17:01:13 <strigazi> #startmeeting containers 17:01:14 <openstack> Meeting started Thu Jul 12 17:01:13 2018 UTC and is due to finish in 60 minutes. The chair is strigazi. Information about MeetBot at http://wiki.debian.org/MeetBot. 17:01:15 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 17:01:17 <openstack> The meeting name has been set to 'containers' 17:01:19 <strigazi> #topic Roll Call 17:01:27 <strigazi> o/ 17:05:17 <colin-> greetings 17:05:33 <strigazi> hi colin- 17:05:44 <strigazi> imdigitaljim: you are stil here? 17:06:01 <imdigitaljim> yeah 17:06:02 <strigazi> flwang: flwang1 ping 17:06:03 <imdigitaljim> o/ 17:06:41 <strigazi> #topic Review Action Items 17:06:52 <strigazi> I meant: 17:06:52 <strigazi> #topic Blueprints/Bugs/Ideas 17:07:19 <strigazi> I'm working on: 17:08:30 <imdigitaljim> I'm working on updating magnum heat templates 17:08:34 <strigazi> https://storyboard.openstack.org/#!/story/2002959 https://storyboard.openstack.org/#!/story/2002648 I'll ping you for reviews. 17:08:36 <imdigitaljim> and what considerations are made for scaling 17:08:48 <imdigitaljim> yeah please do 17:09:01 <imdigitaljim> ill also interally be updating to v1.11 17:09:16 <imdigitaljim> so i'll be figuring out what considerations will be necessary to support it 17:09:54 <strigazi> We have 1.11 working internally too based on gcr.io 17:10:10 <imdigitaljim> oh awesome 17:10:18 <imdigitaljim> i might bug you for some things later on then 17:10:21 <strigazi> I found only that one param is removed, the tls-ca-file 17:10:25 <imdigitaljim> yeah 17:10:27 <imdigitaljim> im hoping that is is 17:10:29 <imdigitaljim> it* 17:10:43 <imdigitaljim> doing testing as/ci for now 17:10:50 <strigazi> we don't use the cloud provder since some time 17:11:01 <strigazi> So it is not a problem for us 17:11:24 <strigazi> tls-ca-file was basically unused since some releases 17:11:30 <imdigitaljim> yeah even in 1.9 17:11:34 <strigazi> I think two 17:11:35 <strigazi> yes 17:12:01 <strigazi> I'm evaluating two plans for the kubelet 17:12:39 <strigazi> One is base on gcr.io and make it a system container, which means just wrap around it a systemd unit 17:13:12 <strigazi> But that it not ideal when using on fedora 17:13:19 <strigazi> or centos 17:13:35 <strigazi> at some point we need to have selinux always enabled. 17:13:40 <strigazi> The other plan 17:14:13 <strigazi> Is to build kubernetes rpms from source and install them in a fedora container 17:14:23 <imdigitaljim> thats what im doing right now 17:14:29 <strigazi> This works easily with a multistage build 17:14:39 <strigazi> imdigitaljim: how you build the rpm? 17:14:43 <strigazi> bazel? 17:14:50 <imdigitaljim> rpmbuild 17:14:57 <imdigitaljim> you can use binary format still 17:15:02 <imdigitaljim> you dont have to build from source 17:15:08 <imdigitaljim> you can grab a release from kubernetes 17:15:12 <strigazi> bazel build build/rpms 17:15:20 <strigazi> it builds in 10mins 17:15:45 <imdigitaljim> i havent used bazel, we just use something like jenkins 17:16:00 <strigazi> I build everything in a container 17:16:18 <strigazi> the builder is a container that mounts docker.sock 17:16:26 <imdigitaljim> that could work though 17:16:31 <flwang1> sorry i'm late 17:16:37 <imdigitaljim> sounds good and id like to use it 17:16:39 <imdigitaljim> ill check it out 17:16:51 <imdigitaljim> but we should definitely update our docker.io containers :) 17:17:19 <strigazi> I can push the cern containers, the only hack is that the cloud provider is disabled 17:18:08 <strigazi> I'll push them docker.io/strigazi and we see for the project repo. 17:18:16 <strigazi> hi flwang 17:18:38 <strigazi> imdigitaljim: Is anyone of you working on puting the kubelet in the master nodes? 17:18:49 <strigazi> for everyone 17:18:54 <strigazi> not only calico 17:19:22 <imdigitaljim> yeah i still need to work out the generic way to support all 17:19:31 <imdigitaljim> but its basically borrowing a bit from the minion config we have 17:19:52 <strigazi> ok, I have a patch for it, I'll finish it then 17:20:15 <imdigitaljim> ive explored some code cleanup work significantly though 17:20:24 <imdigitaljim> so maybe after we get some of these patches in 17:20:32 <strigazi> which ones? 17:20:33 <imdigitaljim> we'll lint/cleanup with idempotent changes 17:20:44 <imdigitaljim> most of the bash scripts 17:20:49 <imdigitaljim> er sh scripts* 17:20:54 <strigazi> the big one for sh? 17:21:01 <imdigitaljim> no smaller ones 17:21:20 <imdigitaljim> ill be breaking that large one down into many smaller easier to digest changes 17:22:03 <strigazi> ok 17:22:52 <strigazi> the idea for kubelet is to have the existing script for master and minion 17:23:19 <strigazi> and make cert can also be one 17:23:41 <strigazi> makes sense? 17:25:33 <strigazi> folks? 17:26:21 <flwang1> yes for me 17:26:32 <flwang1> do we still want to make it in Rocky? 17:27:32 <strigazi> if it is not intrusive, why not? it will have even less code 17:28:04 <strigazi> it is not changing the logic 17:28:19 <strigazi> the workflow will be the same 17:28:28 <flwang1> strigazi: i'm just nervous to have big change at the end of release 17:28:42 <flwang1> and you know, we don't have good e2e testing in gate 17:29:17 <strigazi> it won't be like the last one, we agreed that august will be for testing 17:29:40 <flwang1> ok, fair enough 17:29:43 <strigazi> One month is enough 17:31:07 <strigazi> imdigitaljim: colin- you are still here? 17:32:38 <imdigitaljim> yeah we are 17:33:12 <imdigitaljim> that sounds reasonable as well 17:33:25 <strigazi> do you plane to use the upstream magnum driver? It soudns good for you? 17:33:28 <imdigitaljim> fix/updating testing in august sounds appropriate too 17:33:42 <imdigitaljim> we still need quite a bit caught up for us to use upstream 17:33:52 <imdigitaljim> but we're making sure our changes are fully tested 17:34:20 <strigazi> with upstream e2e? 17:34:31 <strigazi> or you test specific apps? 17:34:35 <imdigitaljim> hopefully :] 17:34:38 <imdigitaljim> a little of both 17:35:03 <imdigitaljim> also at what point do we stop supporting like old versions of kubernetes on new branches of release 17:35:05 <flwang1> imdigitaljim: pls use sonobuoy to get a fully testing 17:35:28 <strigazi> we use e2e from heptio and test in house filesystems manually 17:36:36 <strigazi> I now use sonobuoy locally, thanks for the pointer flwang1 17:37:02 <strigazi> flwang1: to be honest, it doesn't test everything 17:37:34 <flwang1> strigazi: yes, that's why i'm going to contribute to sonobuoy 17:37:45 <flwang1> and it's too limited as for functions 17:38:15 <flwang1> e.g. you can't get the test result via the api, you have to copy the logs manually, and something like that 17:38:16 <strigazi> flwang1: what I founf was that we had a missconfiguration in flannel and when a pod has host networking it can not resolve cluster services 17:38:40 <flwang1> great to see we can find issues with it 17:38:57 <flwang1> with calico, it can pass all test cases 17:39:14 <strigazi> with flannel too, but this wasn't a test 17:39:23 <flwang1> ok 17:39:59 <strigazi> also, things regarding mounts 17:40:14 <strigazi> This was actually a bug in kubernetes 17:40:31 <strigazi> broken in 1.10.0 fixed in 1.10.3 17:40:47 <flwang1> link? 17:41:05 <strigazi> 1 sec 17:41:57 <strigazi> https://github.com/kubernetes/kubernetes/issues/62396 17:42:11 <flwang1> coool, thankss 17:42:11 <imdigitaljim> yeah we saw that 17:42:22 <imdigitaljim> thats why we pushed into 1.11 17:42:26 <imdigitaljim> we were using 1.10.1 17:43:02 <strigazi> we are in 1.10.3 but most clusters are in 1.9.3 17:46:36 <strigazi> flwang1: imdigitaljim Do you have any reviews in gerrit that need love? 17:46:55 <imdigitaljim> soon i will 17:47:03 <imdigitaljim> ive been slow adding this week 17:47:23 <flwang1> strigazi: need your comments on https://review.openstack.org/#/c/578510/ 17:47:39 <imdigitaljim> aside from merge conflic 17:47:40 <imdigitaljim> https://review.openstack.org/#/c/576623/ 17:47:44 <imdigitaljim> this needs a push 17:47:55 <imdigitaljim> as well as this 17:47:55 <imdigitaljim> https://review.openstack.org/#/c/577570/ 17:48:03 <imdigitaljim> ill fix the merge conflicts but other than that they are g2g 17:48:57 <flwang1> now we can support get rid of all floating ips, so we need to make sure all addon services can be accessed by kubectl proxy 17:49:55 <strigazi> 577570 is a bit scary, I'll have a look 17:50:45 <canori|2> hi guys. I'm new heare and I've been trying to fix the coreos driver in my environment. Here's what I have working so far: https://review.openstack.org/#/c/579026/ Any review/input would be appreciated 17:50:46 <strigazi> flwang1: see also https://review.openstack.org/#/c/508172/1 17:51:19 <flwang1> strigazi: i know that one, but i'd like to keep it simple to avoid introducing too much changes 17:51:40 <strigazi> canori|2: thanks for this 17:51:41 <flwang1> in this patch, i'd like to focus on removing the nodeport way 17:53:04 <strigazi> flwang1: with your patch, the datasource will not be added 17:53:08 <strigazi> or the dashbord 17:53:15 <strigazi> or the dashboard 17:53:27 <strigazi> grafana will be empty 17:54:29 <flwang1> strigazi: ok, i will give it a try 17:54:38 <flwang1> haven't got time to test it yet 17:54:43 <flwang1> thanks for the comments 17:54:50 <strigazi> that's why I didn't remove only the nodeports 17:56:21 <strigazi> cool, let's wrap then, thanks everyone 17:57:03 <strigazi> See you next week 17:57:22 <strigazi> #endmeeting