Wednesday, 2019-04-17

*** sapd1_x has joined #openstack-containers		00:11
*** absubram has quit IRC		00:16
*** sapd1_x has quit IRC		00:30
*** ricolin has joined #openstack-containers		00:56
jakeyip	I think it's ok I got kubeconfig to work. Never mind me I think I was just confused.	00:58
*** threestrands has joined #openstack-containers		01:24
*** hongbin has joined #openstack-containers		01:37
*** itlinux has joined #openstack-containers		02:09
openstackgerrit	Feilong Wang proposed openstack/magnum master: [fedora_atomic] Support auto healing for k8s https://review.openstack.org/631378	02:47
*** itlinux has quit IRC		02:52
*** itlinux has joined #openstack-containers		02:54
openstackgerrit	Feilong Wang proposed openstack/magnum master: [k8s] Master nodes auto healing https://review.openstack.org/653270	03:16
*** ykarel\|away has joined #openstack-containers		03:19
*** chhagarw has joined #openstack-containers		03:24
*** chhagarw has quit IRC		03:28
*** hongbin has quit IRC		03:38
*** itlinux has quit IRC		03:43
*** chhagarw has joined #openstack-containers		04:09
*** ykarel\|away has quit IRC		04:27
*** udesale has joined #openstack-containers		04:37
*** ykarel\|away has joined #openstack-containers		04:43
*** sapd1 has quit IRC		04:50
*** ramishra has joined #openstack-containers		04:50
openstackgerrit	Feilong Wang proposed openstack/magnum master: [k8s] Master nodes auto healing https://review.openstack.org/653270	04:54
*** absubram has joined #openstack-containers		05:01
*** absubram has quit IRC		05:06
*** absubram has joined #openstack-containers		05:10
*** ykarel\|away is now known as ykarel		05:10
*** ivve has joined #openstack-containers		05:13
*** janki has joined #openstack-containers		05:49
*** absubram has quit IRC		06:01
*** pcaruana has joined #openstack-containers		06:11
*** chhagarw has quit IRC		06:22
*** chhagarw has joined #openstack-containers		06:22
*** udesale has quit IRC		06:37
*** udesale has joined #openstack-containers		06:38
*** udesale has quit IRC		06:39
*** udesale has joined #openstack-containers		06:44
*** udesale has quit IRC		06:46
*** udesale has joined #openstack-containers		06:56
*** yolanda_ has joined #openstack-containers		07:07
*** flwang1 has joined #openstack-containers		07:34
*** gbialas has joined #openstack-containers		07:36
* flwang1 is so excited that strigazi finally +2ed his autoscaling patch		07:38
*** gbialas has quit IRC		07:40
*** ykarel is now known as ykarel\|lunch		07:43
*** alisanhaji has joined #openstack-containers		07:54
*** ttsiouts has joined #openstack-containers		08:06
*** rcernin has quit IRC		08:13
*** ttsiouts has quit IRC		08:17
*** ttsiouts has joined #openstack-containers		08:17
*** ttsiouts has quit IRC		08:22
*** ttsiouts has joined #openstack-containers		08:28
*** rcernin has joined #openstack-containers		08:28
*** ykarel\|lunch is now known as ykarel		08:31
openstackgerrit	Merged openstack/magnum master: [fedora_atomic] Support auto healing for k8s https://review.openstack.org/631378	08:36
openstackgerrit	Merged openstack/magnum stable/stein: Support multi DNS server https://review.openstack.org/652784	08:48
openstackgerrit	Merged openstack/magnum master: Fix registry on k8s_fedora_atomic https://review.openstack.org/652096	08:48
*** udesale has quit IRC		08:51
flwang1	strigazi: around for a chat?	09:02
flwang1	just ping me when you're available	09:03
strigazi	flwang1: ping	09:04
flwang1	strigazi: pong	09:04
flwang1	strigazi: thank you for approving my patch :)	09:04
strigazi	flwang1 is so excited that strigazi finally +2ed his autoscaling patch, works great!!!	09:04
strigazi	flwang1: I'll override the v1.0 image in dockerhub with Thomas' fix	09:05
strigazi	makes sense?	09:05
flwang1	i need to resolve the conflicts before backporting to stable/stein	09:05
strigazi	or v2.0	09:05
flwang1	strigazi: better override	09:05
strigazi	I prefer tags to be immutable, but I don't mind for something that is not merged	09:05
strigazi	I mean, not merged in magnum side	09:06
flwang1	strigazi: it's happening now	09:06
flwang1	so just do it	09:06
flwang1	as for auto healing, i have another idea i'd like to get your comments	09:06
strigazi	before getting to that. I think I commented in all your patches, did I miss something?	09:07
openstackgerrit	Merged openstack/magnum master: Dropping the py35 testing https://review.openstack.org/652396	09:07
flwang1	strigazi: i'd like to get a general option for this https://review.openstack.org/#/c/643225/	09:08
flwang1	and this https://review.openstack.org/#/c/648590/ if you can	09:08
strigazi	pushed openstackmagnum/cluster-autoscaler:v1.0	09:11
flwang1	strigazi: cool	09:11
strigazi	not it has the fix https://github.com/kubernetes/autoscaler/pull/1873	09:11
flwang1	why?	09:11
flwang1	shouldn't we release the latest version otherwise the scale down doesn't work	09:12
strigazi	s/not it has the fix https://github.com/kubernetes/autoscaler/pull/1873/NOW it has the fix https://github.com/kubernetes/autoscaler/pull/1873/	09:13
strigazi	all good, right?	09:14
flwang1	i'm happy now :)	09:14
strigazi	https://review.openstack.org/#/c/648590 +2	09:16
*** ttsiouts has quit IRC		09:17
flwang1	thanks	09:18
*** ttsiouts has joined #openstack-containers		09:18
strigazi	flwang1 for https://review.openstack.org/#/c/643225/	09:18
flwang1	https://review.openstack.org/#/c/643225/ thoughts?	09:18
strigazi	hehe, i was faster :)	09:18
flwang1	well, you win	09:19
strigazi	I left a comment, After rebasing, works fine. Thanks! we just need the docs change	09:19
strigazi	patch looks fine	09:19
*** ttsiouts_ has joined #openstack-containers		09:19
flwang1	strigazi: the background is, we(catalyst cloud) would like a out-of-box keystone auth support just like GKE	09:19
*** ttsiouts has quit IRC		09:19
flwang1	user don't have to deal with the policy, just use it	09:19
strigazi	I just have a related question. Do you have a role (not the admin one) that can do role assignments	09:20
*** udesale has joined #openstack-containers		09:20
flwang1	strigazi: at project level, we do	09:20
flwang1	we're using Adjutant to do that	09:21
flwang1	Adjutant helps us doing those work need admin role	09:21
flwang1	for example, sign up	09:21
flwang1	and invite new user and assign roles for them	09:21
flwang1	for this case, we will create those new roles in keystone, and adding them into Adjutant, then project admin can assign those roles for project members	09:22
flwang1	strigazi: does that make sense?	09:22
strigazi	project admin will you openstack cli?	09:23
strigazi	yes it will	09:24
flwang1	strigazi: at this moment, i'm not sure too sure if Adjutant cant support cli for that	09:24
flwang1	but for dashboard, we do	09:25
strigazi	makes sense, we have something in house built long time ago. anyway	09:25
strigazi	did I miss any other patch	09:25
flwang1	i will rebase the patch and update the user guide doc	09:25
strigazi	?	09:25
flwang1	no, you make my day	09:25
flwang1	this is the most happy day for me in the last 3 months	09:26
strigazi	I hope you are exaggerating :)	09:26
strigazi	but in context, makes some sense	09:26
flwang1	:D	09:27
flwang1	before talking about rolling upgrade, give me 5 mins about the master node auto healing?	09:27
strigazi	+1	09:28
strigazi	I mean, go on	09:28
flwang1	thanks	09:29
openstackgerrit	Feilong Wang proposed openstack/magnum master: [k8s] Master nodes auto healing https://review.openstack.org/653270	09:29
flwang1	^ this is my general idea	09:30
flwang1	mostly are here https://review.openstack.org/#/c/653270/3/magnum/service/periodic.py@126	09:30
strigazi	flwang1: it makes some sense	09:32
strigazi	I think with the template changes in upgrade, it may work	09:32
flwang1	strigazi: exactly, the work may need your work in the upgrade patch	09:33
strigazi	I'm not sure I agree with the octavia status check	09:33
strigazi	it should ask kubernetes	09:33
flwang1	strigazi: it's master, my friend	09:33
flwang1	we can't get health status for each master	09:33
strigazi	correct, if the request times out	09:33
strigazi	but not through octavia, not everyone has it :)	09:34
flwang1	we can only get the overall api status or the etcd api status	09:34
flwang1	strigazi: i understand that	09:34
flwang1	is there any other way to get the status for each master? so that i can make it plugable?	09:34
*** threestrands has quit IRC		09:36
strigazi	I mean, we can ask directly the api_address. but we need cases, fip enabled and so on	09:36
flwang1	strigazi: yep, i thought that as well	09:36
flwang1	can we use the ca certs in magnum db to talk to etcd api?	09:37
strigazi	flwang1 unfortunately yes, we must change that	09:37
flwang1	and will it still work if we generate different ca certs for api, etcd and front-proxy?	09:38
strigazi	I think I mentioned it in the past, we need a new ca for it	09:38
flwang1	i know	09:38
flwang1	there is a security hole	09:38
flwang1	it's on my list	09:38
strigazi	ok	09:38
flwang1	if i can make a base function like _give_me_the_broken_master(), are you happy with the overall desgin?	09:39
strigazi	+1	09:39
flwang1	cool	09:39
flwang1	deal	09:39
*** lpetrut has joined #openstack-containers		09:40
flwang1	following that	09:40
flwang1	actually, based on our current resize api, the worker node auto healing can be done by the similar way, i'd like to call it auto_healing_mode=hard, because user can always keep the same node　count	09:41
flwang1	by checking the health_status_reason, we can know which worker is down, and then we can call resize api to replace the node	09:41
strigazi	what is soft?	09:41
flwang1	soft is our current way with CA	09:42
strigazi	ok	09:42
openstackgerrit	Merged openstack/magnum master: [fedora atomic] Allow traffic between k8s workers https://review.openstack.org/652931	09:42
flwang1	how do you think?	09:42
strigazi	hard > soft	09:42
flwang1	you like the 'hard'(rock) way?	09:43
strigazi	yes, I don't know if it will conflict with the CA	09:44
flwang1	strigazi: it won't	09:44
flwang1	the new label 'auto_healing_mode' can manage that	09:45
strigazi	if a node is NotReady, the CA won't do anything?	09:45
strigazi	I'll be back in a few mins <5	09:46
flwang1	assume auto_healing_enabled=True, if auto_healing_mode=hard, mangum-conductor will take over, otherwise CA+Draino will take over	09:46
strigazi	back	09:48
strigazi	flwang1: ok, but	09:48
strigazi	if auto_scaling_enabled=True and auto_healing_mode=hard ?	09:48
flwang1	if auto_scaling_enabled=True and auto_healing_mode=hard, that's the magnum-conductor way	09:49
flwang1	if auto_healing_enabled=False, no auto_healing for either master or node	09:49
flwang1	as long as we have containerized master, we won't have to care the master	09:50
flwang1	at that moment, the auto_healing_mode may make more sense	09:50
strigazi	if auto_scaling_enabled=True and auto_healing_mode=hard, that's the magnum-conductor way. OK. but what the CA does when it sees a node as not ready?	09:51
flwang1	strigazi: AFAICT, CA won't automatically remove bad node	09:54
flwang1	that's the work need to be down by Draino	09:54
flwang1	but at this case, Draino won't be installed	09:54
strigazi	draino, just dains right?	09:54
flwang1	cordon and drain	09:54
strigazi	And then CA scales down because it is empty right?	09:55
flwang1	after drain, the node will be empty, and CA will remove the empty node	09:55
flwang1	yes	09:55
strigazi	ok	09:55
strigazi	actually soft and hard can "co-exist" in a way. It is whoever comes first, conductor or CA	09:56
flwang1	strigazi: it could be, but that will be messed and will be hard to debug	09:56
flwang1	but technically, yes	09:56
*** gbialas has joined #openstack-containers		09:58
flwang1	so far, i think generally you like the idea?	09:58
strigazi	sounds good	09:59
flwang1	cool, i will polish it	09:59
flwang1	and that does need your upgrade patch	09:59
flwang1	what's the status of the last part?	09:59
strigazi	I finish with the Software deployment of maste and we are good. The templates are a bit messed but it almost works. I don't have anything else to do today	10:01
strigazi	I have only a question	10:02
strigazi	Lixian tried to change somehting similar, shall we change the template version to newton?	10:03
strigazi	to have conditions	10:03
flwang1	strigazi: personally i think we should	10:03
strigazi	now?	10:03
flwang1	i don't think anyone can use magnum without upgrade heat to queens	10:03
strigazi	raelly?	10:04
strigazi	really?	10:04
flwang1	fine	10:04
strigazi	due to the agent?	10:04
flwang1	agent issue is a big problem	10:04
strigazi	fyi, we upgraded heat to rocky yesterday	10:04
flwang1	but if they don't care region, then could be	10:04
flwang1	but	10:04
flwang1	i still think stick on very old heat version means we're losing more than we got	10:05
flwang1	we can send an email to the community to survey if there is any company is using Magnum with an old heat ( older than newton)	10:06
flwang1	if there is nobody, we're safe to go	10:06
strigazi	or queens	10:07
strigazi	ok, will you send an email?	10:07
flwang1	strigazi: i can do that	10:08
flwang1	and you can just focus on your work	10:08
strigazi	ok	10:08
strigazi	have you tested my patches for 1.14?	10:08
strigazi	conformance passes for calico and flannel	10:08
flwang1	you mean the calico one? or the upgrade one?	10:08
strigazi	coredns/calico/1.14	10:09
*** strigazi has quit IRC		10:09
flwang1	i reviewed them separatedly, but didn't test togehter	10:10
flwang1	i do have some questions	10:10
*** strigazi has joined #openstack-containers		10:10
flwang1	1. for the coreDNS, https://review.openstack.org/#/c/652058/2/magnum/drivers/common/templates/kubernetes/fragments/core-dns-service.sh@74	10:10
flwang1	so with the new coreDNS versioin, we don't have to provide the network cidr to coreDNS?	10:11
strigazi	flwang1 ok, easy, other than that, all good?	10:11
strigazi	flwang1: V	10:12
strigazi	flwang1: https://github.com/coredns/deployment/blob/master/kubernetes/deploy.sh#L7	10:12
strigazi	I think both work	10:13
flwang1	ok, i will take a look	10:13
strigazi	I can try passing the cidr like before	10:13
*** livelace has joined #openstack-containers		10:13
flwang1	2. for calico v3.3, how calico know the etcd server to save data?	10:13
flwang1	i didn't see how the etcd address being passed in as before	10:14
*** jchhatbar has joined #openstack-containers		10:14
strigazi	it uses custom resource definitions, not more etcd. It uses the kubernetes api directly	10:14
flwang1	fantastic	10:15
strigazi	flannel does the same, one of the reason I wanted to make it a cni	10:15
flwang1	then we can remove those info https://review.openstack.org/#/c/652059/4/magnum/drivers/common/templates/kubernetes/fragments/calico-service.sh@10	10:16
*** janki has quit IRC		10:16
strigazi	I forgot about that	10:16
strigazi	sure	10:16
flwang1	i you can propose new patchset, i'm happy to test it tomorrow and +2,	10:17
strigazi	ok	10:17
flwang1	btw, i will take leave from this Firday 19th Apr to 28th	10:17
strigazi	just a question,	10:17
flwang1	for camping	10:17
flwang1	no laptop	10:17
flwang1	sure	10:17
strigazi	flwang1 proper holidats	10:17
strigazi	flwang1 proper holidays	10:18
flwang1	yep, Easter holidays	10:18
flwang1	i do need a break, otherwise i will be broken soon	10:18
strigazi	CALICO_IPV4POOL_IPIP upstream is on, in our case it is off	10:19
strigazi	we use CALICO_IPV4POOL_NAT_OUTGOING, upstream example config it is not using it https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml	10:20
strigazi	any reason you did it like this for v2?	10:20
flwang1	strigazi: i can't remember the details, TBH	10:21
flwang1	i'm ok to follow the community way	10:21
flwang1	i mean the default yaml from calico	10:22
strigazi	ok, in any case, conformance passes. I'll check if the upstream config works too.	10:22
strigazi	let's check tomorrow same time, or you are off already?	10:22
strigazi	let's check tomorrow same time, or you will be off already?	10:22
*** janki has joined #openstack-containers		10:23
flwang1	are you all k8s nodes in a same l2 network?	10:24
flwang1	strigazi: i can meet with you tomorrow at the same time	10:24
flwang1	like 9:00 UTC	10:25
flwang1	but won't stay long	10:25
strigazi	short and efficient is better	10:25
flwang1	since we will leave very early on Friday	10:25
flwang1	strigazi: cool	10:25
*** jchhatbar has quit IRC		10:25
flwang1	i will dig the CALICO_IPV4POOL_IPIP and leave comments on your calico patch	10:25
strigazi	I'm going home for holidays at the same time but not real	10:25
flwang1	haha	10:25
flwang1	now, tough question	10:26
strigazi	I have to do four presentations for the summit the week after	10:26
flwang1	after i back from holiday, can i see a new patch set for the upgrade patch?	10:26
flwang1	strigazi: ah, i see	10:26
strigazi	yes	10:26
flwang1	good luck and i believe you will be fine	10:26
flwang1	strigazi: cool, then i give you 10-NO-flwang-days	10:27
flwang1	i will start to bug you since 29th	10:27
strigazi	Well see you tomorrow	10:27
flwang1	see you, thanks for making my day	10:27
strigazi	cheers	10:28
openstackgerrit	Feilong Wang proposed openstack/magnum stable/stein: Fix registry on k8s_fedora_atomic https://review.openstack.org/653379	10:32
*** gbialas has quit IRC		10:32
*** livelace has quit IRC		10:33
openstackgerrit	Feilong Wang proposed openstack/magnum stable/stein: [fedora_atomic] Support auto healing for k8s https://review.openstack.org/653380	10:37
*** ttsiouts_ has quit IRC		10:37
*** ttsiouts has joined #openstack-containers		10:38
openstackgerrit	Feilong Wang proposed openstack/magnum stable/stein: [fedora_atomic] Support auto healing for k8s https://review.openstack.org/653380	10:39
*** ttsiouts has quit IRC		10:42
*** gbialas has joined #openstack-containers		11:06
*** ttsiouts has joined #openstack-containers		11:08
*** gbialas has quit IRC		11:09
openstackgerrit	Merged openstack/magnum master: Allow admin update cluster/template in any project https://review.openstack.org/648590	11:17
*** jchhatbar has joined #openstack-containers		11:20
*** ttsiouts has quit IRC		11:20
*** ttsiouts has joined #openstack-containers		11:21
*** janki has quit IRC		11:22
*** ttsiouts has quit IRC		11:25
*** strigazi has quit IRC		11:25
*** strigazi has joined #openstack-containers		11:25
*** ttsiouts has joined #openstack-containers		11:27
*** ttsiouts has quit IRC		11:43
*** ttsiouts has joined #openstack-containers		11:44
*** ttsiouts_ has joined #openstack-containers		11:46
*** ttsiouts has quit IRC		11:47
*** strigazi has quit IRC		11:50
*** ttsiouts_ has quit IRC		11:51
*** strigazi has joined #openstack-containers		11:51
*** strigazi has quit IRC		11:52
*** strigazi has joined #openstack-containers		11:52
*** strigazi has quit IRC		11:55
*** strigazi has joined #openstack-containers		11:55
*** pcaruana has quit IRC		12:30
*** pcaruana has joined #openstack-containers		12:53
openstackgerrit	Spyros Trigazis proposed openstack/magnum master: k8s: set functional jobs to voting https://review.openstack.org/627756	13:00
*** ykarel is now known as ykarel\|afk		13:36
*** ykarel\|afk has quit IRC		13:41
openstackgerrit	Diogo Guerra proposed openstack/magnum master: [k8s] Set traefik to stable version v1.7.10 https://review.openstack.org/645632	14:16
*** itlinux has joined #openstack-containers		14:19
*** itlinux has quit IRC		14:22
*** ykarel\|afk has joined #openstack-containers		14:24
*** ykarel\|afk is now known as ykarel		14:25
openstackgerrit	Spyros Trigazis proposed openstack/magnum master: Revert "ci: Disable functional tests" https://review.openstack.org/642873	14:26
*** lpetrut has quit IRC		14:28
strigazi	mnaser: I think I figured out the issue you had with flannel, security groups see: https://review.openstack.org/#/c/652931/3	14:52
mnaser	strigazi: that might make sense then	14:53
mnaser	merging that will fix it though, I think right?	14:53
*** jchhatbar has quit IRC		14:53
*** jchhatbar has joined #openstack-containers		14:54
strigazi	We merged this, will cherry-pick to stein	14:54
mnaser	strigazi: great, I can redeploy and let you know	14:56
strigazi	mnaser: use vxlan as backedn	14:57
strigazi	mnaser: use vxlan as backend	14:57
*** udesale has quit IRC		14:57
strigazi	--labels flannel_backend=vxlan	14:57
mnaser	I guess it defaults to dup	14:58
mnaser	udp	14:58
strigazi	yes	14:58
openstackgerrit	Mohammed Naser proposed openstack/magnum stable/stein: [fedora atomic] Allow traffic between k8s workers https://review.openstack.org/653459	14:58
mnaser	strigazi: to make your life easier ^	14:59
*** udesale has joined #openstack-containers		14:59
*** udesale has quit IRC		14:59
*** udesale has joined #openstack-containers		14:59
strigazi	mnaser: when it was failing for you it was udp or vxlan?	14:59
mnaser	strigazi: it was default, the cni0 interface never went up	15:00
mnaser	apparently though sometimes it never goes up unless the node has interfaces attached	15:00
strigazi	udp then	15:00
*** lpetrut has joined #openstack-containers		15:01
*** udesale has quit IRC		15:06
*** absubram has joined #openstack-containers		15:17
*** absubram has quit IRC		15:21
*** absubram has joined #openstack-containers		15:29
*** jchhatbar has quit IRC		15:33
*** jchhatbar has joined #openstack-containers		15:33
*** itlinux has joined #openstack-containers		15:35
*** jchhatbar has quit IRC		15:36
*** jchhatbar has joined #openstack-containers		15:36
*** jchhatbar has quit IRC		15:40
*** lpetrut has quit IRC		15:42
*** ykarel is now known as ykarel\|away		16:05
*** dims has quit IRC		16:07
*** lpetrut has joined #openstack-containers		16:09
*** ramishra has quit IRC		16:26
openstackgerrit	Spyros Trigazis proposed openstack/magnum master: Update coredns from upstream manifest and to 1.3.1 https://review.openstack.org/652058	16:51
*** dims has joined #openstack-containers		16:54
*** dims has quit IRC		16:59
*** dims has joined #openstack-containers		17:01
*** ricolin has quit IRC		17:04
*** chhagarw has quit IRC		17:43
*** chhagarw has joined #openstack-containers		17:48
*** ivve has quit IRC		17:52
*** chhagarw has quit IRC		18:23
*** chhagarw has joined #openstack-containers		18:23
*** alisanhaji has quit IRC		18:24
*** lpetrut has quit IRC		18:41
*** lpetrut has joined #openstack-containers		18:42
*** chhagarw has quit IRC		18:55
*** ykarel\|away has quit IRC		19:02
openstackgerrit	Merged openstack/magnum stable/stein: [fedora atomic] Allow traffic between k8s workers https://review.openstack.org/653459	19:23
openstackgerrit	Merged openstack/magnum master: [k8s] Set traefik to stable version v1.7.10 https://review.openstack.org/645632	19:23
*** lpetrut has quit IRC		19:40
*** absubram has quit IRC		20:35
*** pcaruana has quit IRC		20:43
*** logan- has quit IRC		21:34
*** logan- has joined #openstack-containers		21:37
*** absubram has joined #openstack-containers		21:46
*** hongbin has joined #openstack-containers		21:52
*** itlinux has quit IRC		23:26
*** hongbin has quit IRC		23:38
*** itlinux has joined #openstack-containers		23:44
*** itlinux has quit IRC		23:44
*** absubram has quit IRC		23:50

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!