Tuesday, 2018-11-20

« Monday, 2018-11-19 Index Wednesday, 2018-11-21 »
*** flwang has joined #openstack-containers02:42
*** ykarel|away has joined #openstack-containers02:50
*** ykarel|away has quit IRC02:55
*** hongbin has joined #openstack-containers02:58
*** ykarel|away has joined #openstack-containers03:54
*** udesale has joined #openstack-containers04:09
*** janki has joined #openstack-containers04:30
*** ivve has joined #openstack-containers04:41
*** ykarel|away has quit IRC04:47
openstackgerritAkhil jain proposed openstack/magnum master: Add framework for magnum-status upgrade check  https://review.openstack.org/61150504:58
*** ykarel|away has joined #openstack-containers05:04
*** hongbin has quit IRC05:07
*** ykarel|away is now known as ykarel05:51
*** spsurya has joined #openstack-containers06:39
*** pcaruana has joined #openstack-containers07:20
*** pcaruana has quit IRC07:34
*** ykarel is now known as ykarel|lunch07:35
*** pcaruana has joined #openstack-containers07:40
*** ykarel|lunch is now known as ykarel08:35
*** mgoddard has joined #openstack-containers09:36
*** shrasool has joined #openstack-containers10:02
kevkohi, is there plan to switch scripts used in service instances to python3 ?10:34
*** shrasool has quit IRC11:07
*** shrasool has joined #openstack-containers11:08
*** udesale has quit IRC11:11
openstackgerritAshish Billore proposed openstack/magnum master: Add k8s_centos_ironic_v1 driver  https://review.openstack.org/46454411:35
*** brtknr has joined #openstack-containers12:00
*** janki has quit IRC12:10
*** shrasool has quit IRC12:25
brtknrstrigazi: how does cern handle autoscaling of k8s cluster?13:17
strigazibrtknr: I'm implementing smth here: https://github.com/cernops/autoscaler/ I haven't push yet13:20
strigazis/push/pushed/13:20
brtknrNice!13:21
brtknrIt talks to Nova?13:22
strigazino, to heat for scale down, to magnum to scale up.13:22
brtknrs/Nova/Magnum13:23
brtknrsorry I meant to say Magnum...13:23
brtknrWhy not magnum directly to scale down?13:23
strigazibrtknr: to delete specific nodes.13:24
strigazibrtknr: this functionality is  not there yet.13:24
strigazibrtknr: this functionality is  not there yet in magnum. To delete a specific node.13:24
brtknrSo Magnum will think there are still n+1 node even after heat has removed the node?13:25
strigazifor the prototype, yes13:25
brtknrstrigazi: Ok cool, I'll play around with it13:26
strigazibrtknr: whatch the repo, I'll ping as soon as it works.13:27
strigazibrtknr: whatch the repo, I'll ping you as soon as it works.13:27
brtknrstrigazi: Ah I assumed it already worked :P13:29
*** lpetrut has joined #openstack-containers13:44
*** ign0tus has joined #openstack-containers13:58
*** shrasool has joined #openstack-containers14:17
*** ykarel is now known as ykarel|away14:31
*** ykarel|away has quit IRC14:37
*** ign0tus has quit IRC14:51
*** munimeha1 has joined #openstack-containers14:53
*** udesale has joined #openstack-containers15:05
*** lpetrut has quit IRC15:40
*** salmankhan has joined #openstack-containers15:43
*** itlinux has quit IRC15:57
*** shrasool has quit IRC15:57
*** hongbin has joined #openstack-containers16:07
*** udesale has quit IRC16:11
*** shrasool has joined #openstack-containers16:13
*** shrasool has quit IRC16:28
*** itlinux has joined #openstack-containers16:43
*** shrasool has joined #openstack-containers17:07
*** shrasool has quit IRC17:20
*** lpetrut has joined #openstack-containers17:24
*** tobias-urdin is now known as tobias-urdin_afk17:27
*** shrasool has joined #openstack-containers17:52
*** salmankhan has quit IRC18:13
*** imdigitaljim has joined #openstack-containers18:13
*** tobias-urdin_afk is now known as tobias-urdin18:38
*** pcaruana has quit IRC18:47
*** itlinux has quit IRC20:39
strigaziAnyone here for the meeting?20:58
flwangstrigazi: i have a meeting now20:59
flwangsorry, i can't join the meeting today20:59
flwangi will be back after 1 hour21:00
strigaziflwang: thanks, no problem21:00
*** shrasool has quit IRC21:00
flwangstrigazi: still around?21:01
flwangmy meeting just cancelled21:01
strigaziI'll wait a bit more in case someone shows up21:01
cbrumm_We'll have people here today21:02
flwangcbrumm_: will Jim around?21:02
strigaziLet's start then, the meeting was set for 2100 UTC21:03
strigazi##startmeeting containers21:03
cbrumm_yeah, he's here, just not paying attention right now21:03
strigazi#startmeeting containers21:03
openstackMeeting started Tue Nov 20 21:03:29 2018 UTC and is due to finish in 60 minutes.  The chair is strigazi. Information about MeetBot at http://wiki.debian.org/MeetBot.21:03
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.21:03
*** openstack changes topic to " (Meeting topic: containers)"21:03
openstackThe meeting name has been set to 'containers'21:03
strigazi#topi Roll Call21:03
strigazio/21:03
strigazi#topic Roll Call21:03
*** openstack changes topic to "Roll Call (Meeting topic: containers)"21:03
strigazio/21:04
cbrumm_o/21:04
imdigitaljimo/21:04
flwango/21:04
strigazi#topic Stories/Tasks21:05
*** openstack changes topic to "Stories/Tasks (Meeting topic: containers)"21:05
strigazitasks I added in the agenda:21:05
strigazi#link https://wiki.openstack.org/wiki/Meetings/Containers#Agenda_for_2018-11-20_2100_UTC21:05
strigazi1. Helm in k8s clusters21:06
strigaziAfter some discussion in gerrit, we decided not to have the binary in the heat-agent21:06
strigazisince the agent has specific purpose related to heat and versioning is complicated.21:07
strigaziI implemented an alternative where a k8s job is deployed by the agent21:07
strigaziThe job runs in a minimal container which includes the helm bin21:08
strigaziand this container is versioned with the helm verion21:08
strigaziDoes this make sense?21:08
flwangyou mean running Helm as a pod on top of k8s cluster21:10
flwang?21:10
cbrumm_I'd like to see more, but yes it makes sense21:10
strigazione moment to dig the code.21:10
strigaziCan't http://paste.openstack.org/raw/735868/21:13
openstackgerritJim Bach proposed openstack/magnum master: Make providing a keypair optional  https://review.openstack.org/59044321:13
*** itlinux has joined #openstack-containers21:13
strigaziSince we create the role, we can leverage it deploy tiller.21:14
strigaziIn the same way we can deploy charts.21:15
cbrumm_looks good, pretty straight forward .21:15
strigaziWhat I need your input on though is the following.21:16
strigaziThe best practice of helm, is secure tiller with tls and one tiller per ns21:16
strigaziI think it would make sense to have tiller configured in kube-system for us to deploy additional components, eg prometheus, sssd, node problem detector, k8s-keystone-auth and so on21:17
strigaziAnd for users can deploy tiller in other namespaces, they shouldn't use the global tiller anyway and tiller in kube-system should have powers only there.21:19
strigazimakes some sense?21:19
imdigitaljimyup21:19
strigazithe default tiller sounds like a no-go to me21:19
cbrumm_yes, split tillers are better I feel21:19
strigazino tls and admin access is pretty bad21:20
strigazion the other hand, if we use the job model I posted, we can deploy components with helm template && k apply -f21:21
strigaziEnough with helm, we can continue on gerrit. let's mode on to upgrades.21:22
strigazi2. We discusses briefly with flwang in Berlin about it, the work I've done I'll break it in four patches and move things:21:23
strigazia. patch for the API: https://review.openstack.org/#/c/514959/21:24
strigazib. add the heat agent in all nodes: https://review.openstack.org/#/c/561858/21:25
strigazic. part from https://review.openstack.org/#/c/561858/  to move most software configs in software deployments21:25
strigazid. final software deployment to upgrade the nodes: https://review.openstack.org/#/c/514960/21:26
flwanglooks good for me21:26
strigaziThis way it will be more review friendly and modular.21:26
strigaziwell "modular"21:27
cbrumm_will check these out21:27
strigaziand one last item from me21:27
strigaziFor k8s-keystone-auth21:28
strigaziI discussed with Ricardo chaning the magnum client to produce a k8s-keystone-auth friendly kubeconfig, would that make sense?21:28
flwangstrigazi: that would be great21:29
cbrumm_I think so21:29
strigaziopenstack coe cluster config --keystone-auth21:29
strigazior similar21:29
flwangi will pick up that patch asap21:29
strigazi--k8s-keystone-auth21:29
flwangstrigazi: i love it21:29
strigaziThe question is, what would that be21:29
strigazithe simplest way is:21:29
strigazihttp://paste.openstack.org/raw/735869/21:30
strigaziwith the token encoded in  kubeconfig.21:30
strigaziit is very similar the the certs options21:31
strigaziin that case you have everything in one file in the filesystem21:31
cbrumm_would the user be adding their token to it or would the cli be filling that part in?21:31
strigazithe clo21:31
strigazithe cli21:31
strigaziIMO the user should always do a single cmd.21:32
imdigitaljimso they have to get a new config when their token expires or edit it every time?21:32
strigazithere is the option with the client in the cpo repo but at cern is a no-go due to the lack of kerberos.21:33
strigaziimdigitaljim: every 24h at least for us. how long is for you?21:33
imdigitaljimi think the same21:34
strigaziother options include getting a token per call. but user will hate it21:34
strigaziI would21:34
strigaziwith certs in our cloud k8s replies in 70ms21:34
strigaziwith the token in kubeconfig in ~120ms21:35
strigaziwith the small script in exec to do a single openstack token issue it takes 1s21:35
strigazipythonclient speed levels...21:36
imdigitaljimhttp://paste.openstack.org/show/735870/21:36
imdigitaljimthis is what we do21:36
imdigitaljim(ive shared this in irc before)21:36
imdigitaljimand i would propose this as well21:37
cbrumm_it works until the token expires, then users lose their minds and don't know what to do21:37
strigazithat works too, I couldn'g find it :)21:37
imdigitaljim^ not referring to what was pasted21:38
colin-hi, sorry i'm late21:38
*** rcernin has joined #openstack-containers21:38
flwangimdigitaljim: btw, mind me picking up https://review.openstack.org/#/c/577477/ ?21:39
imdigitaljimoh for sure21:39
imdigitaljimgo for it21:39
imdigitaljimwe've switched to a centos driver21:39
colin-flwang: thought of you when we came across this the other day https://github.com/kubernetes/kubernetes/pull/70398 in case it affects your implementation of ipvs21:39
colin-(it does ours)21:39
imdigitaljimthat id like to shoot for putting it up by stein21:39
imdigitaljimill try to have blueprint documents for everyone to review in the meantime21:39
strigaziimdigitaljim: mainly to use a custom image?21:40
imdigitaljimits isolated from existing except https://review.openstack.org/#/c/615592/ https://review.openstack.org/#/c/615591/ https://review.openstack.org/#/c/590443/21:40
imdigitaljimit can use upstream centos image21:40
imdigitaljimbut yes we additionally customize it21:41
flwangcolin-: thanks21:41
strigazihow do you install k8s?21:41
imdigitaljimill have it in the blueprints :D21:41
*** lpetrut has quit IRC21:41
flwangimdigitaljim: for your adding clients patches, are you aware of the patch lingxian proposed?21:42
strigaziin stories21:42
flwangto add a hook for deleting resources21:42
imdigitaljimwhich one particularly21:42
imdigitaljimhttps://review.openstack.org/#/q/owner:anlin.kong%2540gmail.com+status:merged21:44
imdigitaljim* https://review.openstack.org/#/q/owner:anlin.kong%2540gmail.com21:44
flwangimdigitaljim: https://review.openstack.org/49714421:45
imdigitaljimoh ok thats an okay PR but unnecessary21:46
imdigitaljimyou can just make function calls in the delete section21:46
imdigitaljim./shrug21:46
flwangimdigitaljim: we do know that21:47
imdigitaljimbut yeah our driver is isolated from that21:47
flwangimdigitaljim: you better understand the whole picture21:47
strigaziimdigitaljim: are you going to maintain the centos driver upstream?21:47
flwangthere are some case we'd like to handle with a plugin approach21:47
imdigitaljimyeah id imagine so21:48
imdigitaljimespecially if any of you were considering switching once weighing the pros/cons21:48
flwangimdigitaljim: is there any big difference between your driver and the upstream version?21:48
imdigitaljimmuch21:48
imdigitaljimits faster, easier to read, easier to maintain, less effort to operate21:48
flwangmuch is not a sound answer ;D21:49
imdigitaljimallows easy customization based on your needs21:49
flwangbut anyway, just propose it as a v2 or something like that, so that we can review21:49
imdigitaljimyeah itll be just a standalone in the drivers folder21:49
flwangimdigitaljim: cool21:49
imdigitaljimill throw up a blue print of design and explain things21:49
flwangimdigitaljim: that would be nice21:50
flwangor you can even do both in parallel21:50
strigaziimdigitaljim: how fase?21:50
strigaziimdigitaljim: how fast?21:50
strigaziless than 3mins?21:50
imdigitaljimbootstraps in like 3 minutes21:50
imdigitaljimyeah21:50
imdigitaljimunless its spinning disk21:51
flwangi can't wait to see the code21:51
imdigitaljimwhich is like 6-821:51
imdigitaljimwe were talking about sharing it offline21:51
imdigitaljimsending a zip21:51
imdigitaljimto you both21:51
imdigitaljimif you're interested in an unofficial preview at some point21:51
flwangimdigitaljim: that works as well21:51
strigazithe sooner the better we diverge.21:52
strigazithe sooner the better we converge . :)21:52
imdigitaljimhttps://imgur.com/a/gTazcKl21:53
imdigitaljimkind of a layout21:53
flwanglooks good, code please ;)21:54
strigazisounds good21:54
imdigitaljimalso a side note as well, my wife is having a kid and ill be out about a month21:55
imdigitaljimbut my colleagues will continue to meet21:55
flwangcongrats first, then i would suggest sharing your code for review before your leaving21:56
strigaziimdigitaljim: congratulations :)21:56
strigaziWe are reaching an hour, if there is anything else to discuss we can continue in the channel or tmr (tmr for me)21:58
imdigitaljimthanks@!21:58
flwangstrigazi: i'm good21:59
strigazicool, thanks for joining the meeting guys21:59
strigaziSee you next week22:00
flwangsee you all22:00
strigaziimdigitaljim: congrats again22:00
strigazi#endmeeting22:00
*** openstack changes topic to "OpenStack Containers Team"22:00
openstackMeeting ended Tue Nov 20 22:00:49 2018 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)22:00
openstackMinutes:        http://eavesdrop.openstack.org/meetings/containers/2018/containers.2018-11-20-21.03.html22:00
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/containers/2018/containers.2018-11-20-21.03.txt22:00
openstackLog:            http://eavesdrop.openstack.org/meetings/containers/2018/containers.2018-11-20-21.03.log.html22:00
imdigitaljimthank you!22:10
*** itlinux has quit IRC22:44
*** munimeha1 has quit IRC22:49
*** ivve has quit IRC23:08
*** imdigitaljim has quit IRC23:20
*** hongbin has quit IRC23:30
« Monday, 2018-11-19 Index Wednesday, 2018-11-21 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!