<PR ID>: (activity this week / total activity) summary
There were 4 Prioritized Active pull requests:
-
643: (11/64) update: Add Reduced Reboots enhancement (sdodson)
This enhancement is intended to reduce host reboots when upgrading across two or more OpenShift minor versions by enabling an N-2 version skew policy between all host components and cluster scoped resources.
-
593: (10/121) general: Add proposal for hiding container mountpoints from systemd (lack)
The current implementation of Kubelet and CRI-O both use the top-level namespace for all container and Kubelet mountpoints. However, moving these container-specific mountpoints into a private namespace reduced systemd overhead with no difference in functionality.
-
628: (5/104) general: automated resource request scaling (dhellmann)
This enhancement describes an approach to allow us to scale the resource requests for the control plane services to reduce consumption for constrained environments. This will be especially useful for single-node production deployments, where the user wants to reserve most of the CPU resources for their own workloads and needs to configure OpenShift to run on a fixed number of CPUs within the host.
One example of this use case is seen in telecommunication service providers implementation of a Radio Access Network (RAN). This use case is discussed in more detail below.
-
636: (3/51) kube-apiserver: API Removal Notifications (sanchezl)
Notify customers that an API that will be removed in the next release is in use.
<PR ID>: (activity this week / total activity) summary
There was 1 Prioritized Closed pull request:
- 641: (6/33) general: EP: Support for Cluster High-availability mode API (varshaprasad96)
This one was closed intentionally after consensus was reached that the proposed change was not required.
<PR ID>: (activity this week / total activity) summary
There were 3 Other Merged pull requests:
-
577: (32/177) ingress: describe one-stop-shopping for exposing customized routes (deads2k)
Add
CustomizeableRoute{Spec,Status}toIngressSpecin a way that allows multiple operators to provide information about Routes (or Ingresses, or maybe even something else), that a cluster-admin wants to provide custom names and/or custom serving certificates for. -
625: (21/30) cluster-logging: Simplify JSON forwarding proposal (alanconway)
This enhancement will allow structured JSON log entries to be forwarded as JSON objects in JSON output records.
The current logging [data model][data_model] stores the log entry as a JSON string, not a JSON object. Consumers can't access the log entry fields without a second JSON parse of this string.
The current implementation also 'flattens' labels to work around Elasticsearch limitations.
To illustrate, given a log entry
{"name":"fred","home":"bedrock"}from a container with the labelapp.kubernetes.io/name="flintstones". The current output record looks like:{ "message":"{\"name\":\"fred\",\"home\":\"bedrock\"}", "kubernetes":{"flat_labels":["app_kubernetes_io/name=flintstones", ...]}, ... other metadata }This proposal enables an alternate form of output record including a
structuredobject field for JSON log entries and user-definedschemaname to identify the format of the entry.{ "structured":{ "name":"fred", "home":"bedrock", }", "schema": "flintstones-schema", "kubernetes":{"labels":{"app.kubernetes.io/name": "flintstones", ...}}, ... }This proposal describes
- extensions to the logging [data model][data_model] -
structuredandschemafields. - extensions to the
ClusterLogForwarderAPI to configure JSON parsing and forwarding. - indexing structured records in current and future Elasticsearch stores.
- replacing the [defunct MERGE_JSON_LOG][defunct_merge] feature.
Note: This proposal focuses on JSON, but the data model and API changes can apply to other structured formats that may be supported in future.
- extensions to the logging [data model][data_model] -
- 658: (5/5) network: ovn-kubernetes-ipsec: Update EP with small feature enhancements for OCP 4.8 (markdgray)
<PR ID>: (activity this week / total activity) summary
There were 9 Other New pull requests:
-
660: (11/11) cluster-logging: Flow control API enhancements, first draft. (alanconway)
If the log collector cannot keep up with the rate that logs are written, some logging data will be lost. Presently the logging admin has little control over when or how logs get lost.
This proposal defines an API to let cluster administrators to limit logging rates, or ignore some logs entirely. Logs will still be lost if the collector cannot keep up, but administrators have more control over what is lost.
Rate limits mean that:
- The cost and volume of logging can be predicted more accurately in advance.
- Noisy containers cannot produce unbounded log traffic and unfairly drown out other containers.
- High-value logs can be preferred over low-value logs by assigning higher rate limits.
- Log streams that are not needed can be ignored, which reduces the load on the logging infrastructure.
The API allows selected rates and policies to be applied by namespaces or pod labels. New types of selector that are added in future should also be applicable.
-
661: (41/41) operator-framework-api: New OpenshiftCatalogueValidator in operator-framework/api (camilamacedo86)
-
663: (9/9) dns: Add configurable-dns-pod-placement enhancement (Miciah)
The DNS operator in OpenShift 4.7 and prior versions manages a DaemonSet that serves two functions: running CoreDNS and managing node hosts'
/etc/hostsfiles. This enhancement, in OpenShift 4.8, replaces this single DaemonSet with two: one DaemonSet for CoreDNS and one DaemonSet for managing/etc/hosts. Additionally, this enhancement adds an API to enable cluster administrators to configure the placement of the CoreDNS Pods. -
664: (10/10) ingress: Add proxy-protocol enhancement (Miciah)
This enhancement extends the IngressController API to allow cluster administrators to configure IngressControllers that use the "HostNetwork" and "NodePortService" endpoint publishing strategies to use PROXY protocol.
-
665: (8/8) ingress: Add power-of-two-random-choices enhancement (Miciah)
This enhancement provisionally changes the default balancing algorithm to HAProxy's Power of Two Random Choices algorithm. In OpenShift 4.7, the default algorithm is always "Least Connections". In OpenShift 4.8, a "PowerOfTwoRandomChoicesBalancing" feature gate is added. When this feature gate is enabled, ingress controllers use the Power of Two Random Choices algorithm by default. The feature gate is off by default in OpenShift 4.8 and on by default in OpenShift 4.9.
-
666: (2/2) kube-apiserver: adding new userequest audit policy (EmilyM1)
This enhancement describes a high-level API in the
config.openshift.io/v1API group to configure the audit policy for the API servers in the system. The audit configuration will be part of theAPIServersresource. It applies to all API servers at once.The API is meant to enable customers with stronger audit requirements than the average customer to increase the depth (from metadata-only level, over request payloads to request and response payload level) of audit logs, accepting the increased resource consumption of the API servers.
This API is intentionally not about filtering events. Filtering is to be done via an external mechanism (post-filtering). It was proven through performance tests (compare alternatives section) that this trade-off is acceptable with small two-digit percent overhead.
The API is not meant to replace the upstream dynamic audit API now and in the future. I.e. the API of this enhancement is only about the master node audit files on disk, not about webhooks or any other alternative audit log sink.
-
667: (4/4) cluster-logging: Rename API field
structuredasparseto avoid confusion. (alanconway) -
668: (2/2) console: Add Customize Project Access Roles proposal (jerolimov)
The OpenShift Dev Console provides a simplified way to share access the selected project. Users can be assigned to specific roles under the Project menu item on the Project access tab. Currently only the roles "Admin", "Edit" and "View" are selectable.
Cluster admins want give project admins only access to a customized list of predefined roles to force compliance rules or provide more options.
-
669: (1/1) console: Add Customize Add Page proposal (jerolimov)
The OpenShift Developer Console provides a long list options to import applications, components and services. This list could be extended also via extensions like the OpenShift Pipelines Operator, the OpenShift Serverless Operator, and other. Some customers want simplify the list by hiding some options (or add their own options later).
<PR ID>: (activity this week / total activity) summary
There were 19 Other Active pull requests:
- 574: (59/426) installer: First iteration of running the Assisted Installer in end-user clusters. (mhrivnak)
- 581: (54/115) network: Add network flows export support proposal (rcarrillocruz)
- 524: (37/404) network: New method for providing configurable self-hosted LB/DNS/VIP for on-prem (yboaron)
- 647: (33/39) windows-containers: WINC-544: Enhancement proposal for monitoring Windows Nodes (VaishnaviHire)
- 571: (30/216) network: Cloud API component for egress IP (alexanderConstantinescu)
- 575: (29/74) installer: Installer Enhacement Proposal: Manifests from STDIN (oglok)
- 642: (19/48) kubelet: Dynamic node sizing (harche)
- 567: (18/100) machine-api: Added proposal for remediation history (slintes)
- 617: (12/121) network: [SDN-1364] Add Network Policy audit logging Enhancement (astoycos)
- 650: (9/35) scheduling: Add ClusterOperator Scheduling (michaelgugino)
- 538: (9/14) machine-api: update machine-api-usage-telemetry (elmiko)
- 624: (8/19) update: Add: upgrade-blocker-operator (michaelgugino)
- 637: (7/191) monitoring: Add: Alerting Standards (michaelgugino)
- 366: (5/77) general: kata containers enhancement proposal (ariel-adam)
- 520: (3/13) network: Static IP Addresses from DHCP (cybertron)
- 651: (2/3) cluster-logging: Implement forwarder-label-selector in 2 phases. (alanconway)
- 346: (2/83) installer: Installer pre-flight validations (mandre)
- 411: (1/62) installer: run the Assisted Installer on-premise as opposed to utilizing a cloud service (mhrivnak)
- 146: (1/213) installer: openstack: Add Baremetal Compute Nodes RFE (pierreprinetti)
<PR ID>: (activity this week / total activity) summary
There was 1 Other Closed pull request:
- 475: (2/8) general: enhancements/update/update-blocker-lifecycle: Propose a new enhancement (wking)
<PR ID>: (activity this week / total activity) summary
There were 2 Old (labeled as stale, but discussion in last 7 days) pull requests:
- 417: (1/115) installer: Add enhancement: IPI kubevirt provider (ravidbro)
- 545: (1/2) network: Add BGP design section (markdgray)
<PR ID>: (activity this week / total activity) summary
There were 5 Other lifecycle/stale pull requests:
- 296: (0/180) network: Add ovs-hardware-offload enhancement (zshi-redhat)
- 415: (0/10) etcd: add backup config controller (hexfusion)
- 480: (0/85) etcd: enhancements/etcd: support assisted install (hexfusion)
- 527: (0/73) installer: enhancement/installer: check OpenStack versions (EmilienM)
- 531: (0/14) update: enhancements/update/channel-metadata: Distribute channel description strings (wking)
<PR ID>: (activity this week / total activity) summary
There were 54 Idle (no comments for at least 7 days) pull requests:
- 124: (0/75) update: enhancements/update/automatic-updates: Propose a new enhancement (wking)
- 137: (0/286) general: CLI in-cluster management (sallyom)
- 174: (0/58) builds: first draft of configmap/secret injection via volumes enhancement (bparees)
- 177: (0/38) olm: Library for OLM operator-inspect functionality (shawn-hurley)
- 198: (0/23) kube-controller-manager: stability: add quota to all namespaces (deads2k)
- 201: (0/80) general: bootimages: Downloading and updating bootimages via release image (cgwalters)
- 255: (0/108) monitoring: add restart metrics enhancement (rphillips)
- 265: (0/137) general: Signal cluster deletion (abutcher)
- 292: (0/195) machine-api: Add Managing Control Plane machines proposal (enxebre)
- 302: (0/27) kube-apiserver: [thought-experiment] single-node cluster static pod creation (deads2k)
- 341: (0/80) maintenance: Machine-maintenance operator proposal (dofinn)
- 343: (0/43) authentication: cluster-wide oauth-proxy settings (deads2k)
- 357: (0/198) accelerators: Supporting out-of-tree drivers on OpenShift (zvonkok)
- 361: (0/109) baremetal: Minimise Baremetal footprint, live-iso bootstrap (hardys)
- 363: (0/201) cvo: Enhancement for adding upgrade preflight checks for operators (LalatenduMohanty)
- 371: (0/15) ingress: Add forwarded-header-policy enhancement (Miciah)
- 400: (0/18) general: OpenStack AZ Support (iamemilio)
- 403: (0/16) authentication: webhook authentication: kubeconfig auth specification, 0-ttl cache (stlaz)
- 406: (0/16) kube-apiserver: Add preliminary data section to network check enhancement. (sanchezl)
- 426: (0/124) general: enhancements/update/targeted-update-edge-blocking: Propose a new enhancement (wking)
- 427: (0/54) update: enhancements/update/phased-rollouts: Propose a new enhancement (wking)
- 443: (0/94) machine-config: Support a provisioning token for the Machine Config Server (cgwalters)
- 447: (0/30) insights: Insights-gateway (iNecas)
- 462: (0/34) ingress: Add client-tls enhancement (Miciah)
- 463: (0/570) machine-api: Describing steps to support out-of-tree providers (Danil-Grigorev)
- 465: (0/43) insights: Insights operator up to date gathering (martinkunc)
- 468: (0/48) machine-api: Add dedicated instances proposal (alexander-demichev)
- 477: (0/41) update: enhancements/update/manifest-install-levels: Propose a new enhancement (wking)
- 483: (0/21) machine-api: Add proposal for API to automatically spread MachineSets across AZs. (dgoodwin)
- 486: (0/71) local-storage: Adds proposal for auto partitioning in LSO (rohan47)
- 489: (0/3) kube-apiserver: p2pnc: update (sanchezl)
- 492: (0/45) rhcos: add rhcos-inject enhancement (crawford)
- 497: (0/11) cloud-integration: Initial draft of Cloud Credentials Rotation. (dgoodwin)
- 522: (0/13) olm: Update OLM managed operator metrics enhancement (awgreene)
- 525: (0/5) machine-config: Add FCCT support in MC proposal (LorbusChris)
- 547: (0/36) baremetal: Propose BMC-less remediation enhancement (AKA poison pill) (n1r1)
- 549: (0/72) storage: Add proposal for CSI migration (bertinatto)
- 551: (0/30) machine-api: Propose to backport the "external remediation template" feature (slintes)
- 554: (0/7) general: conventions: Clarify when workload disruption is allowed (smarterclayton)
- 562: (0/146) security: Enhancing SCC to Gate Runtime Classes (haircommander)
- 564: (0/17) cluster-logging: Allowing users to specify a delete policy based on amount of storage used within the ES cluster (ewolinetz)
- 566: (0/44) general: Separating provider-specific code in the installer (janoszen)
- 590: (0/5) authentication: add 'Allowing URI Scheme in OIDC sub claims' (stlaz)
- 603: (0/53) network: Initial proposal of allow mtu and overlay port changes (juanluisvaladas)
- 613: (0/2) network: NetworkPolicies for System Namespaces (danwinship)
- 618: (0/14) network: Add more details about host port ownership (danwinship)
- 623: (0/1) storage: Confirm Azure Disk names (huffmanca)
- 626: (0/33) machine-config: enhancements/machine-config: securing MCS (crawford)
- 635: (0/11) manifestlist: IR-57: API changes for manifest list support (ricardomaraschini)
- 649: (0/18) general: conventions: update the resources and limits section (dhellmann)
- 652: (0/1) node: Enable cgroup v2 support (harche)
- 654: (0/2) dns: ARO private DNS zone resource removal (jim-minter)
- 656: (0/24) console: CONSOLE-2355: Update Quick Start proposal with i18n (rebeccaalpert)
- 657: (0/15) dns: Add managementState field to the DNS operator (rfredette)