KubeVirt Community, 3 Mar 2021

Previous Meeting Next Meeting

⏯

youtube image

►

From YouTube: KubeVirt community meeting 2021-03-03

Description

KubeVirt community meeting 2021-03-03

A

Hello, everybody and welcome to the coobert weekly meeting, I'm your host chris caligari and let's begin, I posted the cooper weekly meeting agenda uh document into chat for those that don't have the link already saved and, of course you need to be a member of the cooper dev mailing list in order to edit it.

A

Otherwise it's read only access.

A

Okay, for starters, welcome everyone and uh I added a new, a new bullet point for new members to introduce themselves if they would like.

A

So right now is a good great opportunity for that.

A

Okay, nobody knew this week, then uh we will move on. um So I I have the first agenda. No uh bullet point here um just wanted to give everybody a friendly reminder about uh the github pages settings on repos and cooper.

A

We had a website uri breakage last thursday, and it took some time to figure out what happened. So, if you notice that setting is turned off, please leave that setting turned off.

A

Otherwise it will interfere with the main website. That's it.

A

And ryan halsey has the next agenda for the point.

B

Cool thanks chris okay, I'm going to show my screen.

B

Okay, I should be seeing my firefox one down with the meeting minutes, um so this is a continuation of last week. uh We'll take a few minutes um to continue the discussion. um The little bullet point out of this, so I added more details and to the design dock and for the bulk um api discussion and the design doc has linked in there all right so I'll switch over to it. um So I'm not going to go through all the details. um I filled out a number of things.

B

I kind of uh I attempted to mock just some of the apis just to like and then put some examples in just to kind of get an idea, um but if folks can read through that in their own time um and I'll probably what I'll do is I'll send this out in the mailing list too. Just so it gets far and wide and we can get some feedback that way. um So mainly what I want to discuss um is that I, um I briefly touched on last time kind of the implementation phases.

B

I guess if you will so like the I could I haven't listed here in the high level features and have six total, so two changes that I made since last time was. um I added um this called unique, um vm metadata, so this wasn't here before, and so the idea here that if I want to create 100 virtual machines um and then I want to add unique metadata to each of them um and the idea is kind of along the lines with um like.

B

I guess the example would be that if I had a um a secret that I wanted to get unique secret, I wanted to be distributed to each of the virtual machines and I kind of got the some um the like uh the inspiration for that when I looked at this from looking at cloud internet and so I'll go to the docs for kubert.

B

um I was looking at the reading through the content section and um there's this section at the bottom called future metadata. Server based data sources and kind of that. I I might understand kind of the problem here is that you have cloud in it that, and you have a lot of vms and you want to sort of dynamically populate the metadata of a cloud in it for all these virtual machines.

B

So you have a server, that's going to return the information so that you can um configure how these virtual machines run um so kind of like a similar problem space to what I'm getting at in that so um instead of having a server, I could essentially have um in this case, like I could sort of up front say like I want unique secrets or something I can just reference them and then those get populated to a large bulk number of virtual machines during creation so similar problem that I'm kind of looking at tackling.

B

So that's kind of the the example and that's the only one. I reference in the um the section that they talk about it, but I'll go to that in a second. um The second one is um detach so last time somebody become about to detach- and I think it actually kind of makes sense to be in its own phase, which I think it's sort of something that um has a lot of components to it.

B

So I separate it out, and each of these has their own section, where I go into details on on each of them, um but I want to focus just on the unique meta via mediative portion um and kind of feel questions, because I list this, oh and- and I should mention that so this is kind of an order how at least I at least from my use case, how I see them um in terms of priority.

B

What I care about, I think, the first two being I'd, say the most immediate and then these being the next two, probably in the medium term, and then these being sort of for my use case, sort of in the longer term.

B

uh So I'll move down here. So before I talk more about this.

B

C

um I get what you're wanting to do. I'm curious, if, like what's the tangible use case here, is it? Is it really for cloud in it? uh Is that what you're wanting to use it for? Is it the user data portion of cloud.net? You need a unique user data for each vm. What is it yeah.

B

Yeah, so it would be um providing like a token um or something or whatever to as part of the user data section of cloud.

C

And, what's being passed into that user data, like I don't need, specifics is more of it? Is it? um Is it something that's application specific that's being passed in or is it something more generic like ssh, keys or or things like that that need to be unique.

B

um uh Application.

C

Okay, so specific to your use case, it's not something! That's generic for for all virtual machines, meaning other people would have the exact same use case.

B

Yeah, if you so, it would be that if you had an application, if you it would be like, if you had some sort of application that needed application specific data, you could use this mechanism to pass this unique metadata in as part of cloud event. So how would the unique.

C

I'm trying to understand the workflow of how the unique metadata would be generated. How would you hook in to that to give each virtual machine as it's as it's being created um the unique bits something has to generate right.

B

Yeah, so so this is where I want to go at least with this is that is that the assumption would be an assumption would be made that um uh since you're, since there's a there's a template, a virtual machine there's will be a reference to a secret and the way that I kind of do it is. I have a label here um so in case um any secret with a label.

B

Will um that has this label will status as a that will be passed on to these virtual machines?

B

So I'm like exercising strict control over it could be the exact amount like 100 secrets, or there could be just 10 and and just my phone would just kind of like cycle through them, and I mean that would be error. So I I think it to me when I'm getting um the creation or of any sort of the unique metadata would be an external step.

C

Would the creation of the secret be part of the virtual machine pool controller or yeah.

B

No, it would exist, they would exist. uh That's what I'm saying yeah like they crits would have to be there. This, as that would be the assumption. um You have provided a c you're, providing you're referencing a label.

B

um The people would go out and take a look at the secrets that match this label and it will just distribute whatever it finds to the to. However, vm's that you want.

C

So it's just taking like a round robin approach to the ones that finds the secrets it finds that matches label. It's assigning one of them out of this um selection of secrets that match the label or.

B

Yeah yeah yeah, so it would be well. I would think it would be like a robin robin. I. I think um we don't want to do random just because we want uniqueness, so we would just kind of loop through the list um and and just keep allocating them until we run out of um secrets to allocate them. We just keep going. If there's still more virtual machines, then do the loop again.

C

That's interesting.

B

Does you? What do you think about the um um I guess, the the concept of sort of common? I call it kind of like I call here common overrides or something like distribute data. Is this something that you could be a common pattern? I mean you mentioned. Ssh keys um sounds like that, might also be an area that this could be used. It's not something. I specifically have an example for, but.

C

Yeah, so we distribute ssh keys via secrets as well, um but I'm not aware of a use case where you'd want like a pool that has um each maybe there's a use case for a pool, and you want a unique ssh key, that's stored in a secret. I I'm unsure. I was trying some more piece apart.

C

What the problem was that you're trying to solve whether it's application, specific something that's unique to your use case or if it's something that we can tackle more generically and it does sound like it's totally application specific um yeah. I've never even encountered this pattern before it's really interesting, I'm not sure what to think of it. Yet I'd have to okay yeah, even.

A

I don't have to give.

C

Us more thought.

A

I agree with you the ssh host keys, whereas my instantly, my first thought I'm seeing this uh this api bit and uh it's a huge problem and uh and scaled out infrastructures uh as easy as it sounds.

A

Another thing that I was thinking of was the authorization keys for ceph clients. That's another big problem.

B

So how would you, um how would you maybe talk a little bit more about that like? How would you just if you're, if you're, launching a lot of virtual machines, how would you normally distribute the authorizations for set clients.

A

uh I've only dealt with uh seven infrastructures around the dozen hosts or so, but uh I know there's um there's companies out there that are scaled out way more.

A

I could give examples, but I don't think I'm allowed to, um but for for ssh keys, it's every every infrastructure that has more than a handful of virtual machines goes through the goes through this problem.

A

I know one company in durham that has a thousand virtual machines and those ssh keys are just stored on a simple web server and they w-get them.

A

That's not a very secure method of handling keys and they were looking at a hsa product to uh to secure that which has its own set of problems to deal with.

B

Okay, so I guess like at a high level like what um to kind of like try and capture, um because I kind of I maybe I can do it with like a little bit of a contrast.

B

So um we in this with this, I guess feature- I talk about different vm profiles, so, like kind of overriding things like cpu mem disk there being sort of uniqueness between virtual machines, everything is going to sort of have its own override in some way and the contrast, this is the way to have sort of a something that will be um added everywhere, sort of an override, that's added everywhere.

B

um So it's essentially like a way of um of making it so that I don't have to say uh say have like. um Let's say I had 100 virtual machines and this in the different vm. um I wanted 10 with a certain skew amount 90 with another. This case would be. I would have to have 100 different overrides, because each one is going to be unique. It's sort of a way to like um pull all that.

A

From uh from a hierarchy perspective, I don't think that would be uh too bad of a of a thing to have if, uh if you've ever dealt with puppet, for instance their uh what is their their database called.

A

I forget now, since it's been a few years, they have a data source uh behind the the web, server, a puppet that that handles all of these unique bits of data and then passes them out to clients and it's just a key value file, and uh you end up with a hundred entries for ssh keys, and it's really not bad at all.

B

Yeah I mean I get like um part of part of like this as I can. I can see this this kind of feature um quickly becoming like its own dsl, almost and I'm afraid of that and, um like I.

D

B

I don't want to like like because, because to me once they start asking users to like, say we're to ask user to write all these unique things you know now you know what's to stop someone to say like. Oh I, why can't you support this too and it's kind of override and and like I don't know, I'm trying to like make like very clear barriers so that it's there isn't like sort of a language to define like it's just like okay, this is all or nothing, um here's what I want to do.

B

If I need to do anything specific um changes underneath you know, so there isn't sort of any like we're just sort of tweaking bits. Instead of having like um too much yaml being thrown around. You know, I'm just thinking like yeah, I'm sorry go ahead. Sorry.

C

I'm thinking about this a little further and I'm unsure. So what I would typically see is, if you're wanting to distribute something unique to a virtual machine. uh What I've seen a pattern. I've seen in the past is that every virtual machine gets the exact same um cloud in it and they would reach out to a service uh on first boot to retrieve whatever unique token or whatever they need.

C

uh So I'm nervous about using I'm apprehensive it's about using uh the infrastructure like the kubernetes infrastructure, to support this when it might be something that needs a service specific to your application. I'm I'm kind of torn between that.

B

Yeah I mean yeah, I think so. Yeah oh yeah, go ahead. Sorry.

D

I just wanted to say that uh I mean this is exactly what I wanted to to mention here, because you are talking about application, specific and anything generic, but we are managing in the project in flux, infrastructure of virtual machines. We are not trying to distribute things inside the vm, I mean unless it's something very related to the infrastructure. So so there are tools to do that, which you can you can use it like what david just said.

D

I think I think there is a separation between distribution of data to in towards the vm and and managing it in the sense of an infrastructure.

B

Yeah I mean, I guess part of it is because um kubernetes, uh because we can store things that are specific in secrets and we can distribute them that way. That's how um I looked at it as solving as something that we could do it using the infrastructure, but I mean like.

E

B

Earlier, like we, the metadata server like it's mentioned mentioned here, I think it's a similar problem space.

C

You can have the virtual machine even talk to the api. I mean. Maybe that crosses a boundary. uh I'm just gonna, throw it out for your use case. You can have the virtual machine actually talk to the api server retrieve a random secret.

B

Yeah uh yeah, I mean.

C

That makes me uncomfortable thinking about the fact that you, you cross the boundary the application being able to talk to the infrastructure.

E

You can forget that one it can be in a different ap or like an internal ap. For example, openstack has a metadata service for a very, very long time, and it's problematic there as well.

A

Well, it sounds like there's a lot more to debate here.

A

So um would you guys mind if uh you took the debate over to the mailing list, so we can move on with this meeting yeah? I think this is a very.

C

Specific topic ryan: would you mind making a mailing list post just about the unique metadata, and then I think, I'm probably going to follow up with trying to understand whether this can be solved reasonably with an external service or if this is something generic that belongs in cubert. So since it's so unique, that's like the thing that signaled to me that maybe it doesn't belong in kubert, but I'm trying to explore it a little bit further uh and make sure them right.

B

Okay, this time yeah, let's use the mailing list. Okay,.

A

Great thanks, ryan, perfect.

E

Yeah, thank you.

A

Feature uh sounds really neat. I can't wait to see it get developed.

A

um So that is the only bullet point we have in the agenda. um Do we have anything else for the agenda or the open floor.

A

Anybody anybody.

A

Okay, silence is golden. um Do we have any poll requests that are worthy of discussion.

A

No, do we have any bugs bugs that are worthy of this discussion.

F

Many many of them, um oh.

A

F

Let me share the screen, um can you see it.

A

Yes, we see it.

F

All right, so the the first one is from a watermelon brother um to have support for hotblock network interfaces, cpu and memory. I mean it's a huge list of huge features, but I I think we want to have support for all of these eventually.

C

Right, yeah, it's pretty so, but um I've heard that there's talk of making pods mutable at some point in the future. Is that still? um Okay? There's no discussion here. It's just a request: okay, yeah.

F

And he raises that uh he wants to join the comfort development team and how can we implement the health plug? So let's I mean if it were to treat this as any other rfe. I guess the first step would be to split this right and propose a solution on the mailing list and then get the discussion going.

D

It misses the the scenario because the usage of a pod with the hot plug it means that you need to know things in advance. You can so you need a scenario and if you can do mutable food right.

F

Yes, uh yeah I mean providing the scenarios before we get to the implementation uh makes sense. Okay, so um could you please plug this into a separate or if we paired each type of device.

F

Then provide specific, specific.

F

Use cases you want to use.

F

F

I'm sorry for my slow typing um and I will use our new label.

F

uh Needs information.

F

Yeah this issue is daring, but um why not.

F

Okay, moving forward.

F

Resize os volume that was uploaded using vertical image upload. um I went through this one. um The person uploaded an image that had 80 gigs and then they confirmed it has 80 gigabytes and the vm. Then they turned the vm off uh wrist tries to resize the pvc, but it wasn't reflected in the vm.

F

um Is this something we want to track under convert, or is this more of a cdi issue? I have no clue to be honest.

C

How did they do this? Can you dynamically increase a pvcs.

F

um So I added the pvc so like. Maybe I can just keep cutting edit.

C

Okay, I didn't know that was that's okay, that's interesting, so I wonder if all storage classes even support that.

A

That's that's curious, wouldn't we need to increase the size of the file system, also, it's kind of like increasing the a logical volume, but not increasing the file system, that's on top of the lv right.

A

So we need a libgast fs type function. There.

C

Yep, so it would be a workflow something uh it might even have to be, since it's it's a multiple step, workflow, it's increasing both the pvc uh size and then expanding the image inside of it, which can take different forms. um That seems like it belongs in cdi. It would be some sort of you declare. You want to expand this volume and a cdi controller would would then act on that begin. I I'm spitballing, I'm making that up as I go.

F

um I don't think we have anybody from storage on the go. Do we um so I will go forward and ask the person to open this on cdi. I guess.

F

F

um I should have responded to this.

F

Okay, so is it iso.

A

I would say virtual disk.

F

F

A

Let's see the file system within the virtual disk.

F

Yeah, um it belongs to cdi.

F

This is so lazy, good um issues solved.

F

Do we have a soothing label for this.

F

I don't know um how do we treat this.

F

I will add a label that it needs uh information just to wait for the person to respond, and then we can close it.

F

Okay, third, one vm boot failure on ubuntu.

F

I created the backup effects.

F

What happened here?

F

We don't have roman on the call great.

F

Failed due to an sc uh critical network error.

F

E

I think this is about us requesting essay linux to be present when we create the top devices. um There's a pr.

F

F

I see they had the the one with huge letters. um Okay, so I guess it's accepted thanks. Thank you.

F

All right, um then, we have this one. The ipv6 tests fail to reach out to an external ip address. um Eddie, do you want to comment on this? One.

D

This is a it's actually.

E

Not an issue now.

D

It was a problem that the bootstrap of the pro images were updated and the docker configuration was not in the right place, but that was fixed already.

D

So this this is.

E

Not a problem at the.

D

E

D

There was a pr that uh expelled it, but and it's.

E

Currently approved and it's going to get merged, but.

A

I'm not sure that.

D

We need it anyway,.

A

I didn't touch.

D

F

What's that attacking um so I mean so, is there an action item on this one, or can we close it? I'm not sure I follow.

D

I think we can close it. Yes, because.

A

E

D

Unless someone wants to add something else, it thinks that there is one. There is one thing that is still still open there that this this kind of test, that we are checking connectivity.

D

Sorry we are checking connectivity outside the test. Cluster is wrong, so we.

E

D

Something to to control it from outside, like inputting.

E

D

The reference ip or the domain from outside the test, but.

A

That's not, I don't think that's related.

D

To this specific issue now.

F

Okay, I will go forward and close. It.

F

F

How do you set up the default mount path of empty disk? uh Let me fix.

F

F

F

F

Oh, my chris, how much do you know about storage?

F

Are you an expert.

A

Oh, I'm not an expert.

A

I think I might be able to comment on that. uh Let's see it looks very basic.

A

So he has the disc there. We see it as slash dab, so it's there. He just needs to. He needs a file system on it.

A

He's not going to be able to mount that that disk until there's a file system.

F

So does this command sound like a reasonable solution.

A

Yes, uh cloud in it.

F

A

A good place to to put that.

F

Okay, thanks alex observation: uh could you please confirm that.

F

And yeah and then we can close it within a.

F

Week all right duplicate, log files generated in the temp.

F

F

F

Does it look like something that's inside the word launcher or handler.

F

F

Do we have a logging that saves the locks on the disk uh in any of the components, or are we just flashing all to std out? Anybody knows.

C

um My assumption was, we were flushing at the standard out, apparently we're not that this exists.

C

um Is this within the pod or is this on the host.

F

I mean it's um another user. Do we have anything, sounds like it in the book. I don't know.

E

This looks strange, that's what launcher or sorry the container itself was very much. I don't know.

C

But it's for apis logs.

A

C

I guess I can look real quick.

F

You're such a louse typer david, I.

C

Know I add mute, but then I'd have to switch tabs. I feel.

F

Sorry for the keyboard.

A

It seems, like everybody, has their own tone of key clicks. I've heard at least four now already in the.

F

Meeting I know I mean these are kind of huge.

F

How can we fit four gigabytes of blocks into the blood.

A

It it feels like there's some verbosity setting that was increased.

F

Here about even the error.

F

This but he claims it's duplicated and it looks like it because all the three levels have the same.

C

Size, I can't even exe c into our vert launcher pod. I mean our vert api pod anymore. Do we? We don't do we not have bash, and this is very surprising.

F

Okay, uh let's wait for him to answer, but I mean if we have duplicates, I will use her new accepted liable. I guess.

F

Okay, um let's see if they help us with this one.

F

We have couple of minutes left to this. One one. Pvc residue to volume is from a clone. Vm snapshot will create failed.

F

ah Anybody familiar with the oh: it's what what.

F

So they used the snapchat feature and uh created pvc had null as a value.

A

Also notice he's using a storage class rook and.

F

Seth, hmm I wonder how we, uh how comes we haven't catch this one, but.

F

This looks like we sound like we want to fix and they went ahead and debugged it as.

F

F

But the diff they share is from kubernetes not from.

F

F

um Do you know who was the one implementing the snapshot feature.

F

Can we use them here.

F

Was michael anybody knows.

B

Yeah michael worked on the snapchat snapshot, feature.

F

Awesome thanks ryan.

F

F

And I will bring him offline as.

F

F

I don't know which label to use.

F

I will fall back to need info and I think that we have over 20 minutes behind us now.

F

So thanks all for going through this, and I will stop sharing my screen.

A

Okay, thank you peter okay, and that concludes the bug scrub and if there is nothing else, then we can conclude this meeting.

A

Going once going twice: okay, I'm stopping recording now.