08:59:26 <strigazi> #startmeeting magnum 08:59:26 <opendevmeet> Meeting started Wed Mar 2 08:59:26 2022 UTC and is due to finish in 60 minutes. The chair is strigazi. Information about MeetBot at http://wiki.debian.org/MeetBot. 08:59:26 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 08:59:26 <opendevmeet> The meeting name has been set to 'magnum' 08:59:31 <strigazi> #topic Roll Call 08:59:35 <strigazi> o/ 09:00:02 <jakeyip> o/ 09:02:02 <mnasiadka> o/ 09:02:24 <bbezak> o/ 09:04:15 <gbialas> o/ 09:04:41 <strigazi> #topic Previous Action Items 09:04:58 <strigazi> #link https://etherpad.opendev.org/p/magnum-weekly-meeting 09:05:29 <strigazi> jakeyip: did you manage to change the validation for mesos? 09:06:33 <jakeyip> yeah I've sent up a very simple patch 09:07:26 <jakeyip> https://review.opendev.org/c/openstack/magnum/+/830594 - works and just complains that `Requested COE type %s is not supported` if we use mesos 09:08:46 <strigazi> cool, maybe add a release note too 09:09:25 <jakeyip> ok 09:11:35 <strigazi> #action jakeyip, strigazi follow 830594: Remove mesos API validation | https://review.opendev.org/c/openstack/magnum/+/830594 09:12:17 <strigazi> next was to comment on mesos, baymodel removal for Z. I will add it today. 09:12:32 <strigazi> #action trigazi to comment on 821213: Drop mesos driver | https://review.opendev.org/c/openstack/magnum/+/821213 , 803780: Drop bay and baymodel from controllers | https://review.opendev.org/c/openstack/magnum/+/803780 , 803629: Drop bay and baymodel | https://review.opendev.org/c/openstack/python-magnumclient/+/803629 09:13:01 <strigazi> Next two items are from mnasiadka's for reviews 09:13:24 <strigazi> mnasiadka: I managed to test and merge the OVN pod-to-pod patch https://review.opendev.org/c/openstack/magnum/+/773923 09:13:47 <mnasiadka> yes, thanks for that :) 09:14:14 <strigazi> for the three octavia patches. the code lgtm but my devstack was not cooperating. I think today or tomorrow we should merge them 09:14:48 <mnasiadka> We're using that downstream in production for some time, so those should be working :) 09:15:04 <strigazi> jakeyip: did you have time to look as well? it is this series: https://review.opendev.org/c/openstack/magnum/+/767119/ 09:15:19 <strigazi> mnasiadka: ok :) 09:15:26 <jakeyip> same, I am having devstack issues, so still trying to get it 09:15:46 <jakeyip> mnasiadka: do your clusters use octavia ingress? does it work with OVN? 09:16:16 <mnasiadka> No, we use nginx ingress, octavia ingress controller does not support OVN LB 09:16:44 <mnasiadka> We weren't very happy around octavia ingress controller - but I don't remember why 09:16:47 <mnasiadka> bbezak: do you remember? 09:17:28 <mnasiadka> basically, OVN LB supports only TCP and UDP mode balancing, so we can't use octavia-ingress-controller for this 09:17:58 <strigazi> mnasiadka: you also want proxy? 09:18:53 <mnasiadka> strigazi: proxy? as in an Octavia/OVN load balancer in front on the nginx ingress controller? 09:19:54 <jakeyip> mnasiadka: i see. so is ovn octavia only for the api / etcd ? 09:20:08 <strigazi> mnasiadka PROXY protocol 09:20:51 <mnasiadka> jakeyip: you can use loadbalancer service via occm 09:21:08 <strigazi> mnasiadka: ah, actually its HTTP(S) that is missing too :) 09:21:38 <jakeyip> ah ok 09:21:40 <mnasiadka> yes, https needs to be terminated on the service itself (OVN is only TCP/UDP load balancer, no HTTP) 09:21:53 <mnasiadka> no PROXY, no fancy features 09:22:01 <mnasiadka> but also no Amphora VM :) 09:22:51 <strigazi> mnasiadka: we use TungstenFabric that has no VMs either, it manages haproxy processes though 09:23:18 <mnasiadka> I'm familiar with TungstenFabric, OVN LBs are purely OpenFlow rules 09:23:31 <mnasiadka> like an iptables load balancer 09:23:52 <mnasiadka> but it has healthchecks now (if you use OVN 21.06), so a bit better than iptables 09:24:16 <strigazi> yeah yeah, for many things that's more optimal, does it keep the client-ip? 09:24:19 <jakeyip> strigazi: does CERN use OVN? 09:25:03 <mnasiadka> strigazi: yes, client ip is seen on the connection target, no fancy headers needed 09:25:04 <strigazi> jakeyip: no, just Tungsten for LBs at the moment 09:25:52 <jakeyip> ok. we are migrating to OVN so this patches will be helpful for us, thanks :) 09:25:53 <strigazi> mnasiadka: cool, because with iptable (eg kube-proxy) you lose it 09:26:39 <strigazi> Let's move on, next was: 09:26:45 <opendevreview> Merged openstack/magnum master: Support quota hard_limit values of zero https://review.opendev.org/c/openstack/magnum/+/764254 09:26:52 <strigazi> mnasiadka to follow up kubernetes conformance for Yoga https://www.cncf.io/certification/software-conformance/ 09:27:10 <strigazi> did you have time to look at it last week? 09:27:21 <mnasiadka> started to set up an env for this, so should file a PR in the regular repo in the coming days 09:27:46 <strigazi> mnasiadka: awesome! So it passes right? 09:28:27 <mnasiadka> yes, sonobuoy has no errors, so just need to gather the logs and fire off a pull request in github 09:28:36 <strigazi> #action strigazi to review Octavia Patches https://review.opendev.org/c/openstack/magnum/+/764444 https://review.opendev.org/c/openstack/magnum/+/765309 https://review.opendev.org/c/openstack/magnum/+/767119 09:28:51 <strigazi> mnasiadka: That's great, thanks 09:29:01 <strigazi> #action mnasiadka to follow up kubernetes conformance for Yoga https://www.cncf.io/certification/software-conformance/ 09:29:30 <strigazi> next, was the quota patches, both merged, one of them seconds ago 09:29:45 <strigazi> and last is jakeyip to deprecate fedora-atomic driver(s) 09:30:15 <strigazi> jakeyip: ^^ you managed? 09:31:13 <jakeyip> yeah will do it similarly to mesos 09:31:27 <jakeyip> haven't got started 09:31:32 <strigazi> #action jakeyip to deprecate fedora-atomic driver(s) 09:31:33 <strigazi> thanks 09:31:54 <strigazi> I'm adding one more patch to have it ready for next week: 09:32:07 <strigazi> #action strigazi, jakeyip to review 775793: Support extra_network and extra_subnet labels | https://review.opendev.org/c/openstack/magnum/+/775793 09:32:31 <strigazi> #topic Install calico via helm 09:33:13 <strigazi> Recently, we updated calico, to the update more managable helm would help, as anyone looke at the tigera operator recently? 09:33:36 <strigazi> I think i discussed this with someone from stackHPC 09:33:42 <bbezak> mnasiadka: Octavia ingress controller was a bumpy road last time I've looked into it, and not much maintainers on it. Ingress-nginx is a out of the box experience. 09:34:12 <strigazi> #link https://github.com/tigera/operator 09:34:38 <bbezak> It looks like we can bump coredns to 1.8.* versions after this merged in apparently - https://review.opendev.org/c/openstack/magnum/+/830603 09:35:13 <strigazi> bbezak: yeap 09:38:57 <strigazi> For calico, do you think it makes sense to have our own helm-chart? 09:39:11 <strigazi> jakeyip: mnasiadka: you use calico, flannel or smth else? 09:40:17 <mnasiadka> we use mainly calico 09:40:35 <mnasiadka> but we haven't tried the tigera operator 09:41:10 <strigazi> mnasiadka: the main issue right now is that we can configure it to use our registry 09:41:21 <mnasiadka> but I guess it would make sense to try it out, but I don't know if we can commit to doing that before Yoga release 09:41:25 <jakeyip> we use flannel - there is a problem with using calico with our current SDN. will evaluate calico again when we migrate to OVN 09:41:32 <mnasiadka> strigazi: right 09:42:28 <strigazi> let's leave it for Z then 09:42:53 <strigazi> #topic Open Discussion 09:43:16 <strigazi> Any other business? 09:46:00 <strigazi> See you next week then! 09:46:03 <strigazi> #endmeeting