a particular update or target release.
- 892: (5/6) general: document PR life-cycle timeouts (dhellmann)
<PR ID>: (activity this week / total activity) summary
There were 3 Prioritized Active pull requests:
-
867: (10/150) node-tuning: Move PAO to OCP enhancement (MarSik)
priority/important-soonThe Performance Addon Operator is a component that makes it easier to configure an OCP cluster for low latency and real-time purposes OCP docs. It is a high level orchestrator that consumes a Performance Profile and generates multiple manifests that are then processed by core OpenShift components like MCO and NTO. We have a simplified interaction diagram here: https://github.com/openshift-kni/performance-addon-operators/blob/master/docs/interactions/diagram.png A more in depth description of how a low latency tuned cluster works was presented at DevConf 2021: https://devconfcz2021.sched.com/event/gmJD/openshift-for-low-latency-and-real-time-workloads
The proposal in hand is to move the existing implementation of PAO under cluster node tuning operator (NTO) without adding new features.
-
838: (2/127) local-storage: KNIP-1770: Add proposal for exporting local storage device health metrics (rohantmp)
priority/important-soonThis enhancement proposes that we export health metrics for each local device on each node.
-
593: (1/137) general: Add proposal for hiding container mountpoints from systemd (lack)
lifecycle/stale, priority/important-soonThe current implementation of Kubelet and CRI-O both use the top-level namespace for all container and Kubelet mountpoints. However, moving these container-specific mountpoints into a private namespace reduced systemd overhead with no difference in functionality.
<PR ID>: (activity this week / total activity) summary
There were 5 Other Merged pull requests:
-
748: (12/25) cluster-logging: LOG-1296: Send JSON logs from containers in the same pod to separate indices (alanconway)
Elasticsearch needs log messages with different formats to be directed to different indices. The ClusterLogForwarder API can direct logs from diffeent pods to different Elasticsearch indices, based on namespace or labels, using the
structuredTypeKeyfield.This proposal is only about forwarding structured JSON logs to Elasticsearch, but the pattern described here may be useful in other situations.
- 810: (3/4) general: tools: update make dependency to build lint image (dhellmann)
- 849: (6/10) ingress: NE-310 Enhancement proposal for HSTS route admission plugin (candita)
- 898: (4/4) housekeeping: OWNERS: Prune crawford (wking)
- 901: (5/5) cluster-scope-secret-volumes: BUILD-348: update shared resource via CSI Driver proposal (gabemontero)
<PR ID>: (activity this week / total activity) summary
There were 11 Other New pull requests:
-
894: (33/33) authentication: authentication/login-logout: initial enhancement (s-urbaniak)
This enhancement describes capturing login, login failure, and logout events in the OpenShift authentication subsystems.
-
895: (10/10) builds: WIP - Build CSI Volumes (adambkaplan)
do-not-merge/work-in-progressThis proposal extends the build Volume Mounted Resources feature to support CSI ephemeral volumes.
-
899: (2/2) authentication: pod-security initial commit (s-urbaniak)
(no '## Summary' section found in enhancements/authentication/pod-security-admission.md)
-
900: (2/2) network: Multus service abstraction enhancement (s1061123)
This proposal introduces an implemention of Kubernetes services for secondary network interfaces, which are created by multus CNI. Currently pods' secondary network interfaces made by multus a sidecar to the Kubernetes network, henceforth Kubernetes network functionality cannot be used, such as network policy and service. This proposal introduces several components into OpenShift in order to implement some of the Kubernetes service functionality for pods' secondary network interfaces.
-
902: (4/4) kubelet: Add initial OpenShift swap enhancement (ehashman)
do-not-merge/work-in-progressThe upstream Kubernetes 1.22 release introduced alpha support for configuring swap memory usage for Kubernetes workloads on a per-node basis.
Now that swap use on nodes is supported in upstream, there are a number of use cases that would benefit from OpenShift nodes supporting swap, including improved node stability, better support for applications with high memory overhead but smaller working sets, the use of memory-constrained devices, and memory flexibility.
-
905: (16/16) hypershift: Introduce konnectivity-socks5-proxy enhancement (awgreene)
The goal of this enhancement is to provide HyperShift control plane services the ability to establish GRPC connections with servers running on guest clusters.
-
907: (1/1) console: CONSOLE-2894: Multi-cluster console (spadgett)
OpenShift console is currently a single-cluster console. Today, users who work in environments with multiple clusters must switch between consoles for each cluster. We want to make OpenShift console multi-cluster aware. Users should be able to visit one console running on the hub cluster and easily switch between spoke clusters in the fleet without leaving that console or logging in again.
Additionally, we want to integrate the OpenShift and ACM consoles so that they are a single console under a single URL. This hybrid console will have an "All clusters" perspective that contains the ACM multi-cluster views. Selecting a cluster from the cluster dropdown will drill down into the traditional OpenShift console views for that cluster.
-
908: (40/40) kube-apiserver: Improving Supportability of API Webhooks (sttts)
OpenShift supports the API extensions that upstream Kubernetes has built into the kube-apiserver. This especially involves webhooks for admission and for CRD conversion. This enhancement is about measures to increase supportability of clusters that use official Red Hat provided add-ons (like Istio, kubevirt or Open Policy Agent), but also 3rd-party add-ons (like Vault, or the community variants of previously mentioned software).
-
909: (4/4) baremetal: Include CoreOS ISO in the release payload (zaneb)
lgtmThe baremetal platform is switching from a QCOW2 format for its CoreOS image to an ISO. To ensure that existing disconnected clusters can update to this, the ISO image will be included in the release payload. This will be balanced out by removing the RHEL image currently shipped in the release payload. There are many other nice benefits, such that after future upgrades clusters will provision new machines with the latest CoreOS, without requiring an extra reboot.
- 897: (7/7) monitoring: enhancements: Update monitoring alerting consistency proposal (bison)
- 910: (1/1) update: enhancements/update/targeted-update-edge-blocking: Update after API landed (wking)
<PR ID>: (activity this week / total activity) summary
There were 27 Other Active pull requests:
- 890: (50/51) network: Introduce DPU OVNKube Operator (pliurh)
- 881: (38/42) cluster-logging: LOG-1514: LokiStack CR extension for the gateway configuration (sasagarw)
- 887: (33/35) ingress: NE-542 Expose router compression variables (candita)
- 738: (32/135) general: Installing OCP on ARM-Based Smart NICs (danwinship)
- 871: (20/92) baremetal: Enable Baremetal on other Platforms to support centralized host management (asalkeld)
- 875: (19/29) console: Console: expose network features (mariomac)
- 837: (11/111) insights: Conditional Data Gathering for Insights Operator (Sergey1011010)
- 841: (7/53) builds: Remove Jenkins from the OCP Payload (adambkaplan)
- 652: (7/15) node: Enable cgroup v2 support (harche)
- 736: (6/116) installer: Add enhancement - IBM Cloud provider for Power Virtual Server platform (jaypoulz)
- 687: (5/122) storage: Add AWS EFS CSI driver operator (jsafrane)
- 855: (4/79) ingress: ingress: Add bind-options enhancement (m-yosefpor)
- 870: (4/58) update: Versioning cincinnati api and json schema (PratikMahajan)
- 817: (3/196) network: Baremetal IPI Network Configuration for Day-1 (cybertron)
- 343: (3/46) authentication: cluster-wide oauth-proxy settings (deads2k)
- 201: (3/101) general: bootimages: Downloading and updating bootimages via release image (cgwalters)
- 722: (2/13) multi-arch: Add "Build OKD for ppc64le" proposal (mjturek)
- 725: (2/29) distributed-tracing: distributed tracing (sallyom)
- 654: (2/22) dns: ARO private DNS zone resource removal (jim-minter)
- 866: (2/231) general: Proposed OLM-based Monitoring Stack Solution for RH Managed Services and future needs. (bwplotka)
- 427: (1/55) update: enhancements/update/phased-rollouts: Propose a new enhancement (wking)
- 363: (1/202) cvo: Enhancement for adding upgrade preflight checks for operators (LalatenduMohanty)
- 876: (1/2) ingress: Add mutable-publishing-scope enhancement (Miciah)
- 341: (1/81) maintenance: Machine-maintenance operator proposal (dofinn)
- 292: (1/204) machine-api: Add Managing Control Plane machines proposal (enxebre)
- 773: (1/41) installer: Enhancement proposal for OpenShift IPI on IBM Cloud (jeffnowicki)
- 893: (4/6) ingress: [fix] Ingress custom http error pages (lgchiaretto)
<PR ID>: (activity this week / total activity) summary
There were 10 Other Closed pull requests:
- 461: (3/13) ingress: Add aws-elb-idle-timeout enhancement (Miciah)
- 730: (2/12) network: mtu: ability to change running cluster's mtu setting (msherif1234)
- 775: (6/16) network: Drop Node Hostname Resolution (cybertron)
- 784: (3/48) installer: Allow installer to include/exclude components based on user select install solution (bparees)
- 879: (2/54) baremetal: Add strategy for upgrading CoreOS-based deploy image (zaneb)
- 522: (2/44) olm: Update OLM managed operator metrics enhancement (awgreene)
- 742: (4/98) cluster-scope-secret-volumes: Update projected resource CSI driver proposal (adambkaplan)
- 774: (2/10) network: Remove OpenShift-SDN requirement for Bare Metal Load Balancer (markdgray)
- 779: (2/5) general: Update High Availability Conventions (ravisantoshgudimetla)
- 904: (4/4) general: dummy PR to test label permissions (dhellmann)
<PR ID>: (activity this week / total activity) summary
There were 2 Revived (closed more than 14 days ago, but with new comments) pull requests:
Revived (closed more than 14 days ago, but with new comments) Pull Requests Modifying Existing Documents
- 780: (0/44) cluster-logging: Simplify and clarify JSON forwarding proposal, better examples. (alanconway)
- 842: (0/9) cluster-logging: Restore tenant configuration for Loki forwarder. (alanconway)
<PR ID>: (activity this week / total activity) summary
There were 8 Idle (no comments for at least 14 days) pull requests:
- 371: (0/29) ingress: Add forwarded-header-policy enhancement (Miciah)
- 745: (0/118) security: Security Profiles Operator integration in OpenShift (JAORMX)
- 791: (0/68) baremetal: Support RAID and BIOS configuration for baremetal IPI deployments (hs0210)
- 811: (0/61) network: Enhancement proposal for OVN secondary networks (maiqueb)
- 850: (0/53) network: Enable flows collection (mariomac)
- 862: (0/102) machine-api: Add Machine Deletion Hooks Proposal (JoelSpeed)
- 864: (0/3) api-review: [OCPNODE-555] Add SignedRegistries to Image CR (QiWang19)
- 883: (0/2) etcd: add general details for automated upgrade backup controller (hexfusion)
<PR ID>: (activity this week / total activity) summary
There were 19 Other lifecycle/stale or lifecycle/rotten pull requests:
- 137: (1/305) general: CLI in-cluster management (sallyom)
- 567: (1/111) machine-api: Added proposal for remediation history (slintes)
- 571: (7/245) network: Cloud API component for egress IP (alexanderConstantinescu)
- 660: (1/22) cluster-logging: Flow control API enhancements, first draft. (alanconway)
- 732: (1/148) network: Add Smart NIC OVN offload enhancement (zshi-redhat)
- 747: (1/61) network: Enable Kubernetes NMstate by default for selected platforms (yboaron)
- 753: (1/137) workload-partitioning: add plan for configuration and enablement ownership (dhellmann)
- 771: (1/17) update: add eus MCO enhancement (rphillips)
- 781: (1/68) installer: CORS-1650: RHEL 8 Server Worker/Infra Node Support (mtnbikenc)
- 787: (1/10) update: Add no drain upgrade filter (michaelgugino)
- 802: (1/38) workload-partitioning: WIP Workload partitioning API enhancement (MarSik)
- 804: (1/29) workload-partitioning: PAO render initial draft (MarSik)
- 812: (1/46) node: Add proposal about Node Operator (saschagrunert)
- 831: (1/98) single-node: aos-sno-pair enhancement (mshitrit)
- 834: (1/83) machine-api: Propose new controller for pausing MHC during cluster upgrades (slintes)
- 836: (1/17) etcd: ETCD-58: Add enhancement for automated defragmentation (hexfusion)
- 843: (1/103) general: Node Healthcheck Operator (rgolangh)