Skip to content

Latest commit

 

History

History
237 lines (172 loc) · 20.4 KB

2024-03-01.md

File metadata and controls

237 lines (172 loc) · 20.4 KB

This Week in Enhancements - 2024-03-01

Updates since 2024-02-16

Enhancements

Merged Changes

<PR ID>: (activity this week / total activity) summary

There were 8 Merged pull requests:

  • 1456: (11/329) network: SDN-4035: IPAM for VMs for OVN Kubernetes secondary networks (maiqueb) (SDN-4035)

    This enhancement proposal focuses on tying IP address allocation to Virtual Machines instead of the pods where they run. In short, the IP allocation should be available during the Virtual Machine lifecycle, rather than the lifecycle of the pod where it runs on.

  • 1490: (8/238) machine-config: MCO-811: MachineConfigNode introduction for MCO State Reporting (cdoern) (MCO-452)

    This enhancement describes how Nodes and their upgrade processes should be aggregated by the MCO into a user facing object. The goal here is to allow customers and the MCO team to decipher our processes in a more verbose way, speeding up the debugging process and allowing for better customer engagement.

  • 1513: (2/94) cluster-logging: Added enhancements/cluster-logging/content-filter.md (alanconway) (LOG-2155)

    Allow users to reduce the volume of log data by:

    1. Dropping unwanted log records completely.
    2. Pruning unwanted fields from log records.

    The new prune/drop content filters use the same framework as the kube-api-audit filter. This framework can be extended with new types of filters in future.

    NOTE: Content filters are distinct from input selectors. Input selectors select or ignore entire log streams based on source metadata. Content filters edit log streams (remove and modify records) based on record content.

  • 1545: (9/215) microshift: USHIFT-2186: Multus CNI for MicroShift (pmtk) (OCPSTRAT-473)

    Currently MicroShift ships ovn-kubernetes (ovn-k) CNI responsible for connectivity within and outside the cluster. There are users that have needs beyond what ovn-k offers like adding more interfaces to the Pods. Some example requirements are connecting Pods to the host's bridge interface or setting up complex networking based on VLAN. This functionality is Multus' trademark - adding additional interfaces to Pods.

    This enhancement explores providing Multus CNI as an optional component to MicroShift.

  • 1551: (115/147) microshift: USHIFT-2196: User-facing audit-log configuration (copejon) (USHIFT-2196)

    Add ability for MicroShift users to configure API server audit logging policies, log rotation and retention.

  • 1562: (23/86) microshift: USHIFT-2348: microshift y-2 upgrades (dhellmann) (USHIFT-2246)

    This enhancement describes how MicroShift will support upgrading in-place across 2 minor versions at a time.

  • 1576: (3/3) housekeeping: clean up owners file (dhellmann)

    • Remove approvers who are no longer org members
    • Add tool to automatically check approvers list against org membership

Merged Pull Requests Modifying Existing Documents

  • 1568: (13/13) general: CONVENTIONS.md: Add section for TLS configuration (Miciah)

New Changes

<PR ID>: (activity this week / total activity) summary

There were 11 New pull requests:

  • 1566: (38/38) general: observability: Add logging-stack with UI and korrel8r integration (periklis) (LOG-5114)

    This document proposes a solution and a delivery plan for a unified installation and upgrading procedure of the logging for Red Hat OpenShift product (short OpenShift Logging) as well as auxiliary UI and correlation (See korrel8r) components via the Cluster Observability Operator(COO). The proposed solution is intended to complement the existing OpenShift Logging stack managed by the Cluster Logging Operator(CLO) and the Loki Operator(LO). Furthermore the proposal aims to be a blueprint approach for other OpenShift Observability products (i.e distributed tracing, network observability, power monitoring).

  • 1567: (9/9) network: SDN-4154:Add troubleshooting section for upgrades to OVN IC (ricky-rav) (SDN-3905)

    jira/valid-reference

    Allow any upgrade path that proceeds via a 4.13 self-hosted or hypershift-hosted cluster to smoothly upgrade to 4.14, which features OVNK InterConnect (IC) multizone.

  • 1569: (8/8) insights: Insights Rapid Recommendations proposal (tremes) (CCXDEV-12213) (CCXDEV-12285)

    The Insights Operator collects various data and resources from the OpenShift and Kubernetes APIs. The definition of the collected data is mostly hardcoded in the operator's source code and largely locked in the corresponding OCP version.

    This proposal introduces remote Insights Operator configuration for collected data. The feature will allow Red Hat to control what data the Insights Operator gathers, within hardcoded boundaries, independently of the cluster version.

  • 1571: (22/22) update: Add Change Management and Maintenance Schedules (jupierce)

    do-not-merge/work-in-progress

    Implement high level APIs for change management which allow standalone and Hosted Control Plane (HCP) clusters a measure of configurable control over when control-plane or worker-node configuration rollouts are initiated. As a primary mode of configuring change management, implement an option called Maintenance Schedules which define reoccurring windows of time (and specifically excluded times) in which potentially disruptive changes in configuration can be initiated.

    Material changes not permitted by change management configuration are left in a pending state until such time as they are permitted by the configuration.

    Change management enforcement does not guarantee that all initiated material changes are completed by the close of a permitted change window (e.g. a worker-node may still be draining or rebooting) at the close of a maintenance schedule, but it does prevent additional material changes from being initiated.

    A "material change" may vary by cluster profile and subsystem. For example, a control-plane update (all components and control-plane nodes updated) is implemented as a single material change (e.g. the close of a scheduled permissive window will not suspend its progress). In contrast, the rollout of worker-node updates is more granular (you can consider it as many individual material changes) and the end of a permitted change window will prevent additional worker-node updates from being initiated.

    Changes vital to the continued operation of the cluster (e.g. certificate rotation) are not considered material changes. Ignoring operational practicalities (e.g. the need to fix critical bugs or update a cluster to supported software versions), it should be possible to safely leave changes pending indefinitely. That said, Service Delivery and/or higher level management systems may choose to prevent such problematic change management settings from being applied by using validating webhooks.

  • 1572: (3/3) storage: STOR-1764: Add enhancement for CSI fixes in cloud-provider-azure code (bertinatto) (STOR-1764)

    jira/valid-reference

    Azure cloud logic from embedded in Azure CSI drivers rely on the cloud-provider-azure dependency. As a result of that, many bug fixes to Azure CSI drivers go into that dependency. However, for older version of OCP, bumping that dependency results in too many code changes, increasing the risk of introducing new issues on the CSI drivers. As a result, we need a way to address specific issues in cloud-provider-azure without risking the overall stability of the CSI drivers.

  • 1574: (2/2) image-registry: Use Bound Tokens for Integrated Image Registry Authentication (sanchezl)

    do-not-merge/work-in-progress

    Use bound service account tokens to generate image pull secrets for pulling from the integrated image registry. Instead of creating the secrets needed to create long-lived service account tokens, bound service account tokens are generated directly via the TokenRequest API. Using the TokenRequest API will reduce the number of secrets and improve the security posture of a cluster.

  • 1577: (3/3) machine-config: MCO-1049: Introduces On-Cluster-Build API, machineOSBuild, and machineOSImage (cdoern) (MCO-665)

    do-not-merge/work-in-progress, jira/valid-reference

    This enhancement describes the user facing API for On-Cluster-Builds. Currently, there is no way to track the in-depth state of a build. The only mechanism the MCO has is a few additional MCP level condition types. Not only is state hard to follow but setup of an On-Cluster-Build system involves creating 2 secrets and 2 seprate configmaps referencing these secrets.

    With this API we aim to consolidate both the configuration of our image builds and the state pertaining to the build itself as well as the resulting image which the MCO then manages. a MachineOSBuild will in-turn cause the creation of a MachineOSImage. Since the MachineOSImage is created during an update process, we will also need to augment the MachineConfigNode object to be aware of these types of updates.

    A MachineOSBuild will contain the image push and pull secrets for access to the registry and containerfile data for a user to specify custom data they want built into the image. The other fields will be set by the MCO mainly the name of the resulting machineOSImage. In the Status we will have conditions, the build start and end time, related failed/interrupted builds and why they failed, and the final pull spec of the created image.

    a MachineOSImage will have the base image, the pull spec, the MCP the image is associated with and the rendered MachineConfig this image is based off of all in the spec. The status will contain an observed generation, conditions, an image age, a custom "rollout status" to tell the user where the image is being rolled out and how it is going, and finally an "image usage status" detailing the part of the lifecycle this image is in for garbage collection.

  • 1578: (10/10) api-review: Add ManagedClusterVersion CRD (2uasimojo)

    do-not-merge/work-in-progress

    Introduce a new namespaced openshift/api CustomResourceDefinition, ManagedClusterVersion, as a vehicle for managers of OpenShift fleets to expose version and upgrade information in the management cluster.

New Pull Requests Modifying Existing Documents

  • 1573: (8/8) general: Add a section regarding probes, in particular startupProbe (sdodson)
  • 1575: (8/8) general: OKD: Switch to using Centos Stream base container images (sdodson)
  • 1579: (14/14) dns: CFE-748: Update CoreDNS EgressFirewall integration enhancement proposal (arkadeepsen)

Active Changes

<PR ID>: (activity this week / total activity) summary

There were 18 Active pull requests:

  • 1553: (122/139) general: HOSTEDCP-1416: Hosted Control Planes ETCD Backup API (jparrill) (HOSTEDCP-1370)
  • 1541: (60/166) microshift: USHIFT-2188: introduce microshift API Custom certs (eslutsky) (USHIFT-2101)
  • 1515: (48/88) machine-config: on-cluster builds enhancement (cheesesashimi) (MCO-834)
  • 1540: (25/95) cluster-logging: Performance-Tuning enhancement proposal. (alanconway) (OBSDA-549)
  • 1531: (25/144) windows-containers: WINC-1174: WinC Disconnected Support (saifshaikh48) (OCPSTRAT-619) (WINC-936)
  • 1548: (23/161) microshift: USHIFT-2089: Add router configuration options (pacevedom) (OCPSTRAT-1069)
  • 1503: (20/63) cluster-logging: Add LokiStack tokenized auth proposal (periklis) (OCPSTRAT-6) (OCPSTRAT-171 (AWS STS)) (OCPSTRAT-114 (Azure WIF)) (OCPSTRAT-922 (GCP WIF)) (LOG-4540 (AWS & Azure)) (LOG-4754 (GCP))
  • 1496: (18/355) machine-config: Managing boot images via the MCO (djoshy)
  • 1559: (13/48) update: OTA-1209: enhancements/update/channel-rename-generally-available: New enhancement (wking) (OCPSTRAT-1153)
  • 1528: (12/382) installer: Bootstrapping Clusters with CAPI Infrastructure Providers (patrickdillon)
  • 1514: (11/242) ingress: NE-761: Support for admin configured CA trust bundle in Ingress Operator (bharath-b-rh) (RFE-2182) (OCPSTRAT-431) (NE-761)
  • 1546: (10/24) workload-partitioning: OCPEDGE-808: feat: add ep for cpu limits with workload partitioning (eggfoobar) (OCPEDGE-57)
  • 1563: (9/32) storage: STOR-1759: add enhancement for vSphere driver configuration (RomanBednar) (OCPSTRAT-1094)
  • 1415: (8/383) ingress: NE-1129: Make ingress operator optional on HyperShift (alebedev87) (NE-1129)
  • 1267: (7/241) network: vSphere IPI Support for Static IPs (rvanderp3) (OCPPLAN-9654)
  • 1552: (2/29) microshift: USHIFT-2245: Add router namespace ownership enhancement (pacevedom) (OCPSTRAT-1067)
  • 1537: (1/37) cluster-logging: WIP LOG-4928: Cluster logging v2 APIs (jcantrill)
  • 1440: (1/115) network: OPNET-268: Configure-ovs Alternative (cybertron)

Closed Changes

<PR ID>: (activity this week / total activity) summary

There was 1 Closed pull request:

  • 1558: (8/38) builds: Build: Disable Builder SA (adambkaplan) (BUILD-730)

Idle (no comments for at least 14 days) Changes

<PR ID>: (activity this week / total activity) summary

There were 18 Idle (no comments for at least 14 days) pull requests:

  • 1298: (0/294) monitoring: Metrics collection profiles (JoaoBraveCoding)
  • 1368: (0/65) machine-config: OCPNODE-1525: Support Evented PLEG in Openshift (sairameshv) (OCPNODE-1525)
  • 1424: (0/18) dev-guide: Add a continuous Kubernetes rebase proposal (bertinatto)
  • 1436: (0/253) dns: NE-1325: External DNS Operator support for Shared VPCs (gcs278)
  • 1463: (0/87) network: Mutable dual-stack VIPs (mkowalski) (OCPSTRAT-178) (OPNET-340) (OPNET-80)
  • 1465: (0/276) machine-api: OCPCLOUD-1578: Add enhancement for converting Machine API resource to Cluster API (JoelSpeed)
  • 1468: (0/89) installer: CORS-2062: Customer configured DNS for cloud platforms AWS, Azure and GCP (sadasu) (CORS-1874)
  • 1492: (0/45) update: OTA-1029: Add CVO Log level API (Davoska) (OTA-1029)
  • 1502: (0/80) security: Create tls-artifacts-registry enhancement (vrutkovs) (API-1603)
  • 1506: (0/153) machine-api: [OSD-15261] CPMS: allow automatic vertical scaling. (bergmannf) (OSD-15261)
  • 1509: (0/14) network: SDN-4114: initial iptables-deprecation-alerter proposal (danwinship) (SDN-4114)
  • 1524: (0/39) observability: Add multi-cluster-observability-addon proposal (periklis) (OBSDA-356) (OBSDA-393) (LOG-4539) (OBSDA-489)
  • 1525: (0/126) machine-config: MCO-507: admin defined node disruption policy enhancement (yuqi-zhang) (RFE-4079)
  • 1549: (0/60) etcd: ETCD-514: Add etcd size tuning (dusk125) (ETCD-514)
  • 1556: (0/4) general: OCP cluster pre-upgrades with Leapp (Monnte) (OAMG-10748)

Idle (no comments for at least 14 days) Pull Requests Modifying Existing Documents

  • 1411: (0/37) dev-guide: Add exception to pointer guidance for structs that must be omitted (JoelSpeed)
  • 1446: (0/307) ingress: NE-1366: Revisions for set-delete-http-headers EP (miheer) (NE-982) (RFE-464)
  • 1561: (0/12) guidelines: template: add operating at scale specific considerations (jcaamano)