15:00:26 <gagehugo> #startmeeting openstack-helm
15:00:28 <openstack> Meeting started Tue May 11 15:00:26 2021 UTC and is due to finish in 60 minutes.  The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:29 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:31 <openstack> The meeting name has been set to 'openstack_helm'
15:00:43 <stevthedev> Hello there, general ghugo
15:01:15 <lamt> \o
15:01:20 <sangeet> 0/
15:01:26 <jinyuanliu> \o
15:01:27 <gagehugo> #link https://etherpad.opendev.org/p/openstack-helm-weekly-meeting agenda
15:01:48 <reddy1> \o
15:02:03 <gagehugo> we will start in a few
15:02:49 <miniroy> o//
15:04:49 <gagehugo> #topic OSH Announcement
15:05:35 <gagehugo> I'd like to announce that we are adding sangeet and jinyuanliu to the OSH core team, congratulations to you both
15:05:46 <stevthedev> \o/
15:05:50 <miniroy> woot woot
15:06:14 <sangeet> Thank you
15:06:23 <jinyuanliu> thank you
15:07:02 <gagehugo> thank you both for all the work you've done, we hope to see it continue :)
15:07:53 <gagehugo> #topic pod localtime
15:08:05 <gagehugo> jinyuanliu: I think this is your topic
15:08:13 <jinyuanliu> yes
15:08:21 <jinyuanliu> https://review.opendev.org/c/openstack/openstack-helm/+/789135
15:09:10 <jinyuanliu> I believe that more places will change the time zone according to their geographic location.
15:09:10 <jinyuanliu> For example, in China,
15:09:10 <jinyuanliu> we generally use CST. I believe that other regions have similar problems, which will cause inconsistencies in the container with the host time,
15:09:10 <jinyuanliu> and some problems will occur.Especially the time of the log is wrong, which is not conducive to viewing。
15:09:28 <jinyuanliu> It seems that there are currently several ways to set the POD time.
15:10:07 <jinyuanliu> TZ can be set by env, but this requires the installation of tzdata pkg.
15:10:08 <jinyuanliu> I have tested it and it is invalid to set TZ without this package.
15:10:18 <jinyuanliu> We can install pkg of the images through opensatck-images, but some of the images we directly pull from GitHub seem to be difficult to handle.
15:10:19 <jinyuanliu> RabbitMQ, for example, does not have tzdata installed.
15:10:37 <jinyuanliu> and
15:10:39 <jinyuanliu> PodPreset is also a way, as samuei said,PodPreset(alpha feature) has been deprecated ,   see: https://github.com/kubernetes/kubernetes/pull/94090
15:10:58 <jinyuanliu> MountPath seems to be the best
15:11:58 <jinyuanliu> What do you think?Is this necessary?
15:12:47 <sangeet> I am sure all host should have the same time, I do not see any issues with mounting host time to the pods
15:12:54 <gagehugo> Won't this break anyone currently using UTC?
15:13:32 <sangeet> If  the hosts have UTC then the pods will have UTC as well when mounting the host time
15:14:10 <miniroy> I am more worried about things like centralized logging or where some place may have some aggregate monitoring setup for different geographic regions
15:14:26 <lamt> can we make that optional?
15:14:27 <miniroy> for a localize datacenter, this maybe fine
15:14:38 <lamt> instead of always mounting it
15:14:43 <gagehugo> I'd be ok if this was toggle-able
15:14:44 <miniroy> yeah, I think make it configurable and optional maybe better
15:14:50 <lamt> if someone wants they can use it
15:14:52 <sangeet> I am good with making it optional
15:15:02 <lamt> but we won't forcefully mount it in the chart
15:15:17 <sangeet> what do we want the default behaviour to be?
15:15:30 <gagehugo> default should be host time IMO
15:15:42 <gagehugo> how it is now
15:15:58 <sangeet> I agree
15:16:16 <gagehugo> then add a local-time or local_time config option in values.yaml
15:16:39 <gagehugo> I think that would solve most issues if anyone wants to use local time over UTC
15:16:49 <lamt> yeah let's leave the default as is and if you want to test it - use the override
15:17:00 <miniroy> +2
15:17:20 <gagehugo> keystone tokens may break too across geographic regions if we change all the times as well
15:17:37 <jinyuanliu> I agree
15:19:37 <gagehugo> sounds good
15:20:00 <gagehugo> jinyuanliu: you have a path forward then?
15:20:43 <jinyuanliu> Yes i will update a path
15:21:27 <gagehugo> cool
15:21:33 <gagehugo> #topic open discussion/reviews
15:21:45 <gagehugo> Anyone have anything they want to discuss or anything to get reviewed?
15:23:07 <gagehugo> #link https://review.opendev.org/c/openstack/openstack-helm/+/789948
15:23:14 <gagehugo> #link https://review.opendev.org/c/openstack/openstack-helm/+/789949
15:23:18 <gagehugo> I'll post some then :D
15:23:48 <sangeet> https://review.opendev.org/c/openstack/openstack-helm-infra/+/788061
15:24:33 <sangeet> lamt .. renewBefore field is set by default in all regular certificates but not in ingress certificates. So may not be a good idea on relying on this field.
15:24:58 <lamt> I need to double check - I still don't think deleting the secret is needed
15:25:11 <miniroy> with the addition of jinyuanliu and sangeet, we have finally achieved "follow the sun" support  :)
15:26:18 <sangeet> yes .. the certs are rotated after renewalTime and secrets updated, but how do we mount new secrets
15:27:17 <lamt> doesn't restarting the pod work with the new secrets?
15:27:41 <sangeet> And this is a cron job, the certs may have just rotated and cron would exit without doing anything
15:28:02 <sangeet> I mean certs roatetd before the cron started
15:29:32 <lamt> I haven't touch cert-manager for a while so I need to spend time double checking
15:30:55 <lamt> but having a cron job that deletes things independent of the cert-manager's management of certs/secrets makes me slightly uncomfortable, but if the other cores are okay with it
15:36:53 <gagehugo> Thanks everyone, have a good rest of the week
15:36:55 <gagehugo> #endmeeting