#openstack-containers log

09:01:12 <jakeyip> #startmeeting magnum
09:01:12 <opendevmeet> Meeting started Wed Aug 30 09:01:12 2023 UTC and is due to finish in 60 minutes.  The chair is jakeyip. Information about MeetBot at http://wiki.debian.org/MeetBot.
09:01:12 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
09:01:12 <opendevmeet> The meeting name has been set to 'magnum'
09:01:17 <jakeyip> #topic Roll Call
09:01:21 <jakeyip> o/
09:01:23 <dalees> o/
09:02:22 <jakeyip> Thanks for joining the meeting
09:02:42 <jakeyip> Agenda:
09:02:46 <jakeyip> #link https://etherpad.opendev.org/p/magnum-weekly-meeting
09:03:42 <travisholton> o/
09:03:57 <jakeyip> #topic Cluster API
09:04:55 <jakeyip> So I've been playing with it and I think it's good. One of the things we discussed last week was to have some sort of gate to keep the driver from being activated automatically.
09:05:37 <jakeyip> is everyone ok with the method at https://review.opendev.org/c/openstack/magnum/+/891722 ?
09:06:10 <jakeyip> it's not verified, but if everyone is OK I will do the necessary to rebase it and get it passing
09:07:12 <dalees> I agree,  I think there's features to add and probably bugs to fix. But it's a really great base to begin with and the beta flag reduces the risk of merging most of the patches as they are into the capi driver path
09:07:34 <jakeyip> thanks dalees :)
09:08:55 <dalees> do we need to merge this soon, with the milestone almost upon us?
09:09:12 <jakeyip> let's carry on, I don't want to overrun the meeting as we have lots to cover. we can loop back to this at the end, for those who are reviewing patches right now.
09:09:38 <jakeyip> yes I just want an OK from the team, for a couple of patches then I'll do the rebase and we can merge it
09:10:06 <jakeyip> the other thing to discuss is the hard problem, naming https://review.opendev.org/c/openstack/magnum/+/892854.
09:11:03 <jakeyip> this is because there were a few different var name in different places, so I propose standardising it to 'capi'. similarly this needs an OK from the team before I do the rebase, because it affects everything up the line.
09:11:52 <jakeyip> anyone has any comments
09:12:17 * travisholton is ok with "capi"
09:12:35 <jakeyip> thanks travisholton
09:12:53 <dalees> yep, your proposed changes are fine
09:13:20 <jakeyip> ok I think these are the only two blockers. if I don't see any objections by the end of the day I'll rebase everything up to https://review.opendev.org/c/openstack/magnum/+/880805 and try to get it passing checks.
09:14:14 <dalees> fantastic
09:14:16 <jakeyip> #action jakeyip to rebase the CAPI changes up to 880805
09:14:27 <jakeyip> dalees: you want to talk about helm repo?
09:16:08 <dalees> briefly - I've created the patches to make the gerrit repo and the intended contents are to fork https://github.com/stackhpc/capi-helm-charts/ (apache2 license) and continue development with the Magnum community.
09:16:45 <travisholton> i think we'll need https://github.com/stackhpc/cluster-api-addon-provider to start with as well
09:18:07 <dalees> I'm not sure we want to fork and own that as part of Magnum. That belongs more with the CAPI project?
09:18:21 <mnasiadka> Let's try with basic stuff first and see if we need anything else
09:19:26 <travisholton> ok
09:19:58 <jakeyip> great work, thanks. where do we go from there? do we still need a registry, or do you think we will be able to push to a gh-pages branch?
09:21:13 <mnasiadka> we will push the helm chart to artifacthub
09:21:14 <dalees> not sure yet - mnasiadka suggested we look at how openstack-helm publishes and follow that model
09:21:19 <mnasiadka> just like openstack-helm does with their charts
09:21:37 <mnasiadka> I can take care of that once we get the repo in and move the code there
09:21:53 <jakeyip> AFAICT, that's how I think it works. They have a workflow that pushes the updated index.yaml to the gh-pages branch https://github.com/stackhpc/capi-helm-charts/blob/gh-pages/index.yaml
09:22:28 <mnasiadka> yes, but the repo is in github, so that's logical
09:22:38 <jakeyip> so the repo https://github.com/stackhpc/capi-helm-charts pages becomes https://stackhpc.github.io/capi-helm-charts
09:22:56 <mnasiadka> openstack does not use gh-pages or anything similar - so I think we need to push to artifacthub (the usual helm chart place) just like openstack-helm does
09:22:58 <dalees> we should follow the opendev model, and not add github if it's not necessary.
09:23:17 <mnasiadka> +1 for what dalees is saying ;-)
09:25:27 <jakeyip> yeah but opendev mirrors to github (automatically? not sure). if we can push to https://opendev.org/openstack/magnum-capi-helm-charts gh-pages branch, and that mirrors to github, we may have it for free at openstack.github.io/magnum-capi-helm-chartss
09:27:06 <jakeyip> artifacthub sounds good too, will someone help explore that?
09:27:47 <dalees> happy to explore that and artifacthub with mnasiadka as we get the repo and code in there. I'll suggest the easiest trodden path that helm can use, for the first Magnum release iteration :)
09:27:49 <mnasiadka> jakeyip: let's not use github
09:28:09 <jakeyip> oh the other option is the original openstackmagnum dockerhub repo. spyros (previous PTL) gave me access.
09:28:32 <jakeyip> dockerhub is OCI registry so it should be able to host helm chart too
09:28:32 <dalees> i suspect the easiest will be whatever openstack-helm has chosen.
09:28:56 <jakeyip> I agreee. it is good to do it the 'official' way.
09:29:09 <mnasiadka> good
09:29:09 <dalees> capi driver using an OCI registry for the helm charts is a feature that needs ot be added ( travisholton will be contributing soon, or already has )
09:29:42 <dalees> so that probably isn't the first option to choose.
09:29:55 <jakeyip> ok.
09:30:42 <mnasiadka> ok, I might have a stupid question (which I asked already) - I'm fine with doing the Helm thing for now - but aren't we closing Vexxhost's adoption of upstream driver by not supporting pykube as an alternative?
09:32:36 <jakeyip> so we discussed it a bit. it is tricky to support 2 drivers doing the same thing due to how magnum structures the driver code.
09:32:40 <dalees> mnasiadka: sort of, it'd still work added to Magnum as they do now. It's an alternate capi driver to stackhpc's helm driver and would need a new driver namespace (and driver tuple matching, as jakeyip pointed out).
09:33:13 <jrosser> can i ask if you're breaking deployments already using the vexxhost code?
09:33:56 <jakeyip> jrosser: good question. do you have links to the vexxhost code?
09:34:19 <jakeyip> I think it's https://github.com/vexxhost/magnum-cluster-api (I have a bookmark :D )
09:34:37 <jrosser> yes
09:35:13 <jrosser> as an operator and contributor to deployment tooling, it is concerning to me that there are aparrently two parallel efforts here
09:35:20 <mnasiadka> dalees: I still think we should strive to get more people collaborating on the upstream driver ;-)
09:35:35 <dalees> I don't think the driver name conflicts, but the tuple matching may, if the capi driver also provides {"server_type": "vm", "os": "ubuntu", "coe": "kubernetes"}  ref https://github.com/vexxhost/magnum-cluster-api/blob/main/magnum_cluster_api/driver.py#L379C15-L379C15
09:37:01 <dalees> mnasiadka: i agree; I'd like to have been involved in the discussions between vexxhost and stackhpc at the summit as they presented a talk together. Neither are represented in this meeting, unfortunately
09:37:33 <mnasiadka> dalees: I work at StackHPC, but most of my interests are outside Kubernetes
09:38:08 <mnasiadka> But yes, the interested party should be on the meeting, but probably it's hard to make a meeting for AU/NZ, Canada and Europe ;-)
09:38:19 <dalees> mnasiadka: ah, apologies!
09:38:39 <mnasiadka> dalees: I have enough on my plate being Kolla PTL, no apologies needed :)
09:39:12 <jakeyip> yes I agree, I too would love them to join in the meeting too. we really need help.
09:40:22 <jakeyip> for the very first CAPI change https://review.opendev.org/c/openstack/magnum/+/815521/ , mnaser from vexxhost is involved
09:43:25 <dalees> yeah; I read it as the vexxhost driver created in Oct 2022, perhaps due to slow movement on that. The commits from stackhpc arrived in April 2023
09:44:03 <jakeyip> yeah at that time john's change was 'os': 'cluster_api'
09:44:26 <jakeyip> jrosser: do you mind sharing more; are you using vexxhost code already?
09:45:27 <jrosser> jakeyip: yes, but not yet in a production setting
09:45:59 <jrosser> and i am core contributor to openstack-ansible and have the tooling 90% complete to deploy it
09:46:44 <jrosser> and on top of that i have 3 real environments with users who would love easy k8s-aas
09:47:54 <jakeyip> jrosser: thanks for bringing this up. I think we might have been blindsided by this because vexxhost isn't in the meetings, and didn't warn us about it in the reviews.
09:48:34 <jrosser> i believe their implementation is pretty complete and tested with customers, but i have no affiliation with either vexxhost or stackhpc
09:49:03 <jrosser> i am more interested in seeing a good outcome all round
09:49:32 <mnasiadka> as we all do
09:49:55 <mnasiadka> jakeyip: maybe worth sending a mail to mnaser and ricolin?
09:50:49 <jakeyip> personally I haven't chatted with mnaser yet. I was under the impression that matt, who is a contributor from stackhpc to the clusterapi patches, and did a talk at vancouver with mnaser, would have cleared it with him and what he sent is good.
09:51:20 <jakeyip> mnasiadka: yes I will write something up
09:51:55 <mnasiadka> thanks
09:52:12 <jakeyip> also mnaser is a core on magnum
09:52:50 <jakeyip> but he didn't -2 those patches :D
09:53:26 <dalees> He proposed PTL candidacy for Magnum, too: https://review.opendev.org/c/openstack/election/+/893096
09:55:18 <dalees> we did discuss this topic in the vPTG, but again it didn't have both relevant parties there (though ricolin was), and a lot has changed in both drivers since March
09:56:37 <jakeyip> oh ok. I should get into contact with him and see if there's a reason he can't make it to this meeting, maybe timezone or something, and we try to accomodate. also ping him to review the clusterapi patches.
09:57:03 <jakeyip> anyway we are almost at the hour. anything else for capi? there are two other topics :(
09:57:52 <dalees> yeah it's 5am in quebec, happy to try and accommodate him.
09:58:57 <dalees> nothing more on capi from me
09:59:28 <jakeyip> I'll quickly update secure-rbac. ricolin has a bunch of reviews that needs eyes. thanks mnasiadka for checking them.
10:00:41 <jakeyip> #topic secure-rac
10:00:44 <jakeyip> #topic secure-rbac
10:00:47 <jakeyip> I'll quickly update secure-rbac. ricolin has a bunch of reviews that needs eyes. thanks mnasiadka for checking them.
10:01:38 <jakeyip> there was a bit of bump because the scope changes for trust made some policies irrelevant. but I think we have nailed that. mnasiadka has tested them.
10:02:11 <jakeyip> I will aim to test up to 893018 and get that in
10:03:21 <jakeyip> if anyone has time do take a look.
10:03:27 <jakeyip> anything else for secure-rbac?
10:03:46 <jakeyip> (let's move vPTG topic to next week)
10:05:39 <jakeyip> #topic Open Discussion
10:05:58 <jakeyip> does anyone has update?
10:07:48 <travisholton> not from me
10:08:44 <jakeyip> dalees, mnasiadka ?
10:08:58 <mnasiadka> nothing from me
10:09:22 <jakeyip> not forgetting jrosser :)
10:09:30 <dalees> all good here
10:09:49 <jrosser> no, its fine
10:10:06 <dalees> appreciate the discussion today, thanks all.
10:10:25 <jakeyip> alright thanks all for coming!
10:10:29 <jakeyip> #endmeeting