<PR ID>: (activity this week / total activity) summary
There were 2 Prioritized Active pull requests:
-
628: (7/129) general: automated resource request scaling (dhellmann)
This enhancement describes an approach to allow us to scale the resource requests for the control plane services to reduce consumption for constrained environments. This will be especially useful for single-node production deployments, where the user wants to reserve most of the CPU resources for their own workloads and needs to configure OpenShift to run on a fixed number of CPUs within the host.
One example of this use case is seen in telecommunication service providers implementation of a Radio Access Network (RAN). This use case is discussed in more detail below.
-
593: (1/131) general: Add proposal for hiding container mountpoints from systemd (lack)
The current implementation of Kubelet and CRI-O both use the top-level namespace for all container and Kubelet mountpoints. However, moving these container-specific mountpoints into a private namespace reduced systemd overhead with no difference in functionality.
<PR ID>: (activity this week / total activity) summary
There were 2 Other Merged pull requests:
-
684: (9/9) kube-apiserver: kube-apiserver/audit-policy: document oauth token logging in 4.6+ (sttts)
This enhancement describes a high-level API in the
config.openshift.io/v1API group to configure the audit policy for the API servers in the system. The audit configuration will be part of theAPIServersresource. It applies to all API servers at once.The API is meant to enable customers with stronger audit requirements than the average customer to increase the depth (from metadata-only level, over request payloads to request and response payload level) of audit logs, accepting the increased resource consumption of the API servers.
This API is intentionally not about filtering events. Filtering is to be done via an external mechanism (post-filtering). It was proven through performance tests (compare alternatives section) that this trade-off is acceptable with small two-digit percent overhead.
The API is not meant to replace the upstream dynamic audit API now and in the future. I.e. the API of this enhancement is only about the master node audit files on disk, not about webhooks or any other alternative audit log sink.
- 681: (5/5) kube-apiserver: add oauth token deletion to enhancement (EmilyM1)
<PR ID>: (activity this week / total activity) summary
There were 10 Other New pull requests:
-
679: (54/54) general: coreos-bootimage-streams: Standardized CoreOS bootimage metadata (cgwalters)
Since the initial release of OpenShift 4, we have "pinned" RHCOS bootimage metadata inside openshift/installer. In combination with the binding between the installer and release image, this means that everything needed to install OpenShift (including the operating system "bootimages" such as e.g. AMIs and OpenStack
.qcow2files) are all captured behind the release image which we can test and ship as an atomic unit.We have a mechanism to do in place updates, but there is no automated mechanism to update "bootimages" past a cluster installation.
This enhancement does not describe an automated mechanism to do this: the initial goal is to include this metadata in a standardized format in the cluster and at mirror.openshift.com so that UPI installations can do this manually, and we can start work on an IPI mechanism.
-
680: (41/41) ingress: Ability to Customize HAProxy 2.x Error Page (miheer)
There is no supported and reasonable method to customize the HAProxy 2.x error page as deployed in OpenShift. Customizing the HAProxy error page per our recommended procedure (documented here: https://access.redhat.com/solutions/3425711). does not work with OCP 4. It's also important that the right page as per user requirements is served at the right moment. Example - 503 error page shall be returned if no pod is available. But when the URI is wrong/does not exist, we should return 404 or a customized 404 page as per user requirements.
-
682: (20/20) alerting: alerting as a feature (dofinn)
Alerting as a feature is a holistic composition of alerting standards coupled with built-in alerting methodologies (none, symptom based and caused based) with an option to deliver SLOs for a single and/or fleet of clusters.
-
683: (3/3) insights: WIP Insights Operator pulling and exposing data from the OCM API (tremes)
This enhancement will enable the Insights Operator to pull the data (SCA certs) from the OCM (OpenShift Cluster Manager) API. The data will be exposed by the Insights Operator in the OpenShift API to allow users to use them when consuming and building container images on the platform.
-
686: (15/15) ingress: NE-310 Global options to enable HSTS (candita)
In 3.x and 4.x customers can provide a per-route annotation to enable HSTS. For customers with many routes or regulatory compliance issues, the manual per-route annotation is problematic.
This enhancement extends the Route API to allow cluster administrators to enable HSTS globally, without having to add an annotation to each route.
-
687: (1/1) storage: Add AWS EFS CSI driver operator (jsafrane)
AWS EFS CSI driver (+ corresponding operator) is an optional OCP component. It should be installed through OLM, when users opts-in.
This document describes existing (unsupported) solution and how to turn it into a supported one, both from code (and build and shipment), and from user perspective.
-
688: (14/14) monitoring: enhancements/monitoring: Describe single replica topology mode (simonpasquier)
The Cluster Monitoring Operator (CMO) needs to respect the
infrastructureTopologyfield newly added to theinfrastructures.config.openshift.ioCRD. Depending on the value, it should configure the monitoring operands for highly-available operations or not. -
689: (12/12) installer: Add Enhancement for Installing to Azure Stack Hub (patrickdillon)
This enhancement covers adding support to install OpenShift clusters to Azure Stack Hub (ASH). Azure Stack Hub looks and feels like standard Azure, but differs significantly in terms of implemenetation and technical details. Azure Stack Hub shares characteristics from Azure cloud environments and on-prem platforms. This enhancement covers details for the Installer to create infrastructure and run an OpenShift cluster on ASH.
-
690: (3/3) api-review: Add mirror-by-digest-only to ImageContentSourcePolicy (QiWang19)
Today, the ImageContentSourcePolicy object sets up mirror configuration with
mirror-by-digest-onlyproperty set to true. This enhancement plans to makemirror-by-digest-onlya configurable option. -
691: (1/1) installer: OpenStack root volume AZs (Fedosin)
Numerous customers have requested the ability to run the OpenShift on OpenStack IPI installer with root volumes created in specific availability zones (AZs). This document describes how to achieve that during OpenShift initial installation, and as a day2 operation.
<PR ID>: (activity this week / total activity) summary
There were 21 Other Active pull requests:
- 677: (103/107) sandboxed-containers: kata containers enhancement proposal (fidencio)
- 661: (41/81) operator-framework-api: New OpenshiftCatalogueValidator in operator-framework/api (camilamacedo86)
- 549: (36/126) storage: Add proposal for CSI migration (bertinatto)
- 574: (36/487) installer: First iteration of running the Assisted Installer in end-user clusters. (mhrivnak)
- 668: (27/43) console: Add Customize Project Access Roles proposal (jerolimov)
- 357: (21/222) accelerators: Supporting out-of-tree drivers on OpenShift (zvonkok)
- 637: (20/252) monitoring: Add: Alerting Standards (michaelgugino)
- 673: (20/25) machine-api: short-circuiting-backoff (mshitrit)
- 656: (13/61) console: CONSOLE-2355: Update Quick Start proposal with i18n (rebeccaalpert)
- 522: (13/25) olm: Update OLM managed operator metrics enhancement (awgreene)
- 571: (6/229) network: Cloud API component for egress IP (alexanderConstantinescu)
- 666: (5/16) kube-apiserver: adding new userequest audit policy (EmilyM1)
- 654: (4/10) dns: ARO private DNS zone resource removal (jim-minter)
- 292: (4/203) machine-api: Add Managing Control Plane machines proposal (enxebre)
- 657: (2/17) dns: Add managementState field to the DNS operator (rfredette)
- 663: (2/11) dns: Add configurable-dns-pod-placement enhancement (Miciah)
- 463: (2/574) machine-api: Describing steps to support out-of-tree providers (Danil-Grigorev)
- 674: (2/80) authentication: Service CA Certificate Generation for StatefulSet Pods, first version (mtrmac)
- 647: (2/47) windows-containers: WINC-544: Enhancement proposal for monitoring Windows Nodes (VaishnaviHire)
- 531: (1/15) update: enhancements/update/channel-metadata: Distribute channel description strings (wking)
- 296: (1/181) network: Add ovs-hardware-offload enhancement (zshi-redhat)
<PR ID>: (activity this week / total activity) summary
There were 5 Other Closed pull requests:
- 177: (2/40) olm: Library for OLM operator-inspect functionality (shawn-hurley)
- 366: (2/78) kata-containers: kata containers enhancement proposal (ariel-adam)
- 447: (2/32) insights: Insights-gateway (iNecas)
- 483: (2/23) machine-api: Add proposal for API to automatically spread MachineSets across AZs. (dgoodwin)
- 671: (11/52) monitoring: enhancements/monitoring: Describe single replica topology mode (lilic)
<PR ID>: (activity this week / total activity) summary
There were 8 Revived (closed more than 7 days ago, but with new comments) pull requests:
- 389: (8/160) subscription-content: Subscription Injection Operator (adambkaplan)
- 402: (0/5) cluster-logging: Update "last-updated" in document info. (alanconway)
- 409: (0/2) cluster-logging: LOG-717: fluentd_tuning.md to use lowerCamelCase for API fields (alanconway)
- 457: (0/13) cluster-logging: Enhancment: Select logs By pod label (alanconway)
- 570: (0/185) cluster-logging: Enhancement Proposal: API to Forward Logs to CloudWatch (alanconway)
- 612: (0/4) cluster-logging: Simplify initial cloudwatch proposal based on feedback. (alanconway)
- 651: (0/9) cluster-logging: Implement forwarder-label-selector in 2 phases. (alanconway)
- 667: (0/6) cluster-logging: Rename API field
structuredasparseto avoid confusion. (alanconway)
<PR ID>: (activity this week / total activity) summary
There was 1 Old (labeled as stale, but discussion in last 7 days) pull request:
- 201: (1/81) general: bootimages: Downloading and updating bootimages via release image (cgwalters)
<PR ID>: (activity this week / total activity) summary
There were 9 Other lifecycle/stale pull requests:
- 265: (0/138) general: Signal cluster deletion (abutcher)
- 415: (0/10) etcd: add backup config controller (hexfusion)
- 417: (0/115) installer: Add enhancement: IPI kubevirt provider (ravidbro)
- 443: (0/95) machine-config: Support a provisioning token for the Machine Config Server (cgwalters)
- 462: (0/35) ingress: Add client-tls enhancement (Miciah)
- 480: (0/85) etcd: enhancements/etcd: support assisted install (hexfusion)
- 525: (0/6) machine-config: Add FCCT support in MC proposal (LorbusChris)
- 527: (0/73) installer: enhancement/installer: check OpenStack versions (EmilienM)
- 551: (0/32) machine-api: Propose to backport the "external remediation template" feature (slintes)
<PR ID>: (activity this week / total activity) summary
There were 53 Idle (no comments for at least 7 days) pull requests:
- 124: (0/75) update: enhancements/update/automatic-updates: Propose a new enhancement (wking)
- 137: (0/286) general: CLI in-cluster management (sallyom)
- 146: (0/213) installer: openstack: Add Baremetal Compute Nodes RFE (pierreprinetti)
- 174: (0/58) builds: first draft of configmap/secret injection via volumes enhancement (bparees)
- 255: (0/108) monitoring: add restart metrics enhancement (rphillips)
- 302: (0/27) kube-apiserver: [thought-experiment] single-node cluster static pod creation (deads2k)
- 341: (0/80) maintenance: Machine-maintenance operator proposal (dofinn)
- 343: (0/43) authentication: cluster-wide oauth-proxy settings (deads2k)
- 346: (0/83) installer: Installer pre-flight validations (mandre)
- 361: (0/109) baremetal: Minimise Baremetal footprint, live-iso bootstrap (hardys)
- 363: (0/201) cvo: Enhancement for adding upgrade preflight checks for operators (LalatenduMohanty)
- 371: (0/15) ingress: Add forwarded-header-policy enhancement (Miciah)
- 400: (0/18) general: OpenStack AZ Support (iamemilio)
- 403: (0/16) authentication: webhook authentication: kubeconfig auth specification, 0-ttl cache (stlaz)
- 406: (0/16) kube-apiserver: Add preliminary data section to network check enhancement. (sanchezl)
- 411: (0/62) installer: run the Assisted Installer on-premise as opposed to utilizing a cloud service (mhrivnak)
- 426: (0/124) general: enhancements/update/targeted-update-edge-blocking: Propose a new enhancement (wking)
- 427: (0/54) update: enhancements/update/phased-rollouts: Propose a new enhancement (wking)
- 465: (0/43) insights: Insights operator up to date gathering (martinkunc)
- 468: (0/48) machine-api: Add dedicated instances proposal (alexander-demichev)
- 477: (0/41) update: enhancements/update/manifest-install-levels: Propose a new enhancement (wking)
- 486: (0/71) local-storage: Adds proposal for auto partitioning in LSO (rohan47)
- 492: (0/45) rhcos: add rhcos-inject enhancement (crawford)
- 497: (0/11) cloud-integration: Initial draft of Cloud Credentials Rotation. (dgoodwin)
- 520: (0/13) network: Static IP Addresses from DHCP (cybertron)
- 538: (0/14) machine-api: update machine-api-usage-telemetry (elmiko)
- 547: (0/36) baremetal: Propose BMC-less remediation enhancement (AKA poison pill) (n1r1)
- 554: (0/7) general: conventions: Clarify when workload disruption is allowed (smarterclayton)
- 562: (0/149) security: Enhancing SCC to Gate Runtime Classes (haircommander)
- 564: (0/17) cluster-logging: Allowing users to specify a delete policy based on amount of storage used within the ES cluster (ewolinetz)
- 566: (0/44) general: Separating provider-specific code in the installer (janoszen)
- 567: (0/104) machine-api: Added proposal for remediation history (slintes)
- 575: (0/74) installer: Installer Enhacement Proposal: Manifests from STDIN (oglok)
- 590: (0/5) authentication: add 'Allowing URI Scheme in OIDC sub claims' (stlaz)
- 603: (0/53) network: Initial proposal of allow mtu and overlay port changes (juanluisvaladas)
- 613: (0/2) network: NetworkPolicies for System Namespaces (danwinship)
- 617: (0/123) network: [SDN-1364] Add Network Policy audit logging Enhancement (astoycos)
- 618: (0/14) network: Add more details about host port ownership (danwinship)
- 623: (0/1) storage: Confirm Azure Disk names (huffmanca)
- 624: (0/19) update: Add: upgrade-blocker-operator (michaelgugino)
- 626: (0/33) machine-config: enhancements/machine-config: securing MCS (crawford)
- 635: (0/11) manifestlist: IR-57: API changes for manifest list support (ricardomaraschini)
- 636: (0/53) kube-apiserver: API Removal Notifications (sanchezl)
- 642: (0/48) kubelet: Dynamic node sizing (harche)
- 643: (0/64) update: Add Reduced Reboots enhancement (sdodson)
- 650: (0/39) scheduling: Add ClusterOperator Scheduling (michaelgugino)
- 652: (0/1) node: Enable cgroup v2 support (harche)
- 660: (0/11) cluster-logging: Flow control API enhancements, first draft. (alanconway)
- 664: (0/13) ingress: Add proxy-protocol enhancement (Miciah)
- 665: (0/8) ingress: Add power-of-two-random-choices enhancement (Miciah)
- 669: (0/1) console: Add Customize Add Page proposal (jerolimov)
- 675: (0/2) operator-sdk: enhancements: Fix various links in the downstream operator-sdk proposal (timflannagan)
- 676: (0/1) kube-apiserver: api compatibility (sanchezl)