Wednesday, 2016-03-16

« Tuesday, 2016-03-15 Index Thursday, 2016-03-17 »
*** yamamoto_ has quit IRC00:12
*** openstack has joined #openstack-kuryr00:23
*** fawadkhaliq has quit IRC00:30
*** fawadkhaliq has joined #openstack-kuryr00:33
*** fawadkhaliq has quit IRC00:58
*** fawadkhaliq has joined #openstack-kuryr01:02
*** fawadkhaliq has quit IRC01:02
*** fawadkhaliq has joined #openstack-kuryr01:06
*** fawadkhaliq has quit IRC01:06
*** banix has quit IRC01:10
*** yamamoto has joined #openstack-kuryr01:13
*** fawadkhaliq has joined #openstack-kuryr01:18
*** fawadkhaliq has quit IRC01:19
*** yamamoto has quit IRC01:20
*** fawadkhaliq has joined #openstack-kuryr01:30
*** fawadkhaliq has quit IRC01:31
*** fawadkhaliq has joined #openstack-kuryr01:42
*** banix has joined #openstack-kuryr01:45
*** fawadkhaliq has quit IRC01:51
*** fawadkhaliq has joined #openstack-kuryr01:51
*** tfukushima has joined #openstack-kuryr01:57
*** tfukushima has quit IRC01:58
*** fawadkhaliq has quit IRC02:06
*** yamamoto_ has joined #openstack-kuryr02:19
*** fawadkhaliq has joined #openstack-kuryr02:25
*** fawadkhaliq has quit IRC02:32
*** tfukushima has joined #openstack-kuryr03:02
*** tfukushima has quit IRC03:04
*** yuanying has quit IRC03:20
*** yamamoto_ has quit IRC03:25
*** tfukushima has joined #openstack-kuryr03:50
*** tfukushima has quit IRC03:52
*** yamamoto_ has joined #openstack-kuryr04:06
*** yuanying has joined #openstack-kuryr04:07
*** tfukushima has joined #openstack-kuryr04:07
*** fawadkhaliq has joined #openstack-kuryr04:14
*** banix has quit IRC04:24
*** tfukushima has quit IRC04:43
*** tfukushima has joined #openstack-kuryr05:23
*** fawadkhaliq has quit IRC05:42
*** fawadkhaliq has joined #openstack-kuryr05:43
*** fawadkhaliq has quit IRC05:52
*** fawadkhaliq has joined #openstack-kuryr05:53
*** fawadkhaliq has quit IRC07:03
*** fawadkhaliq has joined #openstack-kuryr07:04
*** fawadkhaliq has quit IRC07:25
*** fawadkhaliq has joined #openstack-kuryr07:26
*** fawadkhaliq has quit IRC07:26
*** fawadkhaliq has joined #openstack-kuryr07:27
*** wanghua has joined #openstack-kuryr07:29
*** oanson has joined #openstack-kuryr08:37
*** salv-orlando has joined #openstack-kuryr09:11
*** tfukushima has quit IRC09:39
*** tfukushima has joined #openstack-kuryr09:48
*** openstackgerrit has quit IRC09:53
*** openstackgerrit_ is now known as openstackgerrit09:53
*** openstackgerrit has quit IRC09:53
*** openstackgerrit_ has joined #openstack-kuryr09:53
*** openstackgerrit has joined #openstack-kuryr09:54
*** openstackgerrit has quit IRC09:54
*** openstackgerrit_ is now known as openstackgerrit09:54
*** openstackgerrit_ has joined #openstack-kuryr09:54
*** openstackgerrit has quit IRC09:55
*** openstackgerrit has joined #openstack-kuryr09:55
*** salv-orlando has quit IRC10:56
*** yamamoto_ has quit IRC11:05
*** tfukushima has quit IRC11:12
*** tfukushima has joined #openstack-kuryr11:13
*** tfukushima has quit IRC11:13
*** openstackgerrit has quit IRC11:18
*** openstackgerrit has joined #openstack-kuryr11:18
*** salv-orlando has joined #openstack-kuryr11:57
*** yamamoto has joined #openstack-kuryr12:08
*** salv-orlando has quit IRC12:28
*** fawadkhaliq has quit IRC12:31
*** yamamoto has quit IRC12:45
*** yamamoto has joined #openstack-kuryr12:52
*** fawadkhaliq has joined #openstack-kuryr13:29
*** salv-orlando has joined #openstack-kuryr13:29
*** gsagie has quit IRC13:39
*** salv-orlando has quit IRC13:40
*** yamamoto has quit IRC13:43
*** banix has joined #openstack-kuryr13:55
*** banix has quit IRC14:09
*** yamamoto has joined #openstack-kuryr14:12
*** banix has joined #openstack-kuryr14:12
*** tfukushima has joined #openstack-kuryr14:14
*** salv-orlando has joined #openstack-kuryr14:15
*** mspreitz has joined #openstack-kuryr14:21
*** vikasc has joined #openstack-kuryr14:26
*** apuimedo has joined #openstack-kuryr14:29
*** fawadkhaliq has quit IRC14:30
*** fawadkhaliq has joined #openstack-kuryr14:30
mspreitzwe are waiting for Gal Sagie now, right?14:30
apuimedo#startmeeting k8s integration discussion14:30
openstackMeeting started Wed Mar 16 14:30:39 2016 UTC and is due to finish in 60 minutes.  The chair is apuimedo. Information about MeetBot at http://wiki.debian.org/MeetBot.14:30
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.14:30
openstackThe meeting name has been set to 'k8s_integration_discussion'14:30
irenabGal is not able to join today14:30
apuimedoWho is here for the meeting?14:30
mspreitzo/14:30
irenabI am14:31
salv-orlandoI am14:31
apuimedobanix?14:31
tfukushimaI happen to be here.14:31
fawadkhaliqmorning14:31
banixo/14:31
vikasco/14:31
salv-orlandofawadkhaliq: good for you you moved to DST this week14:31
apuimedovikasc: nice to see you after some time :-)14:31
fawadkhaliqsalv-orlando: yes :)14:32
apuimedo#info irenab mspreitz salv-orlando tfukushima, fawadkhaliq banix vikasc and apuimedo present14:32
vikascapuimedo: thanks apuimedo, was not well !!14:32
apuimedovikasc: hope you are very well now :-)14:33
vikascapuimedo: perfect now14:33
vikasc:)14:33
apuimedoWe are here to discuss today the status of the two efforts that were proposed in the previous of these meetings14:33
apuimedoOne effort was the CNI->CNM translation integration. Lead by mspreitz14:33
apuimedoThe other one the direct k8s/cni support led by irena14:34
apuimedo#topic direct CNI->CNM translation14:34
apuimedo#link https://github.com/kubernetes/kubernetes/pull/21956/commits/06ad511c055e8a9eb8cadf0e128d413ccdcdf64f14:34
apuimedo#link https://review.openstack.org/#/c/290172/14:35
apuimedoAbove are the commit that mspreitz submitted to k8s upstream and the devref he has submitted here for review14:35
apuimedomspreitz: if you maybe want to give a short summary of the status?14:36
mspreitzthat commit is just T0; the devref is T1 and T214:36
mspreitzsure14:36
apuimedothanks14:36
mspreitzThe k8s PR is a very basic CNI plugin, but it covers most of what we need in the no-policy case.14:36
salv-orlandomspreitz: the thing you pushed for k8s... is it just a sample about how to CNI or do you have other plands?14:36
salv-orlando*plans14:36
mspreitzThe devref for T1 is about how to implement the Network Policy proposal from the k8s network SIG, still single-tenant14:37
mspreitzThe devref for T2 adds multi-tenancy.14:37
mspreitzThe T0 plugin I have tested, it is very simple and does what it is intended to do.14:37
mspreitzI have started implementing T1, but am just getting started.14:37
apuimedoalright. Let's go T by T14:38
mspreitzsure14:38
salv-orlandoapuimedo: and eventually we'll get to Mr T14:38
apuimedoI pity the fool!14:38
mspreitzSo has anybody looked at the T0 plugin14:39
mspreitz?14:39
apuimedoT0 gets the Neutron network from the cni config file14:39
mspreitzyes14:39
apuimedothen talks to neutron to get a port and returns the IP information as per the CNI contract, from what I saw14:40
apuimedo(through libnetwork connect and disconnect)14:40
mspreitzyes, but not directly.  It goes through Docker's network CLI14:40
mspreitzexactly14:40
mspreitzMore precisely, it goes through `docker network` to the Kuryr libnetwork plugin14:40
salv-orlandoapuimedo, mspreitz: it could then work regardless of neutron14:40
mspreitzyes, the T0 plugin is not actually specific to Kuryr14:41
apuimedosalv-orlando: yes. It is just CNI to CNM14:41
mspreitzit works with any Docker network14:41
salv-orlandoyeah, makes sense14:41
apuimedothe only limitation, is that is pod level only, so you don't get service stuff14:41
apuimedoThat kind of information does not reach CNI presently14:42
mspreitzThe idea of T0 is that this is within the k8s networking context...14:42
mspreitzin which every pod and every host can open a connection to any pod.14:42
mspreitzThus the existing k8s service load balancers work.14:42
irenabso you assume kube-proxy to take care of the service?14:42
apuimedomspreitz: sure. I get that. I'm just giving information about what kind of gaps it fills and which it does not14:43
apuimedoirenab: yes. It relies on kube-proxy14:43
mspreitzThe T0 plugin assumes that something else has completed the functional requirements: that is, enabled every host to open connections to every pod.14:43
mspreitzAs discussed in the T1 devref, this can be accomplished in neutron by adding some routes.14:43
apuimedoso the vendors that implement T0 must have the network configured for the container accessible from the hosts (for example it being a public external network)14:44
mspreitzirenab: in short, I am confirming that I am talking about enabling kube-proxy to work.14:44
mspreitzapuimedo: right14:44
apuimedo;-)14:44
irenabmspreitz: how IPAM is done?14:44
mspreitzirenab: however the Docker network does it14:45
mspreitzthe T0 plugin is just a piece of glue14:45
apuimedoirenab: cni -> libnetwork -> kuryr ipam -> neutron14:45
irenabso subnet per host is not assumed14:45
mspreitzright14:45
apuimedoirenab: no14:45
irenabthis is the comment that is discussed over the spec I pushed14:45
mspreitzirenab: I am not sure I follow.  But I have not read the most recent comments.14:46
mspreitzyet14:46
apuimedoalright. Did everybody follow properly the assumptions, preconditions and workflow of T0?14:46
irenabyes, CNI for libnetwork14:47
banixyes14:47
irenabrest is native k8s14:47
apuimedosalv-orlando: tfukushima: ?14:47
fawadkhaliqyes14:47
apuimedovikasc: ?14:47
vikascyes14:47
tfukushimaYes.14:48
apuimedoalright. Let's move on to T114:48
apuimedomspreitz: short intro, please14:48
mspreitzsure...14:48
mspreitzThe k8s network SIG has been defining a new concept in k8s called "network policy", by which a k8s user can declare what connectivity is allowed.14:49
mspreitzIt is deliberately more abstract than Neutron.  Rather than talking about networks, subnets, firewalls, routes, and so on, it talks about which endpoints can open connections to which endpoints, that's all14:50
mspreitzit is designed, however, in a way that maps pretty directly onto Neutron security groups.14:50
mspreitzBoth are additive sets of rules about allowed connections.14:50
mspreitzSo the T1 devref specifies the mapping from network policies to Neutron security groups.14:50
mspreitzend of intro.14:50
apuimedothanks mspreitz14:51
fawadkhaliqmspreitz: by design of k8s "network policy", the network definition etc still has to be define separately, right? or you are saying this is policy based type of networking, where everything is just taken care of my magic?14:51
fawadkhaliqs/my/by/14:51
mspreitzNo magic here14:51
mspreitzIt is a matter of deliberate abstraction.14:52
apuimedomspreitz: IIUC, to what you have in T0, you'd add a policy agent that watches the API for policy needs and creates SGs14:52
irenabmspreitz: I experimented with mappings of policy ingress to security groups and ended up with pretty same understanding as you14:52
mspreitzThe idea is that the k8s user *never* talks about networks.  He only talks about connectivity.14:52
fawadkhaliqmspreitz: okay. makes sense.14:52
salv-orlandofrankly talking about network intended as "domain where things can connect each other" is non-relevant to what we have today because kubernetes does everything it can to ensure there could be only one of these things14:53
mspreitzIt is up to the implementation to map allowed connectivity into lower level details.14:53
salv-orlandobut the mapping between security groups and network policies make quite sense14:53
mspreitzI think the obvious choice is that a k8s namespace equates to a Neutron virtual ethernet.14:54
salv-orlandofrankly my understanding is that you just need that one additional step due to translating pods and namespaces into source ips14:54
irenabfor me it looks very much as GBP talking about App policies, while network policy is not the app concern14:54
mspreitzbecause in k8s network policy there is no allowed non-IP traffic between k8s namespaces.14:55
apuimedomspreitz: I am not 100% convinced about the statement that k8s implicitly forbids non-IP traffic. IIRC it was said that it was up to the network plugin14:55
fawadkhaliqirenab: exactly my thoughts14:55
apuimedobut that it was common to do it like that14:55
mspreitz"GBP"?14:55
salv-orlandomspreitz: you have to make that choice in the plugin or any logic which sits outside of kubernetes anyway14:55
salv-orlandoyeah the british pount14:55
fawadkhaliqmspreitz: GPB->group based policy14:55
salv-orlandoit's roughly 1.27 to the europ14:55
mspreitzI think the decision that k8s network policy forbids non-IP traffic between namespaces and says nothing else about non-IP traffic was agreed in a meeting and never written down.14:56
banixlet us not talk about GBP. it still hurts.14:56
apuimedohey, for the young people, what is GBP?14:56
irenabbanix: conceptually :-)14:56
salv-orlandowhy banix did you moved all your savings into the UK before the dollar strenghtened? :)14:56
irenabgroup based policy14:56
apuimedo(young to the OSt world)14:56
fawadkhaliqbanix: :-)14:57
banix:)14:57
apuimedoyou should put it in CZK14:57
apuimedoeastern currency best currency14:57
apuimedo(I lost 10% of my money just so that car makers would be happy...)14:57
salv-orlandoGroup Based Policies was the moment in which neutron community was very close to break in two14:57
banixas someone said, they are devaluing their currency, we are going to stop it, and make them pay for it!14:58
salv-orlandobut I don't think this is relevant at all here14:58
mspreitzSo we are agreed to ignore group based policy here and now?14:58
fawadkhaliqmspreitz: yes, that was a just a comment :)14:58
mspreitzOK.14:58
mspreitzSo getting back to T1...14:58
apuimedomspreitz: from T1 devref14:58
mspreitzThere is an unwritten detail about non-IP traffic that implies k8s namespace = neutron virtual ethernet.14:59
apuimedoI missed what puts the ports of a namespace into different SGs. I take it that it is the policy agent14:59
mspreitzapuimedo: policy agent ensures that is eventually consistent.  CNI plugin speeds that up.14:59
apuimedobut the algorithm for creating needed sgs and doing the assignment once the nets and ports are created was a bit fuzzy for me14:59
apuimedomspreitz: it checks the thirdparty resources for networkpolicy elements?15:00
mspreitzyes15:00
apuimedo*does it15:00
mspreitzit monitors, keeping an in-memory cache15:00
mspreitzkeeping the cache up to date, incrementally responding to changes, after startup transient.15:01
apuimedoso the burden of converting the allowfrom (ingress and egress) into networkpolicies is on the k8s api, then, right?15:01
mspreitzno, allowFrom is part of the syntax of a network policy15:01
salv-orlandoapuimedo: I'm not sure, but it would be great if the api server did somehting like that15:01
banixallowfrom is the policy15:01
salv-orlandobut I'm afraid the burdgen is on the agent15:02
irenabapuimedo: watcher of policy that transaltes to SGs and assigns ports15:02
mspreitzThe k8s api server just stores the network policies and provides events about their changes.15:02
mspreitzIt is all up to us to interpret the policies15:02
apuimedobanix: mspreitz: if my understanding is right. There is several levels of policy and overrides that you can have, service, pod and namespace15:02
apuimedois the current policy object a frankestein with overrides for each definition?15:03
mspreitzapuimedo: actually it is deliberately simple, no overrides15:03
apuimedo*frankenstein15:03
mspreitzit is only additive, just like neutron SGs15:03
mspreitzthe k8s net policy is just a set of additive rules15:03
apuimedomspreitz: good then15:03
mspreitzI talked to another vendor at kubecon that has added more structure, so they can have negatives and overrides15:04
mspreitzbut that is not in the k8s net sig policy.15:04
mspreitzBecause it is just a set of additive rules, it maps easily to Neutron security groups.15:04
apuimedosalv-orlando: it is almost a matter of necessity, if they want to keep the networking generic and without vendor lock in that the translation into useful enough policy objects is done by the API. Otherwise it is going to be a mess15:05
mspreitzapuimedo: I do not understand what you are saying.  The k8s api server just stores the policy objects, not translate them into anything.15:05
apuimedomspreitz: do you have an example response from the API on the thirdparty creation for people to see. It is generally good to include those kind of things on devref15:05
mspreitzapuimedo: good point, I will add examples.15:06
apuimedoboth the definitions in the service description, the response from the API, and example SG creation15:06
mspreitzI do not have examples of translation to SGs, but I think you can find example policy source in the k8s net sig work.15:06
*** yamamoto has quit IRC15:06
apuimedomspreitz: It would be good to come up with a tentative one for the guestbook example and put it on the devref15:07
mspreitzapuimedo: will do.15:07
apuimedosome people understand better by example than explanation. So it is good to have both15:07
banixmspreitz: yeah15:07
mspreitzagreed, just an oversight in my hurry.15:07
vikascapuimedo: +115:07
apuimedoWe're starting to be a bit short on time15:07
apuimedo8minutes for T215:07
salv-orlandoapuimedo: as you attend the sig-network meetings quite reguardly you surely know what approach they're adopting. third party resource with completely external processing are a stopgap while we experiment15:07
apuimedoand then we go with irenab15:07
salv-orlandoapuimedo: I would not be worried to much about what the API server does or doesn't at this stage15:08
mspreitzactually T2 overlaps with the one of the biggest open issues in irena's proposal, namely multi-tenancy15:08
apuimedosalv-orlando: I know it's a stopgap, but I'm not sure if it will just graduate to the regular API on 1.3 or they are going to leave it for third parties15:08
mspreitzSo my proposal for T2 is that each tenant gets its own router, and its Neutron networks attach to its router15:09
irenabI would wait with multi-tenancy for the next phase15:09
mspreitzBut since k8s requires all this reachability, we have to augment that with a lot of routes.15:09
apuimedomspreitz: just so that everyone follows. Here we are talking about ad-hoc multitenancy, or multitenancy from teh OSt point of view. Previous to any multi-tenancy that may eventually be brought on by k8s15:10
salv-orlandoapuimedo: third party APIs in k8s are not really APIs... just a way to stash blob of arbitrary json data15:10
salv-orlandoso it'll have to graduate to become a thing15:10
mspreitzactually this is an important point, MT in k8s15:10
mspreitzIt is not there now, as we all know.15:10
apuimedosalv-orlando: I sure hope it does, but it's not going to be for 1.2, right?15:10
salv-orlandoapuimedo: most definetely not15:10
mspreitzI have been supposing that some of us will wedge it in there somehow real soon.15:10
mspreitz(regarding 3rd party resource graduation: yes, it will happen, details TBD, not in 1.2)15:11
apuimedosalv-orlando: that's my point. That until it does, policy and to a bigger extent, multi-tenancy, are scaffolding15:11
apuimedothat are useful for our OSt + k8s operators15:11
mspreitzSome of us are going to do multi-tenancy in k8s real soon, by whatever hook and crook we need to get it creaking along.15:12
apuimedobut that will be in motion and for which we probably can't guarantee bc15:12
apuimedomspreitz: indeed15:12
mspreitzRight now, I am thinking of a wrapper that adds multi-tenancy and sharding.15:12
mspreitzsharding is beyond the scope of this discussion.15:12
apuimedomspreitz: sharding not based on namespaces?15:12
mspreitzThe important point, I think, is only this: each k8s namespace will belong entirely to exactly one tenant.15:12
irenabtenant can be specified as label on Pod/Namespace15:13
mspreitzSo we can put a label on a k8s namespace that identifies the tenant.15:13
apuimedomspreitz: when you say exactly one tenant is that 1 - 1 or 1 - N15:13
banixsounds reasonable15:13
mspreitznamespace -> tenant is N -> 115:13
apuimedogood. I can agree with that15:14
mspreitzAnd that is why I suppose each k8s has a label identifying the tenant15:14
apuimedoI hope that we all agree that whatever we build for policy and multitenancy will have to be reviewed and possibly changed without BC once the APIs graduate in k8s15:14
mspreitz"BC" ?15:15
apuimedobackwards compatibility15:15
banixBritish Columbia15:15
mspreitzright15:15
mspreitzthe whole point of the current status is that it is not stable15:15
salv-orlandoor before christ15:15
apuimedobanix: we were there already ;-)15:15
mspreitzno promise of stability to users15:15
salv-orlandoI don't think anyone is even considering backward compatibility15:16
mspreitzthat was my position15:16
apuimedoalright. Because our contract with Magnum is that we have to adapt to fit what k8s ends up doing15:16
mspreitzanyway, back to achieving the MT.15:16
salv-orlandothe kubernetes folks are rather pragmatic,,,, they won't enforce something like that on a feature they know noone is using15:16
apuimedogood that we all understand that15:16
mspreitzI am not happy with requiring lots of routes15:16
mspreitzI am also not happy that Neutron routers do not exchange routes.  Why is that, anyway?15:16
apuimedomspreitz: you mean like implicit bgp?15:17
banixexchange routes?15:17
mspreitzright15:17
irenabcan we please get tot he point of different approaches? We have less than 15 mins15:17
apuimedoheh15:17
apuimedo#topic direct k8s/cni15:17
apuimedoirenab: the floor is yours15:17
salv-orlandoirenab is right we've been digressing on several non-essential points15:17
irenabAs I see it the main difference with mspreitz approach is on CNI side15:18
apuimedoNative CNI plugin that works similary as the Nova plugging and an API watcher15:18
apuimedothe native API watcher is not that different from mspreitz proposes for networkpolicy monitoring15:19
irenabmeaning that neutron API calls are done by watcher and not by CNI15:19
apuimedoand it could take on that job15:19
apuimedoCNM is not involved15:19
irenabCNI gets all required data to complete local binding15:19
apuimedoit gets rid of kube-proxy15:19
irenabapuimedo: hope our notes are synchorized ;-)15:20
banixapuimedo: i thought floor was Irena’s :)15:20
apuimedobanix: it is. I'm just wiping it15:20
irenabbanix: we both are deeply involved :-)15:20
* apuimedo janitor15:20
banix:)15:20
apuimedoit allows the usage of FIPs and LBs that are common tools for OSt operators15:20
apuimedoirenab: continue please15:20
apuimedo(the floor is clean now. /me puts slippery floor sign)15:21
irenabI think we have all the details already15:21
* mspreitz thinks "we" does not include me15:21
irenabWatcher gets k8s events and calls neutron15:21
apuimedomspreitz: this is the place to ask15:21
irenabCNI receives IP, port uuid, mac address via pod annotations and performs local binding15:22
apuimedopersonally I prefer not using CNM, but I do like the scaffolding for policy and tenancy that mspreitz is pushing15:22
irenabmspreitz: I meant apuimedo and myself by ‘we’15:22
irenabapuimedo: for me it is complementary and can be achived by the watcher15:23
apuimedofawadkhaliq: salv-orlando: vikasc: tfukushima: mspreitz: thoughts? Questions?15:23
apuimedobanix: you too, okay15:23
irenabso the policy agent that mspreitz mentioned is one of the watchers15:23
mspreitzI have some questions.  Since we already have a libnetwork plugin that does local binding, why avoid using it?15:23
salv-orlandoyeah... can you spend some words on why CNI frees you up to use Floating IPs?15:24
salv-orlandoI just don't understand why CNM would not15:24
irenabnot sure how CNI/CNM related to FIPs15:25
apuimedosalv-orlando: the API watcher doesn't watch just for Pods (which is what CNI gets info about)15:25
apuimedoit watcher for services15:25
apuimedowhich can get externalIP requests defined15:25
apuimedoas well as Loadbalancer type15:25
irenaband replaces kube-proxi15:25
salv-orlandoapuimedo: ok... but then if it was the CNI/CNM thing mspreitz did, it could do the same15:25
apuimedoteh API watcher, when it sees those, it does the FIP/lb assignment to the port it creates for CNI15:25
salv-orlandocool guys, you were then referring to the whole solution not the CNI plugin only.15:26
mspreitzQ2: it looks like Irena wants to replace kube-proxy with Neutron load balancers.  Can we factor that into a separate spec/devref?  It has lots of issues.15:26
apuimedosalv-orlando: exactly15:26
irenabI think there are several not dependent issues we need to discuss15:26
irenab1. CNI approach15:26
irenab2. Service implementation15:26
irenab3. External IP support15:26
apuimedo3. Policy15:27
apuimedoui, got my numbering wrong :P15:27
apuimedo42. tenancy15:27
apuimedo(that padding should give enough space)15:27
* salv-orlando apuimedo knows 42 is always ht eirght naswer15:27
apuimedo:-)15:28
banixI guess avoiding CNM makes sense if we try to consider other container engines. otherwise, why?15:28
banixwhich is something we should do sooner or later… ok perhaps later15:28
irenaband k8s supports rkt15:28
salv-orlandobanix: I think we are digressing too much into this CNI/CNM dicotomy15:28
mspreitzI think avoiding `docker network` makes no sense, it leaves Docker misinformed about connectivity.15:28
apuimedobanix: there is two extra reasons15:28
apuimedorkt and host access to Neutron APIs15:29
salv-orlandofrankly I am ok with supporting both approaches.... and then maybe we can use the pure CNI to provide neutron networking with rkt or whatever15:29
irenabsalv-orlando: I wanted to say the same :-)15:29
apuimedosalv-orlando: that's what I proposed from the begining15:29
apuimedothat we'd have a CNI->CNM translation15:29
salv-orlandoI would love to focus more on the "watcher" which will give us 2, 4 (apuimedo's 3) and maybe also 315:29
banixsounds good15:29
apuimedonow15:29
irenabseems we agree15:29
mspreitzjust in time15:30
banixtime for group hug15:30
apuimedothen build CNI direct integration for rkt and other advanced stuff we may need to do15:30
irenabbanix: :-)15:30
apuimedoone last thing. I'd like a watcher discussion next week15:30
apuimedo#action mspreitz to update the devrefs with examples15:30
banixsame time same place apuimedo?15:31
salv-orlandoapuimedo: I'm up for it15:31
irenabapuimedo: maybe we can push devref by then15:31
apuimedobanix: yes. THe same bat-hour in the same bat-channel15:31
irenabI won’t be able to attend next week15:31
apuimedoirenab: which?15:31
mspreitzI would rather start 30 min earlier, i possible15:31
mspreitzif possible15:31
apuimedomspreitz: sounds good to me15:31
irenabapuimedo: for watcher15:31
mspreitzstart at 14:00 UTC15:31
apuimedoirenab: yes. THat's a good point15:32
apuimedolet's do that15:32
banixok with me15:32
apuimedo14 utc everybody?15:32
salv-orlandolgtm15:32
vikascok with me too15:32
irenabapuimedo: thanks a lot for facilitation15:32
tfukushimaIt's better than 15:00 UTC.15:32
apuimedovery well. Thank you very much to all of you for joining. It was a very nice meeting15:32
mspreitzthank you all15:32
apuimedo#endmeeting15:32
openstackMeeting ended Wed Mar 16 15:32:45 2016 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)15:32
banixthank you15:32
openstackMinutes:        http://eavesdrop.openstack.org/meetings/k8s_integration_discussion/2016/k8s_integration_discussion.2016-03-16-14.30.html15:32
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/k8s_integration_discussion/2016/k8s_integration_discussion.2016-03-16-14.30.txt15:32
openstackLog:            http://eavesdrop.openstack.org/meetings/k8s_integration_discussion/2016/k8s_integration_discussion.2016-03-16-14.30.log.html15:32
salv-orlandoadieuuuu15:32
fawadkhaliqbye15:33
*** fawadkhaliq has quit IRC15:33
irenabbye15:33
apuimedoAdéu15:33
*** apuimedo has quit IRC15:33
*** fawadkhaliq has joined #openstack-kuryr15:34
*** tfukushima has quit IRC15:38
*** fawadkhaliq has quit IRC15:38
mspreitzBTW, where do I find this guestbook example that was mentioned?15:56
mspreitzI suppose https://github.com/kubernetes/kubernetes/tree/master/examples/guestbook is it.15:58
*** vikasc has quit IRC16:00
*** fawadkhaliq has joined #openstack-kuryr16:04
*** yamamoto has joined #openstack-kuryr16:07
*** yamamoto has quit IRC16:16
*** fawadkhaliq has quit IRC16:32
*** fawadkhaliq has joined #openstack-kuryr16:33
*** fawadkhaliq has quit IRC16:33
*** fawadkhaliq has joined #openstack-kuryr16:50
*** fawadkhaliq has quit IRC16:51
*** fawadkhaliq has joined #openstack-kuryr16:51
*** banix has quit IRC17:01
*** banix has joined #openstack-kuryr17:02
*** mspreitz has quit IRC17:17
*** fawadkhaliq has quit IRC17:49
*** fawadkhaliq has joined #openstack-kuryr17:50
*** salv-orl_ has joined #openstack-kuryr17:54
*** salv-orlando has quit IRC17:56
fkautzdevstack is so slow :(18:25
fkautzanyone have any recommendations on speeding it up?18:26
fawadkhaliqfkautz: because of kuryr? :O18:41
fawadkhaliqor Internet speed? :-)18:42
fkautzfawadkhaliq: i think it's devstack just being ridiculously slow18:42
fkautzinternet speed isn't a problem :p18:42
fkautzalthough, git has been taking a long time, i did manage to get some speedup with GIT_BASE=https://github.com18:42
fawadkhaliqfkautz: hehe okay :)18:43
fkautzgit clone is blazing, devstack's git clone is incredibly slow18:43
fkautzespecially nova :p18:43
fkautzcloning nova has timed out on me a few times... 600s timeout18:43
fawadkhaliqfkautz: ah, seems like github issue18:43
fkautztimeouts were before setting git base18:44
fkautzbut it's still slow :p just not slow enough to time out18:44
*** fawadkhaliq has quit IRC18:49
*** salv-orl_ has quit IRC19:15
*** irenab_ has joined #openstack-kuryr19:26
*** irenab has quit IRC19:28
*** irenab_ is now known as irenab19:28
*** salv-orlando has joined #openstack-kuryr20:01
*** diogogmt has joined #openstack-kuryr20:33
*** banix has quit IRC20:45
*** fawadkhaliq has joined #openstack-kuryr23:19
fkautzfawadkhaliq: enabling virtio in vbox sped it up considerably23:36
fkautzopened a bug in vagrant asking them to use virtio by default if available :)23:37
*** diogogmt has quit IRC23:38
fawadkhaliqfkautz: ah, your vnics23:41
*** salv-orl_ has joined #openstack-kuryr23:54
*** salv-orlando has quit IRC23:57
« Tuesday, 2016-03-15 Index Thursday, 2016-03-17 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!