Skip to content

Latest commit

 

History

History
175 lines (128 loc) · 17.8 KB

2024-03-08.md

File metadata and controls

175 lines (128 loc) · 17.8 KB
Raw

This Week in Enhancements - 2024-03-08

Updates since 2024-03-01

Enhancements

Merged Changes

<PR ID>: (activity this week / total activity) summary

There were 3 Merged pull requests:

  • 1552: (17/44) microshift: USHIFT-2245: Add router namespace ownership enhancement (pacevedom) (OCPSTRAT-1067)

    OpenShift defaults to not allow routes in multiple namespaces use the same hostname, and MicroShift inherits that default.

    Ever since OpenShift 4 this has been possible to configure, and MicroShift should allow that too to accommodate additional use cases.

  • 1563: (8/38) storage: STOR-1759: add enhancement for vSphere driver configuration (RomanBednar) (OCPSTRAT-1094)

    The vSphere driver configuration enhancement aims to provide a way to configure the vSphere driver. The vSphere driver is a CSI driver that allows to use vSphere storage in OpenShift and is deployed by vSphere driver operator that CSO deploys on vSphere clusters.

    Currently, the driver can be configured via a configuration file (csi_cloud_config.ini) that we mount into a known path inside driver controller pods (/etc/kubernetes/vsphere-csi-config/cloud.conf) as a ConfigMap. This file is reconciled by the driver operator. This means that we currently don't allow users to modify the configuration file and need a way to do so.

Merged Pull Requests Modifying Existing Documents

  • 1579: (9/21) dns: CFE-748: Update CoreDNS EgressFirewall integration enhancement proposal (arkadeepsen)

New Changes

<PR ID>: (activity this week / total activity) summary

There were 10 New pull requests:

  • 1581: (3/3) dev-guide: start dev-guide section on adding new components (dhellmann)

  • 1582: (3/3) dev-guide: Add explanation of how component-readiness gates .0 releases (deads2k)

    Explains information available, how we will use that information, and who can approve exceptions.

  • 1583: (20/20) scheduling: WRKLDS-1060: Prevent User Workloads from being scheduled on Control Plane nodes (knelasevero) (OCPSTRAT-790) (WRKLDS-1015) (WRKLDS-1060)

    do-not-merge/work-in-progress, jira/valid-reference

    Starting OCP 4.1 Kubernetes Scheduler Operator’s config.openshift.io/v1/scheduler type was extended with .spec.mastersSchedulable field [1] set to false by default. Its purpose is to protect control plane nodes from receiving a user workload. When the field is set to false each control plane node is tainted with node-role.kubernetes.io/master:NoSchedule. If set to true the taint is removed from each control plane node. No user workload is expected to tolerate the taint. Unfortunately, there’s currently no protection from users (with pod’s create/update RBAC permissions) explicitly tolerating node-role.kubernetes.io/master:NoSchedule taint or setting .spec.nodeName field directly (thus by-passing the kube-scheduler).

    [1] https://docs.openshift.com/container-platform/latest/nodes/nodes/nodes-nodes-managing.html#nodes-nodes-working-master-schedulable_nodes-nodes-managing

  • 1584: (22/22) insights: Insights Operator: Gather Workload Runtime Info From Containers (jmesnil)

    The Insights operator periodically gathers cluster data and sends it to Red Hat. The data about workloads consists of the image ID and the entrypoint.

    In many cases, the image ID and its layers do not provide any meaningful information about the actual application or application language/platform/framework... To get this level of information, we can gather additional data on the running containers. By scanning running containers, the Insights Operator can enrich the gathered data and capture the kind of workload that is running on OpenShift. This information can be used by Red Hat to target OpenShift investments at the most popular workloads, inform decisions around long-life offerings for application platforms and frameworks, identify growth opportunities in emerging workloads, and measure the success of our strategic initiatives in AI and Middleware.

    For example, scanning the container allows to gather additional data such as:

    • The container (with the ID sha256:5edd4b...) is based on RHEL 8.9 ands runs a Kafka Broker 3.6.1 with Java OpenJDK 17.0.9
    • The container (with the ID sha256:4redc...) is based on Fedora 17, and runs a Quarkus 3.6.2 application with Java Eclipse Adoptium 21.0.1
    • The container (with the ID sha256:7euc...) is based on RHEL 8.8, and runs a Red Hat Build of Quarkus 3.2.13 application with Red Hat Java 17.0.3-1
    • The container (with the ID sha256:2badc...) is based on Alpine Linux v3.11, and runs a Spring Boot 2.7 with Java OpenJDK 17.0.8.1
    • The container (with the ID sha256:3fdb45...) is based on Ubuntu 20.04.4 LTS, and runs a Node.js v18.18.2 application
    • The container (with the ID sha256:5edd4b...) is a scratch container (not layered on top of any image) and runs a Go 1.18.10 executable
    • The container (with the ID sha256:566tr...) is based on RHEL 8.9 ands runs PostgreSQL 10.23

    This enhancement proposes to extract this additional layer of data to get deeper insights on the OpenShift workload. It proposes to do so while keeping the existing constraints and requirements that the Insights Operator already has for privacy, security & performance.

  • 1585: (18/18) network: SDN-4433: Configurable network diagnostics pod placement (kyrtapz) (SDN-4433)

    jira/valid-reference

    The network diagnostics feature performs connectivity health checks to services, endpoints, and load balancers. As part of that, the Cluster Network Operator (CNO) creates the network-check-source Deployment and the network-check-target DaemonSet. This enhancement allows cluster administrators to configure the pod placement for both network-check-source and network-check-target.

  • 1588: (9/9) network: Add proposal: communication ingress flows matrix (sabinaaledort) (TELCOSTRAT-77)

    This enhancement allows to automatically generate an accurate and up-to-date communication flows matrix that can be delivered to customers as part of product documentation for all ingress flows of OpenShift (multi-node and single-node deployments) and Operators.

New Pull Requests Modifying Existing Documents

  • 1586: (2/2) microshift: [NO-ISSUE] Specify kube-apiserver behavior when maxsize is 0 (copejon) (USHIFT-2196)
  • 1587: (6/6) dev-guide: WRKLDS-1066: Host port registry: Reserve 9449 port number for cli-manager (ardaguclu)
  • 1589: (3/3) cluster-logging: LOG-5190: Update log forwarding input selector api (jcantrill)
  • 1590: (3/3) network: Enhance EgressQoS CR as a generic QoS entity (pperiyasamy) (SDN-2097) (SDN-3152)

Active Changes

<PR ID>: (activity this week / total activity) summary

There were 17 Active pull requests:

  • 1541: (52/216) microshift: USHIFT-2188: introduce microshift API Custom certs (eslutsky) (USHIFT-2101)
  • 1548: (29/189) microshift: USHIFT-2089: Add router configuration options (pacevedom) (OCPSTRAT-1069)
  • 1571: (26/48) update: Add Change Management and Maintenance Schedules (jupierce)
  • 1569: (23/30) insights: Insights Rapid Recommendations proposal (tremes) (CCXDEV-12213) (CCXDEV-12285)
  • 1531: (15/158) windows-containers: WINC-1174: WinC Disconnected Support (saifshaikh48) (OCPSTRAT-619) (WINC-936)
  • 1578: (8/18) api-review: Add ManagedClusterVersion CRD (2uasimojo) (HIVE-2366)
  • 1549: (8/68) etcd: ETCD-514: Add etcd size tuning (dusk125) (ETCD-514)
  • 1503: (7/68) cluster-logging: Add LokiStack tokenized auth proposal (periklis) (OCPSTRAT-6) (OCPSTRAT-171 (AWS STS)) (OCPSTRAT-114 (Azure WIF)) (OCPSTRAT-922 (GCP WIF)) (LOG-4540 (AWS & Azure)) (LOG-4754 (GCP))
  • 1572: (6/9) storage: STOR-1764: Add enhancement for CSI fixes in cloud-provider-azure code (bertinatto) (STOR-1764)
  • 1566: (3/42) general: observability: Add logging-stack with UI and korrel8r integration (periklis) (LOG-5114)
  • 1556: (3/7) general: OCP cluster pre-upgrades with Leapp (Monnte) (OAMG-10748)
  • 1567: (2/10) network: SDN-4154:Add troubleshooting section for upgrades to OVN IC (ricky-rav) (SDN-3905)
  • 1553: (2/141) general: HOSTEDCP-1416: Hosted Control Planes ETCD Backup API (jparrill) (HOSTEDCP-1370)
  • 1559: (2/50) update: OTA-1209: enhancements/update/channel-rename-generally-available: New enhancement (wking) (OCPSTRAT-1153)
  • 1496: (2/357) machine-config: Managing boot images via the MCO (djoshy)
  • 1574: (1/3) image-registry: Use Bound Tokens for Integrated Image Registry Authentication (sanchezl)

Active Pull Requests Modifying Existing Documents

  • 1575: (8/15) general: OKD: Switch to using Centos Stream base container images (sdodson)

Revived (closed more than 7 days ago, but with new comments) Changes

<PR ID>: (activity this week / total activity) summary

There were 2 Revived (closed more than 7 days ago, but with new comments) pull requests:

  • 1545: (58/273) microshift: USHIFT-2186: Multus CNI for MicroShift (pmtk) (OCPSTRAT-473)
  • 1562: (13/99) microshift: USHIFT-2348: microshift y-2 upgrades (dhellmann) (USHIFT-2246)

Idle (no comments for at least 7 days) Changes

<PR ID>: (activity this week / total activity) summary

There were 27 Idle (no comments for at least 7 days) pull requests:

  • 1267: (0/241) network: vSphere IPI Support for Static IPs (rvanderp3) (OCPPLAN-9654)
  • 1298: (0/294) monitoring: Metrics collection profiles (JoaoBraveCoding)
  • 1368: (0/65) machine-config: OCPNODE-1525: Support Evented PLEG in Openshift (sairameshv) (OCPNODE-1525)
  • 1415: (0/383) ingress: NE-1129: Make ingress operator optional on HyperShift (alebedev87) (NE-1129)
  • 1424: (0/18) dev-guide: Add a continuous Kubernetes rebase proposal (bertinatto)
  • 1436: (0/253) dns: NE-1325: External DNS Operator support for Shared VPCs (gcs278)
  • 1440: (0/115) network: OPNET-268: Configure-ovs Alternative (cybertron)
  • 1463: (0/87) network: Mutable dual-stack VIPs (mkowalski) (OCPSTRAT-178) (OPNET-340) (OPNET-80)
  • 1465: (0/276) machine-api: OCPCLOUD-1578: Add enhancement for converting Machine API resource to Cluster API (JoelSpeed)
  • 1468: (0/89) installer: CORS-2062: Customer configured DNS for cloud platforms AWS, Azure and GCP (sadasu) (CORS-1874)
  • 1492: (0/45) update: OTA-1029: Add CVO Log level API (Davoska) (OTA-1029)
  • 1502: (0/80) security: Create tls-artifacts-registry enhancement (vrutkovs) (API-1603)
  • 1506: (0/153) machine-api: [OSD-15261] CPMS: allow automatic vertical scaling. (bergmannf) (OSD-15261)
  • 1509: (0/14) network: SDN-4114: initial iptables-deprecation-alerter proposal (danwinship) (SDN-4114)
  • 1514: (0/242) ingress: NE-761: Support for admin configured CA trust bundle in Ingress Operator (bharath-b-rh) (RFE-2182) (OCPSTRAT-431) (NE-761)
  • 1515: (0/88) machine-config: on-cluster builds enhancement (cheesesashimi) (MCO-834)
  • 1524: (0/39) observability: Add multi-cluster-observability-addon proposal (periklis) (OBSDA-356) (OBSDA-393) (LOG-4539) (OBSDA-489)
  • 1525: (0/126) machine-config: MCO-507: admin defined node disruption policy enhancement (yuqi-zhang) (RFE-4079)
  • 1528: (0/382) installer: Bootstrapping Clusters with CAPI Infrastructure Providers (patrickdillon)
  • 1537: (0/37) cluster-logging: WIP LOG-4928: Cluster logging v2 APIs (jcantrill)
  • 1540: (0/95) cluster-logging: Performance-Tuning enhancement proposal. (alanconway) (OBSDA-549)
  • 1546: (0/24) workload-partitioning: OCPEDGE-808: feat: add ep for cpu limits with workload partitioning (eggfoobar) (OCPEDGE-57)
  • 1577: (0/3) machine-config: MCO-1049: Introduces On-Cluster-Build API, machineOSBuild, and machineOSImage (cdoern) (MCO-665)

Idle (no comments for at least 7 days) Pull Requests Modifying Existing Documents

  • 1411: (0/37) dev-guide: Add exception to pointer guidance for structs that must be omitted (JoelSpeed)
  • 1446: (0/307) ingress: NE-1366: Revisions for set-delete-http-headers EP (miheer) (NE-982) (RFE-464)
  • 1561: (0/12) guidelines: template: add operating at scale specific considerations (jcaamano)
  • 1573: (0/8) general: Add a section regarding probes, in particular startupProbe (sdodson)