#openstack-containers log

10:00:02 <strigazi> #startmeeting containers
10:00:03 <openstack> Meeting started Tue Apr  3 10:00:02 2018 UTC and is due to finish in 60 minutes.  The chair is strigazi. Information about MeetBot at http://wiki.debian.org/MeetBot.
10:00:04 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
10:00:06 <openstack> The meeting name has been set to 'containers'
10:00:06 <strigazi> #topic Roll Call
10:00:31 <flwang> o/
10:00:57 <strigazi> hello flwang
10:01:01 <slunkad> hi
10:01:06 <flwang> strigazi: hello
10:01:41 <strigazi> hello slunkad
10:01:47 <strigazi> #link https://wiki.openstack.org/wiki/Meetings/Containers#Agenda_for_2018-04-03_1000_UTC
10:02:18 <strigazi> #topic Blueprints/Bugs/Ideas
10:03:51 <flwang> strigazi: anything from your side?
10:04:00 <strigazi> From my side, I tested flwang's patch for calico and left some comments, we can discuss it in a few moments and finished the patch for adding flannel back on the master.
10:04:27 <strigazi> For upgrades, I don't have an update this week.
10:04:34 <flwang> strigazi: thanks
10:04:43 <strigazi> I'll push the patch for flannel right after the meeting.
10:05:02 <strigazi> Oh and one more,
10:05:51 <strigazi> I got some people asking how to build the kubernetes containers, so for next week I'll add it to the docs
10:06:33 <strigazi> #action strigazi to add docs for building the system containers used in k8s_fedora
10:06:57 <strigazi> we can also start building on infra like this:
10:07:58 <strigazi> https://github.com/openstack/kolla/blob/master/.zuul.d/base.yaml#L3
10:08:21 <strigazi> kolla has a team account and they have added the creds in zuul
10:08:36 <flwang> strigazi: what's the benefit for magnum?
10:09:05 <strigazi> flwang: the images will be built on openstack infra and not cern-infra
10:09:33 <flwang> strigazi: sounds good
10:09:44 <panfy> sounds good
10:10:03 <strigazi> flwang: now these contianers are pulled from cern registry and pushed by me on dockerhub
10:10:36 <strigazi> not the best practice for an open source project
10:11:18 <strigazi> that's it from me
10:11:20 <flwang> strigazi: can we automate it?
10:11:49 <strigazi> yes, we will still need to commit to gerrit for changes
10:11:58 <panfy> strigazi: I have read the codes of https://github.com/projectatomic/atomic-system-containers, it use kubernetes from redhat, not newest kubernetes(not my kubernetes).
10:12:22 <ricolin> strigazi, sorry I'm late
10:12:28 <strigazi> panfy: the code comes from there
10:12:38 <strigazi> ricolin: hello
10:13:31 <strigazi> panfy: didn't get you, what do you mean? you use rhel?
10:13:53 <panfy> https://github.com/projectatomic/atomic-system-containers/blob/master/kubernetes-master/Dockerfile#L13
10:14:30 <strigazi> panfy: yes, this gets the latest kube from koji, v1.9.6
10:14:56 <panfy> Oh, I see, thank you.
10:15:22 <panfy> If I want to build image from my kubernetes code, how to do?
10:16:22 <strigazi> panfy: can we discuss it a few minutes in open discussion?
10:16:30 <flwang> strigazi: should we move and discuss a particular question offline?
10:16:37 <panfy> strgazi: Ok.
10:16:50 <strigazi> flwang: yes
10:16:56 <strigazi> so that was from my side
10:17:12 <flwang> ok, my updates
10:17:36 <flwang> 1. lingxian (kong) has done some great job about testing the keystone integration
10:17:46 <flwang> for auth and authz
10:18:00 <flwang> so we can start to plan to implement it in Magnum
10:18:32 <strigazi> cool
10:19:14 <flwang> 2. thanks for the comments from strigazi about my patch calico on k8s master, i'm addressing those comments and trying to put another fix (NetworkManager conflicts with calico) into the same patch
10:21:04 <flwang> 3. Recently i'm reviewing GKE's feature, i'm thinking 2 features:  1. how to running master on a system level k8s   2. add fluentd support
10:21:09 <flwang> that's all from my side
10:21:27 <strigazi> what is 3.1?
10:22:01 <strigazi> fluentd sounds great, register a bp and go for it
10:22:15 <flwang> 3.1 is a big one
10:22:42 <flwang> as you many know, on GKE, user can't see their master nodes and they're also not charged the master nodes cost
10:22:59 <flwang> as a public cloud, we're really interested in that way
10:23:52 <strigazi> oh, that one
10:24:00 <flwang> and I think AKS (azure) does the same thing
10:24:11 <strigazi> We can start a v2 driver for this
10:24:40 <flwang> it would be a very interesting one
10:24:45 <strigazi> The big challenge is the network
10:24:52 <strigazi> the tenant network
10:24:53 <flwang> yep, i can imagine
10:26:08 <strigazi> is it possible for two tenants to share a private network? And for heat that means, two stacks right?
10:27:04 <strigazi> flwang: the motivation is accounting or management?
10:28:00 <flwang> strigazi: i think the motivation is user will be happy to see they don't have to pay 3 master nodes compute cost
10:28:18 <flwang> and it's definitely aligning with our new strategy
10:28:37 <flwang> making Magnum as a COE as a service, not just a deployment tool
10:28:40 <strigazi> flwang:  but they user them :) they must may indirectly
10:29:03 <strigazi> s/may/pay
10:29:13 <flwang> strigazi: hah, i can't argue that
10:29:42 <strigazi> so your motivation is accounting
10:29:43 <flwang> from our perspective, user may compare our service with GKE or AKS
10:30:00 <flwang> and they will found they are paying more
10:30:20 <flwang> it's not an urgent call, but we'd to keep it in mind
10:31:22 <strigazi> ricolin: is possible the admin or a service project, to create a stack which will container resources in another project?
10:31:57 <flwang> i think K8S is good opportunity for small cloud provider like Catalyst Cloud to catch up big giant to provide great managed k8s service
10:32:18 <ricolin> strigazi, try add external_id to mark a resource as external resource
10:33:10 <strigazi> external_id? the other project id?
10:34:07 <ricolin> wait, find a example for you
10:34:33 <strigazi> ok, let's move so slunkad and you paste it when you find it
10:34:35 <ricolin> strigazi, https://github.com/openstack/heat-templates/blob/eb93bfeb78d18b8ccaf5dd79760892c03d63350e/hot/external_resource.yaml
10:35:00 <slunkad> https://review.openstack.org/#/c/556857/ https://review.openstack.org/#/c/552099/
10:35:05 <strigazi> ricolin: perfect
10:35:08 <ricolin> but you have to make sure what you mark with external_id can be accessed from this project
10:35:47 <ricolin> aka have AuthZ from clients in this project
10:35:55 <slunkad> some doc patches, one for the networking discussed at the ptg, and the other is the glossary
10:36:11 <strigazi> slunkad: thanks
10:36:41 <strigazi> I'll review them today, sorry for the delay
10:37:44 <ricolin> strigazi, about bug https://review.openstack.org/#/c/557337/ is ready for review or test now
10:37:53 <ricolin> (
10:37:53 <ricolin> Regenerate trust when update with different user)
10:38:14 <strigazi> ricolin: great!
10:38:25 <slunkad> the glossary one needs more input and maybe we want to go alphabetically, some guides do that but I thought it will be better to section it by coe for eg
10:38:25 <strigazi> that will help us slunkad
10:38:44 <slunkad> strigazi: ricolin yes
10:38:51 <ricolin> let me know if that works for your case
10:40:03 <slunkad> yes I will
10:40:10 <ricolin> slunkad, thx
10:41:52 <strigazi> slunkad: anything else from you? I'll add comments on the reviews
10:42:11 <slunkad> that's all
10:42:41 <strigazi> cool
10:42:53 <strigazi> let's move to:
10:42:54 <strigazi> #topic Open Discussion
10:43:39 <strigazi> we have "building the kubernetes containers", anything else?
10:43:59 <strigazi> panfy: are you here?
10:44:08 <panfy> yep
10:44:40 <strigazi> To build the images with your own kubernetes code you have two options
10:44:43 <strigazi> A.
10:45:29 <strigazi> Build the kubernets binaries and modify kubernetes-master and kubernetes-node to add you binaries to the image with:
10:46:46 <strigazi> COPY ./kube-apiserver /usr/bin/kube-apiserver
10:47:12 <strigazi> the same for controller-manager and sheduler
10:47:33 <strigazi> B.
10:48:07 <strigazi> Build the fedora kubernetes rpms and install them from the localfile
10:48:10 <strigazi> eg
10:49:00 <strigazi> docker build -v paht/to/rpms:/rpms/ -t panfy/kubernets-master ./kubernetes-master/
10:49:55 <strigazi> and on the dockerfile do dnf install /rpms/kubernetes-master-<your build>.rpm instead of kubernetes-master
10:50:39 <strigazi> panfy: makes sense?
10:51:09 <panfy> Ok, I would like to do a review and test when you add docs for building the system containers used in k8s_fedora. So when do you add that doc? If you have no time, I want to try it this week or next week.
10:51:30 <panfy> B maybe better.
10:52:13 <strigazi> ok, I'll try to write something today
10:52:20 <strigazi> I like B better
10:52:33 <panfy> yep, make sense, I will try it, thank you.
10:53:13 <strigazi> panfy: you are panfengyun right?
10:53:26 <panfy> yes,-_-
10:53:29 <strigazi> :)
10:53:36 <strigazi> cool, I'll let you know
10:54:18 <strigazi> folks, anything else?
10:54:59 <strigazi> thanks everyone!
10:55:08 <ricolin> strigazi, thx
10:55:10 <strigazi> see you next week
10:55:13 <flwang> thank you
10:55:18 <panfy> thanks strigazi, I will try it tomorrow, I am taking off.
10:55:27 <strigazi> #endmeeting