Skip to content

Commit 5bda4f4

Browse files
committed
this-week: 2024-03-15
1 parent 6302125 commit 5bda4f4

File tree

1 file changed

+186
-0
lines changed

1 file changed

+186
-0
lines changed

this-week/2024-03-15.md

+186
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,186 @@
1+
# This Week in Enhancements - 2024-03-15
2+
3+
*Updates since 2024-03-08*
4+
5+
6+
## Enhancements
7+
8+
### Merged Changes
9+
10+
*<PR ID>: (activity this week / total activity) summary*
11+
12+
There were 7 Merged pull requests:
13+
14+
- [1503](https://github.com/openshift/enhancements/pull/1503): (10/76) cluster-logging: Add LokiStack tokenized auth proposal (periklis) ([OCPSTRAT-6](https://issues.redhat.com/browse/OCPSTRAT-6)) ([OCPSTRAT-171 (AWS STS)](https://issues.redhat.com/browse/OCPSTRAT-171 (AWS STS))) ([OCPSTRAT-114 (Azure WIF)](https://issues.redhat.com/browse/OCPSTRAT-114 (Azure WIF))) ([OCPSTRAT-922 (GCP WIF)](https://issues.redhat.com/browse/OCPSTRAT-922 (GCP WIF))) ([LOG-4540 (AWS & Azure)](https://issues.redhat.com/browse/LOG-4540 (AWS & Azure))) ([LOG-4754 (GCP)](https://issues.redhat.com/browse/LOG-4754 (GCP)))
15+
16+
> Public cloud providers offer services that allow authentication via short-lived tokens assigned to a limited set of privileges. Currently, OpenShift supports provisioning token-based authentication on all public cloud providers via the Cloud Credential Operator (CCO), i.e. AWS STS (4.14.0), Azure (4.14.11) and GCP (4.16.0).
17+
>
18+
> This enhancement enables the Loki Operator to leverage CCO resources (i.e. `CredentialsRequest`) and configure LokiStack instances for object storage access via token-based authentication. This improves the user experience for Red Hat OpenShift Logging users in general (especially on product offerings as ROSA and ARO) and Loki Operator users in particular and makes the approach more seamless
19+
> and unified compared to other Red Hat Operators (e.g. cert manager for Red Hat OpenShift, OADP operator).
20+
21+
- [1531](https://github.com/openshift/enhancements/pull/1531): (16/172) windows-containers: WINC-1174: WinC Disconnected Support (saifshaikh48) ([OCPSTRAT-619](https://issues.redhat.com/browse/OCPSTRAT-619)) ([WINC-936](https://issues.redhat.com/browse/WINC-936))
22+
23+
> The goal of this enhancement is to support Windows Containers in environments with restricted networks where
24+
> hosts are intentionally impeded from reaching the internet, also known as disconnected or "air-gapped" clusters.
25+
> Currently, Windows nodes configured by the [Windows Machine Config Operator](https://github.com/openshift/windows-machine-config-operator)
26+
> (WMCO) rely on `containerd`, the OpenShift-managed container runtime, to pull workload images. Also, the WMCO today
27+
> is required to make an external request outside the cluster's internal network to pull the [pause image](https://kubernetes.io/docs/concepts/windows/intro/#pause-container).
28+
> To support disconnected environments, all images need to be pulled from air-gapped mirror registries, whether that be
29+
> the OpenShift internal image registry or other private registries.
30+
>
31+
> There already exists a protocol for users to publish [registry mirroring configuration](https://docs.openshift.com/container-platform/4.14/openshift_images/image-configuration.html#images-configuration-registry-mirror_image-configuration),
32+
> namely `ImageDigestMirrorSet` (IDMS), `ImageTagMirrorSet` (ITMS) cluster resources.
33+
> These are consumed by OpenShift components like the Machine Config Operator (MCO) to apply the settings to Linux
34+
> control-plane and worker nodes, Windows worker nodes do not currently consume or respect mirror registry settings when
35+
> pulling images. This effort will work to plug feature disparity by making the WMCO aware of mirror registry settings at
36+
> operator install time and reactive during its runtime.
37+
38+
- [1567](https://github.com/openshift/enhancements/pull/1567): (4/12) network: SDN-4154:Add troubleshooting section for upgrades to OVN IC (ricky-rav) ([SDN-3905](https://issues.redhat.com/browse/SDN-3905))
39+
40+
> Allow any upgrade path that proceeds via a 4.13 self-hosted or hypershift-hosted cluster to smoothly upgrade to 4.14, which features OVNK InterConnect (IC) multizone.
41+
42+
- [1581](https://github.com/openshift/enhancements/pull/1581): (3/4) dev-guide: start dev-guide section on adding new components (dhellmann)
43+
44+
#### Merged Pull Requests Modifying Existing Documents
45+
46+
- [1575](https://github.com/openshift/enhancements/pull/1575): (23/35) general: OKD: Switch to using Centos Stream base container images (sdodson)
47+
- [1587](https://github.com/openshift/enhancements/pull/1587): (3/7) dev-guide: WRKLDS-1066: Host port registry: Reserve 9449 port number for cli-manager (ardaguclu)
48+
- [1592](https://github.com/openshift/enhancements/pull/1592): (3/3) housekeeping: add suleymanakbas91 as team lead for edge enablement (dhellmann)
49+
50+
### New Changes
51+
52+
*<PR ID>: (activity this week / total activity) summary*
53+
54+
There were 5 New pull requests:
55+
56+
- [1593](https://github.com/openshift/enhancements/pull/1593): (2/2) ingress: Set EIP for NLB Ingress controller. (miheer)
57+
58+
`do-not-merge/work-in-progress`
59+
60+
> This enhancement allow user to set AWS EIP for the NLB default or custom ingress controller.
61+
> This is a feature request to enhance the IngressController API to be able to support static IPs during:
62+
> - Install time
63+
> - Custom NLB ingress controller creation
64+
> - Reconfiguration of the router.
65+
66+
- [1594](https://github.com/openshift/enhancements/pull/1594): (5/5) network: SDN-4604: Networking: egress IP per destination proposal (martinkennelly) ([SDN-4454](https://issues.redhat.com/browse/SDN-4454))
67+
68+
`jira/valid-reference`
69+
70+
> Today, we can use an `EgressIP` to describe the source IP for a pod if it selected by an `EgressIP` custom resource (CR) selectors. This includes namespace
71+
> and pod selectors. If multiple `EgressIP` CRs select the same set of pods, the behavior is undefined. This is because
72+
> we cannot reliably choose which source IP to use.
73+
>
74+
> This enhancement proposes adding a new selector for when we want to apply the `EgressIP`. This new selector will only apply
75+
> the `EgressIP` as the source IP to a set of pods communicating with destination IP if that destination IP is within predefined network CIDRs.
76+
>
77+
> If the new destination traffic selector is specified for all `EgressIP` CRs that selected a set of pods and the destination networks selected do not overlap, then we
78+
> can allow a set of pods to have multiple source IPs depending on the destination address.
79+
80+
- [1595](https://github.com/openshift/enhancements/pull/1595): (3/3) ingress: NE-705: IngressController subnet selection in AWS (gcs278)
81+
82+
`do-not-merge/work-in-progress, jira/valid-reference`
83+
84+
> This enhancement extends the IngressController API to allow a user to specify
85+
> custom subnets for LoadBalancer-type services for AWS. By default, AWS
86+
> auto-discovers the subnets and has its own logic for tie breaking if there
87+
> are multiple subnets per availability zone. This enhancement will configure
88+
> the `service.beta.kubernetes.io/aws-load-balancer-subnets` annotation on the
89+
> LoadBalance-type service which will manually configure the subnets for
90+
> each availability zone.
91+
>
92+
> it consist in selecting only those subnets which: 1) belong to the VPC of the cluster, 2) belong to the cluster (have kubernetes.io/cluster/{cluster-name} tag), 3) have public or internal ELB role (tagged with kubernetes.io/role/elb or kubernetes.io/role/internal-elb)
93+
94+
- [1596](https://github.com/openshift/enhancements/pull/1596): (49/49) oc: WRKLDS-875: Add oc login external OIDC issuer integration enhancement (ardaguclu) ([WRKLDS-875](https://issues.redhat.com/browse/WRKLDS-875))
95+
96+
`jira/valid-reference`
97+
98+
> This enhancement proposal describes the mechanism for how users can log in to the cluster which relies on external OIDC issuer for authentication in lieu of
99+
> internal OAuth provided by OCP via `oc login`. In order to achieve this, this enhancement proposal adds new command, namely `get-token`, in oc that will serve
100+
> as the built-in credentials exec plugin and additionally OIDC specific flags in `oc login` to support this functionality.
101+
102+
- [1597](https://github.com/openshift/enhancements/pull/1597): (4/4) node-tuning: PSAP-1236: Containerize Tuned (yanirq) ([PSAP-1236](https://issues.redhat.com/browse/PSAP-1236))
103+
104+
`jira/valid-reference`
105+
106+
> The proposed enhancement is to restructure cluster-node-tuning-operator (NTO) to run TuneD from a container (e.g. using podman from a systemd service) instead of running in daemon mode so TuneD will initially set defaults and hand off ownership to other services that apply tunings.
107+
108+
109+
### Active Changes
110+
111+
*<PR ID>: (activity this week / total activity) summary*
112+
113+
There were 24 Active pull requests:
114+
115+
- [1541](https://github.com/openshift/enhancements/pull/1541): (70/284) microshift: USHIFT-2188: introduce microshift API Custom certs (eslutsky) ([USHIFT-2101](https://issues.redhat.com/browse/USHIFT-2101))
116+
- [1569](https://github.com/openshift/enhancements/pull/1569): (67/121) insights: Insights Rapid Recommendations proposal (tremes) ([CCXDEV-12213](https://issues.redhat.com/browse/CCXDEV-12213)) ([CCXDEV-12285](https://issues.redhat.com/browse/CCXDEV-12285))
117+
- [1548](https://github.com/openshift/enhancements/pull/1548): (56/244) microshift: USHIFT-2089: Add router configuration options (pacevedom) ([OCPSTRAT-1069](https://issues.redhat.com/browse/OCPSTRAT-1069))
118+
- [1415](https://github.com/openshift/enhancements/pull/1415): (31/413) ingress: NE-1129: Make ingress operator optional on HyperShift (alebedev87) ([NE-1129](https://issues.redhat.com/browse/NE-1129))
119+
- [1571](https://github.com/openshift/enhancements/pull/1571): (27/74) update: Add Change Management and Maintenance Schedules (jupierce)
120+
- [1585](https://github.com/openshift/enhancements/pull/1585): (25/41) network: SDN-4433: Configurable network diagnostics pod placement (kyrtapz) ([SDN-4433](https://issues.redhat.com/browse/SDN-4433))
121+
- [1588](https://github.com/openshift/enhancements/pull/1588): (20/29) network: Add proposal: communication ingress flows matrix (sabinaaledort) ([TELCOSTRAT-77](https://issues.redhat.com/browse/TELCOSTRAT-77))
122+
- [1465](https://github.com/openshift/enhancements/pull/1465): (19/298) machine-api: OCPCLOUD-1578: Add enhancement for converting Machine API resource to Cluster API (JoelSpeed)
123+
- [1549](https://github.com/openshift/enhancements/pull/1549): (14/80) etcd: ETCD-514: Add etcd size tuning (dusk125) ([ETCD-514](https://issues.redhat.com/browse/ETCD-514))
124+
- [1496](https://github.com/openshift/enhancements/pull/1496): (12/368) machine-config: Managing boot images via the MCO (djoshy)
125+
- [1431](https://github.com/openshift/enhancements/pull/1431): (9/226) ingress: OCPSTRAT-139: Ingress operator dashboard (jotak) ([OCPSTRAT-139](https://issues.redhat.com/browse/OCPSTRAT-139)) ([NETOBSERV-1052](https://issues.redhat.com/browse/NETOBSERV-1052))
126+
- [1515](https://github.com/openshift/enhancements/pull/1515): (7/95) machine-config: on-cluster builds enhancement (cheesesashimi) ([MCO-834](https://issues.redhat.com/browse/MCO-834))
127+
- [1546](https://github.com/openshift/enhancements/pull/1546): (5/28) workload-partitioning: OCPEDGE-808: feat: add ep for cpu limits with workload partitioning (eggfoobar) ([OCPEDGE-57](https://issues.redhat.com/browse/OCPEDGE-57))
128+
- [1583](https://github.com/openshift/enhancements/pull/1583): (4/24) scheduling: WRKLDS-1060: Prevent User Workloads from being scheduled on Control Plane nodes (knelasevero) ([OCPSTRAT-790](https://issues.redhat.com/browse/OCPSTRAT-790)) ([WRKLDS-1015](https://issues.redhat.com/browse/WRKLDS-1015)) ([WRKLDS-1060](https://issues.redhat.com/browse/WRKLDS-1060))
129+
- [1463](https://github.com/openshift/enhancements/pull/1463): (4/91) network: Mutable dual-stack VIPs (mkowalski) ([OCPSTRAT-178](https://issues.redhat.com/browse/OCPSTRAT-178)) ([OPNET-340](https://issues.redhat.com/browse/OPNET-340)) ([OPNET-80](https://issues.redhat.com/browse/OPNET-80))
130+
- [1514](https://github.com/openshift/enhancements/pull/1514): (3/245) ingress: NE-761: Support for admin configured CA trust bundle in Ingress Operator (bharath-b-rh) ([RFE-2182](https://issues.redhat.com/browse/RFE-2182)) ([OCPSTRAT-431](https://issues.redhat.com/browse/OCPSTRAT-431)) ([NE-761](https://issues.redhat.com/browse/NE-761))
131+
- [1524](https://github.com/openshift/enhancements/pull/1524): (2/41) observability: Add multi-cluster-observability-addon proposal (periklis) ([OBSDA-356](https://issues.redhat.com/browse/OBSDA-356)) ([OBSDA-393](https://issues.redhat.com/browse/OBSDA-393)) ([LOG-4539](https://issues.redhat.com/browse/LOG-4539)) ([OBSDA-489](https://issues.redhat.com/browse/OBSDA-489))
132+
- [1502](https://github.com/openshift/enhancements/pull/1502): (2/82) security: Create tls-artifacts-registry enhancement (vrutkovs) ([API-1603](https://issues.redhat.com/browse/API-1603))
133+
- [1553](https://github.com/openshift/enhancements/pull/1553): (1/142) general: HOSTEDCP-1416: Hosted Control Planes ETCD Backup API (jparrill) ([HOSTEDCP-1370](https://issues.redhat.com/browse/HOSTEDCP-1370))
134+
- [1574](https://github.com/openshift/enhancements/pull/1574): (1/3) image-registry: Use Bound Tokens for Integrated Image Registry Authentication (sanchezl)
135+
- [1584](https://github.com/openshift/enhancements/pull/1584): (1/23) insights: Insights Operator: Gather Workload Runtime Info From Containers (jmesnil)
136+
137+
#### Active Pull Requests Modifying Existing Documents
138+
139+
- [1590](https://github.com/openshift/enhancements/pull/1590): (12/13) network: Enhance EgressQoS CR as a generic QoS entity (pperiyasamy) ([SDN-2097](https://issues.redhat.com/browse/SDN-2097)) ([SDN-3152](https://issues.redhat.com/browse/SDN-3152))
140+
- [1589](https://github.com/openshift/enhancements/pull/1589): (4/6) cluster-logging: LOG-5190: Update log forwarding input selector api (jcantrill)
141+
- [1411](https://github.com/openshift/enhancements/pull/1411): (2/39) dev-guide: Add exception to pointer guidance for structs that must be omitted (JoelSpeed)
142+
143+
### Idle (no comments for at least 7 days) Changes
144+
145+
*<PR ID>: (activity this week / total activity) summary*
146+
147+
There were 15 Idle (no comments for at least 7 days) pull requests:
148+
149+
- [1267](https://github.com/openshift/enhancements/pull/1267): (0/241) network: vSphere IPI Support for Static IPs (rvanderp3) ([OCPPLAN-9654](https://issues.redhat.com/browse/OCPPLAN-9654))
150+
- [1368](https://github.com/openshift/enhancements/pull/1368): (0/65) machine-config: OCPNODE-1525: Support Evented PLEG in Openshift (sairameshv) ([OCPNODE-1525](https://issues.redhat.com/browse/OCPNODE-1525))
151+
- [1440](https://github.com/openshift/enhancements/pull/1440): (0/115) network: OPNET-268: Configure-ovs Alternative (cybertron)
152+
- [1528](https://github.com/openshift/enhancements/pull/1528): (0/382) installer: Bootstrapping Clusters with CAPI Infrastructure Providers (patrickdillon)
153+
- [1537](https://github.com/openshift/enhancements/pull/1537): (0/37) cluster-logging: WIP LOG-4928: Cluster logging v2 APIs (jcantrill)
154+
- [1540](https://github.com/openshift/enhancements/pull/1540): (0/95) cluster-logging: Performance-Tuning enhancement proposal. (alanconway) ([OBSDA-549](https://issues.redhat.com/browse/OBSDA-549))
155+
- [1556](https://github.com/openshift/enhancements/pull/1556): (0/7) general: OCP cluster pre-upgrades with Leapp (Monnte) ([OAMG-10748](https://issues.redhat.com/browse/OAMG-10748))
156+
- [1559](https://github.com/openshift/enhancements/pull/1559): (0/50) update: OTA-1209: enhancements/update/channel-rename-generally-available: New enhancement (wking) ([OCPSTRAT-1153](https://issues.redhat.com/browse/OCPSTRAT-1153))
157+
- [1566](https://github.com/openshift/enhancements/pull/1566): (0/42) general: observability: Add logging-stack with UI and korrel8r integration (periklis) ([LOG-5114](https://issues.redhat.com/browse/LOG-5114))
158+
- [1572](https://github.com/openshift/enhancements/pull/1572): (0/9) storage: STOR-1764: Add enhancement for CSI fixes in cloud-provider-azure code (bertinatto) ([STOR-1764](https://issues.redhat.com/browse/STOR-1764))
159+
- [1577](https://github.com/openshift/enhancements/pull/1577): (0/3) machine-config: MCO-1049: Introduces On-Cluster-Build API, machineOSBuild, and machineOSImage (cdoern) ([MCO-665](https://issues.redhat.com/browse/MCO-665))
160+
- [1578](https://github.com/openshift/enhancements/pull/1578): (0/18) api-review: Add ManagedClusterVersion CRD (2uasimojo) ([HIVE-2366](https://issues.redhat.com//browse/HIVE-2366))
161+
- [1582](https://github.com/openshift/enhancements/pull/1582): (0/3) dev-guide: Add explanation of how component-readiness gates .0 releases (deads2k)
162+
163+
#### Idle (no comments for at least 7 days) Pull Requests Modifying Existing Documents
164+
165+
- [1573](https://github.com/openshift/enhancements/pull/1573): (0/8) general: Add a section regarding probes, in particular startupProbe (sdodson)
166+
- [1586](https://github.com/openshift/enhancements/pull/1586): (0/2) microshift: [NO-ISSUE] Specify kube-apiserver behavior when maxsize is 0 (copejon) ([USHIFT-2196](https://issues.redhat.com/browse/USHIFT-2196))
167+
168+
### With lifecycle/stale or lifecycle/rotten Changes
169+
170+
*<PR ID>: (activity this week / total activity) summary*
171+
172+
There were 10 With lifecycle/stale or lifecycle/rotten pull requests:
173+
174+
- [1298](https://github.com/openshift/enhancements/pull/1298): (1/295) monitoring: Metrics collection profiles (JoaoBraveCoding)
175+
- [1424](https://github.com/openshift/enhancements/pull/1424): (1/19) dev-guide: Add a continuous Kubernetes rebase proposal (bertinatto)
176+
- [1436](https://github.com/openshift/enhancements/pull/1436): (1/254) dns: NE-1325: External DNS Operator support for Shared VPCs (gcs278)
177+
- [1468](https://github.com/openshift/enhancements/pull/1468): (1/90) installer: CORS-2062: Customer configured DNS for cloud platforms AWS, Azure and GCP (sadasu) ([CORS-1874](https://issues.redhat.com/browse/CORS-1874))
178+
- [1492](https://github.com/openshift/enhancements/pull/1492): (1/46) update: OTA-1029: Add CVO Log level API (Davoska) ([OTA-1029](https://issues.redhat.com/browse/OTA-1029))
179+
- [1506](https://github.com/openshift/enhancements/pull/1506): (5/158) machine-api: [OSD-15261] CPMS: allow automatic vertical scaling. (bergmannf) ([OSD-15261](https://issues.redhat.com/browse/OSD-15261))
180+
- [1509](https://github.com/openshift/enhancements/pull/1509): (1/15) network: SDN-4114: initial iptables-deprecation-alerter proposal (danwinship) ([SDN-4114](https://issues.redhat.com/browse/SDN-4114))
181+
- [1525](https://github.com/openshift/enhancements/pull/1525): (1/127) machine-config: MCO-507: admin defined node disruption policy enhancement (yuqi-zhang) ([RFE-4079](https://issues.redhat.com/browse/RFE-4079))
182+
183+
#### With lifecycle/stale or lifecycle/rotten Pull Requests Modifying Existing Documents
184+
185+
- [1446](https://github.com/openshift/enhancements/pull/1446): (1/308) ingress: NE-1366: Revisions for set-delete-http-headers EP (miheer) ([NE-982](https://issues.redhat.com/browse/NE-982)) ([RFE-464](https://issues.redhat.com/browse/RFE-464))
186+
- [1561](https://github.com/openshift/enhancements/pull/1561): (1/13) guidelines: template: add operating at scale specific considerations (jcaamano)

0 commit comments

Comments
 (0)