08:59:26 #startmeeting magnum 08:59:26 Meeting started Wed Mar 2 08:59:26 2022 UTC and is due to finish in 60 minutes. The chair is strigazi. Information about MeetBot at http://wiki.debian.org/MeetBot. 08:59:26 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 08:59:26 The meeting name has been set to 'magnum' 08:59:31 #topic Roll Call 08:59:35 o/ 09:00:02 o/ 09:02:02 o/ 09:02:24 o/ 09:04:15 o/ 09:04:41 #topic Previous Action Items 09:04:58 #link https://etherpad.opendev.org/p/magnum-weekly-meeting 09:05:29 jakeyip: did you manage to change the validation for mesos? 09:06:33 yeah I've sent up a very simple patch 09:07:26 https://review.opendev.org/c/openstack/magnum/+/830594 - works and just complains that `Requested COE type %s is not supported` if we use mesos 09:08:46 cool, maybe add a release note too 09:09:25 ok 09:11:35 #action jakeyip, strigazi follow 830594: Remove mesos API validation | https://review.opendev.org/c/openstack/magnum/+/830594 09:12:17 next was to comment on mesos, baymodel removal for Z. I will add it today. 09:12:32 #action trigazi to comment on 821213: Drop mesos driver | https://review.opendev.org/c/openstack/magnum/+/821213 , 803780: Drop bay and baymodel from controllers | https://review.opendev.org/c/openstack/magnum/+/803780 , 803629: Drop bay and baymodel | https://review.opendev.org/c/openstack/python-magnumclient/+/803629 09:13:01 Next two items are from mnasiadka's for reviews 09:13:24 mnasiadka: I managed to test and merge the OVN pod-to-pod patch https://review.opendev.org/c/openstack/magnum/+/773923 09:13:47 yes, thanks for that :) 09:14:14 for the three octavia patches. the code lgtm but my devstack was not cooperating. I think today or tomorrow we should merge them 09:14:48 We're using that downstream in production for some time, so those should be working :) 09:15:04 jakeyip: did you have time to look as well? it is this series: https://review.opendev.org/c/openstack/magnum/+/767119/ 09:15:19 mnasiadka: ok :) 09:15:26 same, I am having devstack issues, so still trying to get it 09:15:46 mnasiadka: do your clusters use octavia ingress? does it work with OVN? 09:16:16 No, we use nginx ingress, octavia ingress controller does not support OVN LB 09:16:44 We weren't very happy around octavia ingress controller - but I don't remember why 09:16:47 bbezak: do you remember? 09:17:28 basically, OVN LB supports only TCP and UDP mode balancing, so we can't use octavia-ingress-controller for this 09:17:58 mnasiadka: you also want proxy? 09:18:53 strigazi: proxy? as in an Octavia/OVN load balancer in front on the nginx ingress controller? 09:19:54 mnasiadka: i see. so is ovn octavia only for the api / etcd ? 09:20:08 mnasiadka PROXY protocol 09:20:51 jakeyip: you can use loadbalancer service via occm 09:21:08 mnasiadka: ah, actually its HTTP(S) that is missing too :) 09:21:38 ah ok 09:21:40 yes, https needs to be terminated on the service itself (OVN is only TCP/UDP load balancer, no HTTP) 09:21:53 no PROXY, no fancy features 09:22:01 but also no Amphora VM :) 09:22:51 mnasiadka: we use TungstenFabric that has no VMs either, it manages haproxy processes though 09:23:18 I'm familiar with TungstenFabric, OVN LBs are purely OpenFlow rules 09:23:31 like an iptables load balancer 09:23:52 but it has healthchecks now (if you use OVN 21.06), so a bit better than iptables 09:24:16 yeah yeah, for many things that's more optimal, does it keep the client-ip? 09:24:19 strigazi: does CERN use OVN? 09:25:03 strigazi: yes, client ip is seen on the connection target, no fancy headers needed 09:25:04 jakeyip: no, just Tungsten for LBs at the moment 09:25:52 ok. we are migrating to OVN so this patches will be helpful for us, thanks :) 09:25:53 mnasiadka: cool, because with iptable (eg kube-proxy) you lose it 09:26:39 Let's move on, next was: 09:26:45 Merged openstack/magnum master: Support quota hard_limit values of zero https://review.opendev.org/c/openstack/magnum/+/764254 09:26:52 mnasiadka to follow up kubernetes conformance for Yoga https://www.cncf.io/certification/software-conformance/ 09:27:10 did you have time to look at it last week? 09:27:21 started to set up an env for this, so should file a PR in the regular repo in the coming days 09:27:46 mnasiadka: awesome! So it passes right? 09:28:27 yes, sonobuoy has no errors, so just need to gather the logs and fire off a pull request in github 09:28:36 #action strigazi to review Octavia Patches https://review.opendev.org/c/openstack/magnum/+/764444 https://review.opendev.org/c/openstack/magnum/+/765309 https://review.opendev.org/c/openstack/magnum/+/767119 09:28:51 mnasiadka: That's great, thanks 09:29:01 #action mnasiadka to follow up kubernetes conformance for Yoga https://www.cncf.io/certification/software-conformance/ 09:29:30 next, was the quota patches, both merged, one of them seconds ago 09:29:45 and last is jakeyip to deprecate fedora-atomic driver(s) 09:30:15 jakeyip: ^^ you managed? 09:31:13 yeah will do it similarly to mesos 09:31:27 haven't got started 09:31:32 #action jakeyip to deprecate fedora-atomic driver(s) 09:31:33 thanks 09:31:54 I'm adding one more patch to have it ready for next week: 09:32:07 #action strigazi, jakeyip to review 775793: Support extra_network and extra_subnet labels | https://review.opendev.org/c/openstack/magnum/+/775793 09:32:31 #topic Install calico via helm 09:33:13 Recently, we updated calico, to the update more managable helm would help, as anyone looke at the tigera operator recently? 09:33:36 I think i discussed this with someone from stackHPC 09:33:42 mnasiadka: Octavia ingress controller was a bumpy road last time I've looked into it, and not much maintainers on it. Ingress-nginx is a out of the box experience. 09:34:12 #link https://github.com/tigera/operator 09:34:38 It looks like we can bump coredns to 1.8.* versions after this merged in apparently - https://review.opendev.org/c/openstack/magnum/+/830603 09:35:13 bbezak: yeap 09:38:57 For calico, do you think it makes sense to have our own helm-chart? 09:39:11 jakeyip: mnasiadka: you use calico, flannel or smth else? 09:40:17 we use mainly calico 09:40:35 but we haven't tried the tigera operator 09:41:10 mnasiadka: the main issue right now is that we can configure it to use our registry 09:41:21 but I guess it would make sense to try it out, but I don't know if we can commit to doing that before Yoga release 09:41:25 we use flannel - there is a problem with using calico with our current SDN. will evaluate calico again when we migrate to OVN 09:41:32 strigazi: right 09:42:28 let's leave it for Z then 09:42:53 #topic Open Discussion 09:43:16 Any other business? 09:46:00 See you next week then! 09:46:03 #endmeeting