10:00:40 <strigazi> #startmeeting containers
10:00:41 <openstack> Meeting started Tue Mar 20 10:00:40 2018 UTC and is due to finish in 60 minutes.  The chair is strigazi. Information about MeetBot at http://wiki.debian.org/MeetBot.
10:00:42 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
10:00:45 <openstack> The meeting name has been set to 'containers'
10:00:50 <strigazi> #topic Roll Call
10:01:00 <slunkad> hi
10:01:13 <strigazi> hello slunkad
10:02:22 <strigazi> Looks like it is me and you slunkad :)
10:02:36 <strigazi> #link https://wiki.openstack.org/wiki/Meetings/Containers#Agenda_for_2018-03-20_1000_UTC
10:02:37 <slunkad> yep
10:02:44 <strigazi> #link https://wiki.openstack.org/wiki/Meetings/Containers#Agenda_for_2018-03-20_1000_UTC
10:02:48 <strigazi> #topic Announcements
10:03:13 <strigazi> I updated most of the blueprints in:
10:03:17 <strigazi> #link https://blueprints.launchpad.net/magnum
10:03:49 <slunkad> oh nice
10:04:02 <strigazi> Blueprints with no one workig on them have the targeted release, milestone and priority removed
10:05:02 <strigazi> I created the rocky release and its milestone and started to add bluprints. Let's try to set the list for rocky this week
10:05:15 <strigazi> We can target bugs too.
10:05:23 <strigazi> This is a good landing page.
10:05:28 <slunkad> yes
10:05:43 <strigazi> #link https://launchpad.net/magnum
10:05:58 <strigazi> and here you can see what is assigned to Rocky
10:06:26 <strigazi> #link https://launchpad.net/magnum/rocky
10:07:01 <strigazi> Three blueprints and 1 bug, I'll through the bugs too.
10:07:29 <slunkad> ok
10:07:30 <strigazi> #topic Blueprints/Bugs/Ideas
10:08:33 <strigazi> ** Rocky blueprints review
10:08:52 <strigazi> https://blueprints.launchpad.net/magnum/rocky
10:09:13 <strigazi> slunkad: do you want to add opensuse for Rocky and a bp for the works on docs?
10:09:45 <slunkad> strigazi: yes
10:10:10 <slunkad> for the docs one I don't think we need a bp though
10:10:13 <strigazi> ok, I'll add the driver work and add a bp for docs
10:10:46 <slunkad> not sure, because I did take a look at the docs and what I see is most projects have a glossary section
10:11:15 <strigazi> slunkad: do you have milestone in mind for opensuse?
10:12:07 <slunkad> strigazi: Rocky I would imagine
10:12:37 <strigazi> slunkad: here are the dates https://releases.openstack.org/rocky/schedule.html
10:13:49 <slunkad> strigazi: I would target it to m3 if that's alright
10:15:06 <strigazi> slunkad: it's ok
10:15:55 <strigazi> slunkad: https://blueprints.launchpad.net/magnum/+spec/k8s-opensuse-support done
10:16:17 <slunkad> thanks!
10:16:40 <strigazi> about docs, don't we need a bp? I imagine there will be multiple patches
10:17:25 <strigazi> We can have glossary, architecture, how to interact with clusters
10:17:35 <slunkad> yes about docs, I\'m not sure how much work is there. I have a patch which removes what I think can go into the glossary, maybe I push that first and then we can discuss on it?
10:17:47 <strigazi> ok
10:18:05 <slunkad> strigazi: ok if you have more things in mind already would make sense to put it down in a bp
10:18:25 <strigazi> ok, I'll right them down and assign to you?
10:18:30 <strigazi> will you have time?
10:19:03 <slunkad> strigazi: yes I should, but I would need help with some of the stuff on it I guess like the architecture
10:19:46 <strigazi> slunkad: of course, I can do that part or I'll help you with it
10:20:07 <slunkad> strigazi: cool then:)
10:20:27 <strigazi> #action strigazi to draft a blueprint for docs refactoring
10:20:47 <strigazi> Next item:
10:20:56 <strigazi> ** strigazi to report back on cluster upgrades
10:21:37 <strigazi> I started the implementation for upgrading with cluster-templates and faced to issues.
10:21:53 <strigazi> The most important one is labels.
10:23:01 <slunkad> what exactly are the issues?
10:23:11 <strigazi> In queens we added labels to cluster and  in the driver template definition
10:23:23 <slunkad> yes
10:23:27 <strigazi> we take the labels from cluster
10:24:15 <strigazi> which means when trying to upgrade some values that come from labels via a cluster template change
10:24:24 <strigazi> those value are not changed.
10:26:19 <strigazi> The pupropose of letting users overwrite labels on cluster create is to give them choice on which features they want to use. eg enable dashboard etc
10:27:05 <strigazi> As a solutions I was thinking to have another set of fields that it is not possible to overwrite
10:27:35 <slunkad> but we want it to be overwritable right?
10:27:41 <strigazi> eg the tag of kubernetes or other tags, etcd, calico, and so on
10:28:22 <strigazi> So, the operator can have some public templates with two set of labels.
10:28:48 <strigazi> One with versions and features that he wants to offer to users
10:29:20 <strigazi> features that the operators wants all users to have
10:29:52 <slunkad> ah yes, I think we spoke about this briefly at the ptg
10:29:53 <strigazi> and another one, that users can enable or disable on cluster creation
10:31:02 <strigazi> The second type is those that can be overwritten and it's the current labels.
10:31:29 <strigazi> The first one can be a new field that can not be overwritten.
10:32:13 <strigazi> This way the operator controls what users get in their clusters.
10:32:25 <strigazi> Makes sense?
10:32:26 <slunkad> sounds good
10:32:29 <strigazi> good
10:32:35 <strigazi> I'll add it to the spec
10:33:24 <strigazi> ok, next
10:33:43 <strigazi> ** slunkad to report on "trust invalid when user is disabled" https://bugs.launchpad.net/magnum/+bug/1752433
10:33:44 <openstack> Launchpad bug 1752433 in Magnum "trust invalid when user is disabled" [Undecided,New] - Assigned to Sayali Lunkad (sayalilunkad)
10:34:16 <slunkad> yes, so I started implementing this but I wanted to clarify some things before going further
10:35:00 <slunkad> as I see it now this change is mostly on the client side, that is we create new trusts and somehow push it into the cluster
10:35:39 <slunkad> I am wondering if this also needs some db changes because there is the trust_id and trustee field in the cluster object
10:36:09 <slunkad> and if you already have an idea of how we push the new trust_id to the cluster?
10:36:42 <strigazi> slunkad: yes, we need to change the values in the db
10:37:02 <strigazi> slunkad: we will pass the new values with a software deployment
10:37:28 <strigazi> slunkad: the new trust generation will be done by magnum
10:37:44 <strigazi> slunkad: in the cert-manager
10:37:52 <slunkad> what do you mean with a software deployment?
10:38:04 <slunkad> cert-manager?
10:38:34 <slunkad> or trust-manager?
10:39:41 <strigazi> this is a software deployment http://git.openstack.org/cgit/openstack/magnum/tree/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml#n582
10:39:58 <strigazi> yes, trust-manager sorry
10:40:27 <strigazi> in software deployement you can also pass values:
10:41:23 <slunkad> ok and do these values get automatically updated when changed?
10:41:24 <strigazi> slunkad:  https://review.openstack.org/#/c/514960/1/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml@424
10:44:10 <slunkad> ok
10:44:35 <strigazi> You start by the conductor changes
10:44:58 <strigazi> updating the db and so on, and we can do the heat-template together
10:45:21 <slunkad> ok cool
10:45:33 <strigazi> aslo, check which api call will do it
10:45:45 <strigazi> we could use the remove-cert api
10:45:57 <slunkad> will do what?
10:46:23 <strigazi> how the user will trigger the rotation of the trust
10:46:47 <slunkad> ah yes
10:47:14 <slunkad> I saw some rotate ca stuff
10:47:49 <strigazi> it could be done by openstack coe certificate rotate
10:48:42 <strigazi> http://git.openstack.org/cgit/openstack/magnum/tree/doc/source/user/index.rst#n1912
10:49:09 <slunkad> yes that's what I was thinking
10:49:15 <strigazi> cool
10:50:09 <slunkad> do we already have that implemented as a osc command also?
10:50:19 <strigazi> yes
10:50:53 <strigazi> http://git.openstack.org/cgit/openstack/python-magnumclient/tree/magnumclient/osc/v1/certificates.py#n36
10:51:12 <slunkad> cool
10:52:33 <strigazi> I'm addint the action again and the one for cluster upgrades
10:52:42 <slunkad> ok
10:52:53 <strigazi> #action slunkad to report on "trust invalid when user is disabled" https://bugs.launchpad.net/magnum/+bug/1752433
10:52:55 <openstack> Launchpad bug 1752433 in Magnum rocky "trust invalid when user is disabled" [High,New] - Assigned to Sayali Lunkad (sayalilunkad)
10:53:30 <strigazi> #action strigazi to update the spec for cluster upgrades with a new type of "immutable" labels
10:54:52 <strigazi> I'll merge with the actions of the previous week since Feilong is not here and I didn't push the patch for flannel.
10:55:30 <strigazi> Since we have 5 minutes, do you have anything else got the meeting slunkad ?
10:56:01 <slunkad> no, that's all, thanks!
10:56:56 <strigazi> Thanks slunkad, see you next week. Since you are in Europe next week it will be one hour later for us. still utc 1000
10:57:23 <strigazi> see https://www.timeanddate.com/worldclock/fixedtime.html?msg=Magnum+Team+Meeting&iso=20180327T10 for conversion
10:57:41 <strigazi> See you
10:57:42 <slunkad> strigazi: oh yes, thanks for that
10:57:44 <slunkad> bye!
10:57:47 <strigazi> #endmeeting