Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
Kubernetes / Cloud Provider Special Interest Group / 16 Mar 2022
Kubernetes / Cloud Provider Special Interest Group / 16 Mar 2022
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: SIG Cloud Provider 2022-03-16

Description

Agenda: https://docs.google.com/document/d/1OZE-ub-v6B8y-GuaWejL-vU_f9jsjBbrim4LtTfxssw/

* Leader migration update
* PRs to review before code freeze

A

Hello: everybody uh welcome to the sig cloud provider um meeting on wednesday march 16th. We will go ahead and get started. Please remember to abide by the cncf code of conduct.

A

And go ahead and add yourself to the attending list.

A

All right so we'll start with a bug, scrub and triage. I'm going to share my screen real, quick.

A

All right, it looks like we have just one issue.

A

Entry vsphere.

A

Persistent volume created using vsphere hangs in a pending state with no error message.

B

Shall I.

A

Accept this and assign it to, is it lubran.

B

Yeah lebron: do you know anything about this issue that we're looking at.

B

Sorry, sorry to put you on the spot and you just joined the call um sorry.

C

uh

B

Well, can we just assign it to you um and accept it.

C

Yeah I'll find corresponding csi principles.

C

Okay,.

A

Is it dash accepted or just triage space accepted.

A

uh Space.

A

And I don't know, I assume it's this.

C

Yeah second, one.

A

Cool all right, that was a pretty quick triage.

A

Go.

C

Ahead.

A

And go through subproject updates, um so for provider aws. um I don't have too much. I think we bumped um 122 uh our 122 release and uh made some progress on. We added some e to e tests. um Anything kishore for the load, balancer controller.

A

So I'm preparing for the 2.4.1 patch release. It should go.

C

Out in a day or two, there are some minor fixes in the load: balancer controller.

A

Got it.

A

Okay, oh, you can add the version there. If you want um asher, do you want to give an update.

D

um Sure yeah no major, updates or changes. I do have a couple of pr's we're trying to get through and I had talked to andrew sidekim about the second one he said: maybe take it to sig network. So I'm gonna talk to them about that. Hopefully, but question about that. First, one andrew. You added some comments.

D

Yesterday, uh I'm just kind of wondering. I know that we obviously aren't um you know getting this in right, the second or anything but like basically it looks like you're you're saying hey. Maybe we should take a totally different approach and like if we're, if we're trying to kind of I kind of want to yes and that like, if we're trying to solve an actual bug, do we wait for the optimal?

D

I don't know. Basically, I just want to hear your thoughts.

B

Yeah uh so.

B

uh I do think that so I don't think my suggestion was like a completely different approach. It was more like um let's do a bit of cleanup along the way. Okay, but so this is on the agenda for, like just general prs, we should review for code fees, so maybe oh.

D

Fantastic, let's talk about it then sorry, I didn't make it all the way down.

B

It worked, I added it like literally like 30 seconds ago, so oh.

D

Okay, fantastic, but then we're thinking the same thing all right, so I yield the floor back.

D

Cool.

A

All right, um gcp.

B

Yeah so um made some progress on the e2e test for a cubic credential provider. uh I kind of have to work around sort of it's on the review list below so we can talk about it more then. um I don't know if walter you had anything else to add.

B

No okay, so we're good.

A

Okay,.

C

Ibm yeah, we just finished our 124, bring up working with uh red hat on the 4.11 hippie work install with the cloud provider there and then we're doing some refactoring, our vpc load, balancer code, if you recall a while ago, talked about the open source for that we have kind of is broken into two bits and we're trying to refactor that to make it a little bit easier. I know andrew you had mentioned that um it would be nice to not have those two repos and that's what we're working on cleaning that up.

C

So that's it.

A

Cool uh bisphere.

C

uh We'll just release the one that when you see that too, but 191.2 for some bug fixes uh didn't make any progress on the e3 test. Yet.

A

Cool uh extraction, migration: um walter: do you want to go first.

E

Sorry I had to find the unmute button. um Yeah server network network proxy uh they've been a bunch of fixes in the last few weeks and we did put out a dot, 30 release uh and that that includes some fixes on the client library which goes into the cube api server. So I would recommend, if anyone's using the api server network proxy to make sure they pick up the dot 30 release.

E

Cool.

A

All right.

A

Should we move into the first agenda item here, which is.

A

Yeah, a leader migration update for each cloud provider.

C

Yeah so like I'm just trying to ping everybody to see if there's any new cloud provider have that have tested cloud native migration yet like we have, we have aws and gcp or dong already. So if there's any anybody, you know have tried.

A

It at.

C

Least, once please, let me know.

E

So might be actually valuable to be a little more directive. uh I think the big one that we are missing is azure, and so uh I don't know I mean I I know el mico was looking to help, but we had also been looking to try and reach out to bridget and since bridgette is on the call yeah.

D

uh El mico and I have an email thread. uh I just have had uh I've inconveniently scheduled vacation over the last couple of weeks. I've been in and out so I have no update on it because I have not been able to look through the stuff you sent me.

D

I hope to be able to buy the next meeting cool. Thank you.

B

And nick, can you remind me what the state of this for on the aws size.

A

Yeah, um so we are exercising it in eks, um like we've, pretty decently, well tested it.

A

Yeah, I guess uh it like we're gonna we're planning on using it um fairly soon, so um we have like internal tests using it. We just don't.

A

uh I haven't like updated the um cloud provider open source repo to do any like automatic installation of the config or anything like that yet or- um and we also don't have uh tests on that repo.

B

Gotcha, okay, so I think job here. I think the context is um like the v1 api update and the graduation coming up right like whether, if there's any, um if there are any issues or or api changes, we want to propose before we go. Ga 124 like now would be like the time to do that, uh so so.

C

Yeah.

B

I mean we still have two weeks, so maybe um so like the pr that you have up is is just the the v1 types right, but not right, so maybe like when there's a follow-up pr to bump the feature gate we can just huddle again and just make sure that we're all okay with the g graduation going into 124 and discuss it. Then.

C

Again, maybe closer to the countries.

D

Okay, quick question: has somebody put in a docs placeholder pr, because I know for a different not related to this uh thing that I have going into this release.

D

I got the reminders like hey, get your docs placeholder prn.

C

For leader migration, yes, uh the slight issue is that I I refer. I referred the v1 stable api in my new dock, but it is not really. It is not ready yet, which is kind of like a dependency loop.

C

Okay,.

C

Yeah, so neither is making progress like graduation and the dog.

A

Okay,.

A

um So.

A

Are there any blockers that we need to.

B

So sorry, nick, I have a question for you, um so you you might like you're testing it and you guess, but you you mentioned, the external cloud provider hasn't enabled the configs yet so like. How does that? How does that work like? Don't you need the external provider to have the migration config wired in.

A

Yeah.

B

We.

A

Have it I mean we have it on eks, like we have the config setup in eks121 clusters and we're adding or we're doing the migration in 122, uh which isn't out yet any chaos. um But what I meant was like. We haven't done that work in the.

A

Repository to make it easier for users to like you know, there's no, like example, config.

B

Or anything, gotcha, okay, thanks.

B

Yeah, I think, we're I think for gcp we're guilty of that too, like I know, um there's the the cops work that jelly did but, like we don't have anything in the all right. Maybe we do with cuba never mind. I take that back. I think we do.

A

Cool yeah yeah. I just need to add something, uh but I haven't got to yet.

A

All right, so I guess we can move on to the next one, which is appears to review before code freeze.

A

So we have uh cubic credential provider tests. We've got the v1 types that we were talking about before for the leader migration. We have um avoid updating services with stale specs.

D

This is that one we were talking about.

A

Go right got it.

B

Yeah so the context for my last uh or sorry, let me back up um so there seems to be a bug in the service controller.

B

um Where and service controller is one of those like controllers that, like the ownership, has hasn't always been clear like if it's network or cloud provider, because it's it's a controller that operates on service. But it's only for cloud providers like it's, not a generic kubernetes controller but anyways. There's a there's, a bug here where we're not updating um the internal cache and when I say cache, I mean service controller has its own like really simple, cache implementation of service that it populates from the actual controller cache, and the reason why it has.

B

That is because, when you delete a service.

B

You need, when you delete a service, it's immediately removed from the controller cache, so service controller has its own cache to preserve that service. That was deleted. So we can then do the delete operation, and that was before we added finalizers for server-side load balancers in like 1, 19 or 118, like that and there's.

C

A bug.

B

Where on update, we don't update the cache in service, and so if you did like an update to update ports or something like that, you would still continue to reconcile on stale spec and obviously that's problematic for obvious reasons.

B

um So this is fixing like the cash update, and I think my point was like we added the finalized support in 119 or 118, which means that we don't have to worry about um the service being deleted from the cache and not being able to do the delete operation, because we have the finalizer to block that. And so I think we can just do some cleanup here and just delete the service cache. The internal service cache and just use the controller cache directly.

B

But I do I do agree that, like oh, it is like a bit of extra work to do and like we are like two weeks out from code freeze. So maybe we just fix the bug and then do the cleanup after um I think I could like I think either we could like. I think I can be convinced like either way but wanted to hear what other people thought about.

B

About what we should do, uh leading up to code freeze.

D

You know I like the idea of fixing the bug. um I also would like to get the further improvements in that you're talking about I'm just kind of wondering if we can or should decouple them and what your thoughts are on that you know. So it's to not let the perfect be the enemy of the good, etcetera.

E

So I have a question for you andrew.

E

um It sounds like if we do the delete that the original problems having to do with with uh deleting the the services were probably somewhat subtle and subtle. Bugs worry me to when we get close to code. Freeze do we know if we have any tests, especially e to e tests that are specifically around why we have that additional cash.

B

Yeah, I'm I very certain I remember reviewing a pr for adding an ed test for this, for, like the finalizer like deleting a low bounce or finalizer, but I don't. I don't think like the bug. Is that subtle or like the behavior is not that subtle? It's just like we didn't have finalizers unbelievable. We just needed a way to keep that in memory.

E

No, no, I I grant that, but I mean you know like the the problems that I'm just trying to anticipate the problems that may occur if something goes, if there is still a value to having this cash that we haven't. Thought of you know things like this. I mean the obvious one is okay: the service didn't get cleaned up properly, but the more subtle ones may be.

E

You know we don't propagate the signal out properly and someone tries to use it or something like that where you know most of the time it may not even occur, and so my thought is just how confident are we that we have the tests to catch that kind of thing if we decide to go ahead with the cleanup before code freeze.

B

Yeah, I get your point and like it's gonna require a larger refactor of the code and that could create more subtle, bugs, I think, also just thinking about it more. If we did the refactor, it would also make it much harder to back pork. So maybe we maybe we should just do the the simple but ugly fix that's more back portable and then in 125.

B

We can do the cleanup. You know.

E

Well, the other thing is, I think: if we go that route, I think we should commit to doing the uh the refactor early so that we have a lot of bake time.

E

Yep.

B

Agreed.

D

Yeah, if we get the refactor in even like before kubecon eu and then there's plenty of time to find out if it's gonna bite us.

B

Yep sounds good. I will approve that pr.

C

This week,.

A

All right, I think it's this one, so we can take a note that.

A

So.

A

All right does that sound right, yep, cool.

A

I guess.

C

I'll just mention.

A

Yeah, I'm gonna have a pr as well. That's gonna need review and I'm hoping to have it uh probably thursday or friday this week, um which is for the.

C

What look what book sophia.

E

um You're also welcome to send me an early copy if you want nick- and I I am having a bunch of time reviewing this so just as soon as you got something. Let me know.

A

Yeah, I have some items for you like.

A

Where exactly some of the muck stuff should go and how much of the controller.

A

Infrastructure that we have right now we can reuse, I'm trying to reuse like almost all of it.

A

It might not work for everything, though so um yeah I I'll definitely reach out uh either. Maybe tomorrow morning set something up.

A

Or whenever you have free time tomorrow or uh friday,.

A

So it's not okay, walter, sorry.

E

Oh yeah no worries. Sorry, I did I've been giving you thumbs up and okay signals. So yeah, oh good, awesome.

A

Cool um anything else.

D

Anybody wants.

A

To bring up.

A

If not, I think we can have a little bit of time back.

B

Oh wait, no, I don't. I don't think we went through the other two pr's there.

D

Yeah sorry, we derailed on to the last pr you opened, which was the one that I wanted lots of discussion on, but we do have those other ones as well.

A

All right, let's get into them um so andrew at cubelet, credential provider, tess.

B

Yeah, I think this one might be a bit contentious like. I think I can see definitely arguments for why we wouldn't want this, but I made some decent progress on the adding some node e2e tests for the crunchwriter plugin um and, like ideally, I started with trying to um figure out a way to like incorporate the existing gcp plug-in, like the external gcp plug-in into um pre-submit. Somehow and like a dt, did a bunch of work as well on, like configuring, proud jobs and I think for for ga.

B

We definitely want, uh like our edw, proud jobs to be using the actual gcp creature provider plugin.

B

um But for beta I took a shortcut where I basically took like a bare bones: implementation of the gcp plugin, and I put it into the the gce cluster directory um and then I uh updated like the remote node e3 runner to like compile that binary and then configure the cubic credit provider. So we can run um a test for putting a private image with the cubelet credential providers.

B

Disabled and basically like the the bare bones plug-in that we're gonna keep inside the clutch directory is only for testing and also what's nice is that you can actually build the whole plugin only using like the standard, http client so like in the future. When we remove the cloud providers, it's not going to be an issue because it's like importing some like third-party sdk or something like that.

B

um So like the good news, is like the tests passed and it works um with, like with the disabled keyboard, creative fighters feature gate enabled as well, um but yeah like it's questionable. If you want it, it kind of feels like two steps: four one step back, because we're copying an entry plug-in in in the main kk repo.

B

That's a bit questionable.

A

Yeah, well, I definitely like that. You implemented it without using um the gcp sdk, which is impressive.

B

It wasn't the original plugin, that's like built into cubelet doesn't use it either. Oh really, okay, yeah! So it yeah.

B

And yeah right there, if you scroll up a bit where the cubelet flags are plumbed in right, so yeah like uh yeah, like we're explicitly setting and like this, is actually for all the node tests, which maybe we need to get that. But this is effectively disabling, like the aws azure gcp plugins in the cubelet, um to really make sure that we're not accidentally offing through the other mechanism.

E

Right so I have a sort of my one comment I will make, which is sort of related. uh I was chatting with stephen augustus a few days ago and I have already promised that I would send a a short, probably like a two-pager uh detailing what needs to happen for cloud provider and testing and release.

E

uh So I I a lot more of it will go into that email and I'll make sure to send it to both sig release and sync cloud provider.

E

But my general feeling is uh this is not making. This is not materially moving us in in a is not adding to the problem we already have. uh We are going to have to solve the uh the extraction problem for testing uh and I don't think this is really noticeably making that any more difficult and, in the meantime, it's giving us test coverage. We need.

A

Yeah, I agree with that. I think that we're testing the pieces that we want to be testing with this change sure we have a kind of ugly. uh You know cloud provider more additional cloud provider code but but, like walter said, we're testing what we actually want to be testing with this. So you know whatever.

B

Okay sounds good, so yeah, please review it and uh I think, with this gr merged. uh I think we're also good to go beta on this feature, because we also, I think the other requirement was like. We have at least two implementations out there, which I think we do um and then yeah we're going into ga we'll have a requirement.

B

I guess, like the the g criteria, would basically be um we can set the cubelet credential provider or disable cubelet feature gate um in basically like all the proud jobs which would necessitate like walter's effort around, like fixing that uh circular dependency around how we test with the gcp provider and whatnot. So I think it will be a good forcing function for ga.

B

Cool.

A

All right jared.

C

Yeah this one again so so if this was merged earlier, I can start testing earlier. So yes, a little bit just a nag. We already talked about that and if the decision, the decision is that we are going to merge this alongside without the graduation like flipping the fisher gate.

A

Okay, so you just need reviews basically.

C

Yep.

A

All right.

A

I can make this um bold and.

A

Red, so we'll definitely get all the reviews we need now.

A

um Cool any anything else.

B

Nope, I think we're good.

A

All right, thanks for coming everybody and I'll, see you in two weeks. Thanks.