#openstack-containers log

08:59:26 <strigazi> #startmeeting magnum
08:59:26 <opendevmeet> Meeting started Wed Mar  2 08:59:26 2022 UTC and is due to finish in 60 minutes.  The chair is strigazi. Information about MeetBot at http://wiki.debian.org/MeetBot.
08:59:26 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
08:59:26 <opendevmeet> The meeting name has been set to 'magnum'
08:59:31 <strigazi> #topic Roll Call
08:59:35 <strigazi> o/
09:00:02 <jakeyip> o/
09:02:02 <mnasiadka> o/
09:02:24 <bbezak> o/
09:04:15 <gbialas> o/
09:04:41 <strigazi> #topic Previous Action Items
09:04:58 <strigazi> #link https://etherpad.opendev.org/p/magnum-weekly-meeting
09:05:29 <strigazi> jakeyip: did you manage to change the validation for mesos?
09:06:33 <jakeyip> yeah I've sent up a very simple patch
09:07:26 <jakeyip> https://review.opendev.org/c/openstack/magnum/+/830594 - works and just complains that `Requested COE type %s is not supported` if we use mesos
09:08:46 <strigazi> cool, maybe add a release note too
09:09:25 <jakeyip> ok
09:11:35 <strigazi> #action jakeyip, strigazi follow 830594: Remove mesos API validation | https://review.opendev.org/c/openstack/magnum/+/830594
09:12:17 <strigazi> next was to comment on mesos, baymodel removal for Z. I will add it today.
09:12:32 <strigazi> #action trigazi to comment on 821213: Drop mesos driver | https://review.opendev.org/c/openstack/magnum/+/821213 , 803780: Drop bay and baymodel from controllers | https://review.opendev.org/c/openstack/magnum/+/803780 , 803629: Drop bay and baymodel | https://review.opendev.org/c/openstack/python-magnumclient/+/803629
09:13:01 <strigazi> Next two items are from mnasiadka's for reviews
09:13:24 <strigazi> mnasiadka: I managed to test and merge the OVN pod-to-pod patch https://review.opendev.org/c/openstack/magnum/+/773923
09:13:47 <mnasiadka> yes, thanks for that :)
09:14:14 <strigazi> for the three octavia patches. the code lgtm but my devstack was not cooperating. I think today or tomorrow we should merge them
09:14:48 <mnasiadka> We're using that downstream in production for some time, so those should be working :)
09:15:04 <strigazi> jakeyip: did you have time to look as well? it is this series: https://review.opendev.org/c/openstack/magnum/+/767119/
09:15:19 <strigazi> mnasiadka: ok :)
09:15:26 <jakeyip> same, I am having devstack issues, so still trying to get it
09:15:46 <jakeyip> mnasiadka: do your clusters use octavia ingress? does it work with OVN?
09:16:16 <mnasiadka> No, we use nginx ingress, octavia ingress controller does not support OVN LB
09:16:44 <mnasiadka> We weren't very happy around octavia ingress controller - but I don't remember why
09:16:47 <mnasiadka> bbezak: do you remember?
09:17:28 <mnasiadka> basically, OVN LB supports only TCP and UDP mode balancing, so we can't use octavia-ingress-controller for this
09:17:58 <strigazi> mnasiadka: you also want proxy?
09:18:53 <mnasiadka> strigazi: proxy? as in an Octavia/OVN load balancer in front on the nginx ingress controller?
09:19:54 <jakeyip> mnasiadka: i see. so is ovn octavia only for the api / etcd ?
09:20:08 <strigazi> mnasiadka PROXY protocol
09:20:51 <mnasiadka> jakeyip: you can use loadbalancer service via occm
09:21:08 <strigazi> mnasiadka: ah, actually its HTTP(S) that is missing too :)
09:21:38 <jakeyip> ah ok
09:21:40 <mnasiadka> yes, https needs to be terminated on the service itself (OVN is only TCP/UDP load balancer, no HTTP)
09:21:53 <mnasiadka> no PROXY, no fancy features
09:22:01 <mnasiadka> but also no Amphora VM :)
09:22:51 <strigazi> mnasiadka: we use TungstenFabric that has no VMs either, it manages haproxy processes though
09:23:18 <mnasiadka> I'm familiar with TungstenFabric, OVN LBs are purely OpenFlow rules
09:23:31 <mnasiadka> like an iptables load balancer
09:23:52 <mnasiadka> but it has healthchecks now (if you use OVN 21.06), so a bit better than iptables
09:24:16 <strigazi> yeah yeah, for many things that's more optimal, does it keep the client-ip?
09:24:19 <jakeyip> strigazi: does CERN use OVN?
09:25:03 <mnasiadka> strigazi: yes, client ip is seen on the connection target, no fancy headers needed
09:25:04 <strigazi> jakeyip: no, just Tungsten for LBs at the moment
09:25:52 <jakeyip> ok. we are migrating to OVN so this patches will be helpful for us, thanks :)
09:25:53 <strigazi> mnasiadka: cool, because with iptable (eg kube-proxy) you lose it
09:26:39 <strigazi> Let's move on, next was:
09:26:45 <opendevreview> Merged openstack/magnum master: Support quota hard_limit values of zero  https://review.opendev.org/c/openstack/magnum/+/764254
09:26:52 <strigazi> mnasiadka to follow up kubernetes conformance for Yoga https://www.cncf.io/certification/software-conformance/
09:27:10 <strigazi> did you have time to look at it last week?
09:27:21 <mnasiadka> started to set up an env for this, so should file a PR in the regular repo in the coming days
09:27:46 <strigazi> mnasiadka: awesome! So it passes right?
09:28:27 <mnasiadka> yes, sonobuoy has no errors, so just need to gather the logs and fire off a pull request in github
09:28:36 <strigazi> #action strigazi to review Octavia Patches https://review.opendev.org/c/openstack/magnum/+/764444 https://review.opendev.org/c/openstack/magnum/+/765309 https://review.opendev.org/c/openstack/magnum/+/767119
09:28:51 <strigazi> mnasiadka: That's great, thanks
09:29:01 <strigazi> #action mnasiadka to follow up kubernetes conformance for Yoga https://www.cncf.io/certification/software-conformance/
09:29:30 <strigazi> next, was the quota patches, both merged, one of them seconds ago
09:29:45 <strigazi> and last is jakeyip to deprecate fedora-atomic driver(s)
09:30:15 <strigazi> jakeyip: ^^ you managed?
09:31:13 <jakeyip> yeah will do it similarly to mesos
09:31:27 <jakeyip> haven't got started
09:31:32 <strigazi> #action jakeyip to deprecate fedora-atomic driver(s)
09:31:33 <strigazi> thanks
09:31:54 <strigazi> I'm adding one more patch to have it ready for next week:
09:32:07 <strigazi> #action strigazi, jakeyip to review 775793: Support extra_network and extra_subnet labels | https://review.opendev.org/c/openstack/magnum/+/775793
09:32:31 <strigazi> #topic Install calico via helm
09:33:13 <strigazi> Recently, we updated calico, to the update more managable helm would help, as anyone looke at the tigera operator recently?
09:33:36 <strigazi> I think i discussed this with someone from stackHPC
09:33:42 <bbezak> mnasiadka: Octavia ingress controller was a bumpy road last time I've looked into it, and not much maintainers on it. Ingress-nginx is a out of the box experience.
09:34:12 <strigazi> #link https://github.com/tigera/operator
09:34:38 <bbezak> It looks like we can bump coredns to 1.8.* versions after this merged in apparently - https://review.opendev.org/c/openstack/magnum/+/830603
09:35:13 <strigazi> bbezak: yeap
09:38:57 <strigazi> For calico, do you think it makes sense to have our own helm-chart?
09:39:11 <strigazi> jakeyip: mnasiadka: you use calico, flannel or smth else?
09:40:17 <mnasiadka> we use mainly calico
09:40:35 <mnasiadka> but we haven't tried the tigera operator
09:41:10 <strigazi> mnasiadka: the main issue right now is that we can configure it to use our registry
09:41:21 <mnasiadka> but I guess it would make sense to try it out, but I don't know if we can commit to doing that before Yoga release
09:41:25 <jakeyip> we use flannel - there is a problem with using calico with our current SDN. will evaluate calico again when we migrate to OVN
09:41:32 <mnasiadka> strigazi: right
09:42:28 <strigazi> let's leave it for Z then
09:42:53 <strigazi> #topic Open Discussion
09:43:16 <strigazi> Any other business?
09:46:00 <strigazi> See you next week then!
09:46:03 <strigazi> #endmeeting