*** hongbin has quit IRC | 00:25 | |
*** salv-orlando has quit IRC | 00:26 | |
*** limao has joined #openstack-kuryr | 00:30 | |
*** limao has quit IRC | 00:32 | |
*** limao has joined #openstack-kuryr | 00:32 | |
*** yamamoto_ has joined #openstack-kuryr | 01:09 | |
*** yedongcan has joined #openstack-kuryr | 01:11 | |
*** saneax is now known as saneax-_-|AFK | 01:20 | |
*** janonymous has joined #openstack-kuryr | 02:59 | |
*** hongbin has joined #openstack-kuryr | 03:01 | |
*** tianquan has quit IRC | 04:06 | |
*** pmannidi_ has quit IRC | 04:37 | |
*** pmannidi_ has joined #openstack-kuryr | 04:54 | |
*** pmannidi_ has quit IRC | 05:05 | |
*** tianquan has joined #openstack-kuryr | 05:07 | |
*** tianquan has quit IRC | 05:09 | |
*** tianquan_ has joined #openstack-kuryr | 05:09 | |
*** pmannidi has joined #openstack-kuryr | 05:16 | |
*** tianquan_ has quit IRC | 05:20 | |
*** tianquan has joined #openstack-kuryr | 05:22 | |
*** janki has joined #openstack-kuryr | 05:24 | |
*** tianquan has quit IRC | 05:27 | |
*** tianquan has joined #openstack-kuryr | 05:48 | |
*** saneax-_-|AFK is now known as saneax | 05:51 | |
*** hongbin has quit IRC | 06:21 | |
*** ltomasbo|away is now known as ltomasbo | 06:24 | |
*** salv-orlando has joined #openstack-kuryr | 06:29 | |
*** limao has quit IRC | 06:50 | |
*** salv-orl_ has joined #openstack-kuryr | 06:52 | |
*** salv-orlando has quit IRC | 06:55 | |
*** salv-orl_ has quit IRC | 07:03 | |
*** limao has joined #openstack-kuryr | 07:14 | |
*** david-lyle has quit IRC | 07:16 | |
*** david-lyle has joined #openstack-kuryr | 07:16 | |
*** limao_ has joined #openstack-kuryr | 07:18 | |
*** limao has quit IRC | 07:19 | |
*** tianquan has quit IRC | 07:29 | |
*** tianquan has joined #openstack-kuryr | 07:30 | |
*** pmannidi has quit IRC | 07:36 | |
*** pcaruana has joined #openstack-kuryr | 07:41 | |
*** salv-orlando has joined #openstack-kuryr | 07:59 | |
*** janki has quit IRC | 08:07 | |
*** danil has joined #openstack-kuryr | 08:08 | |
*** janki has joined #openstack-kuryr | 08:18 | |
openstackgerrit | vikas choudhary proposed openstack/kuryr-kubernetes master: Add support for HTTPS client https://review.openstack.org/440979 | 08:27 |
---|---|---|
*** neiljerram has joined #openstack-kuryr | 08:33 | |
*** garyloug has joined #openstack-kuryr | 08:59 | |
apuimedo | vikasc: can we get https://review.openstack.org/#/c/440232/ merged? | 09:05 |
vikasc | apuimedo, done | 09:07 |
apuimedo | thanks vikasc | 09:07 |
vikasc | yw! | 09:07 |
apuimedo | vikasc: the gates failed for the ssl patch | 09:07 |
apuimedo | (wonder if you saw) | 09:07 |
vikasc | apuimedo, yeah, just saw | 09:07 |
vikasc | apuimedo, looking into it | 09:08 |
apuimedo | I also put you some comments | 09:09 |
vikasc | apuimedo, default value is none for file paths, so it works on http server as well | 09:11 |
vikasc | apuimedo, i verified this | 09:11 |
vikasc | apuimedo, running a devstack with our local.conf.sample and this patch | 09:12 |
*** david-lyle has quit IRC | 09:13 | |
*** david-lyle has joined #openstack-kuryr | 09:13 | |
openstackgerrit | Merged openstack/kuryr-kubernetes master: doc: kuryr-k8s components missed Watch consumer https://review.openstack.org/440232 | 09:22 |
*** janki has quit IRC | 09:24 | |
*** david-lyle_ has joined #openstack-kuryr | 09:30 | |
*** david-lyle has quit IRC | 09:31 | |
*** janki has joined #openstack-kuryr | 09:33 | |
apuimedo | vikasc: httpserver or httpclient? | 09:37 |
vikasc | apuimedo, i meant client for http server :) | 09:38 |
vikasc | apuimedo, http client | 09:38 |
apuimedo | vikasc: so you verified it with a non encrypted k8s server? | 09:38 |
vikasc | apuimedo, yes, the one that devstack runs with default local.conf | 09:39 |
openstackgerrit | Dongcan Ye proposed openstack/kuryr-libnetwork master: Filter Neutron existing port in ipam_release_address https://review.openstack.org/441024 | 09:44 |
apuimedo | ok | 09:53 |
*** yamamoto_ has quit IRC | 09:54 | |
apuimedo | vikasc: I replied to your comments on the patch | 09:54 |
*** yamamoto has joined #openstack-kuryr | 09:55 | |
vikasc | apuimedo, i could not understand when should verify be set to 'True' | 09:55 |
apuimedo | http://docs.python-requests.org/en/master/user/advanced/#ssl-cert-verification | 09:57 |
vikasc | apuimedo, cert file it is 'requests' is accepting in 'cert' parameter also. | 09:59 |
vikasc | apuimedo, so wondering why to add one more configuration parameter | 09:59 |
*** yamamoto has quit IRC | 10:00 | |
*** yedongcan has left #openstack-kuryr | 10:00 | |
apuimedo | you already put the verify=false. I'm just saying, you either remove it | 10:02 |
apuimedo | so that by default it is verifying the ssl connection for safety | 10:02 |
apuimedo | or you make it configurable | 10:02 |
apuimedo | if for some reason a user needs to disable verification | 10:03 |
apuimedo | (I'd hope we don't need to disable verification) | 10:03 |
vikasc | apuimedo, if i have verify=false and dont pass crt file in 'cert' parameters, ssl connection does not work, so verify=False does not seem to me equal to "curl --insecure". | 10:08 |
vikasc | apuimedo, i will try to get more clarity | 10:08 |
apuimedo | vikasc: AFAIK it is exactly as curl --insecure | 10:09 |
vikasc | apuimedo, it needs both key and cert, even if verify=False. | 10:09 |
apuimedo | vikasc: that's because k8s expects you to talk to it with a client key and cert | 10:10 |
vikasc | apuimedo, then should not it work without key and crt file? | 10:10 |
apuimedo | but without the verify, it is not checking if the server cert is valid against some CA | 10:10 |
vikasc | apuimedo, i tried passing wron key and crt file, it doesnt work then | 10:11 |
vikasc | s/wrong | 10:11 |
apuimedo | vikasc: of course, because openshift configures itself to need client side certificate | 10:11 |
vikasc | apuimedo, by now looks to me it verifies, i will reconfirm | 10:11 |
apuimedo | verify is for verifying the server side cert | 10:11 |
apuimedo | vikasc: if you want to try, don't pass verify | 10:11 |
apuimedo | you'll see it fail | 10:12 |
vikasc | apuimedo, yes | 10:12 |
apuimedo | then try again with passing the path to the CA file to verify | 10:12 |
apuimedo | and you'll see that it works again | 10:12 |
vikasc | apuimedo, i tried that too | 10:12 |
vikasc | apuimedo, and it failed | 10:12 |
apuimedo | can you paste me the line you used? | 10:13 |
openstackgerrit | Merged openstack/kuryr-libnetwork master: Pass located tests directory in oslo debug https://review.openstack.org/436523 | 10:14 |
vikasc | apuimedo, i am sorry i tried this yesterday and now i dont have https server running. | 10:14 |
apuimedo | ok. Please, try it again and let me know | 10:14 |
vikasc | apuimedo, i think i understood your point | 10:14 |
apuimedo | thanks | 10:14 |
vikasc | thank you!! | 10:14 |
*** tianquan has quit IRC | 10:25 | |
vikasc | apuimedo, just verified that it also works if i set verfiry=<path_to_server.crt>. i was confused b/w client and server crts. Thanks for clarifying :) | 10:36 |
vikasc | s/verify | 10:36 |
apuimedo | ;-) | 10:37 |
*** limao_ has quit IRC | 10:54 | |
*** limao has joined #openstack-kuryr | 10:55 | |
*** yamamoto has joined #openstack-kuryr | 10:57 | |
*** limao has quit IRC | 10:59 | |
*** yamamoto has quit IRC | 11:01 | |
danil | hello, folks. I have one question. I have 2 physical machines (controller and compute). I want to create k8s cluster in kuryr network. I know, I have to use kuryr-k8s project, but I don't know how. It's too less information avaliable. How can I choose the network, where I want to deploy k8s cluster? | 11:07 |
vikasc | danil, baremetal or on nova vms? | 11:08 |
danil | VMs | 11:09 |
vikasc | danil, i mean pods will be launched on compute or inside nova vms? | 11:10 |
vikasc | danil, did you take alook at these steps https://github.com/openstack/kuryr-kubernetes#how-to-try-out-nested-pods-locally | 11:11 |
vikasc | danil, is this what you were looking for? | 11:11 |
*** yamamoto has joined #openstack-kuryr | 11:12 | |
danil | I have k8s installed manually, without magnum. So k8s is not in VMs. Yes, I saw this manual, but this one is about devstack | 11:13 |
danil | pods mill be launched on compute | 11:13 |
*** yamamoto has quit IRC | 11:16 | |
*** yamamoto has joined #openstack-kuryr | 11:17 | |
*** yamamoto has quit IRC | 11:17 | |
*** yamamoto has joined #openstack-kuryr | 11:17 | |
*** yamamoto has quit IRC | 11:22 | |
openstackgerrit | Merged openstack/fuxi master: Update test requirement https://review.openstack.org/440192 | 11:25 |
*** tianquan has joined #openstack-kuryr | 11:25 | |
vikasc | danil, so you will have to git clone kuryr-kubernetes on compute node and install it manually using "python setup.py install" | 11:30 |
*** tianquan has quit IRC | 11:30 | |
vikasc | danil, in the /etc/kuryr/kuryr.conf point kuryr to neutron endpoint and k8s-api server | 11:31 |
vikasc | danil, then run the kuryr-k8s-controller like this: "kuryr-k8s-controller -d --config-file /etc/kuryr/kuryr.conf" | 11:32 |
*** yamamoto has joined #openstack-kuryr | 11:36 | |
vikasc | danil, then copy /usr/bin/cni to /opt/cni/bin and copy the contents of kuryr-kubernetes/etc/cni/net.d to k8s's /etc/cni/net.d | 11:36 |
vikasc | HTH! | 11:37 |
*** yamamoto has quit IRC | 11:39 | |
openstackgerrit | vikas choudhary proposed openstack/kuryr-kubernetes master: Add support for HTTPS client https://review.openstack.org/440979 | 11:39 |
danil | vikasc, thanks a lot, I will try | 11:43 |
vikasc | danil, yr wlcome! | 11:43 |
vikasc | danil, please ping in case need any help | 11:44 |
danil | vikasc, thank you | 11:44 |
*** yamamoto has joined #openstack-kuryr | 11:58 | |
openstackgerrit | Luis Tomas Bolivar proposed openstack/kuryr-kubernetes master: Generic vif driver extension to enable ports reuse https://review.openstack.org/436876 | 12:16 |
*** tianquan_ has joined #openstack-kuryr | 12:26 | |
*** salv-orlando has quit IRC | 12:28 | |
*** tianquan_ has quit IRC | 12:36 | |
*** garyloug has quit IRC | 12:50 | |
*** yamamoto has quit IRC | 12:52 | |
openstackgerrit | Luis Tomas Bolivar proposed openstack/kuryr-kubernetes master: Nested vif driver extension to enable ports reuse https://review.openstack.org/436893 | 13:01 |
*** yuanying_ has quit IRC | 13:08 | |
*** yuanying has joined #openstack-kuryr | 13:09 | |
*** janonymous has quit IRC | 13:14 | |
*** yuanying has quit IRC | 13:19 | |
*** yuanying has joined #openstack-kuryr | 13:20 | |
openstackgerrit | Merged openstack/fuxi master: Add document for volume providers https://review.openstack.org/435746 | 13:22 |
*** salv-orlando has joined #openstack-kuryr | 13:25 | |
*** janki has quit IRC | 13:35 | |
*** danil has quit IRC | 13:35 | |
*** tianquan has joined #openstack-kuryr | 13:37 | |
*** yuanying has quit IRC | 13:41 | |
*** tianquan has quit IRC | 13:41 | |
*** yuanying has joined #openstack-kuryr | 13:42 | |
openstackgerrit | Luis Tomas Bolivar proposed openstack/kuryr-kubernetes master: Generic vif pool driver extension to precreate reusable ports https://review.openstack.org/436877 | 13:43 |
*** yuanying has quit IRC | 13:45 | |
openstackgerrit | Luis Tomas Bolivar proposed openstack/kuryr-kubernetes master: Generic vif pool driver extension to precreate reusable ports https://review.openstack.org/436877 | 13:45 |
*** garyloug has joined #openstack-kuryr | 13:47 | |
*** yuanying has joined #openstack-kuryr | 13:50 | |
openstackgerrit | Merged openstack/kuryr-libnetwork master: Fix mac address inconsistencies in neutron and docker https://review.openstack.org/432777 | 13:51 |
*** yamamoto has joined #openstack-kuryr | 13:53 | |
openstackgerrit | Gary Loughnane proposed openstack/kuryr-kubernetes master: [WIP] Add MACVLAN based interfaces for nested containers https://review.openstack.org/440669 | 13:59 |
*** vikasc has quit IRC | 13:59 | |
*** yamamoto has quit IRC | 14:00 | |
apuimedo | mchiappero: garyloug: have you moved also in the direction of submitting mac segmentation type to Neutron? | 14:18 |
mchiappero | will start probably next week or the following one | 14:19 |
mchiappero | I think that will require quite a bit of time and I'm not too sure about the outcome yet | 14:20 |
mchiappero | so I think it makes sense to merge this same behaviour as for kuryr-libnetwork and later update both repos | 14:20 |
mchiappero | if okay with you | 14:20 |
mchiappero | 14:21 | |
apuimedo | sure it is | 14:21 |
apuimedo | I was just wondering when I didn't see a REVISIT note in the macvlan mode setting in https://review.openstack.org/#/c/440669/2/kuryr_kubernetes/cni/binding/macvlan.py | 14:21 |
mchiappero | I had no time to comment on, but on the patch Gary proposed there might be opportunities for factoring/code sharing with vlan | 14:22 |
mchiappero | it might have slipped :) | 14:22 |
mchiappero | will update | 14:22 |
mchiappero | will refine a bit, later or Monday, but feel free to provide feedback already | 14:23 |
*** pcaruana has quit IRC | 14:24 | |
apuimedo | very well | 14:25 |
apuimedo | thanks for adding the support :-) | 14:25 |
mchiappero | we are glad to contribute :) | 14:33 |
*** tianquan has joined #openstack-kuryr | 14:38 | |
openstackgerrit | Luis Tomas Bolivar proposed openstack/kuryr-kubernetes master: Generic vif pool driver extension to precreate reusable ports https://review.openstack.org/436877 | 14:42 |
openstackgerrit | Merged openstack/kuryr-kubernetes master: Fix typo at generic_vif unit test https://review.openstack.org/436532 | 14:44 |
*** tianquan has quit IRC | 14:48 | |
*** salv-orlando has quit IRC | 15:12 | |
*** tianquan_ has joined #openstack-kuryr | 15:14 | |
*** hongbin has joined #openstack-kuryr | 15:16 | |
*** tianquan_ has quit IRC | 15:18 | |
openstackgerrit | Luis Tomas Bolivar proposed openstack/kuryr-kubernetes master: Generic vif pool driver extension to precreate reusable ports https://review.openstack.org/436877 | 15:40 |
*** salv-orlando has joined #openstack-kuryr | 15:52 | |
*** saneax is now known as saneax-_-|AFK | 15:57 | |
*** ltomasbo is now known as ltomasbo|away | 16:08 | |
*** garyloug has quit IRC | 16:53 | |
*** tianquan has joined #openstack-kuryr | 16:56 | |
*** tianquan has quit IRC | 17:00 | |
*** neiljerram has quit IRC | 17:31 | |
*** garyloug has joined #openstack-kuryr | 17:41 | |
*** s1061123_ has joined #openstack-kuryr | 17:42 | |
*** s1061123 has quit IRC | 17:43 | |
*** dims has quit IRC | 17:43 | |
*** alraddarla has quit IRC | 17:43 | |
*** saneax-_-|AFK has quit IRC | 17:43 | |
*** apuimedo has quit IRC | 17:43 | |
*** apuimedo has joined #openstack-kuryr | 17:43 | |
*** dims has joined #openstack-kuryr | 17:44 | |
*** saneax-_-|AFK has joined #openstack-kuryr | 17:47 | |
*** alraddarla has joined #openstack-kuryr | 17:49 | |
*** tianquan_ has joined #openstack-kuryr | 17:56 | |
*** tianquan_ has quit IRC | 18:06 | |
*** garyloug has quit IRC | 18:45 | |
*** salv-orl_ has joined #openstack-kuryr | 18:52 | |
*** salv-orlando has quit IRC | 18:56 | |
*** tianquan has joined #openstack-kuryr | 19:07 | |
*** tianquan has quit IRC | 19:11 | |
*** salv-orl_ has quit IRC | 19:40 | |
*** tianquan_ has joined #openstack-kuryr | 19:40 | |
*** tianquan_ has quit IRC | 19:50 | |
*** phar5yde has joined #openstack-kuryr | 19:54 | |
*** salv-orlando has joined #openstack-kuryr | 19:57 | |
*** phar5yde has quit IRC | 20:00 | |
*** phar5yde has joined #openstack-kuryr | 20:00 | |
*** tianquan has joined #openstack-kuryr | 20:51 | |
*** tianquan has quit IRC | 20:56 | |
*** phar5yde has quit IRC | 21:10 | |
*** neiljerram has joined #openstack-kuryr | 22:32 | |
openstackgerrit | OpenStack Proposal Bot proposed openstack/fuxi master: Updated from global requirements https://review.openstack.org/431085 | 22:48 |
openstackgerrit | OpenStack Proposal Bot proposed openstack/kuryr-libnetwork master: Updated from global requirements https://review.openstack.org/431966 | 22:50 |
openstackgerrit | OpenStack Proposal Bot proposed openstack/kuryr-kubernetes master: Updated from global requirements https://review.openstack.org/439321 | 22:50 |
*** salv-orlando has quit IRC | 22:51 | |
*** salv-orlando has joined #openstack-kuryr | 22:52 | |
*** tianquan has joined #openstack-kuryr | 22:53 | |
*** neiljerram has quit IRC | 23:04 | |
*** saneax-_-|AFK is now known as saneax | 23:09 | |
*** tianquan has quit IRC | 23:18 | |
*** david-lyle_ is now known as david-lyle | 23:29 | |
openstackgerrit | Hongbin Lu proposed openstack/kuryr-libnetwork master: Allow requesting pool with ipv6 cidr https://review.openstack.org/439833 | 23:32 |
openstackgerrit | Hongbin Lu proposed openstack/kuryr-libnetwork master: Handle containers with both ipv4 & ipv6 https://review.openstack.org/439932 | 23:32 |
*** david-lyle has quit IRC | 23:47 |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!