<PR ID>: (activity this week / total activity) summary
There were 2 updates to Prioritized Merged pull requests:
- 596: (3/4) general: clarify wording about cluster machine approver for single-node (dhellmann)
- 605: (3/3) general: cluster-high-availability-mode-api: clarify use of "infrastructure" (dhellmann)
<PR ID>: (activity this week / total activity) summary
There were 3 Prioritized Active pull requests:
- 565: (31/315) installer: single-node deployment with bootstrap-in-place (eranco74)
- 593: (16/62) general: Add proposal for hiding container mountpoints from systemd (lack)
- 585: (1/37) update: EUS Upgrades MVP (sdodson)
<PR ID>: (activity this week / total activity) summary
There were 6 Other Merged pull requests:
- 61: (1/32) platforms: oVirt IPI enhancement document (rgolangh)
- 154: (4/8) installer: Add vSphere IPI (jcpowermac)
Both of these platforms were implemented in OpenShift in previous releases, but the enhancements that described the work had never been merged. They were merged this week during cleanup.
-
431: (2/8) general: Update ptp proposal for multiple interfaces (SchSeba)
A proposal to enable Precision Time Protocol(PTP) on OpenShift.
The linuxptp package, an implementaion of PTP according to IEEE standard 1588 for Linux, can be installed on a node and configured to synchronize system clock to remote PTP master clock.
-
591: (1/1) authentication: useroauthaccesstokens - don't remove system:oauth-token-deleters (stlaz)
This enhancement describes how to allow OpenShift users to be able to list their access tokens so that they can easily delete an access token specific to an application, all of their tokens, a token from the past they no longer need etc.
-
595: (3/11) machine-api: Add Control Plane MachineSets proposal (michaelgugino)
This enhancement documents the intent to adopt existing control plane machines into machinesets for all clusters utilizing the machine-api.
-
597: (4/4) cluster-logging: Add groupPrefix field to cloudwatch output type (alanconway)
[Amazon CloudWatch][aws-cw] is a hosted monitoring and log storage service. This proposal extends the
ClusterLogForwarderAPI with an output type for CloudWatch.
<PR ID>: (activity this week / total activity) summary
There were 3 Other Closed pull requests:
- 205: (2/100) installer: Add enhancement for collecting installer telemetry metrics. (patrickdillon)
- 459: (2/24) installer: early write up for SLB managed API lbs (abhinavdahiya)
- 533: (2/2) olm: fix the doc format of operator-registry (dongwenjuan)
<PR ID>: (activity this week / total activity) summary
There were 4 Other New pull requests:
-
603: (34/34) network: Initial proposal of allow mtu and overlay port changes (juanluisvaladas)
Customers may need to change the MTU, or the ports used for VXLAN or Geneve tunnels post-installation. However these changes aren't trivial and may cause downtime, hence the CNO forbids currently them.
We propose a brand new daemonset that will be launched on demand and will run on every node of the cluster. This daemonset will make the necessary changes in an ordered, and coordinated manner with a service disruption within the TCP timeout (best effort).
-
608: (16/16) windows-containers: WINC-482: Bring Your Own Windows Host design (aravindhp)
The intent of this enhancement is to allow customers to add their existing Windows instances to an OpenShift 4.7+ cluster using the Windows Machine Config Operator (WMCO).
-
612: (2/2) cluster-logging: Simplify initial cloudwatch proposal based on feedback. (alanconway)
[Amazon CloudWatch][aws-cw] is a hosted monitoring and log storage service. This proposal extends the
ClusterLogForwarderAPI with an output type for CloudWatch. -
613: (3/3) network: NetworkPolicies for System Namespaces (danwinship)
An OCP cluster contains various services that should not be accessible to unprivileged users.
Currently, authorization for these services is handled via TLS certificates; unauthorized users can connect to the service, but they cannot authenticate to it, and so the service is protected.
Some customers, especially in the financial sector, have objected to this on the grounds that attackers may be able to exploit bugs in the TLS implementation to gain access to these services (or the services' underlying credentials). They would prefer that untrusted users were prevented from reaching the services entirely. (eg, see RFE-701)
This enhancement proposes adding NetworkPolicies to an OCP cluster to (optionally) ensure that restricted services are not reachable except by the system services that are expected to access them. Each team would responsible for defining the policies for their own operators.
<PR ID>: (activity this week / total activity) summary
There were 17 Other Active pull requests:
- 571: (67/154) network: Cloud API component for egress IP (alexanderConstantinescu)
- 577: (32/71) ingress: describe one-stop-shopping for exposing customized routes (deads2k)
- 524: (15/192) network: New method for providing configurable self-hosted LB/DNS/VIP for on-prem (yboaron)
- 561: (13/25) network: Initial proposal of "allow-from-router" NetworkPolicy (danwinship)
- 592: (13/59) olm: Safer Cluster Upgrades for OLM Managed Operators (awgreene)
- 549: (12/12) storage: Add proposal for CSI migration (bertinatto)
- 567: (10/24) machine-api: Added proposal for remediation history (slintes)
- 346: (6/75) installer: Installer pre-flight validations (mandre)
- 357: (6/85) general: Supporting out-of-tree drivers on OpenShift (zvonkok)
- 540: (3/14) machine-config: Installer/MCO: store pointer ignition customizations in MachineConfig (hardys)
- 465: (2/18) insights: Insights operator up to date gathering (martinkunc)
- 463: (2/194) machine-api: Describing steps to support out-of-tree providers (Danil-Grigorev)
- 198: (2/8) kube-controller-manager: stability: add quota to all namespaces (deads2k)
- 146: (2/67) installer: openstack: Add Baremetal Compute Nodes RFE (pierreprinetti)
- 78: (2/34) general: Add "Build OKD-on-Fedora-CoreOS in Prow" proposal (LorbusChris)
- 400: (1/5) general: OpenStack AZ Support (iamemilio)
- 581: (1/4) network: WIP Add Netflow support proposal (rcarrillocruz)
- 602: (2/2) general: README.md: Document the priority/important-soon label usage (russellb)
The enhancements repository now uses markdownlint.
- 599: (3/3) general: convert from github/super-linter to markdownlint (dhellmann)
- 601: (6/6) platforms: continue working on markdownlint (dhellmann)
- 606: (2/2) installer: markdownlint: move install steps to reusable script (dhellmann)
- 611: (2/2) general: Fixed make lint permissions (eranco74)
OWNERS file updates