2022-06-24.md

This Week in Enhancements - 2022-06-24

Updates since 2022-06-10

Enhancements for Release Priorities

Prioritized Merged Changes

<PR ID>: (activity this week / total activity) summary

There was 1 Prioritized Merged pull request:

• 1125: (13/61) agent-installer: AGENT-40: Enhancement for generating admin kubeconfig (zaneb) (AGENT-40)

  We will generate the admin kubeconfig file in the agent installer at the same time as the agent ISO. The CA keys used to sign the client certificate in the kubeconfig will be added to the ISO and eventually installed into the cluster so that the credentials in the admin kubeconfig will be accepted.

Other Enhancements

Other Merged Changes

<PR ID>: (activity this week / total activity) summary

There were 7 Other Merged pull requests:

• 981: (3/166) general: Added proposal for HyperShift monitoring. (bwplotka) (MON-1877)

  This proposal aims to figure our monitoring case of HyperShift topology. There are three important parts of this proposal:

  For HyperShift Admin, we propose to extract metric storage, alerting and querying for Clusters managed by HyperShift to a separate service that can be scaled, deployed and managed in a decoupled mode. This will allow robust multi-cluster, fleet monitoring with best experience possible for cluster admins. This means SD org, running managed HyperShift will use the RHOBS managed by Observability Group and AppSRE. Metrics from control planes of hosted clusters will be shipped thanks to Monitoring Stacks.

  The data plane part of guest clusters requires changes too. In terms of feature parity for users custom or UWM monitoring and HPA we propose to deploy unchanged CMO for smallest changes possible. We also propose using CMO path to gather and send needed monitoring data for HyperShift Admin to RHOBs as well as data-plane telemetry through the usual path.

• 1066: (6/49) dev-guide: Document the various event files produced by CI (DennisPeriquet)

• 1127: (44/53) general: Proposal for hiding container mountpoints from systemd (lack) (CNF-5326)

  The current implementation of Kubelet and CRI-O both use the top-level namespace for all container and Kubelet mountpoints. However, moving these container-specific mountpoints into a private namespace reduced systemd overhead with no difference in functionality.

Other Merged Pull Requests Modifying Existing Documents

• 1145: (6/9) authentication: enh/auth/login-logout-events:update implementation (ibihim)
• 1146: (3/3) console: CONSOLE-3159: Annotation update (jhadvig)
• 1155: (31/31) dev-guide: [OCPCLOUD-1512] Add section to API conventions to discuss discriminated unions (JoelSpeed)
• 1160: (4/4) general: Clarified documentation expectations for hide-container-mountpoints enhancement (lack) (CNF-5326)

Other New Changes

<PR ID>: (activity this week / total activity) summary

There were 7 Other New pull requests:

• 1153: (23/23) update: Enhancement to refine ClusterVersion history pruning (jottofar) (OTA-664)

  lgtm, approved, do-not-merge/hold

  CVO currently maintains a 50 entry queue of installed versions. Once the queue is full CVO simply removes the first added entry. The intent of the pruner as modified by this [commit][commit] was to remove the first added partial update entry, if one exists, otherwise to simply remove the first entry. Even once [rhbz#2097067][rhbz-2097067] is fixed this can result in the removal of useful cluster version information such as the initial installed version. Because some things such as install-time infrastructure depend on the initial version, we want to preserve that entry. There are additional history entries which should be given preference when determining which entry to remove. This enhancement defines a more intelligent history pruning algorithm with the goal of keeping the more informative history entries, as defined below. In addition, the history queue will be expanded to 100 entries.

• 1158: (60/60) general: Ingress node firewall support using eBPF proposal (msherif1234) (SDN-2781)

  OCP customers would like to secure OCP's nodes from external DDoS attacks by configuring ingress firewall policies. eBPF provides very flexible filtering mechansim to allow early detection and filtering for a wide range of protocols IPv4/IPv6/ICMP/TCP/UDP/ICMPv6/SCTP.

  New cluster scoped CRD IngressNodeFirewall will be used to configure node ingress firewall match rules and a per matching rule statistics will be avaliable.

Other New Pull Requests Modifying Existing Documents

• 1152: (16/16) storage: Add enhancement change for disabling SC creation (gnufied)
• 1156: (13/13) dev-guide: [OCPCLOUD-1575] Add section to API conventions to introduce motivation (JoelSpeed)
• 1157: (21/21) windows-containers: [WINC] Services CM data transfer to WICD bootstrap (saifshaikh48)
• 1159: (7/7) dns: Bug 2088606: Update DNS-over-TLS proposal (brandisher) (NE-703)
• 1161: (4/4) cluster-logging: NO-JIRA: Fix tab/space problems in document. (alanconway)

Other Active Changes

<PR ID>: (activity this week / total activity) summary

There were 11 Other Active pull requests:

• 1148: (16/17) installer: This proposal describes how we would add a new field to the install-config during installation to set the load balancer type in AWS either to NLB or ELB. (miheer) (NE-942)
• 1014: (7/438) multi-arch: Heterogeneous architecture clusters (Prashanth684) (RFE-2240) (OCPPLAN-4577)
• 1133: (6/32) general: Guidelines for the use of eBPF in OCP (danwinship)
• 1064: (4/67) network: Add enhancement proposal for SDN live migration (pliurh) (SDN-2612)
• 1126: (2/51) cluster-logging: Logs-based alerts (periklis) (LOG-2510)
• 1121: (2/6) general: Observability Query Language (preliminary draft, incomplete) (alanconway)
• 811: (2/92) network: Enhancement proposal for OVN secondary networks (maiqueb)
• 745: (2/141) security: Security Profiles Operator integration in OpenShift (JAORMX)

Other Active Pull Requests Modifying Existing Documents

• 1149: (21/21) api-review: Update aws user tag enhancement for GA (TrilokGeer)
• 1150: (8/21) general: User experience workflow in OCP CoreOS Layering model (sinnykumari) (GRPA-4059) (MCO-165)
• 1147: (2/8) api-review: Follow up migirate from icsp to idms (QiWang19)

Other Closed Changes

<PR ID>: (activity this week / total activity) summary

There were 2 Other Closed pull requests:

• 1005: (2/117) general: Non-disruptive upgrades in DPU clusters (danwinship) (SDN-2603)
• 1057: (2/133) installer: Enhancement for enabling 4-node cluster deployments as a day0 operation (flaper87)

Idle (no comments for at least 14 days) Changes

<PR ID>: (activity this week / total activity) summary

There were 7 Idle (no comments for at least 14 days) pull requests:

• 1106: (0/23) storage: OpenStack Cinder CSI Driver Operator Configurability (stephenfin) (OSASINFRA-2857)
• 1114: (0/155) ingress: [NE-568] Add option to manage DNS to ingresscontrollers (thejasn) (CFEPLAN-58)
• 1134: (0/55) installer: adding gcp-ipi-shared-vpc (jstuever) (CORS-1774)
• 1139: (0/2) dns: NE-927: CoreDNS Cache Tuning Enhancement Proposal (brandisher)

Idle (no comments for at least 14 days) Pull Requests Modifying Existing Documents

• 1102: (0/9) network: Dual stack VIPs: Add rules for openshift/api fields on upgrades (creydr) (SDN-2213)
• 1107: (0/19) ingress: Update enhancement for aws-load-balancer-operator (thejasn) (CFEPLAN-39)
• 1138: (0/17) etcd: Added several removing items else machine creation will fail (geliu2016)

With lifecycle/stale or lifecycle/rotten Changes

<PR ID>: (activity this week / total activity) summary

There were 4 With lifecycle/stale or lifecycle/rotten pull requests:

• 918: (1/211) installer: vsphere: add multiple datacenter and clusters (jcpowermac)
• 1104: (2/16) olm: enhancements/olm: Recursive ClusterOperators (wking)
• 1131: (2/19) .github: add a PR template for enhancements (kikisdeliveryservice)

With lifecycle/stale or lifecycle/rotten Pull Requests Modifying Existing Documents

• 1129: (2/26) general: Adding more priority labels (LalatenduMohanty)