Tuesday, 2018-10-02

« Monday, 2018-10-01 Index Wednesday, 2018-10-03 »
openstackgerritShu Muto proposed openstack/magnum-ui master: Add upper-constraints.txt into post-install  https://review.openstack.org/60706700:10
openstackgerritShu Muto proposed openstack/magnum-ui master: Imported Translations from Zanata  https://review.openstack.org/60331100:18
openstackgerritShu Muto proposed openstack/magnum-ui master: fix tox python3 overrides  https://review.openstack.org/60664800:47
openstackgerritMerged openstack/magnum-ui master: Add upper-constraints.txt into post-install  https://review.openstack.org/60706700:50
openstackgerritShu Muto proposed openstack/magnum-ui master: Add blueprints link in documents  https://review.openstack.org/60630901:00
*** jaewook_oh has joined #openstack-containers01:20
*** hongbin has joined #openstack-containers01:23
*** threestrands_ has joined #openstack-containers01:30
*** threestrands has quit IRC01:33
*** threestrands_ has quit IRC01:43
openstackgerritMerged openstack/magnum-ui master: Imported Translations from Zanata  https://review.openstack.org/60331101:50
openstackgerritMerged openstack/magnum-ui master: Add blueprints link in documents  https://review.openstack.org/60630901:51
*** ricolin has joined #openstack-containers02:12
openstackgerritFeilong Wang proposed openstack/magnum stable/rocky: Fix enable_cloud_provider check  https://review.openstack.org/60708902:31
openstackgerritMerged openstack/magnum-ui master: fix tox python3 overrides  https://review.openstack.org/60664802:36
openstackgerritShu Muto proposed openstack/magnum-ui master: Support api-version when building client  https://review.openstack.org/60495502:53
openstackgerritShu Muto proposed openstack/magnum-ui master: Limit cluster update properties  https://review.openstack.org/60496602:57
openstackgerritShu Muto proposed openstack/magnum-ui master: Display master_flavor_id and flavor_id when updating cluster  https://review.openstack.org/60496702:58
*** dave-mccowan has quit IRC03:07
openstackgerritMerged openstack/magnum-ui stable/pike: Add attributes for cluster to show  https://review.openstack.org/60395603:08
*** hongbin has quit IRC03:15
openstackgerritShu Muto proposed openstack/magnum-ui master: Use initial maps for supported network and volume drivers  https://review.openstack.org/60709504:20
openstackgerritMerged openstack/magnum-ui master: Support Calico as network driver for k8s  https://review.openstack.org/60396604:26
openstackgerritMerged openstack/magnum-ui master: Disable rotate certificate  https://review.openstack.org/60396304:30
openstackgerritMerged openstack/magnum-ui master: Limit cluster update properties  https://review.openstack.org/60496604:35
*** pcaruana has joined #openstack-containers04:36
*** pcaruana has quit IRC04:43
openstackgerritMerged openstack/magnum-ui master: Support api-version when building client  https://review.openstack.org/60495504:47
openstackgerritMerged openstack/magnum-ui master: Display master_flavor_id and flavor_id when updating cluster  https://review.openstack.org/60496704:47
openstackgerritMerged openstack/magnum-ui master: Use initial maps for supported network and volume drivers  https://review.openstack.org/60709504:50
openstackgerritMerged openstack/magnum stable/rocky: Fix enable_cloud_provider check  https://review.openstack.org/60708905:10
*** Namrata has joined #openstack-containers06:19
*** dims has quit IRC06:38
NamrataHi folks, I created a magnum managed kubernetes cluster but `https://flaoting_ip_of_master:6443/ui` gives me {   "kind": "Status",   "apiVersion": "v1",   "metadata": {        },   "status": "Failure",   "message": "no endpoints available for service \"kubernetes-dashboard\"",   "reason": "ServiceUnavailable",   "code": 503 }06:39
Namratacan anybody help me to solve this issue?06:40
*** dims has joined #openstack-containers06:44
*** dims has quit IRC06:48
*** dims has joined #openstack-containers06:51
*** rcernin has quit IRC07:01
*** pcaruana has joined #openstack-containers07:01
*** suanand has joined #openstack-containers07:03
openstackgerritSpyros Trigazis proposed openstack/magnum stable/rocky: [k8s] Add new label `service_cluster_ip_range`  https://review.openstack.org/60710707:11
openstackgerritSpyros Trigazis proposed openstack/magnum stable/rocky: [k8s] Set order in kubemaster software deployments  https://review.openstack.org/60710807:12
openstackgerritSpyros Trigazis proposed openstack/magnum stable/rocky: Remove the last slash of extra_params['auth_url']  https://review.openstack.org/60710907:14
openstackgerritFeilong Wang proposed openstack/magnum stable/rocky: Remove the last slash of extra_params['auth_url']  https://review.openstack.org/60710907:29
*** serlex has joined #openstack-containers07:43
*** mattgo has joined #openstack-containers07:50
*** ricolin has quit IRC08:00
NamrataHi after succesfull creation of coe cluster `kubectl describe pods --namespace=kube-system kubernetes-dashboard` gives http://paste.openstack.org/show/731233/08:19
Namrataand kubectl describe nodes is empty08:19
Namratahow to have access to kubernetes dashboard08:20
*** ttsiouts has joined #openstack-containers08:51
*** ykarel has joined #openstack-containers08:53
*** ttsiouts has quit IRC09:00
*** ttsiouts has joined #openstack-containers09:02
*** flwang1 has joined #openstack-containers09:18
*** salmankhan has joined #openstack-containers09:21
*** ykarel is now known as ykarel|away09:22
*** ttsiouts has quit IRC10:01
*** ttsiouts has joined #openstack-containers10:03
*** ricolin has joined #openstack-containers10:05
flwang1strigazi: hello10:15
strigaziflwang1: hello10:17
flwang1strigazi: sync for stable/rocky?10:19
strigaziflwang1: yes, about cherry-picks10:19
strigazifrom the log here:10:19
strigazihttps://git.openstack.org/cgit/openstack/magnum/log/10:20
flwang1strigazi: sorry for the rush approve for https://review.openstack.org/60708910:20
flwang1it's breaking our env10:20
strigazinp10:20
strigaziflwang1: I think we need also all off them apart from CI changes10:21
strigaziflwang1: I can propose them and you merge?10:21
flwang1no problem10:21
strigaziI'll make a list quickly now10:21
flwang1sure10:22
strigazigive me 5'10:22
flwang1strigazi: btw, we have tested magnum on our pre-production env, no major problem10:22
flwang1there are some cases failed, but probably because our preprod env10:23
flwang1we probably deploy it on prod in this week or early next week10:23
*** ykarel|away has quit IRC10:26
strigaziflwang1: http://paste.openstack.org/show/731239/10:31
strigaziI'll cherry-pick with gerrit and then stack them with gerrit again. Otherwise I can create a branch quickly locally and push. The commit applly cleanly10:32
strigaziflwang1: thoughts?10:33
flwang1do you want to cherry pick all of them in the list?10:33
flwang1some patches are not necessary IMHO10:33
strigazilike which one?10:34
strigazikubelet in the master node we need it for flannel to be followed by: https://review.openstack.org/#/c/597150/10:35
*** ykarel|away has joined #openstack-containers10:35
flwang1like https://git.openstack.org/cgit/openstack/magnum/commit/?id=a400ea7980938714625437a18e53d6c8a5149e5210:36
flwang1and https://git.openstack.org/cgit/openstack/magnum/commit/?id=32f805676d0ec88f40efe299c8d57a52b9e3daaa10:36
flwang1https://git.openstack.org/cgit/openstack/magnum/commit/?id=4f121e50c547abee195e30ce4aef588f71f509ee in queens but not in rocky      --- I don't really understand why it's in queens but not in rocky10:38
flwang110:38
strigazioh, I picked the patch from the bot? we must not pick that one10:38
strigazia400ea7980938714625437a18e53d6c8a5149e52 we must not cherry-pick10:38
strigazi32f805676d0ec88f40efe299c8d57a52b9e3daaa is doc changes, I don't mind if we leave it behind10:39
flwang1and we wont' cherry-pick this https://git.openstack.org/cgit/openstack/magnum/commit/?id=7d4d22b901b7b88a8c00305d69f96694e39c421e10:39
strigaziflwang1: for https://git.openstack.org/cgit/openstack/magnum/commit/?id=4f121e50c547abee195e30ce4aef588f71f509ee see  https://review.openstack.org/#/q/Icb8e7c3b8c75a3ab087c818c8580c0c8a9111d3010:39
strigazihttps://git.openstack.org/cgit/openstack/magnum/commit/?id=7d4d22b901b7b88a8c00305d69f96694e39c421e same category as 32f805676d0ec88f40efe299c8d57a52b9e3daaa10:40
flwang1oh, no10:40
strigazilets see them here: https://etherpad.openstack.org/p/magnum-rocky-cherry-picks10:41
flwang1that's my fault, in openstack world, we don't allow cross release cherry-pick10:41
flwang1we have to cherry-pick patch from master to rocky and then to queens10:41
strigaziI updated the list in the etherpad10:42
openstackgerritFeilong Wang proposed openstack/magnum stable/rocky: [k8s] Add proxy to master and set cluster-cidr  https://review.openstack.org/60715010:44
strigaziflwang1: I propose to take them in order now10:44
strigazias they went into master10:45
flwang1cool10:45
Namrataflwang1: strigazi can you help me resolving the issue of kubernetes dashboard after (queens) after successful creation of cluster when I try https://floatiing_ip_of_master:6443/ui it gives me {   "kind": "Status",   "apiVersion": "v1",   "metadata": {        },   "status": "Failure",   "message": "no endpoints available for service \"kubernetes-dashboard\"",   "reason": "ServiceUnavailable",   "code": 503 }10:52
flwang1you probably need to check the log of kube dashboard10:53
Namratassh into the master node and `kubectl describe pods --namespace=kube-system kubernetes-dashboard` gives me http://paste.openstack.org/show/731242/10:54
flwang1and i would suggest use kube proxy to access the dashboard10:54
Namratano nodes available to schedule pods10:54
flwang1Namrata: so you already got the your answer10:54
Namrataflwang1: how to resolve this10:55
flwang1Namrata: you need to check the cpu, ram your pod requesting and  check why it's failed for scheduling,  better to check kube scheduler's log10:56
Namrataokay will try digging up into it10:56
*** suanand has quit IRC10:59
*** dave-mccowan has joined #openstack-containers11:02
*** ttsiouts has quit IRC11:03
*** ttsiouts has joined #openstack-containers11:03
*** ttsiouts has quit IRC11:08
openstackgerritSpyros Trigazis proposed openstack/magnum stable/rocky: [k8s] Add new label `service_cluster_ip_range`  https://review.openstack.org/60710711:09
openstackgerritSpyros Trigazis proposed openstack/magnum stable/rocky: [k8s] Set order in kubemaster software deployments  https://review.openstack.org/60710811:09
openstackgerritSpyros Trigazis proposed openstack/magnum stable/rocky: Remove the last slash of extra_params['auth_url']  https://review.openstack.org/60710911:09
openstackgerritSpyros Trigazis proposed openstack/magnum stable/rocky: [k8s] Add proxy to master and set cluster-cidr  https://review.openstack.org/60715011:09
openstackgerritSpyros Trigazis proposed openstack/magnum stable/rocky: Fixing CoreOS driver  https://review.openstack.org/60715311:09
openstackgerritSpyros Trigazis proposed openstack/magnum stable/rocky: Fix unit test failure with python3.6  https://review.openstack.org/60715411:09
openstackgerritSpyros Trigazis proposed openstack/magnum stable/rocky: [k8s] Add kubelet to the master nodes  https://review.openstack.org/60715511:09
openstackgerritSpyros Trigazis proposed openstack/magnum stable/rocky: Add prometheus & grafana container image tags  https://review.openstack.org/60715611:09
openstackgerritSpyros Trigazis proposed openstack/magnum stable/rocky: Make X-Subject-Token search case unsensitive  https://review.openstack.org/60715711:09
flwang1the commit message of https://review.openstack.org/#/c/607150/ looks not correct11:12
flwang1strigazi: ^11:13
*** ttsiouts has joined #openstack-containers11:13
strigaziflwang1: it includes the queens commit-id, I'll remove it11:15
flwang1strigazi: thank you11:15
openstackgerritSpyros Trigazis proposed openstack/magnum stable/rocky: [k8s] Add proxy to master and set cluster-cidr  https://review.openstack.org/60715011:24
openstackgerritSpyros Trigazis proposed openstack/magnum stable/rocky: Fixing CoreOS driver  https://review.openstack.org/60715311:24
openstackgerritSpyros Trigazis proposed openstack/magnum stable/rocky: Fix unit test failure with python3.6  https://review.openstack.org/60715411:24
openstackgerritSpyros Trigazis proposed openstack/magnum stable/rocky: [k8s] Add kubelet to the master nodes  https://review.openstack.org/60715511:24
openstackgerritSpyros Trigazis proposed openstack/magnum stable/rocky: Add prometheus & grafana container image tags  https://review.openstack.org/60715611:24
openstackgerritSpyros Trigazis proposed openstack/magnum stable/rocky: Make X-Subject-Token search case unsensitive  https://review.openstack.org/60715711:24
*** ttsiouts has quit IRC11:25
openstackgerritSpyros Trigazis proposed openstack/magnum master: [k8s] Make flannel self-hosted  https://review.openstack.org/59715011:30
*** ykarel|away has quit IRC11:49
*** ykarel has joined #openstack-containers11:50
*** ykarel is now known as ykarel|away12:08
*** ttsiouts has joined #openstack-containers12:10
Namrataflwang1: I have checked that machine has enough storage and I only see connection refused error in scheduler log12:13
brtknrstrigazi: how easy is it to upgrade k8s on an existing cluster?12:15
*** ykarel|away has quit IRC12:19
Namrataflwang1: my kube scheduler log: http://paste.openstack.org/show/731246/12:20
flwang1Namrata: seems your kube-apiserver is not in health status12:22
Namrataflwang1: so should I dig up in apiserver logs12:26
*** mattgo has quit IRC12:28
Namrataflwang1: I see TLS handsake error here in apiserver logs http://paste.openstack.org/show/731249/12:34
*** Bhujay has joined #openstack-containers12:36
flwang1did you create the cluster with magnum?12:42
Namrataflwang1: yes with magnum12:42
flwang1pls tell me more, version?12:42
Namratamagnum (6.1.2.dev8)12:44
Namrataand kubectl version if you are asking v1.9.312:44
*** yolanda has quit IRC12:45
flwang16.1.2 is queens, IIRC12:45
flwang1then better check your cloud-init-output.log12:45
Namratayes12:45
Namrataflwang1: http://paste.openstack.org/show/731250/ cloud-init-output.log in master node does not contain any error and seems okay12:52
Namrataand it has TLS_DISABLED=False12:52
*** jaewook_oh has quit IRC12:53
*** pcaruana has quit IRC12:57
*** ttsiouts has quit IRC13:23
*** pcaruana has joined #openstack-containers13:27
*** ttsiouts has joined #openstack-containers13:33
*** Namrata_ has joined #openstack-containers13:36
*** Namrata has quit IRC13:38
*** hongbin has joined #openstack-containers13:57
*** mattgo has joined #openstack-containers13:57
*** ttsiouts has quit IRC13:58
openstackgerritMerged openstack/magnum stable/rocky: [k8s] Add new label `service_cluster_ip_range`  https://review.openstack.org/60710714:07
openstackgerritMerged openstack/magnum stable/rocky: [k8s] Set order in kubemaster software deployments  https://review.openstack.org/60710814:07
openstackgerritMerged openstack/magnum stable/rocky: Remove the last slash of extra_params['auth_url']  https://review.openstack.org/60710914:07
*** ttsiouts has joined #openstack-containers14:12
openstackgerritMerged openstack/magnum stable/rocky: [k8s] Add proxy to master and set cluster-cidr  https://review.openstack.org/60715014:15
openstackgerritMerged openstack/magnum stable/rocky: Fixing CoreOS driver  https://review.openstack.org/60715314:15
openstackgerritMerged openstack/magnum stable/rocky: Fix unit test failure with python3.6  https://review.openstack.org/60715414:15
openstackgerritMerged openstack/magnum stable/rocky: [k8s] Add kubelet to the master nodes  https://review.openstack.org/60715514:38
*** ttsiouts has quit IRC14:46
openstackgerritMerged openstack/magnum stable/rocky: Add prometheus & grafana container image tags  https://review.openstack.org/60715614:46
openstackgerritMerged openstack/magnum stable/rocky: Make X-Subject-Token search case unsensitive  https://review.openstack.org/60715714:46
*** ttsiouts has joined #openstack-containers15:00
openstackgerritSpyros Trigazis proposed openstack/magnum master: Add swarm-mode labels for networking  https://review.openstack.org/60728315:07
*** dave-mccowan has quit IRC15:27
*** dave-mccowan has joined #openstack-containers15:28
*** ttsiouts has quit IRC15:42
*** serlex has quit IRC16:05
*** Bhujay has quit IRC16:12
*** Namrata_ has quit IRC16:29
*** mattgo has quit IRC17:15
*** salmankhan has quit IRC17:16
*** spiette has quit IRC17:26
*** spiette has joined #openstack-containers17:29
*** spiette has quit IRC17:29
*** spiette has joined #openstack-containers17:38
*** openstackgerrit has quit IRC17:51
*** pcaruana has quit IRC18:02
*** ricolin has quit IRC18:05
*** flwang1 has quit IRC18:33
*** imdigitaljim has joined #openstack-containers19:07
*** spiette has quit IRC19:18
*** spiette has joined #openstack-containers19:21
*** dave-mccowan has quit IRC19:41
*** openstackgerrit has joined #openstack-containers19:41
openstackgerritErik Olof Gunnar Andersson proposed openstack/magnum master: Trivial code cleanups  https://review.openstack.org/60190419:41
*** dave-mccowan has joined #openstack-containers20:30
*** dave-mccowan has quit IRC20:36
*** ttsiouts has joined #openstack-containers20:55
strigazi#startmeeting containers21:00
openstackMeeting started Tue Oct  2 21:00:38 2018 UTC and is due to finish in 60 minutes.  The chair is strigazi. Information about MeetBot at http://wiki.debian.org/MeetBot.21:00
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.21:00
*** openstack changes topic to " (Meeting topic: containers)"21:00
openstackThe meeting name has been set to 'containers'21:00
strigazi#topic Roll Call21:00
*** openstack changes topic to "Roll Call (Meeting topic: containers)"21:00
strigazio/21:00
brtknro/21:00
imdigitaljimo/21:00
strigaziThanks for joining the meeting brtknr imdigitaljim21:02
*** schaney has joined #openstack-containers21:02
strigazi#topic Announcements21:02
*** openstack changes topic to "Announcements (Meeting topic: containers)"21:02
brtknrglad to be finally joining!21:02
openstackgerritTheodoros Tsioutsias proposed openstack/magnum-specs master: [WIP] Instoduce magnum nodegroups  https://review.openstack.org/60736321:02
ttsioutso/21:02
strigaziWe cherry-picked a couple of patches in rocky with flwang https://review.openstack.org/#/q/status:merged+project:openstack/magnum+branch:stable/rocky21:03
strigaziand btw the ttsiouts pushed a WIP of the nodegroups spec just now, as you can see.21:03
strigaziand btw ttsiouts pushed a WIP of the nodegroups spec just now, as you can see.21:03
ttsioutsIt's really a WIP21:03
strigazino worries, thanks21:04
ttsioutsI need to update the patches also..21:04
strigaziregarding the cherry-picks,21:04
cbrummo/21:05
strigaziwe want the self-hosted flannel patch in too and me and me and flwang will push for the health check patch too,21:05
strigazihey cbrumm21:05
strigazi#topic Stories/Tasks21:06
*** openstack changes topic to "Stories/Tasks (Meeting topic: containers)"21:06
strigaziApart from the cherry-picks and the release that will follow them, I only have two patches for swarm-mode21:07
colin-sorry i'm late21:08
strigaziI pushed one to allow the configuration of the overlay networks cidr, probable brtknr is interested21:08
strigazicolin-: o/21:08
strigazis/probable/probably/21:08
strigaziand one more to set the socket where dockerd listens to. Set it to /var/run/docker.sock21:09
strigazithis last one, came up after our L1TF reboots21:10
strigazidocker didn't start21:10
strigaziit couldn't create the socket on boot21:10
*** ttsiouts has quit IRC21:10
*** ttsiouts has joined #openstack-containers21:11
strigaziThat is all from me for last week21:11
imdigitaljimwe've got our openstack cluster auto scaler poc working well and we auto deploy services (dash, prom, etc) with a remote helm in the cluster creation, we've also been heavily weighing in on a new data flow pattern for bootstrapping.21:11
imdigitaljimthe new pattern could easily be staged for supporting the old version and new version together21:12
strigaziI didn't get the last part, what new flow21:12
imdigitaljimto take some burden off the cloud-init user_data (which we are capping out)21:12
imdigitaljimstrigazi its similar to some of the data flow we discussed in cern21:13
strigazifor prom, dash, coredns, calico we aren not using cloud-init21:14
imdigitaljimyeah we are not either21:14
strigaziok, got it21:14
imdigitaljimsorry that was like a word vomit of things21:14
imdigitaljim3 things not 221:14
strigazideploy services with helm pointing to a remote repo21:14
imdigitaljim1) autoscaler 2) deploying services with helm instead of software deployments 3) considering redesign to reduce cloud-init payload and decouple the dynamic magnum template data21:15
strigaziI get the insentive for helm, but cloud-init is not an issue since queens21:16
imdigitaljimhow so?21:16
strigazisoftware deployments are not bound by the user_data limit in nova21:17
strigaziwe can have as many SD as we wont21:17
strigaziwe can have as many SD as we want21:17
strigazino?21:17
strigaziyou reached a limit?21:17
imdigitaljimi suppose the heat-container has issues with certain SDs21:18
imdigitaljimif you wanted to do everything via SD21:18
imdigitaljimwe'll need to revisit the heat container21:18
strigaziif there is a limit we can look into it. deploying anything with the k8s API is not an issue.21:19
imdigitaljimits not a limit21:20
imdigitaljimits the extent of what the heat container has access to use21:20
imdigitaljimon the host OS21:20
imdigitaljimsince they heat-agent is atomic mounted into the host OS21:20
imdigitaljimthere are permissions issues, binaries unreachable, etc21:21
imdigitaljimdue to mounting21:21
strigazithis model has not limits: https://review.openstack.org/#/c/561858/1/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh@1621:21
strigazis/not/no21:21
strigaziit is like ansible21:22
imdigitaljim:) not entirely21:22
strigaziDo you have a use case in mind?21:22
imdigitaljimhttps://github.com/openstack/magnum/blob/master/magnum/drivers/common/image/heat-container-agent/config.json.template#L2521:23
imdigitaljimanything that doesnt fall here21:23
imdigitaljimin the hostOS21:23
strigaziin the patch I sent the heat-agent is talking to the host over ssh.21:24
strigaziso any binary is reachable21:24
imdigitaljimwell check it out21:24
strigaziin the line that I shared it creates inodes in the host's fs21:25
strigaziimdigitaljim: you're typing?21:27
imdigitaljimno21:27
imdigitaljimim checking out the PR21:27
imdigitaljimwe can move on!21:27
imdigitaljimthanks for the info on the PR21:27
*** ttsiouts has quit IRC21:27
strigaziok, if you have a concern with the heat-agent please share21:28
*** ttsiouts has joined #openstack-containers21:28
strigazibrtknr: you have something?21:28
strigazibrtknr: Are you still there?21:32
strigaziI don't have anything else to add, so21:32
colin-nothing from me but i'm still here :)21:32
strigaziimdigitaljim and @all have a look in ttsiouts WIP on nodegroups21:32
strigazicolin-: :)21:33
imdigitaljimyeah thats looking imo21:33
ttsioutsimdigitaljim: there are still lots of changes especially in the patch but you can get the general idea from the spec21:33
imdigitaljimwe should be able to support testing it out as well21:34
ttsioutsawesome!21:34
ttsioutsthanks a lot!!!21:34
imdigitaljimnp!21:34
imdigitaljimgood work!21:34
ttsiouts:D21:35
strigazilet's wrap then?21:36
strigazisaid once21:37
strigazisaid twice21:37
strigazisee you in the channel or next week :)21:38
ttsioutsbye!21:38
strigazi#endmeeting21:38
*** openstack changes topic to "OpenStack Containers Team"21:38
openstackMeeting ended Tue Oct  2 21:38:37 2018 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)21:38
openstackMinutes:        http://eavesdrop.openstack.org/meetings/containers/2018/containers.2018-10-02-21.00.html21:38
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/containers/2018/containers.2018-10-02-21.00.txt21:38
openstackLog:            http://eavesdrop.openstack.org/meetings/containers/2018/containers.2018-10-02-21.00.log.html21:38
imdigitaljimsee ya!21:39
strigaziimdigitaljim: if you need to address an issue with the heat-agent ping me, here or pm :)21:40
imdigitaljimyeah sounds good!21:41
imdigitaljimi overlooked the ssh approach at first i didnt notice the changes here https://review.openstack.org/#/c/561858/1/magnum/drivers/common/templates/kubernetes/fragments/start-container-agent.sh21:41
imdigitaljimso yes like ansible, you're right :)21:41
imdigitaljimwe'll have to feel out this ssh approach vs design change with bigger picture in mind21:42
strigaziI had this with upgrading syscontainers21:42
imdigitaljimyeah?21:42
strigazisyscontainers need to create hard link in the fs, so you need to be in the same fs namespace21:42
strigazihence the ssh approach21:43
imdigitaljimstill a useful approach21:44
strigazidiscussing what we can deploy with the heat-agent then is matter of choice not a limitation21:44
strigaziI'll push a patch to add helm too, the binary21:44
imdigitaljimwhich is good21:45
strigazioh, actually, I want to ask you about it21:45
imdigitaljimsure21:45
imdigitaljimpm's or here21:45
imdigitaljimim available21:45
strigaziI was thiking that we can create an svc account21:45
strigaziin the default k8s ns for users to use not in kube-system with the cluster role21:46
strigazihave you tried that?21:46
imdigitaljimyeah a few21:47
imdigitaljimns's21:47
strigazieach ns to have each own tiller21:47
strigaziohhg, s/each/its/ sorry it is late21:48
imdigitaljimapiVersion: v121:48
imdigitaljimkind: ServiceAccount21:48
imdigitaljimmetadata:21:48
imdigitaljim  name: tiller21:48
imdigitaljim  namespace: kube-system21:48
imdigitaljim---21:48
imdigitaljimkind: ClusterRoleBinding21:48
imdigitaljimapiVersion: rbac.authorization.k8s.io/v121:48
imdigitaljimmetadata:21:48
imdigitaljim  name: tiller-cluster-rule21:48
imdigitaljimroleRef:21:48
imdigitaljim  apiGroup: rbac.authorization.k8s.io21:48
imdigitaljim  kind: ClusterRole21:48
imdigitaljim  name: cluster-admin21:48
imdigitaljimsubjects:21:48
imdigitaljim- kind: ServiceAccount21:48
imdigitaljim  name: tiller21:48
imdigitaljim  namespace: kube-system21:48
imdigitaljimyeah you could kind of template this stuff21:48
imdigitaljimand apply that for more ns's21:48
imdigitaljimbut you'd only need this if you want varying levels of access21:49
imdigitaljimbut i suppose if you have multiple users with varying level of usage in varying ns's you could definitely have a tiller for each locked down21:49
imdigitaljima neat idea for sure21:50
strigaziyes, we could deploy prom or even the cni with helm in their own ns and user should use tiller in other nses21:50
imdigitaljimyeah21:50
imdigitaljimthats definitely a cluster/tenant/organization specific configuration but you could do it that21:51
imdigitaljimway21:51
imdigitaljimoh also have you noticed/considered that the software deployments deploy in alphabetical order of their software config resource in heat queens21:52
imdigitaljim(it might require you update the template version to queens as well to be noticed if you havent seen this)21:53
strigaziimdigitaljim: https://review.openstack.org/#/c/607108/21:54
strigazithis patch sets the order ^^21:55
imdigitaljimalternatively you could use deterministic lexicographic naming of the resources instead of the depends_on21:57
imdigitaljimeg   000_myfirstthing 001_mysecondthing 002_mythirdthing21:58
imdigitaljimso its more visibly apparent of the order21:58
strigazidepends on VS 00X should have the same result22:02
strigaziI got to go, see you tmr22:02
strigazibye22:02
*** ttsiouts has quit IRC22:04
*** hongbin has quit IRC23:02
*** rcernin has joined #openstack-containers23:59
« Monday, 2018-10-01 Index Wednesday, 2018-10-03 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!