Updates since 2022-10-28
<PR ID>: (activity this week / total activity) summary
There were 2 Merged pull requests:
-
1158: (3/362) general: Stateless Ingress node firewall support using eBPF proposal (msherif1234) (SDN-2781)
OCP customers would like to secure OCP's nodes from external attacks by configuring ingress firewall policies. eBPF provides a very flexible filtering mechanism to allow early detection and filtering. eXpress Data Path (XDP) is a feature in the Linux kernel which allows users to execute a user-supplied eBPF program when a packet is received on a network interface (NIC). This program is executed in the NIC’s device driver, right after the interrupt processing and before the network stack. The goal of XDP is to offer comparable performance to kernel bypass solutions while working with the existing kernel networking stack. A new cluster-scoped object
IngressNodeFirewallwill be used to configure node ingress firewall match rules and per rule statistics will be available. Admin can provision multiple instances of this object while ensuring certain execution order. For the best performance XDP programs need to attach to interfaces using the following models:- Native XDP
The XDP program is loaded by the network card driver as part of its initial receive path. This also requires support from the network card driver. - Offloaded XDP
The XDP program loads directly on the NIC, and executes without using the CPU. This also requires support from the network interface device. For NICs drivers that doesn't support native XDP performance will degrade while still be better that using linux iptables tools.
- Native XDP
- 1222: (4/15) dev-guide: Updates to workloads vs configuration API documentation (JoelSpeed)
<PR ID>: (activity this week / total activity) summary
There were 3 New pull requests:
-
1275: (8/8) microshift: Update CSI user config workflow (copejon) (USHIFT-41)
This enhancement proposes the adoption of a default Container Storage Interface(CSI) Pluginfor Microshift. For more details on MicroShift, see the respective proposal. Kubernetes' CSI implementation provides a standardized model for exposing block and file storage systems to container workloads.
-
1276: (2/2) installer: Add support for custom DNS on AWS (sadasu)
This enhancement adds the ability to use a pre-configured custom DNS solution for API Server and Ingress resolution on the AWS platform during OpenShift IPI installation on that platform.
-
1277: (12/12) installer: vSphere: zonal with external lb (jcpowermac) (OCPPLAN-9652)
The goal of this enhancement is to provide the ability to install vSphere IPI zonal on separate L2 segments without the static pods (keepalived, haproxy, coredns). As of this writing the only way to accomplish this is to allow an external load balancer.
<PR ID>: (activity this week / total activity) summary
There were 10 Active pull requests:
- 1213: (88/216) workload-partitioning: feat: add wide cluster configuration for workload partitioning (eggfoobar) (CNF-5562)
- 1267: (56/90) network: vSphere IPI Support for Static IPs (rvanderp3) (OCPPLAN-9654)
- 1260: (24/31) installer: installer-aws: Cluster deployment on AWS Outpost (pkliczewski) (OCPPLAN-9617) (ECOPROJECT-866)
- 1234: (13/316) cloud-integration: New "External" PlatformType addition proposal (lobziik) (OCPPLAN-9429) (OCPPLAN-8156)
- 1242: (4/108) microshift: WIP - Adding MicroShift etcd enhancement (dusk125) (ETCD-318)
- 1217: (4/30) api-review: Apply user defined labels to all GCP resources created by OpenShift (bharath-b-rh) (OCPPLAN-8155) (CORS-2249)
- 1191: (4/151) api-review: Apply user defined tags to all Azure resources created by OpenShift (bharath-b-rh) (OCPPLAN-8155) (CORS-2249)
- 1064: (2/99) network: Add enhancement proposal for SDN live migration (pliurh) (SDN-2612)
- 1204: (1/14) hypershift: Enhancement proposal for HyperShift on P/Z/A (jaypoulz)
- 1273: (1/9) machine-api: preCreate machine controller lifecycle hook (rvanderp3)
<PR ID>: (activity this week / total activity) summary
There was 1 Closed pull request:
- 1212: (1/62) hypershift: Enhancment to support HostedClusterInfrastructure CRD (jnpacker) (ACM-1554)
<PR ID>: (activity this week / total activity) summary
There were 2 Revived (closed more than 7 days ago, but with new comments) pull requests:
Revived (closed more than 7 days ago, but with new comments) Pull Requests Modifying Existing Documents
- 1266: (0/5) dev-guide: dev-guide/cluster-version-operator/dev/clusteroperator: Doc happy-condition reason/message (wking)
- 1269: (0/4) dev-guide: dev-guide/cluster-version-operator/OWNERS: Add Petr (wking)
<PR ID>: (activity this week / total activity) summary
There were 8 Idle (no comments for at least 7 days) pull requests:
- 1167: (0/140) installer: openstack: add the notion of Failure Domains in the installer (EmilienM) (OSASINFRA-2908)
- 1232: (0/133) installer: installer-aws: create edge compute pool for AWS Local Zones (mtulio) (RFE-2782)
- 1244: (0/7) hypershift: CNF-6291: Enable Performance tuning for Hypershift nodes (jlojosnegros) (PSAP-742)
- 1253: (0/13) general: Netobserv: update for GA (jotak)
- 1257: (0/2) general: Priority Classes enhancement preliminary doc (WIP) (a-dsouza) (1041)
- 1245: (0/10) dev-guide: hostport registry: add NodeObservability hostnetwork ports (alebedev87)
- 1259: (0/2) microshift: update set of included APIs (dhellmann) (OCPPLAN-9080) (USHIFT-50)
- 1263: (0/3) dev-guide: Host port registry: ingress node firewall (martinkennelly)
<PR ID>: (activity this week / total activity) summary
There were 5 With lifecycle/stale or lifecycle/rotten pull requests:
- 745: (1/156) security: Security Profiles Operator integration in OpenShift (JAORMX)
- 1106: (1/55) storage: OpenStack Cinder CSI Driver Operator Configurability (stephenfin) (OSASINFRA-2857)
- 1189: (1/96) installer: Installer: check operators for stability (patrickdillon)
- 1229: (2/6) hypershift: PSAP-742: Enable node tuning of HyperShift hosted nodes via NTO (dagrayvid) (PSAP-742)
- 1247: (1/4) ingress: Update configurable DNS loadbalancer implementation (thejasn) (CFEPLAN-58)