09:03:04 <jakeyip> #startmeeting magnum 09:03:04 <opendevmeet> Meeting started Wed Apr 26 09:03:04 2023 UTC and is due to finish in 60 minutes. The chair is jakeyip. Information about MeetBot at http://wiki.debian.org/MeetBot. 09:03:04 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 09:03:04 <opendevmeet> The meeting name has been set to 'magnum' 09:03:08 <jakeyip> #topic Roll Call 09:03:25 <dalees> o/ 09:03:38 <jakeyip> o/ 09:04:00 <travisholton> o/ 09:05:16 <jakeyip> Thanks for joining the meeting 09:05:31 <jakeyip> Agenda: 09:05:33 <jakeyip> #link https://etherpad.opendev.org/p/magnum-weekly-meeting 09:05:54 <jakeyip> #topic Supported versions for Bobcat 09:06:19 <jakeyip> we need a decision on what we should officially support for Bobcat 09:07:01 <dalees> when does Bobcat release? K8s 1.24 is end of life 2023-07-28 09:07:08 <dalees> ref: https://kubernetes.io/releases/ 09:07:45 <jakeyip> https://releases.openstack.org/ Bobcat releases in 2023-10-04 09:08:33 <jakeyip> due to the differences in containerd / podsecuritypolicy / blah blah, I feel like we should not spend any effort on backwards compatibility with k8s < v1.25 09:09:54 <jakeyip> my rationale is that 1.24 will be EOL soon, and by the time someone installs Bobcat on their infra (which may be a year or more after Bobcat releases), no one will bother with k8s < 1.25 09:10:14 <jakeyip> any effort supporting EOL versions is wasted 09:10:28 <dalees> well, that's a good point. 1.24 is alive now, but doesn't need to be in Bobcat in October. 09:11:15 <dalees> at Catalyst Cloud *we* aim for 3 supported k8s versions, but that'd be covered with 1.25+, and we'd not need to break the older **intentionally.**. 09:11:48 <dalees> I think that's reasonable for 2023-10-04 (and 1.25 EOL's in 2023-10-28). 09:12:59 <dalees> So I'd suggest we add 1.26, 1.27 to the supported list along with 1.25 for Bobcat (I have these running locally, but not certified yet) 09:13:57 <jakeyip> yeah that's the plan, it'll be easier if we decided to support k8s >= 1.25 only. the breaking change is PSP 09:14:15 <jakeyip> I want to support newer versions instead of worrying about backwards compatibility 09:15:09 <jakeyip> we will have to make it super clear it is breaking change in Bobcat and operators should not upgrade if they want to still support k8s <1.25 09:15:57 <jakeyip> I think we have to stray from OpenStack's deprecation workflow as it does not make sense for Magnum 09:15:59 <dalees> Yeah, we need to be moving forward. I do maintain a few older versions of calico in our branch with Heat template `if` statements. We could do similar but it'll bloat the HOT code to keep them long term. 09:16:41 <jakeyip> what's the 3 supported versions now for Catalyst ? 09:17:17 <dalees> I was going to say, as long as there's an overlap in versions. But Magnum doesn't have upgrade paths working, so it's blue/green rebuild anyway. Might as well jump to 1.25 if you're older ;) 09:17:30 <travisholton> 1.23.17, 1.24.12, 1.25.8 09:18:12 <dalees> 1.24+ with containerd 09:18:44 <jakeyip> ok similar for us 09:18:49 <jakeyip> we hope to drop 1.23 soon 09:19:16 <dalees> cool 09:19:34 <jakeyip> ok, similar about FCOS, I think we will also support 1 verrsion only 09:20:01 <jakeyip> I have a review up at https://review.opendev.org/c/openstack/magnum/+/880568 09:20:27 <jakeyip> #agreed support k8s >=1.25 only for Bobcat 09:20:29 <dalees> I think I'm okay with that, the older will likely **work** but not be supported/recommended. Theres only one current "stable" FCOS anyway 09:20:57 <jakeyip> the difference in FCOS is really a pain to work with 09:21:19 <jakeyip> I say document it as well as possible so operators know what verrsion to keep to 09:22:01 <dalees> Yeah, anything older than current stable may have CVEs. So running older is risky 09:23:15 <dalees> but we need to keep it functional the stable stream upstream changes, especially the rebases. So documenting known good versions is useful, for those who may be running older Magnum versions 09:24:09 <jakeyip> yeah good point about CVEs 09:24:18 <jakeyip> so hard to get user to upgrade though :D 09:24:48 <jakeyip> #agreed support only 1 version of FCOS and document it 09:25:57 <jakeyip> any other comments on this topic? 09:26:01 <dalees> similar topic - how about we document "known good" template labels? We're often incrementing calico versions and the manifests to match, in our codebase. Same would apply to other `kube-system` services 09:26:39 <dalees> (such as cloud provider openstack) 09:27:01 <jakeyip> yeah I plan to have another change up in docs for template labels 09:27:18 <jakeyip> I have some that I test with, but it's not public and it really should 09:27:34 <jakeyip> I was hoping to capture that in tests too 09:27:35 <dalees> great. If we can't change defaults due to breaking templates, then we can define them in docs so there are some known good. 09:28:19 <jakeyip> sure. please help me review to docs changes so we can get them in asap 09:28:29 <dalees> will do 09:28:51 <dalees> you'll have flannel versions, and we'll have some calico versions to share. 09:28:56 <dalees> IIRC 09:30:03 <jakeyip> yeah that'll be great, we can iterate since it's just docs. better something than nothing (current state) 09:31:06 <jakeyip> this one needs help too https://review.opendev.org/c/openstack/magnum/+/874092 09:31:30 <jakeyip> along the same vein I'll deprecate lots of thing 09:31:47 <dalees> sure will do after meeting - i missed your update to that one 09:32:59 <jakeyip> any other topic? 09:33:19 <jakeyip> oh I have something else 09:33:32 <jakeyip> #topic backport to Antelope 09:34:17 <jakeyip> we missed the Antelope deadline to get deprecation in 09:36:26 <jakeyip> also, in related news, the first version of 2023.1 has been released, but magnum isn't working because https://review.opendev.org/c/openstack/magnum/+/880820 didn't make the cut 09:37:12 <jakeyip> so since the first version isn't working, I was thinking of working on some more deprecation notice, get them merged to master and backported to antelope, then release a newer version of antelope that is working 09:37:28 <jakeyip> I wonder what everyone thinks 09:37:51 <jakeyip> this will allow us to remove the code in Bobcat 09:38:17 <dalees> ah - we need to declare the deprecations in previous release, so we can remove them in Bobcat? 09:38:47 <jakeyip> yeah 09:39:22 <dalees> is that reasonable for the community, to merge them now? And which code were you thinking of? 09:41:04 <mnasiadka> i think it's reasonable 09:42:29 <jakeyip> it'll be something like this https://review.opendev.org/c/openstack/magnum/+/833949 09:43:20 <dalees> oh, yeah. 09:45:15 <dalees> that's reasonable to backport, i feel. 09:45:20 <jakeyip> I want to deprecate swarm 09:45:47 <jakeyip> since fedora atomic is eol 09:46:08 <jakeyip> that review I posted made it into antelope so we can remove fedora atomic in bobcat 09:46:15 <mnasiadka> makes a lot of sense, I guess nobody would complain if we deprecated and dropped, but since we Antelope is fresh, we can backport the deprecate notice and drop in B 09:46:32 <jakeyip> but I also want to do the same for swarm and backport to Antelope 09:47:05 <mnasiadka> regarding https://review.opendev.org/c/openstack/magnum/+/874092 - so Bobcat will not support 1.24 and earlier, makes sense - how do we go about backporting this to stable branches? 09:47:37 <mnasiadka> jakeyip: from my perspective - we should end up with fedora coreos k8s driver only (and CAPI once it gets merged) - sooner the better 09:48:04 <jakeyip> yes that's why I want to drop as much as possible; it'll make other reviews easier too 09:48:49 <jakeyip> like the RBAC review from Rico is handling things like bay / baymodel that we want to drop in https://review.opendev.org/c/openstack/magnum/+/803780 09:49:23 <dalees> Removing PSP usage wouldn't break older versions, only if users of these versions were using that admission controller. We can decide between backporting that to Antelope, or Antelope never supporting k8s 1.25. 09:49:51 <dalees> mnasiadka: +1, I'm aligned with that driver viewpoint. 09:50:49 <jakeyip> dalees: do you mean Antelope never supporting k8s <1.25 ? 09:51:04 <jakeyip> instead of never supporting 1.25 :D 09:51:34 <dalees> jakeyip: if we don't backport that PSP change to Antelope, 1.25 won't work, will it? (because it'll be trying to create PSPs) 09:51:53 <jakeyip> oh ok sorry from different sides, I get you now 09:52:06 <jakeyip> unfortunately Antelope probably will not support 1.25 and above 09:52:59 <dalees> right - i guess if we backported it, the breaking change moves back too. and we don't want to do that. 09:53:00 <jakeyip> because our release notes says 1.24 and removal of dockershim. https://docs.openstack.org/releasenotes/magnum/2023.1.html 09:53:40 <dalees> ok that's cool. I think that answers mnasiadka's question - we don't backport it. 09:53:48 <jakeyip> mnasiadka: is that ok? 09:55:05 <mnasiadka> well, I guess from our users perspective that's a bit problematic, I'll think of somehow checking the kubernetes version in the image and basic PSP enablement on the version we get (and push that upstream), but for now it's ok ;) 09:55:56 <jakeyip> I was working on that, but it got complicated very quickly due to how tightly coupled things are 09:56:50 <mnasiadka> Understand, I don't know if I'll have time for such mission, but we'll see 09:57:12 <mnasiadka> Another stupid question out of the blue - Heat is deprecating SoftwareDeployment - do we need to do anything? 09:57:36 <dalees> implement ClusterAPI? :) 09:57:40 <jakeyip> I've answered that we still need it ? 09:57:49 <jakeyip> lol when is CAPI coming... 09:58:03 <mnasiadka> And assume that unicorns and rainbows will fix everything? nice 09:58:10 <dalees> haha 09:58:16 <jakeyip> k8s is supposed to fix everything 09:58:25 <mnasiadka> It's only bringing more complexity :) 09:58:43 <jakeyip> I feel conned 09:59:00 <jakeyip> ok we are almost at time, any other thing? 09:59:07 <mnasiadka> Ok, let's see what Heat comes up with - is there any alternative in Heat we could move into? 10:00:18 <dalees> Not this week, but I want to discuss CAPI for Bobcat sometime. We'll be focusing some effort on it 10:00:38 <dalees> do we need it as a goal, or can it go in if it's ready? 10:02:45 <jakeyip> I am not sure, will need updated from John or the stackhpc people. 10:03:26 <jakeyip> I can see them working on it so it's not abandoned. Plus they have to present at Vancouver! :) 10:04:17 <jakeyip> dalees: ping him if you want to help? 10:05:19 <dalees> jakeyip: yep; travisholton and I will do. 10:05:51 <jakeyip> cool, we are out of time. 10:06:00 <dalees> thanks all 10:06:03 <jakeyip> #endmeeting