#openstack-meeting-4 log

15:00:53 <itxaka> #startmeeting openstack-helm
15:00:54 <openstack> Meeting started Tue Oct  1 15:00:53 2019 UTC and is due to finish in 60 minutes.  The chair is itxaka. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:55 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:57 <openstack> The meeting name has been set to 'openstack_helm'
15:01:04 <itxaka> o/
15:01:09 <stevthedev> o/
15:01:12 <itxaka> lets wait a few minutes for people to arrive
15:01:15 <srwilkers> o/
15:01:22 <itxaka> as you would have noticed, Im not called portdirect
15:01:29 <itxaka> he wasnt available so I have taken over
15:01:40 <lamt> \o
15:01:41 <itxaka> also over the projects and everything, bow to your new overlord
15:01:51 <stevthedev> hahaha
15:01:57 <itxaka> :)
15:02:06 <lamt> He is enjoying his European vacation :)
15:02:10 <itxaka> agenda at https://etherpad.openstack.org/p/openstack-helm-meeting-2019-10-01
15:02:11 <mattmceuen> o/
15:02:18 <mattmceuen> lol
15:02:21 * portdirect for one welcomes our new lord and master
15:02:23 <jsuchome> yeah, itxaka will make the switch to opensuse as default distro
15:02:30 <itxaka> please fill whatever you wanty to discuss in there, reviews, etc..
15:02:42 <itxaka> lets wait for some more minutes for the agenda to be filled
15:02:56 <georgk> o/
15:04:42 <srwilkers> jsuchome: :O
15:06:17 <itxaka> yeah its all part of the takeover, first we take the meetings then the defaults, then the world!
15:07:15 <evrardjp> o/
15:07:17 <mattmceuen> +1
15:07:56 <itxaka> ok, not seeing too much movement in the agenda, so lets start!
15:07:58 <evrardjp> itxaka: it's good to have ambition :p
15:08:00 <itxaka> #topic Network Policy
15:08:15 <itxaka> lamt: floor is yours :D
15:08:21 <lamt> Thanks itxaka
15:09:25 <lamt> Currently, we are trying to place in k8s network policy into the gate, and 1 issue that was encountered involve nova
15:10:21 <lamt> Nova/neutron use host networking, and as of k8s 1.14, pods that utilize host networking will bypass the k8s netpol
15:11:10 <srwilkers> lamt: yep, that's been something we've seen since the original netpol work started some time ago
15:11:41 <lamt> to tighten it down, it would likely require cni-specific netpol (e.g. calico's GlobalNetworkPolicy) - trying to see if we want ability to specify that upstream
15:11:57 <lamt> cliff may be able to speak more but don't think he is on atm
15:12:53 <srwilkers> i think as long as things like that are kept separate from the other standard jobs (ie, only use them in the netpol jobs), i don't see an issue with that
15:13:42 <itxaka> agreed, as long as its only for that specific job, it should be ok I think
15:13:43 <evrardjp> what is the purpose of this for OSH?
15:14:03 <lamt> security requirement
15:14:10 <evrardjp> ofc
15:14:14 <lamt> :D
15:14:28 <evrardjp> I mean --- what's the purpose of having it gated?
15:14:41 <srwilkers> its not gated, itd be a nonvoting job
15:14:43 <evrardjp> wouldn't a periodic job be enough?
15:15:02 <evrardjp> srwilkers: the first phrase is " we are trying to place in k8s network policy into the gate"
15:15:07 <lamt> it is not going to be gated, expeirmental/periodic jobs should suffice.
15:15:17 <srwilkers> evrardjp: also not my words
15:15:18 <lamt> my bad, I meant into a new job
15:15:33 <evrardjp> sorry, I didn't want to be pedantic :)
15:15:43 <lamt> it is currently nv-jobs
15:15:45 <evrardjp> I just like the fact we have this, and I think we should document ti.
15:15:50 <evrardjp> it*
15:16:13 <evrardjp> it has great value as a documentation thing, and checking a proposed documentation in a CI job sounds amazing.
15:16:28 <lamt> I can take that as an action items once the patches are reviewed/merged
15:16:35 <evrardjp> I just asked if there is more to it than it might seem
15:16:53 <lamt> evrardjp: I agree that we should have documentation on the number of feature gate jobs
15:17:13 <evrardjp> :)
15:17:16 <evrardjp> we are aligned there :)
15:17:31 <evrardjp> no I was just curious if you were to change defaults or things like this :D
15:17:50 <lamt> the default netpol is have everything open :) also disabled
15:18:11 <lamt> to ensure folks don't get those often cryptic connection failure
15:18:52 <lamt> because of some errant network policy in place
15:19:53 <lamt> that said - I'd appreciate reviews on the number of inflight patches
15:20:49 <lamt> that's it for me on netpol unless someone has comments
15:21:23 <itxaka> sounds great, thanks lamt!
15:21:34 <evrardjp> sounds good and very interesting as a good example lamt!
15:21:38 <itxaka> #topic Open floor
15:21:48 <evrardjp> I might have something for open floor
15:22:01 <itxaka> any other comments, suggestions, etc... befoer we move it to the reviews?
15:22:08 <itxaka> go ahead evrardjp!
15:22:08 <evrardjp> yes
15:22:44 <evrardjp> Did any of you have a look at network service mesh?
15:22:46 <evrardjp> https://networkservicemesh.io/
15:23:07 <evrardjp> It might be more appealing to AT&T than for some others, but I was wondering if this was dicussed in the past
15:23:55 <evrardjp> it's a relatively new project, but I think it might interest some people.
15:24:50 <lamt> I have not but it looks interesting.
15:26:41 <srwilkers> it's something we had discussed long ago with respect to Istio, but haven't revisited it since
15:26:41 <evrardjp> (that's all I had  btw)
15:26:46 <mattmceuen> Haven't seen it yet but will take a look - ty evrardp
15:27:39 <evrardjp> I think it allows a very clean plugging of the interfaces into the pods, so it might help you on the security way lamt. But it also might not. I am not expert in this, I just learned about the concepts :)
15:28:14 <itxaka> ok, thanks evrardjp for bringing that up, sure looks interesting....if you are a network guy and dont hate networking like some people that I know..a friend, yes a friend.
15:28:21 <itxaka> lets move to reviews!
15:28:27 <itxaka> #topic Reviews
15:28:33 <evrardjp> itxaka: :)
15:28:39 <itxaka> https://review.opendev.org/#/q/topic:netpol/egress+(status:open+OR+status:merged) - Egress Policy
15:28:39 <itxaka> https://review.opendev.org/#/q/topic:netpol+(status:open)+projects:openstack/openstack-helm - Ingress Policy
15:28:39 <itxaka> https://review.opendev.org/#/c/670550/
15:28:58 <itxaka> Lets all try to have a loko at those reviews, lets see if we can move those forward
15:29:06 <itxaka> s/loko/look/g
15:29:19 <rihabb> Hi all, since all the patches related to ovs-dpdk deployment are merged, we have added a deployment guide section (https://review.opendev.org/#/c/670550/) that describes how to install openstack helm with ovs-dpdk feature enabled. Would appreciate if you guys could review
15:29:23 <rihabb> :)
15:29:55 <itxaka> thanks rihabb, that is really good!
15:30:07 <mattmceuen> that's awesome - ty rihabb
15:30:13 <itxaka> for those of us network-impaired, deployment guides are really great :)
15:30:38 <lamt> agreed
15:30:43 <rihabb> :D
15:31:11 <itxaka> and that should be all for today, unless there is some last minute points to talk, I would really like to leave already to enjoy the last days of summer :)
15:31:29 <evrardjp> it's already fall but fine :)
15:31:52 <itxaka> still kind of summer in Spain, 26 degrees, hell yeah
15:31:59 <evrardjp> oh really?
15:32:00 <evrardjp> nice
15:32:28 <evrardjp> enjoy :)
15:32:38 <itxaka> thats like 79F for our friends over the other side of the ocean
15:32:44 <srwilkers> jealous :(
15:32:55 <itxaka> ok, closing this....jsuchome anything to add?
15:33:30 <itxaka> alrigth, have a nice rest of the day everyone, see y'all in the normal channels!
15:33:31 <itxaka> #endmeeting