Skip to content

Latest commit

 

History

History
169 lines (118 loc) · 12.4 KB

2022-12-08.md

File metadata and controls

169 lines (118 loc) · 12.4 KB
Raw

This Week in Enhancements - 2022-12-08

Updates since 2022-11-18

Enhancements

Merged Changes

<PR ID>: (activity this week / total activity) summary

There were 4 Merged pull requests:

  • 1229: (6/13) hypershift: PSAP-742: Enable node tuning of HyperShift hosted nodes via NTO (dagrayvid) (PSAP-742)

    This enhancement describes how the Node Tuning Operator (NTO) will run in HyperShift’s managed control plane to manage tuning of hosted cluster nodes via the containerized TuneD daemon. The required changes can be summarized into the following three phases.

    Phase 1: Enable NTO to be used for setting sysctls via TuneD and managing default tunings applied to hosted cluster nodes:

    • HyperShift repo:
      • Enable deploying NTO in the control plane namespace via the control-plane-operator. NTO will have two kubeconfigs for accessing the hosted and management clusters.
      • Add spec.tuningConfig field to the NodePool API. Similarly to the spec.config field, it will be a list of references to ConfigMaps in which Tuned manifests are stored.
      • Reconcile spec.tuningConfig in the NodePool controller. Embed the Tuned configuration into a ConfigMap per NodePool in the control plane namespace.
    • Node Tuning Operator repo:
      • NTO needs to support the option of having two kubeconfigs
      • NTO needs to know whether it is running in HyperShift (based on env variable)
      • When running in HyperShift, NTO needs to get Tuneds from the ConfigMap(s) in the hosted control-plane namespace and create the Tuned objects in the hosted cluster (reconciling the Tuneds in the Hosted Cluster to always match those in the ConfigMap(s))
      • NTO needs to create the operand (containerized TuneD daemon) and Profile objects in the Hosted Cluster.

    Phase 2: Enable NTO to be used for setting kernel boot arguments calculated by TuneD on hosted cluster nodes

    • HyperShift repo:
      • Watch and reconcile NTO-generated (by the operator) ConfigMaps containing MachineConfigs for setting kernel parameters.
    • Node Tuning Operator repo:
      • Change NTO to embed generated MachineConfigs for setting kernel parameters into ConfigMaps with a specific label that will get picked up by the NodePool controller.
      • Change NTO to label these ConfigMaps by NodePool.

    Phase 3 (4.13+): Enable Performance Addon Operator / PerformanceProfile controller functionality. In OCP 4.11 the Performance Addon Operator -- which is owned by the CNF team -- has been merged into the Node Tuning Operator, as a separate controller running under the same binary.

Merged Pull Requests Modifying Existing Documents

  • 1263: (8/10) dev-guide: Host port registry: ingress node firewall (martinkennelly)
  • 1292: (4/4) housekeeping: Add Oleg Bulatov as Image Registry Team Lead (dmage)
  • 1293: (4/4) general: Add enhancement-tool to .gitignore (EmilienM)

New Changes

<PR ID>: (activity this week / total activity) summary

There were 8 New pull requests:

  • 1291: (31/31) testing: Initial take for improved platform tests (soltysh)

    do-not-merge/work-in-progress

    /assign @deads2k

  • 1295: (21/21) machine-config: Additional trusted certificate authorities for image registries (dmage) (IR-230)

    This enhancement describes how certificate authorities for image registries should be distributed to CRI-O, openshift-apiserver, and other clients when the image registry operator is not installed.

  • 1296: (29/29) ingress: Enhancement Proposal for Adding HTTP header to HAProxy Without Customizing haproxy.config Template (miheer) (NE-982)

    do-not-merge/work-in-progress

    This enhancement extends the IngressController logging API and router API to allow the user to set capture of HTTP headers in the haproxy.config file. Using the new API, users may specify a list of HTTP headers either via IngressController API or Route API that should be set in the haproxy.config file.

  • 1297: (5/5) general: SDN-3613: Ingress node firewall flood attack enhancement (msherif1234) (SDN-3408)

    do-not-merge/hold

    OCP customers would like to secure OCP's nodes from external Flood attacks are also known as Denial of Service (DoS) attacks. In a flood attack, attackers send a very high volume of traffic to a system so that it cannot examine and allow permitted network traffic. For example, an ICMP flood attack occurs when a system receives too many ICMP ping commands and must use all its resources to send reply commands.

    Ingress Node Firewall will protect against these types of flood attacks

    • ICMP/ICMPv6
    • SYN
    • UDP

  • 1298: (3/3) monitoring: Scrape Profiles (JoaoBraveCoding)

    do-not-merge/work-in-progress

    The core OpenShift components ship a large number of metrics. A 4.12-nightly cluster on AWS currently produces around 350K series by default, and enabling additional add-ons increases that number. Users have repeatedly asked for a supported method of making Prometheus consume less memory, either by increasing the scraping timeout (which is a direction we would not like to follow) or by scraping fewer targets -- for example modifying the ServiceMonitors to drop metrics undesired to users.

    These modifications are currently not possible, because the service monitors deployed to OCP are managed by operators and cannot be modified. This proposal outlines a solution for allowing users to set a level of scraping aligned with their needs.

New Pull Requests Modifying Existing Documents

  • 1289: (6/6) hypershift: HyperShift Metrics documentation (cappetersson) (OCPPLAN-5771)
  • 1290: (14/14) guidelines: guidelines/enhancement_template: Explain that downgrade support is not required (wking)
  • 1294: (4/4) oc: image version format should be semver (sanchezl)

Active Changes

<PR ID>: (activity this week / total activity) summary

There were 14 Active pull requests:

  • 1281: (214/245) network: BGP support for control plane APIs (EmilienM) (OSASINFRA-2999)
  • 1279: (78/133) insights: on demand Insights data gathering (tremes) (CCXDEV-8854) (CCX-195)
  • 1285: (61/70) console: Enhancement doc to customize default pre-pinned resources on navigation (debsmita1) (ODC-5012)
  • 1267: (26/143) network: vSphere IPI Support for Static IPs (rvanderp3) (OCPPLAN-9654)
  • 1191: (21/171) api-review: Apply user defined tags to all Azure resources created by OpenShift (bharath-b-rh) (OCPPLAN-8155) (CORS-2249)
  • 1242: (18/126) microshift: ETCD-318: Adding MicroShift etcd enhancement (dusk125) (ETCD-318)
  • 1163: (12/66) installer: Installer: user-encrypted storage keys enhancement (patrickdillon)
  • 1276: (11/130) installer: Add support for custom DNS on AWS (sadasu) (CORS-1874)
  • 1217: (11/42) api-review: Apply user defined labels to all GCP resources created by OpenShift (bharath-b-rh) (OCPPLAN-8155) (CORS-2249)
  • 1244: (10/18) hypershift: CNF-6291: Enable Performance tuning for Hypershift nodes (jlojosnegros) (PSAP-742)
  • 1257: (7/11) general: Priority Classes enhancement preliminary doc (WIP) (a-dsouza) (1041)
  • 1280: (5/8) monitoring: Proposal for an operator health metric (sradco)

Active Pull Requests Modifying Existing Documents

  • 1287: (4/13) dev-guide: dev-guide/api-conventions: Explain preference for single canonical phrasing (wking)
  • 1273: (3/10) 088 enhancements: preProvision machine controller lifecycle hook (rvanderp3)

Closed Changes

<PR ID>: (activity this week / total activity) summary

There were 4 Closed pull requests:

  • 745: (2/159) security: Security Profiles Operator integration in OpenShift (JAORMX)
  • 1167: (3/144) installer: openstack: add the notion of Failure Domains in the installer (EmilienM) (OSASINFRA-2908)
  • 1253: (2/17) general: Netobserv: update for GA (jotak)
  • 1277: (2/29) installer: vSphere: zonal with external lb (jcpowermac) (OCPPLAN-9652)

Idle (no comments for at least 20 days) Changes

<PR ID>: (activity this week / total activity) summary

There were 3 Idle (no comments for at least 20 days) pull requests:

  • 1213: (0/229) workload-partitioning: feat: add wide cluster configuration for workload partitioning (eggfoobar) (CNF-5562)
  • 1284: (0/16) hypershift: propose pluggable konnectivity (2uasimojo) (OCPPLAN-5771)

Idle (no comments for at least 20 days) Pull Requests Modifying Existing Documents

  • 1245: (0/12) dev-guide: hostport registry: add NodeObservability hostnetwork ports (alebedev87)

With lifecycle/stale or lifecycle/rotten Changes

<PR ID>: (activity this week / total activity) summary

There were 5 With lifecycle/stale or lifecycle/rotten pull requests:

  • 1064: (2/101) network: Add enhancement proposal for SDN live migration (pliurh) (SDN-2612)
  • 1106: (1/57) storage: OpenStack Cinder CSI Driver Operator Configurability (stephenfin) (OSASINFRA-2857)
  • 1204: (2/16) hypershift: Enhancement proposal for HyperShift on P/Z/A (jaypoulz)
  • 1232: (12/146) installer: installer-aws: create edge compute pool for AWS Local Zones (mtulio) (RFE-2782)
  • 1260: (1/32) installer: installer-aws: Cluster deployment on AWS Outpost (pkliczewski) (OCPPLAN-9617) (ECOPROJECT-866)