<PR ID>: (activity this week / total activity) summary
There were 2 Merged pull requests:
-
501: (0/22) cluster-logging: LOG-928: Creating elasticsearch hot warm phase architecture proposal (ewolinetz)
The purpose of this is to increase the configuration for an ES cluster to better optimize indices and cluster priorities and maintain that they can still be queried. This has a potential to improve retention of our logs (but is not our focus). Currently our logs are either maintained as a high priority index or they are deleted. We seek to emulate the back-end process that Elasticsearch makes available in the form of x-pack API end points.
-
552: (2/11) guidelines: Add operational criteria to Enhancement template (jeremyeder)
<PR ID>: (activity this week / total activity) summary
There were 9 Closed pull requests:
- 243: (0/79) general: Enable ProjectRequestLimit on OpenShift 4.x (tkashem)
- 268: (0/1) kube-apiserver: stability: iptables analysis (deads2k)
- 269: (0/1) kube-apiserver: stability: CSR failures resulting in cluster-death (deads2k)
- 280: (0/14) ingress: Add a default ingresscontroller tweak enhancement (ironcladlou)
- 284: (0/0) kube-apiserver: stability: failure detector for kube aggregator (p0lyn0mial)
- 298: (0/5) operators: enhancements/operators/condition-links: Propose a new enhancement (wking)
- 301: (0/4) kube-apiserver: stability: deprecated API checks (deads2k)
- 322: (0/4) containers: Mount another image's filesystem to a container (jwforres)
- 504: (22/62) general: single-node production deployments (dhellmann)
<PR ID>: (activity this week / total activity) summary
There were 3 New pull requests:
-
560: (9/9) general: single-node production deployment approach (dhellmann)
This enhancement describes the approach to deploying single-node production OpenShift instances without using a cluster profile.
A cluster deployed in this way will differ from the default
self-managed-highly-available
cluster profile in several significant ways:- The single node serves as both the cluster’s control plane and as a worker node.
- Many operators will be configured to reduce the footprint of their operands, such as by running fewer replicas.
- In-place upgrades will not be supported by the first iteration of single-node deployments.
One example of this use case is seen in telecommunication service providers implementation of a Radio Access Network (RAN). This use case is discussed in more detail below.
The approach described here is an alternative to using a cluster profile, as was detailed in #504. With a few changes to existing operators that would also be needed for a profile-based approach, and with the high-availability mode API described in #555, it is possible to produce single-node deployments without introducing a new cluster profile.
-
561: (0/0) network: Initial proposal of "allow-from-router" NetworkPolicy (danwinship)
Many users want to create NetworkPolicies that say, effectively, "allow traffic from routers". However, the router can run with one of several different "endpoint publishing strategies", which use the cluster network differently, and when using the
HostNetwork
strategy, the NetworkPolicy-relevant behavior also varies depending on the network plugin in use. This makes it impossible to create an "allow traffic from routers" policy that will work in any cluster. Indeed, in some cases, it is difficult to create such a policy even just for a single cluster, even when you know exactly how the cluster is configured. -
562: (0/0) security: Enhancing SCC to Gate Runtime Classes (haircommander)
Enhance the Openshift SCC with two fields called
AllowRuntimeClasses
andEnsureRuntimeClasses
, which gate users from specifying runtime classes in their Pod requests.
<PR ID>: (activity this week / total activity) summary
There were 7 Active pull requests:
- 555: (24/66) general: cluster capabilities api (dhellmann)
- 524: (10/54) network: New method for providing configurable self-hosted LB/DNS/VIP for on-prem (yboaron)
- 78: (7/65) general: Add OKD-on-FCoS proposal (LorbusChris)
- 518: (6/77) cluster-logging: Enhancement proposal: Forwarding JSON logs. (alanconway)
- 473: (4/190) network: Enable IPsec support in OVNKubernetes (markdgray)
- 357: (4/74) general: Supporting out-of-tree drivers on OpenShift (zvonkok)
- 554: (3/3) general: conventions: Clarify when workload disruption is allowed (smarterclayton)