15:00:28 <gsagie> #startmeeting kuryr 15:00:29 <openstack> Meeting started Mon Jan 4 15:00:28 2016 UTC and is due to finish in 60 minutes. The chair is gsagie. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:00:30 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:00:32 <openstack> The meeting name has been set to 'kuryr' 15:00:53 <gsagie> #info irenab, vikasc, fawadkhaliq, banix, gsagie in meeting 15:01:06 <gsagie> #info apuimedo, tfukushima are on vacations 15:01:19 <gsagie> #topic kubernetes integration 15:01:36 <gsagie> #link https://etherpad.openstack.org/p/kuryr_k8s 15:01:41 <gsagie> irenab: want to update on this? 15:01:57 <irenab> I will try to sum-up what we have 15:02:16 <gsagie> banix: i believe you have more experience on this issue as well, we should use your experience on this subject :) 15:02:22 <gsagie> hi devvesa! welcome 15:02:29 <devvesa> gsagie: o/ 15:02:31 <gsagie> #info devvesa in meeting as well :) 15:02:42 <irenab> One of the missions for the Mitaka release is to provide kuryr - Kubernetes integration 15:03:17 <irenab> We started to put ideas on the etherpad ^^ 15:04:06 <irenab> We should decide on the approach to take here if its another disctinct integration via network plugin or CNI driver 15:04:08 <devvesa> #link https://etherpad.openstack.org/p/kuryr_k8s 15:04:14 <gsagie> One of the ideas irenab brought up and i wrote it there, is that we need to think about ways to expose the extra features Neutron provide to the users, so they could use for example Kubernetes anootation to configure security groups and so on.. 15:04:45 <irenab> gsagie: I think before extra features, we need to define the integration model 15:05:28 <irenab> Looks like libnetwork reuse is not applicable at this phase 15:05:34 <gsagie> irenab: agreed, i believe the only option right now is Kubernetes network plugin 15:05:55 <gsagie> irenab: yes, until Kubernetes will support it 15:06:07 <gsagie> banix: any ideas on this subject? 15:06:16 <gsagie> or anyone else of course :) 15:06:18 <irenab> there is a network plugin that is actually CNI Driver that invokes CNI plugins, I am in favor to explore this option 15:06:32 <banix> sorry was away 15:06:36 <gsagie> np 15:07:03 <banix> yes have been following up our options with k8s 15:07:29 <banix> it seems they have a different network model in mind that may want to build on 15:07:49 <banix> I will know more by next week and can report back with a better understanding 15:07:57 <irenab> So we need 1. Integration approach. 2. Data Model mapping from k8s to neutron 3. Extra features (mainly security) 15:08:34 <irenab> banix: can you please elaborate? 15:08:52 <irenab> on they have different approach in mind 15:09:11 <banix> yes, the integration through a plugin is the available option right now 15:09:39 <banix> there are discussions about how to map/integrate CNI and CNM 15:09:51 <banix> former from k8 and later from libnetwork 15:10:08 <banix> i haven’t followed the latest discussions in the last two weeks 15:10:38 <irenab> banix:discussions on kubernetes-sig-network ? 15:10:56 <banix> yes 15:11:06 <gsagie> irenab, banix: any chance we can put this task on any of you two to write a short spec for this? or is taku also working on that? 15:11:22 <irenab> gsagie: I will start this asap 15:11:34 <banix> gsagie: yes sure; will talk to irenab 15:11:55 <gsagie> #action irenab, banix start writing a spec for kubernetes integration in terms of 1. Integration approach. 2. Data Model mapping from k8s to neutron 3. Extra features (mainly security) 15:11:57 <irenab> banix: great! Will be happy to collaborate on this 15:12:02 <gsagie> irenab, banix: thanks! 15:12:18 <gsagie> we all should read more and be ready to discuss more concrete details next week 15:12:29 <vikasc> +1 gsagie 15:12:45 <gsagie> i would like us to also try to talk with deployers and understand missing use cases for networking features when deploying with Kubernetes 15:12:54 <gsagie> i have some team i can check internally 15:13:09 <irenab> gsagie: I beleive it both deployers and cluster admins 15:13:29 <gsagie> #action gsagie understand use cases for deploying Kubernetes and update the etherpad 15:13:33 <gsagie> irenab: yep 15:13:35 <irenab> if you can collect data from both, will be great 15:13:58 <gsagie> irenab: yeah i have some people that i can talk with, but would appreciate any more feedback 15:14:12 <irenab> I can provide useful link of use cases shared in the kubernetes-sig-networking team 15:14:28 <gsagie> irenab: that would be great! 15:14:40 <gsagie> #action irenab provide useful link of use cases shared in the kubernetes-sig-networking team 15:14:40 <irenab> https://docs.google.com/document/d/1ZCz_MZILzKCbFwF9gjU1YNA1YbNaw0NDsESh1P6Vcnc/edit 15:14:47 <gsagie> #link https://docs.google.com/document/d/1ZCz_MZILzKCbFwF9gjU1YNA1YbNaw0NDsESh1P6Vcnc/edit 15:15:20 <gsagie> so anything else for Kubernetes ? i think Taku will also join you and banix as he also investigated these areas 15:15:27 <gsagie> and we should be smarter next meeting hopefully 15:15:43 <banix> sounds good 15:15:53 <irenab> gsagie: banix : I think we should have initial spec up to next meeting 15:16:19 <gsagie> #topic vif binding 15:16:29 <gsagie> banix, i see you have an action item for linux bridge binding 15:17:02 <banix> gsagie: I will get to it. Have been off the grid for last two weeks 15:17:03 <gsagie> i dont think its any urgent task, but was wondering if you have any update 15:17:13 <gsagie> banix: np, understandable :) 15:17:24 <banix> one thing that worries me is the cost in terms of latency 15:17:46 <gsagie> what do you mean cost? 15:17:58 <banix> using an executable; I think eventually, sooner rather than later we need to load modules for drivers, etc 15:18:27 <banix> gsagie: i mean specially for ovs with sec groups, there are many commands to be executed 15:18:42 <gsagie> banix: i agree, executable doesnt scale and there are already examples for that with security groups iptables CLI ;) 15:18:45 <banix> with sudo, etc 15:18:51 <gsagie> heh yeah 15:19:07 <banix> so i have that in my list of todos 15:19:47 <gsagie> #action banix to investigate linux bridge binding and alternatives to using an executable scripts for binding 15:19:51 <gsagie> banix: ok sounds good 15:20:22 <gsagie> banix: the OVS unbind part was merged while in holiday, seems ok to me but i would verify when you have time that everything works for you too 15:20:37 <banix> yes noticed that. will do. 15:20:45 <gsagie> ok, thanks 15:20:55 <gsagie> #topic IPAM 15:21:01 <gsagie> vikasc: any update for this? 15:21:01 <vikasc> https://review.openstack.org/#/c/256211/ 15:21:14 <vikasc> i addressed banix comments on this patch 15:21:16 <gsagie> #link https://review.openstack.org/#/c/256211/ 15:21:40 <gsagie> okie, will review it probably tommorow 15:22:09 <gsagie> vikasc: there is also updating the devref with the implementation details 15:22:15 <vikasc> thanks.. i am spending time understanding kubernetes networking model 15:22:19 <vikasc> yes 15:22:30 <vikasc> last week i was on vacation 15:22:31 <gsagie> just to document things better, i will add fullstack tests for it, unless you want to do it as well 15:22:36 <gsagie> np 15:22:52 <gsagie> was quite 2 weeks with out all of you here :) 15:23:05 <gsagie> #action vikasc update devref for IPAM 15:23:12 <gsagie> #action gsagie add fullstack tests for IPAM 15:23:19 <vikasc> sounds good 15:23:23 <gsagie> #topic packaging 15:23:40 <gsagie> devvesa: any update on that? 15:24:02 <devvesa> No. I didn't get any feedback 15:24:21 <devvesa> I'll try to push this week 15:24:25 <gsagie> devvesa: is there anything i can help with? 15:24:25 <devvesa> and test it better 15:24:56 <gsagie> okie, sounds good 15:24:58 <devvesa> Not now. If I have any question about the service/configuration for packaging, I'll ask in the mailing list or IRC 15:25:00 <devvesa> :) 15:25:08 <gsagie> okie great 15:25:31 <gsagie> ihar from neutron might be able to help with that 15:25:52 <gsagie> #action devvesa continue with packaging task and testing 15:26:02 <gsagie> #topic capabilities 15:26:17 <gsagie> Toni is not here, so i guess no update on that, 15:26:30 <gsagie> #action gsagie check capabilities progress with apuimedo 15:26:50 <gsagie> #topic docker swarm 15:27:19 <gsagie> banix: i see from 2 meetings ago that you conducted a demo with Kuryr and Docker Swarm anything available? 15:27:28 <gsagie> will be cool to post it to the mailing list 15:28:03 <banix> gsagie: will do; don’t have a recorded demo but will do it 15:28:41 <banix> gsagie: to be more accurate i have recorded a simple demo but will try to make a cleaner and better one in a day or two and post 15:28:42 <gsagie> cool, that will be awesome, let me know when you do 15:29:00 <gsagie> we should link to it for people to see :) 15:29:12 <banix> yes will do 15:29:21 <gsagie> #action banix publish a recorded demo of docker swarm with Kuryr 15:29:26 <gsagie> thanks! 15:29:30 <banix> np 15:29:35 <gsagie> #topic testing 15:30:14 <gsagie> ok, so regarding testing i would like to ask your premission to merge https://review.openstack.org/#/c/259744/ , apuimedo has -1 on it but he is on long time off 15:30:21 <gsagie> and already approved to merge it in temporary 15:30:29 <gsagie> its blocking the fullstack tests progress 15:30:51 <gsagie> I already have a bug assigned to solve this issue and an idea how to do it but want it to happen in parallel 15:31:02 <banix> gsagie: go for it 15:31:15 <gsagie> banix: great 15:31:50 <gsagie> #action gsagie continue on fullstack tests and solve the neutron credential problem in the gate 15:32:17 <gsagie> banix: Baohua is from your team? 15:32:33 <banix> gsagie: yes 15:32:36 <gsagie> i guess he was on vacation as well since i havent seen him and i think you said he wants to join the testing efforts 15:32:47 <gsagie> last meeting i directed him to my patches 15:33:13 <gsagie> i will try to sync with him tommorow 15:33:23 <banix> gsagie: yes, i will follow up with him too 15:33:27 <gsagie> #action gsagie sync with Baohua regarding testing 15:33:36 <gsagie> #action gsagie add Rally docker plugin 15:34:04 <gsagie> Another thing i wanted to ask you guys, i want to start adding Docker plugin for Rally, do we want to do this as part of Kuryr, or add this directly to Rally? 15:34:09 <gsagie> and only use it from Kuryr 15:34:46 <fawadkhaliq> gsagie: adding in Kuryr should be okay and can be managed well. 15:34:48 <gsagie> wanted to ask everyone before sending the question to the list, the rally team said we can go either way where they prefer to have it in the rally repository 15:35:27 <gsagie> fawadkhaliq: yeah i agree 15:35:46 <banix> don’t know I am afraid 15:35:47 <gsagie> i think i will also email to the list, so we do this process in the open and get more opinions 15:36:00 <fawadkhaliq> unless there is an added benefit of keeping in the Rally repo, which I can't think of right now. 15:36:08 <fawadkhaliq> cool. makes sense 15:36:21 <gsagie> fawadkhaliq: the only benefit is that we will have the rally team review it more closely 15:36:38 <gsagie> atleast thats what i can think of 15:36:56 <fawadkhaliq> reviews are significant :-) 15:37:01 <fawadkhaliq> we can consider it. 15:37:04 <gsagie> okie, will send to the list and we take it from there :) 15:37:19 <fawadkhaliq> sounds great! 15:37:28 <gsagie> i still havent got to the magnum integration for nested containers 15:37:39 <gsagie> #action gsaguie magnum integration and nested containers design 15:37:49 <gsagie> #action gsagie magnum integration and nested containers design 15:37:54 <fawadkhaliq> on nested containers 15:38:21 <fawadkhaliq> Toni gave me an action item 2 weeks ago and we were heading into the holidays 15:38:39 <fawadkhaliq> I will take a stab at writing a spec and we can iterate over it. 15:38:44 <gsagie> which one? 15:38:54 <gsagie> okie great! thanks for that 15:39:10 <gsagie> #action fawadkhaliq propose a spec for magnum integration and nested containers 15:39:39 <fawadkhaliq> I will reach out for discussions :-) 15:39:54 <gsagie> fawadkhaliq: important to think how we expose all the possible models to the user , for example OVS in the VM, IPVLAN usage with eBPF like you guys did and so on 15:40:09 <fawadkhaliq> absolutely 15:40:22 <gsagie> and another point that came up, is how to model the Kuryr service and where, there were questions about how it can reach Neutron API from inside the VM 15:40:37 <gsagie> and points like these.. just bringing them up :) 15:41:07 <gsagie> ok, feel free to discuss about that if you have any questions 15:41:24 <fawadkhaliq> yup, thanks! will cater for them and definitely, will discuss over #kuryr 15:41:32 <gsagie> okie 15:41:36 <gsagie> #topic open discussion 15:41:49 <gsagie> Thanks everyone for joining the first meeting of the new year :) 15:42:09 <gsagie> and welcome back everyone that had a good vacation, hope you had fun and managed to get some rest :) 15:42:15 <gsagie> and good to see you all again! 15:42:21 <banix> thank you! 15:42:30 <fawadkhaliq> thanks and likewise! 15:43:09 <gsagie> okie, good day everyone! bye 15:43:12 <gsagie> #endmeeting