Updates since 2022-01-21
<PR ID>: (activity this week / total activity) summary
There were 4 Merged pull requests:
-
977: (8/48) worker-latency-profile: Add WorkerLatencyProfile enhancement (harche)
To make sure the Openshift cluster keeps running optimally where network latency between the control plane and the worker nodes may not always be at its best (e.g. Edge cases), we can tweak the frequency of the status updates done by the
Kubeletand the corresponding reaction times of theKube Controller ManagerandKube API Server.
- 978: (7/54) general: CONVENTIONS: additional HA considerations regarding storage (jan--f)
- 985: (4/6) dev-guide: Host port registry: Add host port for SDN controller metrics (martinkennelly)
- 1016: (7/7) windows-containers: WINC-505: WMCO cli option update (selansen)
<PR ID>: (activity this week / total activity) summary
There were 5 New pull requests:
-
1019: (3/3) node-tuning: Enhancement for improving image pull via shortname security (umohnani8)
Pulling images via shortnames is not very secure. There is a possibility of spoofing where the image is pulled from as it goes through the list of
unqualified-search-registrieschecking for a match and pulls the image from the first location it is found in. With this method there is no guarantee that the image is actually being pulled from the correct source.We have made this more secure by adding support for an alias table that has a list of shortname images pointing to their fully qualified image name. This alias table is checked for a match whenever a pull via shortname is attempted, which guarantees that the image will only be pulled from the location specified in the alias table.
-
1020: (14/14) ingress: Add enhancement for AWS Load Balancer operator (arjunrn)
Users would like to use Application Load Balancers(ALBs) for their Ingress resources so that they can use Amazon Certificate Manager(ACM) to manage certificates for the Ingress domains and also attach Web Application Firewalls to the ALB for security and traffic shaping. The Openshift router uses an NLB which passes through all traffic to the router. TLS termination is done on the router. A WAF cannot be attached to the NLB and the router cannot be configured to perform TLS termination at the NLB.
-
1021: (9/9) machine-api: [OCPCLOUD-1377] Add "Azure Ultra Disks support in Machine API" enhancement (damdo)
Enable OCP users to leverage Azure Ultra Disks on Machine API provisioned hosts on Azure via Data Disks or to attach them to Machines via Persistent Volumes (PVs).
- 1017: (14/14) helm3: helm: fix example in the documentation (zonggen)
- 1018: (33/33) windows-containers: Add Windows Health Management containerd context (saifshaikh48)
<PR ID>: (activity this week / total activity) summary
There were 17 Active pull requests:
- 1014: (50/64) multi-arch: Heterogeneous architecture clusters (Prashanth684)
- 996: (41/140) single-node: Enhancement for enabling single-node-openshift with workers (omertuc)
- 1009: (32/33) general: OpenStack Cloud Provider Config Upgrade (stephenfin)
- 987: (29/66) dns: Add the DNS-over-TLS enhancement initial draft (brandisher)
- 1008: (23/98) machine-api: [OCPCLOUD-1248] Add initial iteration of ControlPlaneSet operator enhancement (JoelSpeed)
- 943: (17/106) etcd: [OCPCLOUD-1244] Add proposal for etcd protection mechanism during control plane scaling (JoelSpeed)
- 918: (13/92) installer: vsphere: add multiple datacenter and clusters (jcpowermac)
- 1005: (9/54) update: Synchronized upgrades in DPU clusters (danwinship)
- 931: (8/74) dns: NE-367: Add logLevel and operatorLogLevel APIs for DNS (miheer)
- 929: (4/226) api-review: [OCPNODE-747] New CRD ImageDigestMirrorSet and ImageTagMirrorSet to support AllowMirrByTags (QiWang19)
- 981: (4/132) general: Added proposal for HyperShift monitoring. (bwplotka)
- 937: (3/131) monitoring: support configuration of alerting notifications by application owners (simonpasquier)
- 952: (3/27) ingress: NE-585 Expose HealthCheck Interval (candita)
- 1010: (2/4) authentication: add enhancement on PSa autolabeling (stlaz)
- 992: (1/16) authentication: auth: add enhancement for direct kube-apiserver oidc config (stlaz)
- 924: (1/215) oc: CLI Manager (deejross)
- 1000: (30/107) api-review: Update enhancement proposal to support update of user-defined AWS tags (TrilokGeer)
<PR ID>: (activity this week / total activity) summary
There were 2 Closed pull requests:
- 243: (2/184) general: Enable ProjectRequestLimit on OpenShift 4.x (tkashem)
- 919: (2/28) cluster-logging: Multi-Container-Structured-Logging (alanconway)
<PR ID>: (activity this week / total activity) summary
There were 13 Idle (no comments for at least 7 days) pull requests:
- 745: (0/131) security: Security Profiles Operator integration in OpenShift (JAORMX)
- 811: (0/69) network: Enhancement proposal for OVN secondary networks (maiqueb)
- 812: (0/56) node: Add proposal about Node Operator (saschagrunert)
- 955: (0/118) authentication: Enhancement for OAuth2 Authorization Grant Login for oc (arjunrn)
- 958: (0/104) monitoring: enhancements/monitoring: User-defined alerting rules proposal (bison)
- 980: (0/71) authentication: enhancements/authentication: detect invalid certificates (s-urbaniak)
- 986: (0/4) windows-containers: WIP WINC-712: Windows CSI Storage Enablement (alinaryan)
- 994: (0/5) authentication: auth: add enhancement about pinning SCCs to pods (stlaz)
- 995: (0/112) machine-api: Add enhancement for AWS Placement Groups in Machine API (JoelSpeed)
- 1002: (0/55) ingress: CFE-10: Add host-network-bind-options (Elbehery)
- 1006: (0/3) storage: WIP - CSI Inline Ephemeral Volume Security (adambkaplan)
- 1013: (0/4) cluster-logging: LOG-1043 Flow control API enhancements. (alanconway)
- 1003: (0/2) authentication: add log level, stage and request uri mask (ibihim)
<PR ID>: (activity this week / total activity) summary
There was 1 With lifecycle/stale or lifecycle/rotten pull request:
- 201: (6/117) general: bootimages: Downloading and updating bootimages via release image (cgwalters)