Thursday, 2020-03-26

« Wednesday, 2020-03-25 Index Friday, 2020-03-27 »
flwang1brtknr: we just need a default value in heat as i changed in the previous patch, unless we're talking about different things00:52
flwang1brtknr: i saw your comments in the calico patch, do you mean it works now?00:52
openstackgerritFeilong Wang proposed openstack/magnum master: Fix calico regression issue caused by default ipv4pool change  https://review.opendev.org/71509300:55
*** xinliang has joined #openstack-containers00:58
*** pcaruana has quit IRC02:54
*** pcaruana has joined #openstack-containers03:07
*** ykarel|away is now known as ykarel04:08
*** xinliang has quit IRC04:20
*** udesale has joined #openstack-containers04:47
brtknrflwang1: yes upgraded calico works with the regression fix but need to run comformance04:51
*** udesale has quit IRC05:10
*** udesale has joined #openstack-containers05:12
flwang1brtknr: i'm running the conformance test05:15
flwang1btw05:15
flwang1it's still running, i will update the result on the patch05:23
*** rcernin has quit IRC05:40
*** rcernin has joined #openstack-containers05:41
*** rcernin has quit IRC05:41
*** rcernin has joined #openstack-containers05:42
*** rcernin has quit IRC05:42
*** rcernin has joined #openstack-containers05:47
*** ykarel is now known as ykarel|meeting06:01
*** rcernin has quit IRC06:02
*** rcernin has joined #openstack-containers06:02
*** rcernin has quit IRC06:05
*** rcernin has joined #openstack-containers06:05
*** ykarel|meeting is now known as ykarel06:49
brtknr flwang1 Cool06:59
brtknrflwang1: when I checked, pod to pod communication was restored07:02
brtknrAre you going to split coredns into a separate ps?07:04
brtknrflwang1: Can you please also review some of the other ps before you disappear? Mainly the rootfs one as I’d like to back port if possible07:06
brtknrCheers07:15
flwang1brtknr: sure, will do07:25
flwang1the conformance testing is soooooo slow07:25
*** vishalmanchanda has joined #openstack-containers07:56
*** sapd1 has joined #openstack-containers07:57
*** guilhermesp has quit IRC08:06
brtknrflwang1: did it complete?09:18
*** ykarel is now known as ykarel|lunch09:27
openstackgerritDiogo Guerra proposed openstack/magnum master: [k8s] label to select helm client container tag  https://review.opendev.org/71514209:32
openstackgerritDiogo Guerra proposed openstack/magnum master: [k8s] label to select helm client container tag  https://review.opendev.org/71514209:34
*** rcernin has quit IRC09:51
tobias-urdinsolved my issue by using heat_container_agent_tag=stein-stable10:14
*** ykarel|lunch is now known as ykarel10:14
brtknrtobias-urdin: good to hear!11:49
brtknrcan you tell me what configuration you were using again?11:49
*** udesale_ has joined #openstack-containers12:21
*** udesale has quit IRC12:24
*** sapd1 has quit IRC12:36
*** guilhermesp has joined #openstack-containers14:26
*** guilhermesp has quit IRC14:27
*** guilhermesp has joined #openstack-containers14:27
*** sapd1 has joined #openstack-containers14:28
*** yankcrime has quit IRC14:29
tobias-urdinbrtknr: rocky release with kube_tag=v1.15.7,cloud_provider_tag=v1.15.0,ingress_controller=octavia14:29
tobias-urdinlabels14:29
brtknrtobias-urdin: great thanks]14:30
brtknrtobias-urdin: which rocky release?14:30
tobias-urdinkubectl in heat-container-agent for rocky-stable failed to apply some configs14:30
tobias-urdinlatest 7.2.0 iirc14:30
tobias-urdini.e kubectl v1.10.3 in heat-container-agent tag rocky-stable could not apply for k8s cluster with version v1.15.714:31
*** guilhermesp has quit IRC14:34
*** guilhermesp has joined #openstack-containers14:35
*** yankcrime has joined #openstack-containers14:38
*** guilhermesp has quit IRC14:38
*** guilhermesp has joined #openstack-containers14:38
brtknrtobias-urdin: ok i have updated the wiki, https://wiki.openstack.org/wiki/Magnum#Compatibility_Matrix14:39
*** guilhermesp has quit IRC14:39
brtknrthe most important bit is the heat container agent tag i think14:39
*** guilhermesp has joined #openstack-containers14:40
tobias-urdinbrtknr: another question, if we set cluster_user_trust to True in magnum.conf the trust ID will always be added14:57
tobias-urdinto the nodes, but there is no way to per cluster/per template override that behavior right?14:57
tobias-urdinso we'd need to introduce a label to not add credentials for a specific cluster/spawned from a specific template14:57
tobias-urdinhere https://github.com/openstack/magnum/blob/master/magnum/drivers/heat/template_def.py#L38214:57
brtknrno sorry,14:59
brtknrthe closest i think is cloud_provider_enabled=False14:59
brtknrbut I havent checked14:59
tobias-urdinyeah, i thought about that as well but that doesn't keep the credentials out of the node15:00
tobias-urdinafter reading through all code i can't find that having an impact anywhere on the installmed of the credentials file15:00
tobias-urdinin /etc/kubernetes/cloud-config15:00
*** ykarel is now known as ykarel|away15:06
*** KeithMnemonic has quit IRC15:13
*** sapd1 has quit IRC15:36
*** sapd1 has joined #openstack-containers15:49
*** udesale_ has quit IRC15:50
*** mgariepy has quit IRC16:36
*** mgariepy has joined #openstack-containers16:43
*** openstack has quit IRC17:49
*** openstack has joined #openstack-containers17:51
*** ChanServ sets mode: +o openstack17:51
flwang1brtknr: strigazi: around?18:31
brtknrflwang1: ill be on and off20:30
flwang1When network traffic is not encapsulated, all traffic must be open from workers to master nodes. For example, in my example DS, to curl HTTP from worker to master port 80 protocol TCP must be allowed.I am not sure if you (CERN does not have security groups) want traffic from workers to masters to be open. If conformance passes it should be ok.20:30
flwang1as for the comments you and strigazi discussed in the calico patch20:31
flwang1brtknr: i can't really get why a worker needs to access master node20:31
flwang1brtknr: technically, a worker node only needs to talk to the k8s api and other necessary ports, but not ANY port20:32
brtknrall pods in a daemonset should be able to talk to each other no?20:33
brtknresp in the same namespace20:33
brtknrthis problem doesnt exist in flannel20:33
brtknralso this problem did not exist before calico upgrade20:33
flwang1brtknr: you mean in a DS, from the pod on worker to a pod on master?20:34
brtknrflwang1: thats right20:36
flwang1do you have a sample yaml i can test?20:37
brtknrflwang1: strigazi has provided a link on  gerrit20:38
flwang1i can see it, he just provided a link to calico requirements20:39
flwang1brtknr: you said in the comments you can reproduce, how did you do?20:39
brtknri hit the same issue, master can reach worker port 80 but not the other way round20:40
brtknrflwang1: from the pods in the daemonset20:41
brtknrflwang1: https://gist.githubusercontent.com/strigazi/5e75559e2221d4b9e3f63f7b33c82c9b/raw/3ac84e9416403fd1b9981ff77184c5b8542b6409/debugging-daemonset.yaml20:42
flwang1brtknr: cool, i'm going to test it on our prod first to see if it's working on old calico version20:44
flwang1brtknr: seems there is no curl or wget in the httpd pod, what's the command you used to verify the connection to the pod on master?20:54
openstackgerritFeilong Wang proposed openstack/magnum master: Fix calico regression issue caused by default ipv4pool change  https://review.opendev.org/71509321:14
flwang1brtknr: never mind, i found there is a sidecar centos21:18
flwang1brtknr: i can reproduce it21:27
flwang1it works on 3.3.6 but not work on 3.13.121:28
*** rcernin has joined #openstack-containers22:25
openstackgerritFeilong Wang proposed openstack/magnum master: [k8s] Support updating k8s cluster health status  https://review.opendev.org/71038422:58
*** rcernin has quit IRC23:06
*** rcernin has joined #openstack-containers23:07
*** rcernin has quit IRC23:07
*** rcernin has joined #openstack-containers23:08
*** vishalmanchanda has quit IRC23:39
« Wednesday, 2020-03-25 Index Friday, 2020-03-27 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!