10:00:02 #startmeeting containers 10:00:03 Meeting started Tue Apr 3 10:00:02 2018 UTC and is due to finish in 60 minutes. The chair is strigazi. Information about MeetBot at http://wiki.debian.org/MeetBot. 10:00:04 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 10:00:06 The meeting name has been set to 'containers' 10:00:06 #topic Roll Call 10:00:31 o/ 10:00:57 hello flwang 10:01:01 hi 10:01:06 strigazi: hello 10:01:41 hello slunkad 10:01:47 #link https://wiki.openstack.org/wiki/Meetings/Containers#Agenda_for_2018-04-03_1000_UTC 10:02:18 #topic Blueprints/Bugs/Ideas 10:03:51 strigazi: anything from your side? 10:04:00 From my side, I tested flwang's patch for calico and left some comments, we can discuss it in a few moments and finished the patch for adding flannel back on the master. 10:04:27 For upgrades, I don't have an update this week. 10:04:34 strigazi: thanks 10:04:43 I'll push the patch for flannel right after the meeting. 10:05:02 Oh and one more, 10:05:51 I got some people asking how to build the kubernetes containers, so for next week I'll add it to the docs 10:06:33 #action strigazi to add docs for building the system containers used in k8s_fedora 10:06:57 we can also start building on infra like this: 10:07:58 https://github.com/openstack/kolla/blob/master/.zuul.d/base.yaml#L3 10:08:21 kolla has a team account and they have added the creds in zuul 10:08:36 strigazi: what's the benefit for magnum? 10:09:05 flwang: the images will be built on openstack infra and not cern-infra 10:09:33 strigazi: sounds good 10:09:44 sounds good 10:10:03 flwang: now these contianers are pulled from cern registry and pushed by me on dockerhub 10:10:36 not the best practice for an open source project 10:11:18 that's it from me 10:11:20 strigazi: can we automate it? 10:11:49 yes, we will still need to commit to gerrit for changes 10:11:58 strigazi: I have read the codes of https://github.com/projectatomic/atomic-system-containers, it use kubernetes from redhat, not newest kubernetes(not my kubernetes). 10:12:22 strigazi, sorry I'm late 10:12:28 panfy: the code comes from there 10:12:38 ricolin: hello 10:13:31 panfy: didn't get you, what do you mean? you use rhel? 10:13:53 https://github.com/projectatomic/atomic-system-containers/blob/master/kubernetes-master/Dockerfile#L13 10:14:30 panfy: yes, this gets the latest kube from koji, v1.9.6 10:14:56 Oh, I see, thank you. 10:15:22 If I want to build image from my kubernetes code, how to do? 10:16:22 panfy: can we discuss it a few minutes in open discussion? 10:16:30 strigazi: should we move and discuss a particular question offline? 10:16:37 strgazi: Ok. 10:16:50 flwang: yes 10:16:56 so that was from my side 10:17:12 ok, my updates 10:17:36 1. lingxian (kong) has done some great job about testing the keystone integration 10:17:46 for auth and authz 10:18:00 so we can start to plan to implement it in Magnum 10:18:32 cool 10:19:14 2. thanks for the comments from strigazi about my patch calico on k8s master, i'm addressing those comments and trying to put another fix (NetworkManager conflicts with calico) into the same patch 10:21:04 3. Recently i'm reviewing GKE's feature, i'm thinking 2 features: 1. how to running master on a system level k8s 2. add fluentd support 10:21:09 that's all from my side 10:21:27 what is 3.1? 10:22:01 fluentd sounds great, register a bp and go for it 10:22:15 3.1 is a big one 10:22:42 as you many know, on GKE, user can't see their master nodes and they're also not charged the master nodes cost 10:22:59 as a public cloud, we're really interested in that way 10:23:52 oh, that one 10:24:00 and I think AKS (azure) does the same thing 10:24:11 We can start a v2 driver for this 10:24:40 it would be a very interesting one 10:24:45 The big challenge is the network 10:24:52 the tenant network 10:24:53 yep, i can imagine 10:26:08 is it possible for two tenants to share a private network? And for heat that means, two stacks right? 10:27:04 flwang: the motivation is accounting or management? 10:28:00 strigazi: i think the motivation is user will be happy to see they don't have to pay 3 master nodes compute cost 10:28:18 and it's definitely aligning with our new strategy 10:28:37 making Magnum as a COE as a service, not just a deployment tool 10:28:40 flwang: but they user them :) they must may indirectly 10:29:03 s/may/pay 10:29:13 strigazi: hah, i can't argue that 10:29:42 so your motivation is accounting 10:29:43 from our perspective, user may compare our service with GKE or AKS 10:30:00 and they will found they are paying more 10:30:20 it's not an urgent call, but we'd to keep it in mind 10:31:22 ricolin: is possible the admin or a service project, to create a stack which will container resources in another project? 10:31:57 i think K8S is good opportunity for small cloud provider like Catalyst Cloud to catch up big giant to provide great managed k8s service 10:32:18 strigazi, try add external_id to mark a resource as external resource 10:33:10 external_id? the other project id? 10:34:07 wait, find a example for you 10:34:33 ok, let's move so slunkad and you paste it when you find it 10:34:35 strigazi, https://github.com/openstack/heat-templates/blob/eb93bfeb78d18b8ccaf5dd79760892c03d63350e/hot/external_resource.yaml 10:35:00 https://review.openstack.org/#/c/556857/ https://review.openstack.org/#/c/552099/ 10:35:05 ricolin: perfect 10:35:08 but you have to make sure what you mark with external_id can be accessed from this project 10:35:47 aka have AuthZ from clients in this project 10:35:55 some doc patches, one for the networking discussed at the ptg, and the other is the glossary 10:36:11 slunkad: thanks 10:36:41 I'll review them today, sorry for the delay 10:37:44 strigazi, about bug https://review.openstack.org/#/c/557337/ is ready for review or test now 10:37:53 ( 10:37:53 Regenerate trust when update with different user) 10:38:14 ricolin: great! 10:38:25 the glossary one needs more input and maybe we want to go alphabetically, some guides do that but I thought it will be better to section it by coe for eg 10:38:25 that will help us slunkad 10:38:44 strigazi: ricolin yes 10:38:51 let me know if that works for your case 10:40:03 yes I will 10:40:10 slunkad, thx 10:41:52 slunkad: anything else from you? I'll add comments on the reviews 10:42:11 that's all 10:42:41 cool 10:42:53 let's move to: 10:42:54 #topic Open Discussion 10:43:39 we have "building the kubernetes containers", anything else? 10:43:59 panfy: are you here? 10:44:08 yep 10:44:40 To build the images with your own kubernetes code you have two options 10:44:43 A. 10:45:29 Build the kubernets binaries and modify kubernetes-master and kubernetes-node to add you binaries to the image with: 10:46:46 COPY ./kube-apiserver /usr/bin/kube-apiserver 10:47:12 the same for controller-manager and sheduler 10:47:33 B. 10:48:07 Build the fedora kubernetes rpms and install them from the localfile 10:48:10 eg 10:49:00 docker build -v paht/to/rpms:/rpms/ -t panfy/kubernets-master ./kubernetes-master/ 10:49:55 and on the dockerfile do dnf install /rpms/kubernetes-master-.rpm instead of kubernetes-master 10:50:39 panfy: makes sense? 10:51:09 Ok, I would like to do a review and test when you add docs for building the system containers used in k8s_fedora. So when do you add that doc? If you have no time, I want to try it this week or next week. 10:51:30 B maybe better. 10:52:13 ok, I'll try to write something today 10:52:20 I like B better 10:52:33 yep, make sense, I will try it, thank you. 10:53:13 panfy: you are panfengyun right? 10:53:26 yes,-_- 10:53:29 :) 10:53:36 cool, I'll let you know 10:54:18 folks, anything else? 10:54:59 thanks everyone! 10:55:08 strigazi, thx 10:55:10 see you next week 10:55:13 thank you 10:55:18 thanks strigazi, I will try it tomorrow, I am taking off. 10:55:27 #endmeeting