Skip to content

Latest commit

 

History

History
287 lines (222 loc) · 21.6 KB

2021-03-19.md

File metadata and controls

287 lines (222 loc) · 21.6 KB
Raw

This Week in Enhancements - 2021-03-19

Over the past couple of weeks we have been working to expand the documentation of our conventions, found in https://github.com/openshift/enhancements/blob/master/CONVENTIONS.md and in the course of those coversations a few people have mentioned that they weren't aware that document existed. It does! And it includes some good information about the way we try to build components consistently to provide the best experience for our users. Take a look, and help document our collective knowledge by proposing changes to add details that may be missing.

Enhancements for Release Priorities

Prioritized Active Enhancements

<PR ID>: (activity this week / total activity) summary

There were 2 Prioritized Active pull requests:

  • 628: (13/141) general: automated resource request scaling (dhellmann)

    This enhancement describes an approach to allow us to scale the resource requests for the control plane services to reduce consumption for constrained environments. This will be especially useful for single-node production deployments, where the user wants to reserve most of the CPU resources for their own workloads and needs to configure OpenShift to run on a fixed number of CPUs within the host.

    One example of this use case is seen in telecommunication service providers implementation of a Radio Access Network (RAN). This use case is discussed in more detail below.

  • 636: (4/57) kube-apiserver: API Removal Notifications (sanchezl)

    Notify customers that an API that will be removed in the next release is in use.

Other Enhancements

Other Merged Enhancements

<PR ID>: (activity this week / total activity) summary

There were 3 Other Merged pull requests:

  • 656: (4/64) console: CONSOLE-2355: Update Quick Start proposal with i18n (rebeccaalpert)

    OpenShift's Serverless team has proposed an idea to create a "Quick Starts" mechanism which introduces users to various ways of interacting with serverless in the Console. Quick Starts should be a mechanism we can use to vastly improve our customer's initial user experience on a empty cluster or with all various workflows:

    The goal of this proposal is to define a lightweight mechanism for OpenShift's Console component, to guide users thought various workflows, and help them understand the steps neccesary to get the desired outcome.

  • 696: (3/3) ingress: Ingress: Add details to tunable router buffer sizes EP (sgreene570)

    This enhancement extends the IngressController API to allow the user to configure the size of the in-memory header buffers for an IngressController. By default, these values are set at fixed values to limit memory use for typical IngressController usage.

Other Merged Updates

  • 698: (2/2) oc: update bump-oc doc (sallyom)

Other New Enhancements

<PR ID>: (activity this week / total activity) summary

There were 7 Other New pull requests:

  • 693: (26/26) general: CONVENTIONS: Add section on limits (smarterclayton)

    Some scenarios have been described where a limit is appropriate. Add additional guidance.

  • 694: (1/1) network: Amend egress router CNI controller (danielmellado)

    Egress traffic is traffic going from OpenShift pods to external systems, outside of OpenShift. There are a few options for enabling egress traffic, such as allow access to external systems from OpenShift physical node IPs, use EgressFirewall, EgressIPs or in our case, EgressRouter.

    In enterprise environments, egress routers are often preferred. They allow granular access from a specific pod, group of pods, or project to an external system or service. Access via node IP means all pods running on a given node can access external systems.

    An egress router is a pod that has two interfaces, (eth0) and (e.g. macvlan0). eth0 is on the cluster network in OpenShift (internal) and macvlan0 has an IP and gateway from the external physical network.

    Pods can access the egress router service thus enabling them to access external services. The egress router acts as a bridge between pods and an external system.

    Traffic going out the egress router goes via node, but it will have the MAC address of the macvlan0 interface inside the egress router.

    In openshift-sdn, the egress router was implemented by adding an annotation to allow a pod to request a macvlan interface. In order to avoid repeating this behavior in ovn-kubernetes, we'd be requesting such interface using multus to ensure feature-parity with openshift-sdn.

  • 695: (25/25) cluster-version-operator: move CVO upgrades doc to enhancements (deads2k)

    Moves https://github.com/openshift/cluster-version-operator/blob/master/docs/dev/upgrades.md into enhancements. This doc covers integration with other components, what those components need to do to participate, what impact they have on each other, and how a cluster upgrades.

  • 697: (12/12) ingress: Add transition-ingress-from-beta-to-stable enhancement (Miciah)

    This enhancement updates the ingress-to-route controller to use the stable networking.k8s.io/v1 version of the Ingress API. Although the API server already supports the v1 API version without this enhancement, the ingress-to-route controller requires changes to transition from using the v1beta1 client to using the v1 client and to support new v1 features. These new features include the spec.pathType and spec.ingressClassType fields as well as the associated IngressClass API. This enhancement does not extend the Route API to accommodate new features in the Ingress API; these are only supported to the extent that they are compatible with the Route API.

  • 699: (5/5) cluster-logging: Updated for schema->index change (alanconway)

    This enhancement will allow structured JSON log entries to be forwarded as JSON objects in JSON output records.

    This proposal describes

    • extensions to the logging [data model][data_model] - structured field.
    • extensions to the ClusterLogForwarder API to configure JSON parsing and forwarding.
    • extensions to the ClusterLogForwarder API to select an index.
    • indexing structured records in current and future Elasticsearch stores.
    • replacing the [defunct MERGE_JSON_LOG][defunct_merge] feature.

  • 700: (2/2) storage: Add initial OEP for lso cleanup (gnufied)

    This enhancement proposes a mechanism that will allow PVs provisioned by local-storage-operator(LSO) to be deleted and corresponding symlinks to be removed from the node when LocalVolume or LocalVolumeSet objects are deleted.

  • 701: (2/2) monitoring: metrics scraping with local authentication and authorization (deads2k)

    Monitoring needs to be reliable and is the very useful when trying to debug clusters in an already degraded state. We want to ensure that metrics scraping can always work if the scraper can reach the target, even if the kube-apiserver is unavailable or unreachable. To do this, we will combine a local authorizer (already merged in many binaries and the rbac-proxy) and client-cert based authentication to have a fully local authentication and authorization path for scraper targets.

Other Active Enhancements

<PR ID>: (activity this week / total activity) summary

There were 27 Other Active pull requests:

  • 687: (68/68) storage: Add AWS EFS CSI driver operator (jsafrane)
  • 688: (36/49) monitoring: enhancements/monitoring: Describe single replica topology mode (simonpasquier)
  • 574: (35/522) installer: First iteration of running the Assisted Installer in end-user clusters. (mhrivnak)
  • 661: (23/104) operator-framework-api: New OpenshiftCatalogueValidator in operator-framework/api (camilamacedo86)
  • 668: (19/61) console: Add Customize Project Access Roles proposal (jerolimov)
  • 635: (14/25) manifestlist: IR-57: API changes for manifest list support (ricardomaraschini)
  • 679: (12/66) general: coreos-bootimage-streams: Standardized CoreOS bootimage metadata (cgwalters)
  • 682: (11/31) alerting: alerting as a feature (dofinn)
  • 677: (9/116) sandboxed-containers: kata containers enhancement proposal (fidencio)
  • 590: (9/14) authentication: add 'Allowing URI Scheme in OIDC sub claims' (stlaz)
  • 683: (8/11) insights: Insights Operator pulling and exposing data from the OCM API (tremes)
  • 686: (8/23) ingress: NE-310 Global options to enable HSTS (candita)
  • 673: (6/30) machine-api: short-circuiting-backoff (mshitrit)
  • 522: (5/27) olm: Update OLM managed operator metrics enhancement (awgreene)
  • 689: (4/16) installer: Add Enhancement for Installing to Azure Stack Hub (patrickdillon)
  • 567: (2/106) machine-api: Added proposal for remediation history (slintes)
  • 549: (2/128) storage: Add proposal for CSI migration (bertinatto)
  • 626: (2/35) machine-config: enhancements/machine-config: securing MCS (crawford)
  • 674: (2/82) authentication: Service CA Certificate Generation for StatefulSet Pods, first version (mtrmac)
  • 571: (2/231) network: Cloud API component for egress IP (alexanderConstantinescu)
  • 691: (1/2) installer: OpenStack root volume AZs (Fedosin)
  • 564: (1/18) cluster-logging: Allowing users to specify a delete policy based on amount of storage used within the ES cluster (ewolinetz)
  • 613: (1/3) network: NetworkPolicies for System Namespaces (danwinship)
  • 527: (1/74) installer: enhancement/installer: check OpenStack versions (EmilienM)
  • 669: (1/2) console: Add Customize Add Page proposal (jerolimov)
  • 480: (1/86) etcd: enhancements/etcd: support assisted install (hexfusion)
  • 415: (1/11) etcd: add backup config controller (hexfusion)

Other Closed Enhancements

<PR ID>: (activity this week / total activity) summary

There were 2 Other Closed pull requests:

  • 465: (2/45) insights: Insights operator up to date gathering (martinkunc)
  • 497: (2/13) cloud-integration: Initial draft of Cloud Credentials Rotation. (dgoodwin)

Revived (closed more than 7 days ago, but with new comments) Enhancements

<PR ID>: (activity this week / total activity) summary

There was 1 Revived (closed more than 7 days ago, but with new comments) pull request:

  • 430: (0/69) network: Proposal for networkpolicy for multus interface (i.e. net-attach-def) (s1061123)

Old (labeled as stale, but discussion in last 7 days) Enhancements

<PR ID>: (activity this week / total activity) summary

There were 2 Old (labeled as stale, but discussion in last 7 days) pull requests:

  • 477: (1/42) update: enhancements/update/manifest-install-levels: Propose a new enhancement (wking)
  • 554: (1/8) general: conventions: Clarify when workload disruption is allowed (smarterclayton)

Other lifecycle/stale Enhancements

<PR ID>: (activity this week / total activity) summary

There were 7 Other lifecycle/stale pull requests:

  • 201: (0/81) general: bootimages: Downloading and updating bootimages via release image (cgwalters)
  • 265: (0/138) general: Signal cluster deletion (abutcher)
  • 417: (0/115) installer: Add enhancement: IPI kubevirt provider (ravidbro)
  • 443: (0/95) machine-config: Support a provisioning token for the Machine Config Server (cgwalters)
  • 462: (0/35) ingress: Add client-tls enhancement (Miciah)
  • 525: (0/6) machine-config: Add FCCT support in MC proposal (LorbusChris)
  • 551: (0/32) machine-api: Propose to backport the "external remediation template" feature (slintes)

Idle (no comments for at least 7 days) Enhancements

<PR ID>: (activity this week / total activity) summary

There were 55 Idle (no comments for at least 7 days) pull requests:

  • 124: (0/75) update: enhancements/update/automatic-updates: Propose a new enhancement (wking)
  • 137: (0/286) general: CLI in-cluster management (sallyom)
  • 146: (0/213) installer: openstack: Add Baremetal Compute Nodes RFE (pierreprinetti)
  • 174: (0/58) builds: first draft of configmap/secret injection via volumes enhancement (bparees)
  • 255: (0/108) monitoring: add restart metrics enhancement (rphillips)
  • 292: (0/203) machine-api: Add Managing Control Plane machines proposal (enxebre)
  • 296: (0/181) network: Add ovs-hardware-offload enhancement (zshi-redhat)
  • 302: (0/27) kube-apiserver: [thought-experiment] single-node cluster static pod creation (deads2k)
  • 341: (0/80) maintenance: Machine-maintenance operator proposal (dofinn)
  • 343: (0/43) authentication: cluster-wide oauth-proxy settings (deads2k)
  • 346: (0/83) installer: Installer pre-flight validations (mandre)
  • 357: (0/222) accelerators: Supporting out-of-tree drivers on OpenShift (zvonkok)
  • 361: (0/109) baremetal: Minimise Baremetal footprint, live-iso bootstrap (hardys)
  • 363: (0/201) cvo: Enhancement for adding upgrade preflight checks for operators (LalatenduMohanty)
  • 371: (0/15) ingress: Add forwarded-header-policy enhancement (Miciah)
  • 400: (0/18) general: OpenStack AZ Support (iamemilio)
  • 403: (0/16) authentication: webhook authentication: kubeconfig auth specification, 0-ttl cache (stlaz)
  • 406: (0/16) kube-apiserver: Add preliminary data section to network check enhancement. (sanchezl)
  • 411: (0/62) installer: run the Assisted Installer on-premise as opposed to utilizing a cloud service (mhrivnak)
  • 426: (0/124) general: enhancements/update/targeted-update-edge-blocking: Propose a new enhancement (wking)
  • 427: (0/54) update: enhancements/update/phased-rollouts: Propose a new enhancement (wking)
  • 463: (0/574) machine-api: Describing steps to support out-of-tree providers (Danil-Grigorev)
  • 468: (0/48) machine-api: Add dedicated instances proposal (alexander-demichev)
  • 486: (0/71) local-storage: Adds proposal for auto partitioning in LSO (rohan47)
  • 492: (0/45) rhcos: add rhcos-inject enhancement (crawford)
  • 520: (0/13) network: Static IP Addresses from DHCP (cybertron)
  • 531: (0/15) update: enhancements/update/channel-metadata: Distribute channel description strings (wking)
  • 538: (0/14) machine-api: update machine-api-usage-telemetry (elmiko)
  • 547: (0/36) baremetal: Propose BMC-less remediation enhancement (AKA poison pill) (n1r1)
  • 562: (0/149) security: Enhancing SCC to Gate Runtime Classes (haircommander)
  • 566: (0/44) general: Separating provider-specific code in the installer (janoszen)
  • 575: (0/74) installer: Installer Enhacement Proposal: Manifests from STDIN (oglok)
  • 593: (0/131) general: Add proposal for hiding container mountpoints from systemd (lack)
  • 603: (0/53) network: Initial proposal of allow mtu and overlay port changes (juanluisvaladas)
  • 617: (0/123) network: [SDN-1364] Add Network Policy audit logging Enhancement (astoycos)
  • 618: (0/14) network: Add more details about host port ownership (danwinship)
  • 623: (0/1) storage: Confirm Azure Disk names (huffmanca)
  • 624: (0/19) update: Add: upgrade-blocker-operator (michaelgugino)
  • 637: (0/252) monitoring: Add: Alerting Standards (michaelgugino)
  • 642: (0/48) kubelet: Dynamic node sizing (harche)
  • 643: (0/64) update: Add Reduced Reboots enhancement (sdodson)
  • 647: (0/47) windows-containers: WINC-544: Enhancement proposal for monitoring Windows Nodes (VaishnaviHire)
  • 650: (0/39) scheduling: Add ClusterOperator Scheduling (michaelgugino)
  • 652: (0/1) node: Enable cgroup v2 support (harche)
  • 654: (0/10) dns: ARO private DNS zone resource removal (jim-minter)
  • 657: (0/17) dns: Add managementState field to the DNS operator (rfredette)
  • 660: (0/11) cluster-logging: Flow control API enhancements, first draft. (alanconway)
  • 663: (0/11) dns: Add configurable-dns-pod-placement enhancement (Miciah)
  • 664: (0/13) ingress: Add proxy-protocol enhancement (Miciah)
  • 665: (0/8) ingress: Add power-of-two-random-choices enhancement (Miciah)
  • 666: (0/16) kube-apiserver: adding new userequest audit policy (EmilyM1)
  • 675: (0/2) operator-sdk: enhancements: Fix various links in the downstream operator-sdk proposal (timflannagan)
  • 676: (0/1) kube-apiserver: api compatibility (sanchezl)
  • 680: (0/41) ingress: Ability to Customize HAProxy 2.x Error Page (miheer)
  • 690: (0/3) api-review: Add mirror-by-digest-only to ImageContentSourcePolicy (QiWang19)