#openstack-containers log

09:03:48 <mnasiadka> #startmeeting magnum
09:03:48 <opendevmeet> Meeting started Wed Sep  6 09:03:48 2023 UTC and is due to finish in 60 minutes.  The chair is mnasiadka. Information about MeetBot at http://wiki.debian.org/MeetBot.
09:03:48 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
09:03:48 <opendevmeet> The meeting name has been set to 'magnum'
09:03:50 <mnasiadka> #topic rollcall
09:03:51 <mnasiadka> o/
09:03:59 <dalees> o/
09:04:14 <gbialas> o/
09:04:28 <mnasiadka> #topic Secure RBAC
09:04:38 <mnasiadka> So, basically we've started to merge some of the rbac patches
09:04:48 <mnasiadka> Especially those in magnum-tempest-plugin
09:05:12 <mnasiadka> there are two that need second core
09:05:15 <mnasiadka> #link https://review.opendev.org/c/openstack/magnum-tempest-plugin/+/877086
09:05:25 <mnasiadka> #link https://review.opendev.org/c/openstack/magnum-tempest-plugin/+/875322
09:05:30 <mnasiadka> dalees: do you think you could have a look?
09:06:17 <dalees> I haven't looked at the RBAC change too deeply yet, but will try and spend some time
09:06:27 <mnasiadka> Actually the ones in openstack/magnum are merged
09:06:39 <mnasiadka> ricolin: if we need anything else merged for srbac - please shout
09:07:04 <dalees> yeah, i can look into these tempest ones
09:07:15 <mnasiadka> ok, let's move to next topic
09:07:18 <mnasiadka> #topic ClusterAPI
09:07:40 <mnasiadka> So, basically I think with the release calendar being as is now (so RC1 is close and then first week of Oct is the release day)
09:07:52 <mnasiadka> It might be very complicated to merge the CAPI driver changes
09:08:41 <mnasiadka> And we have some doubts on the direction of current patches + probably we'd need another round of discussions around this plus recognizing that the current patches are probably at least inspired by VexxHost driver
09:08:50 <mnasiadka> dalees: anything to add?
09:10:04 <dalees> No, not too much - but we do want to merge a CAPI driver next cycle. The functionality is too important
09:10:18 <mnasiadka> Yes, I agree - but let's do it right :)
09:10:40 <mnasiadka> ok, let's move into open discussion
09:10:43 <mnasiadka> #topic Open discussion
09:10:46 <mnasiadka> So, I have one point
09:10:56 <dalees> Yes, splitting the community on CAPI drivers isn't helpful and the path isn't clear yet.
09:11:13 <mnasiadka> the meetings on the https://meetings.opendev.org page show up as Container team meetings, and the url is to some really old logs
09:11:35 <mnasiadka> I'd like to fix that, so people have more clarity how to find the meeting date/logs
09:11:49 <mnasiadka> We have two options I guess - rename the Containers meeting to Magnum meeting and fix the link
09:12:01 <mnasiadka> or leave the meeting name as Containers and fix the link to point to Magnum
09:12:13 <mnasiadka> I think we'd need jakeyip to decide :)
09:12:40 <mnasiadka> so let's leave it for next meeting - but we should fix it
09:12:41 <dalees> Renaming to Magnum seems sensible, that's the commonly known product name
09:12:57 <mnasiadka> yeah, I'll consult with jakeyip later and do the needed changes
09:13:06 <mnasiadka> gbialas: you had something?
09:13:21 <gbialas> Yes, container team doesn't say much
09:13:48 <mnasiadka> so three votes for changing to Magnum :)
09:13:49 <gbialas> Yes. Deprecation of contianer_runtime default value
09:14:13 <mnasiadka> gbialas: can you link the current patch that jakeyip didn't like?
09:14:27 <gbialas> In short words: Change 'container_runtime'  variable default to containerd, and deprecate 'host-docker'. From 1.24 dockershim is removed from k8s so host-docke dosn't make any sense
09:14:49 <gbialas> https://review.opendev.org/c/openstack/magnum/+/893378/1
09:15:05 <mnasiadka> #link https://review.opendev.org/c/openstack/magnum/+/893378
09:15:11 <mnasiadka> (so it renders in html properly in the logs)
09:15:26 <mnasiadka> So, we agreed to support Kubernetes 1.25+ in Bobcat in the driver
09:15:34 <mnasiadka> and drop support for older versions
09:15:43 <mnasiadka> I assume 1.25 does not support DockerShim anymore
09:15:50 <gbialas> Yes.
09:16:13 <mnasiadka> So we could change the default to containerd, and deprecate the whole variable (container_runtime) - to be dropped in C
09:16:40 <gbialas> That would be best outcome.
09:16:41 <mnasiadka> I understand the motivation that we didn't want to change defaults in the past, but with the current default - it's undeployable (you need to change to container)
09:16:50 <mnasiadka> dalees: opinions?
09:16:58 <dalees> so if old magnum templates exist that don't specify, changing a default may break them. This is the backwards compat problem, it's true with all labels sadly.
09:17:24 <dalees> we try and get around this by specifying all labels in magnum templates, it's a pain but less likely for breakages like this.
09:17:49 <dalees> having said that, i agree that having a default like docker doesn't make sense in 1.24+ if we don't install the out-of-tree dockershim
09:18:20 <mnasiadka> I'm not saying to backport the change of default, just change the default in Bobcat - that shouldn't break people that want to deploy 1.25+ when Bobcat is out
09:18:53 <mnasiadka> We just need proper release notes saying that please check your cluster template
09:19:27 <mnasiadka> (not counting the default kube_tag that we currently have, which does not help)
09:21:02 <gbialas> Also upgrading kube_tag and fedora image used to make tests to recent version would be useful. Ii docs we are still using Fedora 35 an 1.23 (in antelope)
09:21:11 <mnasiadka> I guess it would make sense to push that discussion to a time when jakeyip is around
09:21:31 <mnasiadka> And talk about how do make cluster templates without any labels work in Bobcat with some fresh kubernetes release
09:22:00 <mnasiadka> maybe we need to remove defaults at all for a cycle, and force people to set some of the labels mandatory
09:22:15 <dalees> yeah, the alternative to defaults is ignore them entirely and provide (quite large) magnum templates which specify known working labels for each k8s version. In this case it'd always be containerd.
09:22:41 <dalees> that's an interesting idea, mnasiadka.
09:23:07 <gbialas> Maybe each release we will ship just one version of key components which is proved to work, and use it as default.
09:23:37 <mnasiadka> gbialas: and warn users if they don't set these labels, it might break them after upgrading Magnum to a new OpenStack release
09:23:49 <dalees> anyway, mostly my point is that the defaults thing is a pain. Not that it shouldn't change. We just need to define a consistent policy and stick to it, letting deployers know it might break if they don't specify everything in their templates.
09:24:27 <mnasiadka> dalees: in other projects we state change of defaults in release notes, we could also add some warning in the docs
09:24:36 <mnasiadka> but I think we need some buy in from the PTL
09:24:37 <gbialas> Exactly. We can't keep backwards compatibility forever. k8s is droping something constantly
09:25:07 <dalees> i think it's worth a discussion
09:25:40 <gbialas> Yes. Happy to help with this (discussion and implementing)
09:26:11 <mnasiadka> Ok, this week is R-4, next week is RC1 week - we should decide on the meeting next week what is the approach we're taking - and implement it fast.
09:26:26 <mnasiadka> We should not be changing defaults after RC1
09:27:33 <mnasiadka> Ok, anything else? Anybody?
09:27:43 <gbialas> Nothing from me.
09:28:26 <dalees> No other topics from me
09:28:59 <mnasiadka> mkjpryor: you're a bit late, we postponed the CAPI driver merging for C cycle - we need to sort out everything, ideally have another discussion with mnaser and jakeyip (he's not available today)
09:29:14 <mnasiadka> ok then, let's finish for today
09:29:16 <mnasiadka> thanks for coming :)
09:29:18 <mnasiadka> #endmeeting