Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
Kubernetes / Kubernetes AWS Provider Subproject / 1 Oct 2021
Kubernetes / Kubernetes AWS Provider Subproject / 1 Oct 2021
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: Kubernetes - AWS Provider - Meeting 20211001

Description

Recording of the AWS Provider subproject meeting held on 20211001

Discussed LKG Testing, review https://github.com/kubernetes/kubernetes/pull/105361

A

Okay, hello, everybody welcome to provider aws meeting. It is october 1st um this meeting is being recorded and please uh uh heed the cncf community guidelines and be respectful to others um relatively uh small agenda. Today, oh keisha, actually, I think you're adding to the uh octo the september 17th agenda. Oh sorry, my bad, no worries.

A

So I will just quickly jump into um the first item, which is uh lkg testing, so this is something that is coming from um sig cloud provider. It was proposed there and I just wanted to review it here. um I will try to summarize it, um although I'm not super familiar with it, so bear with me, but basically the problem statement is that um when moving out of tree for a cloud provider.

A

You come across the issue where uh changes in entry kubernetes um can now break cloud providers without a feedback loop um and potentially vice versa. So this kind of goes to address that and also to make it easier for developers. Let's say working on the the cloud provider code base, knowing whether or not uh a change was broken by something in the cloud provider itself or um something that changed upstream. So it's just.

A

I think it's a relatively common um sort of practice to do this with dependency projects, but you test against a last known, good version of your dependencies, so in this case kubernetes kubernetes, um and I think they will also be running um uh so that could be like pre-submits on the cloud provider repo, but there also will be periodic jobs running on kubernetes kubernetes, uh which will provide feedback in the other direction.

A

um So if something changes in kubernetes kubernetes will at least know uh with some delay that it broke one or more cloud providers, whether or not it probably won't be um blocking.

A

You know we won't block in the in the reverse direction: prs and kubernetes communities, but um with the pre submits running on the um individual cloud provider, repos those at the discretion of each cloud provider could be. um You know you could disable merges uh based on an inability to find a last known, good version because of of some change. Basically, so uh I don't know if my summary was any good, but um here's the doc um as of now we're on board with this.

A

This is how we we will do testing in the cloud provider. Aws repository um we'll take advantage of of the uh shared framework that um cloud provider sid cloudfrider comes up with so yeah. I don't think we need to go into more details than that, um but yeah. I just wanted to share the share the dock here and if anybody is interested in it, you can provide feedback on the doc.

B

Sure thanks, I have a question like do. We have a version, skew policy for cloud provider or how that versioning is going to work. Do.

A

We release instinct.

B

With.

A

Yeah like right now, um it's not super clearly defined, but um we release a new version of cloud provider with each version of kubernetes and we haven't published. A number of you know like what version is supported with what. So I think the implicit understanding is that for the external cloud provider, you would upgrade it to the they kind of share a minor version. So you know you upgrade to kubernetes 1 123.

A

Then you also upgrade your external cloud fire cloud provider component to the dot 23 version. If we want to do less work um and support more versions, I'm open to it. um But that's that's what we're doing right now.

B

Okay, I I was just thinking about it. Like the cloud provider, changes uh doesn't have to like keep up with the kubernetes right, because a lot of times it's going to be constant, because the sdks and all the things on the cloud provider side has a different cycle. So I was just thinking like a loud weather. It would make more sense to release with the kubernetes or have some independent release cycle for the cloud provider, because those are different repositories, so we don't have to tie them up to the kubernetes version.

B

That was what I was a little bit confused like while I was looking at it so yeah.

A

No, I mean it's it's a good point and um I think we should. We should consider that uh the the reason it is, what is the reason we're doing the the versioning with kubernetes right now is because that was sort of agreed upon as like the recommended way to do it in sick cloud provider. um But I I completely agree with the downsides there. It's. It is more work to keep up with uh the upstream repo when it's not completely necessary, but yeah um cool. So.

B

Something we can uh keep discussing further. Of course, I.

A

See I.

C

See a lot.

B

Of work there for us to move to the ccm right and also I was testing this pull request like I built from the master brands. So I do see the crowd rider warning like it's being deprecated, but it still works. So when do we plan like the switch over to ccm instead of kcm or aws,.

A

Also a good question, so um I think I mean I I don't know exactly what version it will be recommended. I think that's going to be when we decide that it's ready, um the the ver. You know it's not going to be forced on us for a few more versions, because we're still waiting for some upstream deprecations, like the api server, still has a need for cloud provider code because of the persistent volume labeler.

A

That's still in there.

C

Do we have a set of readiness criteria that we're targeting.

A

For aws, specifically or.

C

uh Well, you said, you know um yeah.

A

The sick cloud provider has all of the um dependencies tracked and there's a cap to remove the persistent volume labeler. um There's.

C

No, uh I'm sorry uh I was I I didn't state that clearly um so uh kishore had asked like um when we're gonna be feel comfortable. um Like saying you know it's ready or whatever uh do we have like a list of um sort of criteria, or you know that we're gonna be confident that the split out provider aws is ready for prime time.

A

Yeah, I do I do actually um internally, um so we should. We should actually add that to the to the public docs, but it it is summarized by all of the dependencies.

A

So you know it the um ccm specifically I mean that is one piece and that is close to being ready right. We, uh you know it, it essentially works. We just need to um finish the the testing that we're working on right now um and uh publish right now. The the container images are labeled alpha.

A

So, okay, as we have increased the testing, we need to essentially publicize. Okay, we're you know we're moving to beta now for these container images. um You know, let's try to get more users uh and then uh that's you know at some point. Move to ga is.

C

The uh the last known good testing uh gonna play a part in that.

A

So yeah.

C

I mean last known good uh alpha last known good, like.

A

So I I would.

A

A useful tool that we can take it advantage of in our testing, but it is not a requirement and separate from um you know, just getting our ede testing framework up and um and that kind of stuff.

C

Okay,.

B

uh And one more thing before we move on to the pr, so are we gonna, like uh sync up the code from provider aws to the legacy cloud provider uh in the mean in the interim, so that we can continue developing features on the provider side and we don't have to worry about the legacy provider or what would be the story for us like, while the entry provider is still allowed, because right now like we are in a state where we don't allow changing anything in the legacy cloud provider?

B

But then there are like certain things we want to modify or we want to continue to evolve. But that is what is uh kind of in a limbo right now. So we need to work out that story as well.

A

Yeah, I I agree. um Currently I think just you know when I I I will. I will defer to the upstream timeline for removing that code, um which is uh again reliant on the dependencies. So um you know we can't remove the entry cloud provider until we've deprecated the persistent volume labeler, um and that is, is waiting on this. This kept to build out a replacement for it.

A

Basically, so I I think that's the the longest tail, um there's cubelet image, credential provider, which is, uh I believe, beta now so that's moving along well and then you know ccm uh is, is making progress so as soon as all those upstream dependencies are removed, then the upstream code will be removed, but I don't think we're going to do it earlier than upstream requires. I guess.

B

Because I remember like hearing from the gcp guys where they couldn't remove it completely, so they want, they did mention uh something to that line. So we.

A

Should also like uh talking about how they wanted to include the dependency back in.

B

Yeah something similar I mean we definitely don't want to stick out head of course, but then uh what it feels like to me is like it's gonna take some time right. It's not gonna happen immediately over one release, or so so we want to be content like uh con. We want to continue to develop features and fixes uh in the meantime as well. So we want to find out a balance like find. The legacy provider is uh now deprecated.

B

That's a welcome thing, but then now we want to see how we can actively develop, contribute and then include that in the provider so like something to that effect. We need to work out.

A

um Yeah does.

B

It make sense.

A

Sort of I like I agree, I mean features- are already deprecated in you know: we're not merging features in the legacy uh provider, um so they will diverge more and more until the the legacy provider is finally removed. um I think, but I agree you know it's. It's just going to get harder and harder to cherry pick stuff uh back and forth between them, so get it done the better.

C

Were you asking whether uh whether we can continue to merge new code into legacy cloud providers aws, along with the split out cloud provider, aws.

B

So I think that would be difficult to maintain what I was thinking around. More was like whether we have a mechanism to use a ccm like the cloud provider aws as entry, something to that effect. So we only have one place to develop, but then we get the features so that entry deprecation can take its own time and when they replicate we are ready so that that was what I was getting at more yeah.

A

Because clearly,.

B

Like we stopped the development on this legacy provider that clearly doesn't work in our favor right, because now we gonna tell the customers. Okay, these features won't be there or these features won't be there. uh So that is what will be difficult for us to maintain.

A

Yeah, it's kind of a uh it's leverage to um get people to move to the out of tree provider. uh So yeah google had the same want and after a discussion and said cloud provider they eventually um they were sort of denied uh and.

C

Couldn't we make a a rule that everything has to go into uh ccm cloud provider aws first and then only uh in.

B

Certain situations.

C

Be potentially cherry picked back into the legacy cloud provider.

A

Yeah, that's I mean that's basically what it is now except okay, it's only bug fixes that are allowed so.

C

So like this pull request, 105 361 is adding support for multi-protocol, but into the legacy cloud provider right.

B

Nice, so so yeah we can go into that when we uh uh review it. So I.

C

Mean I mean it's a good: it's a good segue into this. The next topic right.

B

um Sure sure yeah yeah, let's bring that up as well. So yeah, that's where the dilemma comes in right. So I'm going to explain you my dilemma there so yeah.

C

Totally I I mean I was looking at pr and thinking this is your dilemma right. It's like of.

B

Course so here's the thing yeah, so this feature gate will be enabled like we plan to enable this mix protocol lb service in 123.. So what happens is after this is enabled uh kubernetes will no longer validate that the protocols are the same. So far until now, kubernetes had been validating that all ports are either tcp or all ports are either udp. No mix support is available and the way that entry cloud provide entry controller code is built in right. Now it assumes that validation will be there.

B

So that's what like most of the code is built in, so we do have udp support for nlp, but then, after this uh feature, gate is enabled that code has to be refactored. It doesn't work, as is because the assumptions that were made earlier is no longer valid. So so I had two options: one was like: okay go refactor, the whole thing make the udp work in mix protocol with tcp, and there was one option, but then this is the legacy code where we don't want to offer like lot of features right.

B

So that's where things come in and then what I end up doing was uh just move the validation to the aws provider code. That way, if there are services with mixed protocol, we'll reject them will not provision any load balancer. So what that will do is whatever that exists. Right now will continue to work in the entry without significant changes.

B

So this is the first step that I wanted to pursue and after this change goes in depending on like if we have time resources- and we want to take the changes we can make further fixes in the entry like during 123 or 124, then the urgency is not there right. Then we don't block every other cloud provider like this feature. Gate can go in and we have our own schedule and time to uh support this.

A

And make further fixes.

B

And, did you mean.

A

Out of tree.

B

uh So further fixes, like uh yeah, we're not going to do entry because it's legacy right, so we can do in the cloud controller manager so that that's where the thinking goes and- and I'm always split like so far, my development I've been using entry. I have to build the whole thing from master and test and all that. So if we, uh if we want to go to the ccm route, then that's where we need to switch as well like the primary development mechanism.

B

So I I need to do that as well, of course, uh and that's where we should push.

A

Yeah makes sense.

C

So um kishore you'll have to forgive me if I don't uh know the the details of this. So that's why I'm asking you these questions, but um from looking at the the pr? um It's really just it's. um It's making a change into the legacy cloud provider aws to prevent any service of type load, balancer with multiple ports right with mixed with mixed ports. um Are you saying that the upstream or upstream, the kubernetes api server is no longer going to be validating that and it's basically.

B

It's no longer that decision.

C

To the cloud provider, okay, correct, um and so what this pr is doing is just for the legacy cloud provider aws. It's saying: okay, let's just deny it for the legacy cloud provider stuff and then ccm the broken out provider. Aws then we'll enable it uh as needed.

B

Correct and we can do more fixes in there and also we already offer like nlp through aws load, balancer controller and there we already support, mix protocol just fine with limitations, but we definitely support that. So we have a solution for the customers who want to use this. So that is the reason why I'm I decided not to invest more time to fix the legacy cloud provider.

C

Makes sense to me.

A

Yeah, I'm wondering.

A

If we should just I mean yeah, we can definitely merge this here uh and I think this should. This obviously has to go entry. The other option is, if we can do it in time, we merge this entry only and then um invest the time which you know if we have it to uh allow an lb with with mixed protocol on the ccm.

B

uh We can do that, but what happens is like as soon as this feature gate is enabled, uh then the ccm will be broken for that feature right. So that is what I wanted to avoid. So this has to be a stepping stone and we built on top of this. So, okay, we are always offering like something that is stable to the customers right. We knowingly. We can't uh have things that break so that that's the reason I was pushing it.

A

Yeah yeah now.

B

That makes.

A

Sense: okay, cool.

A

Well, that was a pretty quick agenda. Does anybody have anything else that they wanted to talk about.

B

I'm good from my side. So if you put your comment, I will reach out to andrew or whoever has the permission to merge this pr.

A

Okay sounds good yeah thank.

C

You I'll comment on it. um No, I don't have anything else, uh and actually I have a heart stop anyway. Sorry.

A

But I guess all right: well, thanks everybody for coming um and oh uh next meeting will be uh probably canceled because of kubecon, um but maybe you know if anybody's in la I will be there. um We can have an informal lunch or something like that.

C

I'll be there in spirit.

A

Awesome all right, so next meeting will be at the end of october, see everybody.

B

There yeah bye, bye, have a great rest of the day and great weekend. Bye, yeah.

A

You too,.