Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
Kubernetes / SIG Cluster Lifecycle / 22 Feb 2021
Kubernetes / SIG Cluster Lifecycle / 22 Feb 2021
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: SIG Cluster Lifecycle - Cluster API Provider AWS Office Hours - 20210222

Description

SIG Cluster Lifecycle - Cluster API Provider AWS Office Hours - 20210222

A

Hi this is the um cluster api provider aws meeting of the 22nd february. 2021, uh please be aware: we're binding by the cncf code of conduct uh sprawling is be excellent to each other. um Go put your name in the attending you haven't already, I don't know, go through the first one is psas. Fargate adr has been accepted, rich.

B

uh Yeah I was uh mike, was potentially gonna join, but um he's obviously not joining, um so he uh he is implementing the fargate support in the kappa site, earthquake in the uk side of the provider.

B

uh So we had some discussions about how to represent that um from a resource kind point of view. uh Initially, we thought yeah, let's try and make it like a a different type of machine pool, um but when he even started to look at it, he realized that you know some of the properties on the machine. Ball, don't map and it doesn't naturally map to the uh to the filegate profile. So um has some input from david and cecile uh from an aks point of view, with their azure container instances.

B

So uh we we adopted a similar approach, but uh they they map it to a sort of like a eventual node. Don't they one machine, whereas whereas this doesn't map, but we've got our own um resource kind, it doesn't there's no cappy upstream or alternative equivalent, sorry, so he so we yeah. We have uh decided that and that's enough to be able to look at um he's, actually mike's actually been implementing it um and he's pretty close to getting that done as well.

A

All right cool is there all right cool uh I get I take it. You need approval from me, then. Is that right.

B

uh We we thought we sort of decided. Is it between us.

A

But.

B

Yeah, it would be good to get uh I I guess just um before we merge it. I I guess before it gets that far just in case that you you know, there's something you really really really disagree with, because it might be.

A

And correct me: if I'm wrong is it, the difference is like azure are trading there, one like almost as if it is another vm, they can run multiple.

C

Pods.

A

But the fargate one is very much the single pod single instance right like right, yeah same as the vsphere yeah.

B

Yeah, well, that might might say strangely enough. Actually, if you do, you know I get notes, it does appear as a node, uh but yeah you don't interact with it on a node node level, which is yeah, it's an implementation detail. Isn't it.

A

Yeah tied up with the virtual cubelet stuff there, history is interesting.

B

But I'm.

A

I'm sure sure you're aware of some of that some of the stuff around that and we could take that we can talk about that offline, yeah, cool kind of interesting story, um all right. Let's go over the action items, I still not open the issue for the amicid. That's still on me, uh eks e2e, test failures.

A

Let's still.

B

Hold someone going coming.

A

Flat yeah.

B

To be honest, I uh I I got a bit distracted by adding some new functionality, so I do need to go back and and carry on with that.

A

All right do we have issues for each is it? Is it like completely random, or is it consistently? Certain ones are failing.

B

uh For my testing it seems uh it consistently failed or unable both for the the main tests, the main suites, um but it would fail at different points within that then, so it always seemed slightly random to me but yeah. I just don't know for this.

A

Fair enough, um do you want to take the next one is controlling the refactor for eks.

B

Yeah, uh I guess this is driven by, I guess the capital, the other day about the release date for v1 alpha four and the two week, freeze and stuff like that, and when I've been implementing the um adopting a odc provider or associated the no adc provider for authentication and adding it to the control plane types, it's made me realize that sort of needs a refactor to be sort of just growing a bit organically. I guess- um and you know things like you know: do we put the authentication stuff? Do we structure it?

B

So then under authentication we have the. I am uh related configuration and then the oidc related configurations to make it a bit nicer or so yeah. The question was on: how long do we have to make those type of changes uh for v1 alpha 4 and um the other one was about paralyzing the updates, but.

A

Yeah, I guess we should adopt the same sort of release approach. Probably possibly um um I mean proposals are doing today. I'm definitely trying to get some in today. Obviously, that's not. We can't just announce it well. Can you find a proposal in the next minus two hours? Please that's um so maybe we should.

A

uh Next, by next meeting, I guess, if you open a pr for what you want, the shape of that to look like yeah.

B

I guess if we follow the same same so about that means like beginning of april, can be no more changes. Yeah.

A

I think we can follow a bit behind like because you know we need to do that. Make sure the integration piece is a bit is together, we're always going to lag slightly cool, but um so I think that's kind of fine ish. um um It might be worth having a chat with uh harish from our side, see.

A

If there's like any desires, um we will need to take care of like upgrades as well like how to like do web conversion red books make sure if we're doing any large restructuring that adoption works because um they are building product on it.

D

Okay, be good to.

B

Do that um so actually for that, then.

A

Yeah cool and they will also have a very good like idea about what what kind of like conditions then status. Stuff they'll want exposed um because they'll be consuming that downstream and sort of trying to expose that in like uis and stuff. So yeah they'll have a good feel of like what they need to know about the state of the cluster and stuff, so they will have some good feedback. I think.

B

Yeah.

B

We weren't setting conditions for when we did things like uh upgrading the the version, and you know it stayed in the ready state as well. um So so mike actually put a change in that when it's upgrading you know there is an upgrading conditions that indicates that so hopefully that should satisfy that one scenario for them as.

A

Well, yeah: they were really good for finding out problems like where we were lacking conditions elsewhere for all of the providers. So they've been pretty helpful for that, just because they've been using it.

C

In anger,.

A

um Just saying set f added something fixed e to e multiple clusters test.

C

Yeah, I just noticed that it is failing constantly, so I'm gonna take a look at it. Oh.

A

Okay, oh uh you're, gonna, all right: okay, cool uh yeah, put it down at the bottom.

A

The action items at the top are the ones from last meeting: oh okay, yeah. So um all right. Next one developer guidance around aws, sdk enums, oh no, skipton.

B

Again, when I was doing the oadc stuff, there's a bunch of enums around, you know, update types and update status, um previously we've sort of replicated those our own versions of those into into kappa uh things like easter, instant state and stuff. Like that. So I was wondering what the guidance, if there is any guidance around whether we replicate those. So we don't automatically inherit and expose.

B

You know aws e-number types or does it matter if it's used for the spec and the status and only.

A

Yeah so.

A

Yeah, so again it's it's like it's like people like harry. She were like consuming them. You don't really you don't want to directly expose the aws types to them so that they, if someone's, writing a controller. That's nippling cluster api resources, they're not sort of having to import that aws sdk.

A

um So that that's the reason I should probably put an adr around that shouldn't. We um yeah.

B

Let's grab it.

A

um Yeah, that's the only reason we did similar stuff in core cluster api around hiding in xcd types in qradium control plane. So so it's like a pin layer. So you don't constantly import xcd just to see the condition of the control plane.

B

I thought that would be the answer, but um yeah. I just wanted to check yeah.

B

As well, isn't it uh really again, this is all related to this work. Where um so we're adding this provider association in there it has no weight function in the sdk, so at the moment most of the controllers will take an action and then they'll call the uh sdk wait functions and then literally, wait to that point um within the console loop.

B

So it sort on the back of a comment we made about. um So I said I was going to like re-cue and then it will come back. um It's just whether we should write a adr and stuff like that. As a guidance, the req is always preferable, etc.

A

Yeah so you'll actually find um in the proposals directory right from the early days of the project, there's already like a ancient guidance, but we didn't do it because at the time.

A

In 2018, a lot of the apis didn't support the item potency token. They do now yeah, um so yeah. We will need like a if we go along the wiki rate, re-cue stuff we will have to so. I think what happens now is. If you don't provide a item potency id every time you make sd call, it's gonna just generate a new one internally and use it for the internal retry behavior, but we also want it for the complete re-cue operation as well.

A

So we will need a way to track item principle like tokens. I guess for operations, yeah.

A

And we need to decide whether it should go on the status inspect, given the um requirements around pivoting and restoring date. uh If the item points.

A

That's interesting seo yeah.

A

Still need some thought, maybe.

B

Yeah yeah, I thought I could use uh they've they've got this updates api as well, so you can get some updates or in progress for eks cluster. Okay,.

C

Which is yeah really.

B

Really quite handy but but they've butchered the api, so you get a list of update ids. So that's one request and then you have to loop around that and make another request to get the details of that update. So there's no way so it's like you have to do. 20 calls. If you just want to get. You know the status of 20 updates and you can't filter and then you cut you have to.

B

You have to do separate calls for the updates for the control, plane, node groups and add-ons. So there's no one like get me all of the updates, which is.

A

Yeah: okay, crazy.

B

But yeah that would be an idea on this type of scenario, but as well.

A

Yeah, so we we need to, and also I don't know if the eks api support item button, currency tokens won't deduct just ec2 and like yeah. I think we need to do some research, yeah.

B

That's the same thing as the is it the client request id or whatever. It's called not sure it might be. Yeah.

D

Yeah.

A

I.

D

Don't.

A

Know, let's find out and I'll find out for.

A

I'm gonna make item fancy for I'll I'll, have a look for both I'll have a little I'll do I'll find out what we can do, because I need to learn the care stuff anyway. So all right final, one yeah uh on multi-tenancy.

C

Yes, so uh we we need, so we have a new type for uh giving authorization to use controller credentials, and we need that instance to be created for the existing clusters when we bump to a version that supports multi-tenancy.

C

So initially we thought to add this uh into infrastructure.tml so that we don't ask users to create that new um instance. But then, since this is a new type, um we we actually can't create it in the infrastructure, remote at the same time of cr, creating the crd itself and creating an instance of it. So we have two options: now we can either bump uh the version that supports multi-tenancy to zero seven 0, or we can put this multi-tenancy feature behind a feature gate. So what would be preferable to you.

C

Guys.

A

I'm tempted to say we bumped the version v7 and make me one alpha. Four v08.

C

I mean I I I also would prefer to bump it, because a multi-sensor is a feature that that is that might be used widely, and it will be difficult to put it behind the future gate than um like graduated to full feature. I mean it, it will be unnecessary work.

A

Yeah and it's it's such a major change and there's security, impacting I feel putting a conditional around. It feels dodgy.

A

um It's big enough that, like eks, it makes sense to announce as a big new thing.

B

Sorry, rich, so it's because you've done the the diversion bump. That means the release, notes. You'd, have uh something saying create this uh instance of this crd yeah yeah, yeah yeah like say it's exactly what we did for eks. Wasn't it when we had the the manual instructions about how to enable the provider.

A

The only only theoretical issue with this is that we are making a breaking change within everyone out for free series kind of.

A

We could change, we could start going ahead of well. I don't know.

B

So the problem, the problem is something you need you need. The kind to already exist to create then create the the instance.

A

Yeah, you need web hooks running right, so you can't. So if you apply an infrastructure components, it just errors, because it's no, it's not ready yet yeah.

B

You can't do over two releases, so get the the kind kinds in there and one release.

B

Actually that's an idea. Isn't.

A

It could do it that way.

B

So, thank you.

B

There you go.

D

No, no.

A

You go ahead.

B

I was just saying: could you just do it in two releases where in the first release you deploy the kind um and then in the next release you actually create that that required instance of some kind.

B

It's just like a little he's planning a bit. Isn't it? I guess.

C

But then we we shouldn't, allow pumping from the one version to another without first upgrading to the one that.

B

That's true yeah people.

C

Are requirement.

B

Yeah, that's quite a point.

B

But yeah so yeah yeah.

B

Yeah that wouldn't work, because if some people went from the current version straight to the new one and the kind of exists with it.

A

Yeah see that or is it maybe it is a feature gate like a lot of the eks stuff and still also have a v7 v07, so it's both new and future gated. I don't like the feature game security stuff though, but maybe there isn't a there. Isn't there same answer yeah.

C

Or in the controller for 0.3 releases we can I mean we can just create the instance in the controller it will be hacky, but I mean nothing will be changed. Behavioral change won't exist and when we upgrade to zero for zero releases, uh we will remove that creation.

A

Yeah, okay, yeah. Maybe then um do the hacky creation and controller and feature gate that so as I'll add a flag to disable it that you can disable the hacky creation. So someone could deploy secure by default control everything manually, but by default for this series we we do it for you and then the next release. We go no sort yourself out. Do it properly.

D

Yeah, that's what I guess that works.

A

Does that work for you.

A

Yes,.

A

All right, okay, cool, um that's the end of the agenda. Is there anything else.

B

No, do we need a adr for that decision,.

A

um I think sid f can just update the existing proposal, like the.

C

Entire.

A

Multi-Tenancy proposal very cool.

B

Just.

A

Had some folk could join as well? Just noted um we've come to the end of our agenda. Folks, uh xiao noana um is anything you'd like to bring up.

D

No, I just I want to meet you guys. Okay,.

A

Sorry um all right! Well, that's the end of the meeting. um All right, um we'll see you all in two weeks. I will add a final action item that I need to upload last couple of videos.

A

All right see you all uh in two weeks.

B

Bye.