)]}'
{"reference/projects.yaml":[{"author":{"_account_id":4257,"name":"Zane Bitter","email":"zbitter@redhat.com","username":"zaneb"},"change_message_id":"3d7dcccd19a2d163a12a4a0d4c5af42c448333ae","unresolved":false,"context_lines":[{"line_number":784,"context_line":"      repos:"},{"line_number":785,"context_line":"        - openstack/kuryr"},{"line_number":786,"context_line":"      tags:"},{"line_number":787,"context_line":"        - starter-kit:kubernetes-in-virt"},{"line_number":788,"context_line":"    kuryr-libnetwork:"},{"line_number":789,"context_line":"      repos:"},{"line_number":790,"context_line":"        - openstack/kuryr-libnetwork"}],"source_content_type":"text/x-yaml","patch_set":4,"id":"bf51134e_dcf04f00","line":787,"updated":"2020-06-24 01:11:06.000000000","message":"This should be on the kuryr-kubernetes deliverable.\n\nHowever, I guess it\u0027s an open question whether this should have a tag at all, given that AIUI it runs purely on the k8s side. The main thing for a starter kit is to tell users what they need to install on the OpenStack side. But there is value in highlighting the usefulness of the project (maybe we would do the same for cloud-provider-openstack if it were an official OpenStack project?).","commit_id":"6debbd218dc73d4800b481694401deba5567be8d"},{"author":{"_account_id":11600,"name":"Michał Dulko","email":"michal.dulko@gmail.com","username":"dulek"},"change_message_id":"a8ee60203882179c26cf601bb9d3a864c12a7555","unresolved":false,"context_lines":[{"line_number":784,"context_line":"      repos:"},{"line_number":785,"context_line":"        - openstack/kuryr"},{"line_number":786,"context_line":"      tags:"},{"line_number":787,"context_line":"        - starter-kit:kubernetes-in-virt"},{"line_number":788,"context_line":"    kuryr-libnetwork:"},{"line_number":789,"context_line":"      repos:"},{"line_number":790,"context_line":"        - openstack/kuryr-libnetwork"}],"source_content_type":"text/x-yaml","patch_set":4,"id":"bf51134e_5368a51b","line":787,"in_reply_to":"bf51134e_dcf04f00","updated":"2020-06-24 13:10:13.000000000","message":"Ah, that\u0027s true, the fun fact about kuryr-kubernetes is that in regular use case it\u0027s not installed on OpenStack side, but on the K8s cluster. OpenStack just needs to fulfill all the requirements - trunk ports enabled in Neutron, access to Octavia.","commit_id":"6debbd218dc73d4800b481694401deba5567be8d"},{"author":{"_account_id":4257,"name":"Zane Bitter","email":"zbitter@redhat.com","username":"zaneb"},"change_message_id":"9c085748471981ae9e4518084360284b5c650e2f","unresolved":false,"context_lines":[{"line_number":790,"context_line":"      repos:"},{"line_number":791,"context_line":"        - openstack/kuryr-kubernetes"},{"line_number":792,"context_line":"      tags:"},{"line_number":793,"context_line":"        - starter-kit:kubernetes-in-virt"},{"line_number":794,"context_line":"    kuryr-tempest-plugin:"},{"line_number":795,"context_line":"      repos:"},{"line_number":796,"context_line":"        - openstack/kuryr-tempest-plugin"}],"source_content_type":"text/x-yaml","patch_set":5,"id":"bf51134e_22e4b93b","line":793,"updated":"2020-06-24 16:14:09.000000000","message":"I\u0027ve left this in for now on the grounds that we might want to include it in any integrated testing program. But I could just as easily see us leaving it out on the grounds that it\u0027s not something the cloud *operator* needs to worry about (in principle, anyway).","commit_id":"4a452b451dec01f527c8681363c55398e35873c9"}],"reference/tags/starter-kit_kubernetes-in-virt.rst":[{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"bc830544c767d828b3f71421800c2761a4e89432","unresolved":false,"context_lines":[{"line_number":71,"context_line":"from anything but an underlying cloud --- via the `Octavia Ingress Controller`_"},{"line_number":72,"context_line":""},{"line_number":73,"context_line":"For OpenStack clouds using the `OVN \u003chttps://www.ovn.org/\u003e`_ backend for"},{"line_number":74,"context_line":"Neutron, Octavia\u0027s `OVN backend"},{"line_number":75,"context_line":"\u003chttps://docs.openstack.org/networking-ovn/latest/admin/loadbalancer.html\u003e` is"},{"line_number":76,"context_line":"also useful to provide load balancing for internal Services of type"},{"line_number":77,"context_line":"``LoadBalancer``. This functionality is available through the `OpenStack Cloud"}],"source_content_type":"text/x-rst","patch_set":2,"id":"bf51134e_551d9e64","line":74,"range":{"start_line":74,"start_character":9,"end_line":74,"end_character":31},"updated":"2020-06-17 21:02:45.000000000","message":"nit: Just to clarify terminology, \"Neutron\u0027s OVN provider driver for Octavia\".","commit_id":"2da44dca151a42db65547ae7a2102f42f4c6aae4"},{"author":{"_account_id":6469,"name":"Carlos Gonçalves","display_name":"Carlos Goncalves","email":"cgoncalves@redhat.com","username":"cgoncalves"},"change_message_id":"b1887583f8c76b40467a9b87bffe9436b2d19843","unresolved":false,"context_lines":[{"line_number":72,"context_line":""},{"line_number":73,"context_line":"For OpenStack clouds using the `OVN \u003chttps://www.ovn.org/\u003e`_ backend for"},{"line_number":74,"context_line":"Neutron, Octavia\u0027s `OVN backend"},{"line_number":75,"context_line":"\u003chttps://docs.openstack.org/networking-ovn/latest/admin/loadbalancer.html\u003e` is"},{"line_number":76,"context_line":"also useful to provide load balancing for internal Services of type"},{"line_number":77,"context_line":"``LoadBalancer``. This functionality is available through the `OpenStack Cloud"},{"line_number":78,"context_line":"Controller Load Balancer module`_. (Other Octavia backends can also be used in"}],"source_content_type":"text/x-rst","patch_set":2,"id":"bf51134e_9a31250f","line":75,"range":{"start_line":75,"start_character":1,"end_line":75,"end_character":73},"updated":"2020-06-17 20:49:18.000000000","message":"https://docs.openstack.org/ovn-octavia-provider/latest/admin/driver.html","commit_id":"2da44dca151a42db65547ae7a2102f42f4c6aae4"},{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"bc830544c767d828b3f71421800c2761a4e89432","unresolved":false,"context_lines":[{"line_number":72,"context_line":""},{"line_number":73,"context_line":"For OpenStack clouds using the `OVN \u003chttps://www.ovn.org/\u003e`_ backend for"},{"line_number":74,"context_line":"Neutron, Octavia\u0027s `OVN backend"},{"line_number":75,"context_line":"\u003chttps://docs.openstack.org/networking-ovn/latest/admin/loadbalancer.html\u003e` is"},{"line_number":76,"context_line":"also useful to provide load balancing for internal Services of type"},{"line_number":77,"context_line":"``LoadBalancer``. This functionality is available through the `OpenStack Cloud"},{"line_number":78,"context_line":"Controller Load Balancer module`_. (Other Octavia backends can also be used in"}],"source_content_type":"text/x-rst","patch_set":2,"id":"bf51134e_1541663a","line":75,"range":{"start_line":75,"start_character":1,"end_line":75,"end_character":73},"in_reply_to":"bf51134e_9a31250f","updated":"2020-06-17 21:02:45.000000000","message":"+1","commit_id":"2da44dca151a42db65547ae7a2102f42f4c6aae4"},{"author":{"_account_id":4257,"name":"Zane Bitter","email":"zbitter@redhat.com","username":"zaneb"},"change_message_id":"748268af8c9abdd1456336e6afaca527164d68ee","unresolved":false,"context_lines":[{"line_number":72,"context_line":""},{"line_number":73,"context_line":"For OpenStack clouds using the `OVN \u003chttps://www.ovn.org/\u003e`_ backend for"},{"line_number":74,"context_line":"Neutron, Octavia\u0027s `OVN backend"},{"line_number":75,"context_line":"\u003chttps://docs.openstack.org/networking-ovn/latest/admin/loadbalancer.html\u003e` is"},{"line_number":76,"context_line":"also useful to provide load balancing for internal Services of type"},{"line_number":77,"context_line":"``LoadBalancer``. This functionality is available through the `OpenStack Cloud"},{"line_number":78,"context_line":"Controller Load Balancer module`_. (Other Octavia backends can also be used in"}],"source_content_type":"text/x-rst","patch_set":2,"id":"bf51134e_6778f929","line":75,"range":{"start_line":75,"start_character":1,"end_line":75,"end_character":73},"in_reply_to":"bf51134e_9a31250f","updated":"2020-06-17 22:08:49.000000000","message":"Thanks, will update in next patchset.","commit_id":"2da44dca151a42db65547ae7a2102f42f4c6aae4"},{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"bc830544c767d828b3f71421800c2761a4e89432","unresolved":false,"context_lines":[{"line_number":76,"context_line":"also useful to provide load balancing for internal Services of type"},{"line_number":77,"context_line":"``LoadBalancer``. This functionality is available through the `OpenStack Cloud"},{"line_number":78,"context_line":"Controller Load Balancer module`_. (Other Octavia backends can also be used in"},{"line_number":79,"context_line":"this way, but would be a very heavyweight solution in many use cases.)"},{"line_number":80,"context_line":""},{"line_number":81,"context_line":"DNS"},{"line_number":82,"context_line":"~~~"}],"source_content_type":"text/x-rst","patch_set":2,"id":"bf51134e_3a03b911","line":79,"updated":"2020-06-17 21:02:45.000000000","message":"I don\u0027t think this is necessarily true. I would argue we should remove the \"but would be a very heavyweight solution in many use cases.\" statement.","commit_id":"2da44dca151a42db65547ae7a2102f42f4c6aae4"},{"author":{"_account_id":6732,"name":"Lingxian Kong","email":"anlin.kong@gmail.com","username":"kong"},"change_message_id":"a1ecbcdf561134d1b493b16c578e7e2d8ac0e835","unresolved":false,"context_lines":[{"line_number":76,"context_line":"also useful to provide load balancing for internal Services of type"},{"line_number":77,"context_line":"``LoadBalancer``. This functionality is available through the `OpenStack Cloud"},{"line_number":78,"context_line":"Controller Load Balancer module`_. (Other Octavia backends can also be used in"},{"line_number":79,"context_line":"this way, but would be a very heavyweight solution in many use cases.)"},{"line_number":80,"context_line":""},{"line_number":81,"context_line":"DNS"},{"line_number":82,"context_line":"~~~"}],"source_content_type":"text/x-rst","patch_set":2,"id":"bf51134e_1bc7d447","line":79,"in_reply_to":"bf51134e_0a3ae432","updated":"2020-06-18 02:47:46.000000000","message":"1 loadbalancer per Service of LoadBalancer type is something that is typically implemented for most of the cloud providers. Using ingress controller can\u0027t replace services usage.\n\nWe (cloud-provider-openstack) do have some feature requests that asking to re-use loadbalancer for services, so things will probably change in future.","commit_id":"2da44dca151a42db65547ae7a2102f42f4c6aae4"},{"author":{"_account_id":4257,"name":"Zane Bitter","email":"zbitter@redhat.com","username":"zaneb"},"change_message_id":"523ff6a97291afccd8ca1941edd2a7c47336735b","unresolved":false,"context_lines":[{"line_number":76,"context_line":"also useful to provide load balancing for internal Services of type"},{"line_number":77,"context_line":"``LoadBalancer``. This functionality is available through the `OpenStack Cloud"},{"line_number":78,"context_line":"Controller Load Balancer module`_. (Other Octavia backends can also be used in"},{"line_number":79,"context_line":"this way, but would be a very heavyweight solution in many use cases.)"},{"line_number":80,"context_line":""},{"line_number":81,"context_line":"DNS"},{"line_number":82,"context_line":"~~~"}],"source_content_type":"text/x-rst","patch_set":2,"id":"bf51134e_6db8c8c7","line":79,"in_reply_to":"bf51134e_0a3ae432","updated":"2020-06-18 16:55:41.000000000","message":"\u003e 1. There are more than just the Amphora and OVN driver available\n \u003e for Octavia and things change over time,\n \u003e so why put opinionated verbiage in this document? It\u0027s disrespectful to our partner\n \u003e vendors.\n\nI agree that there\u0027s a risk of this becoming out of date. I did say \u0027other backends\u0027 so as to acknowledge the fact that Amphora is not the only driver, but I gather from what you\u0027re saying that maybe this comment is actually specific to the Amphora driver?\n\n \u003e 2. OpenShift is shipping with the Amphora driver in this role today\n \u003e and has been for a while.\n\nOpenShift networking folks wrote the OVN driver specifically because they wanted to avoid this problem, and IIUC the only reason they\u0027re not using it is because the move to OVN has not yet occurred.\n\n \u003e 3. One VM per service is only the side effect of how someone wrote\n \u003e the Go based cloud provider for k8s.\n\nFrom a user\u0027s perspective it doesn\u0027t really matter if it could have been implemented differently but wasn\u0027t.\n\n \u003e There is no reason you are\n \u003e required to run one load balancer (and thus a VM) per service. For\n \u003e these internal east-west connections, it would probably be best to\n \u003e use one Octavia load balancer per cluster or application and stack\n \u003e the ports (or use SNI) like most of the other k8s drivers do.\n\nThis is interesting because it appears to be different to my understanding of the history, which was that e.g. in the AWS cloud provider each LoadBalancer Service also created an ELB (cost: $16 per month just for existing... which I\u0027d call pretty heavyweight), and that was solved not by changing the driver but by creating the Ingress API in k8s instead so that HTTP-based services could all share a single ELB.\n\ne.g. here\u0027s Google Cloud talking about when you\u0027d use a LoadBalancer Service:\nhttps://medium.com/google-cloud/kubernetes-nodeport-vs-loadbalancer-vs-ingress-when-should-i-use-what-922f010849e0#d489\n\"The big downside is that each service you expose with a LoadBalancer will get its own IP address, and you have to pay for a LoadBalancer per exposed service, which can get expensive!\"\n\nIs this no longer the case?\n\nIt looks to me like EKS also has a network load balancer (similar in approach to the OVN driver for Octavia, or to MetalLB) that they offer to allow you to avoid creating an ELB in these types of cases: https://kubernetes.io/docs/concepts/services-networking/service/#aws-nlb-support\n\nThe approach you suggest doesn\u0027t seem possible in general because Services operate at Layer 4, so you don\u0027t know if they will use TLS, let alone SNI, and the user gets to select the ports so they may conflict. With the right selection of hacky platform-specific annotations it\u0027s obviously possible for a subset (but probably the same subset that an Ingress would work for).\n\n \u003e No\n \u003e one goes out and buys another load balancer appliance per service.\n \u003e I just don\u0027t see how this opinion about a service/tool being used\n \u003e incorrectly adds value to the document.\n\nBy helping to guide users toward using tools correctly? i.e. use an Ingress where possible, otherwise select the OVN driver if you have it, otherwise evaluate all of your options.\n\n \u003e 4. Some would argue that the amphora\u0027s small footprint and full L7\n \u003e content switching capability is far from heavyweight.\n\nIn many contexts that would be a good argument, but if e.g. you\u0027re comparing to a couple of iptables rules, it\u0027s definitely heavier.\n\nIt\u0027s not a criticism of a tool to state which problems it is best suited for solving. Tools don\u0027t have to be all things to all people to be valuable.","commit_id":"2da44dca151a42db65547ae7a2102f42f4c6aae4"},{"author":{"_account_id":4257,"name":"Zane Bitter","email":"zbitter@redhat.com","username":"zaneb"},"change_message_id":"748268af8c9abdd1456336e6afaca527164d68ee","unresolved":false,"context_lines":[{"line_number":76,"context_line":"also useful to provide load balancing for internal Services of type"},{"line_number":77,"context_line":"``LoadBalancer``. This functionality is available through the `OpenStack Cloud"},{"line_number":78,"context_line":"Controller Load Balancer module`_. (Other Octavia backends can also be used in"},{"line_number":79,"context_line":"this way, but would be a very heavyweight solution in many use cases.)"},{"line_number":80,"context_line":""},{"line_number":81,"context_line":"DNS"},{"line_number":82,"context_line":"~~~"}],"source_content_type":"text/x-rst","patch_set":2,"id":"bf51134e_e7ab6986","line":79,"in_reply_to":"bf51134e_3a03b911","updated":"2020-06-17 22:08:49.000000000","message":"AIUI the main advantage of using an Ingress is that you can serve a bunch of different endpoints (including across different domains) from a single load balancer (one or more VMs). If you create k8s Services of type LoadBalancer, you end up creating an Octavia load balancer for each one. So with the Amphora driver that means at least 1 VM (more if you want HA) per Service. Is that accurate?\n\nThat sounds pretty heavyweight to me; a typical k8s cluster would generally contain a lot of Services. I\u0027d imagine most users would want to rely on the Ingress controller as much as possible, and fall back on something like L2-mode MetalLB for other cases if the OVN driver isn\u0027t available.","commit_id":"2da44dca151a42db65547ae7a2102f42f4c6aae4"},{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"96d0440148c620c533712af51e1a40b33689b0ff","unresolved":false,"context_lines":[{"line_number":76,"context_line":"also useful to provide load balancing for internal Services of type"},{"line_number":77,"context_line":"``LoadBalancer``. This functionality is available through the `OpenStack Cloud"},{"line_number":78,"context_line":"Controller Load Balancer module`_. (Other Octavia backends can also be used in"},{"line_number":79,"context_line":"this way, but would be a very heavyweight solution in many use cases.)"},{"line_number":80,"context_line":""},{"line_number":81,"context_line":"DNS"},{"line_number":82,"context_line":"~~~"}],"source_content_type":"text/x-rst","patch_set":2,"id":"bf51134e_de5ff83e","line":79,"in_reply_to":"bf51134e_6db8c8c7","updated":"2020-06-18 18:06:58.000000000","message":"The \"OpenShift networking folks\" didn\u0027t write the OVN provider driver, my team did. But that also doesn\u0027t matter here.\n\nA service, by definition is a DNS name and port. SNI/host routing is commonly used.\n\nI\u0027m not saying you should remove the guidance that the OVN provider driver is a good option. I am simply saying that I think it is rude/disrespectful to make that blanket statement that every other product than OVN is \"very heavyweight\". I prefer an open and welcoming community that supports varying viewpoints, and ecosystem of vendor partners, and supports giving users options.","commit_id":"2da44dca151a42db65547ae7a2102f42f4c6aae4"},{"author":{"_account_id":4257,"name":"Zane Bitter","email":"zbitter@redhat.com","username":"zaneb"},"change_message_id":"96276dd73b44f273acc0150aaaa5e1f928e49c4a","unresolved":false,"context_lines":[{"line_number":76,"context_line":"also useful to provide load balancing for internal Services of type"},{"line_number":77,"context_line":"``LoadBalancer``. This functionality is available through the `OpenStack Cloud"},{"line_number":78,"context_line":"Controller Load Balancer module`_. (Other Octavia backends can also be used in"},{"line_number":79,"context_line":"this way, but would be a very heavyweight solution in many use cases.)"},{"line_number":80,"context_line":""},{"line_number":81,"context_line":"DNS"},{"line_number":82,"context_line":"~~~"}],"source_content_type":"text/x-rst","patch_set":2,"id":"bf51134e_c2443aba","line":79,"in_reply_to":"bf51134e_de5ff83e","updated":"2020-06-18 20:15:15.000000000","message":"\u003e I\u0027m not saying you should remove the guidance that the OVN provider\n \u003e driver is a good option. I am simply saying that I think it is\n \u003e rude/disrespectful to make that blanket statement that every other\n \u003e product than OVN is \"very heavyweight\". I prefer an open and\n \u003e welcoming community that supports varying viewpoints, and ecosystem\n \u003e of vendor partners, and supports giving users options.\n\nI\u0027m definitely not trying to be disrespectful to anyone or their work. If there\u0027s anything to be criticised here, it\u0027s the k8s API, which is a wasteland of BS cloud-specific annotations that make applications completely non-portable.\n\nWhere I\u0027m coming from is that network load balancers and actual load balancers are completely different things. For most tasks, network load balancers simply do not cut it. But if you have a lot of tasks for which a network load balancer *is* sufficient, you\u0027ll probably want to use one because it consumes a lot less resources.\n\nSetting those expectations realistically for users upfront helps avoid disappointments that could reflect badly on OpenStack.\n\nI\u0027ll try to find some more diplomatic wording that hopefully everyone can be happy with.","commit_id":"2da44dca151a42db65547ae7a2102f42f4c6aae4"},{"author":{"_account_id":11628,"name":"Michael Johnson","email":"johnsomor@gmail.com","username":"johnsom"},"change_message_id":"353e43e1f851c395e83197f7ba2304bfc3f3ebb6","unresolved":false,"context_lines":[{"line_number":76,"context_line":"also useful to provide load balancing for internal Services of type"},{"line_number":77,"context_line":"``LoadBalancer``. This functionality is available through the `OpenStack Cloud"},{"line_number":78,"context_line":"Controller Load Balancer module`_. (Other Octavia backends can also be used in"},{"line_number":79,"context_line":"this way, but would be a very heavyweight solution in many use cases.)"},{"line_number":80,"context_line":""},{"line_number":81,"context_line":"DNS"},{"line_number":82,"context_line":"~~~"}],"source_content_type":"text/x-rst","patch_set":2,"id":"bf51134e_0a3ae432","line":79,"in_reply_to":"bf51134e_e7ab6986","updated":"2020-06-17 23:19:37.000000000","message":"My response is four fold:\n1. There are more than just the Amphora and OVN driver available for Octavia and things change over time, so why put opinionated verbiage in this document? It\u0027s disrespectful to our partner vendors.\n2. OpenShift is shipping with the Amphora driver in this role today and has been for a while.\n3. One VM per service is only the side effect of how someone wrote the Go based cloud provider for k8s. There is no reason you are required to run one load balancer (and thus a VM) per service. For these internal east-west connections, it would probably be best to use one Octavia load balancer per cluster or application and stack the ports (or use SNI) like most of the other k8s drivers do. No one goes out and buys another load balancer appliance per service. I just don\u0027t see how this opinion about a service/tool being used incorrectly adds value to the document.\n4. Some would argue that the amphora\u0027s small footprint and full L7 content switching capability is far from heavyweight.\n\nI\u0027ve said my piece on this, I just don\u0027t think this part of the sentence adds value to the document.","commit_id":"2da44dca151a42db65547ae7a2102f42f4c6aae4"},{"author":{"_account_id":9003,"name":"Tom Barron","email":"tpb@dyncloud.net","username":"tbarron"},"change_message_id":"1e32ba892b85d98c0805025e5c9e8d0f01bd532a","unresolved":false,"context_lines":[{"line_number":113,"context_line":"The addition of Ironic would allow Kubernetes to be deployed on bare metal"},{"line_number":114,"context_line":"also. However, this is not included in the starter kit both because it is not"},{"line_number":115,"context_line":"strictly necessary and because the overall shape of a bare metal--specific"},{"line_number":116,"context_line":"cloud for hosting Kubernetes might look `different"},{"line_number":117,"context_line":"\u003chttps://governance.openstack.org/ideas/ideas/teapot/index.html\u003e`."},{"line_number":118,"context_line":""},{"line_number":119,"context_line":"Block Storage"},{"line_number":120,"context_line":"~~~~~~~~~~~~~"}],"source_content_type":"text/x-rst","patch_set":2,"id":"bf51134e_dd0ef48b","line":117,"range":{"start_line":116,"start_character":40,"end_line":117,"end_character":66},"updated":"2020-06-18 00:34:26.000000000","message":"Is this link missing its trailing underbar?","commit_id":"2da44dca151a42db65547ae7a2102f42f4c6aae4"},{"author":{"_account_id":16643,"name":"Goutham Pacha Ravi","email":"gouthampravi@gmail.com","username":"gouthamr"},"change_message_id":"a2bded97a81230990c09dfe9a4dca10dfa52b11a","unresolved":false,"context_lines":[{"line_number":10,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":11,"context_line":""},{"line_number":12,"context_line":"A common starting point for an OpenStack cloud that can be used to deploy"},{"line_number":13,"context_line":"Kubernetes clusters on virtual machines in multiple tenants, and provides all"},{"line_number":14,"context_line":"of the services that Kubernetes expects from a cloud."},{"line_number":15,"context_line":""},{"line_number":16,"context_line":"Application to current deliverables"}],"source_content_type":"text/x-rst","patch_set":4,"id":"bf51134e_e944ac1d","line":13,"range":{"start_line":13,"start_character":65,"end_line":13,"end_character":73},"updated":"2020-06-19 22:21:08.000000000","message":"nit: provide","commit_id":"6debbd218dc73d4800b481694401deba5567be8d"},{"author":{"_account_id":1004,"name":"Mohammed Naser","email":"mnaser@vexxhost.com","username":"mnaser"},"change_message_id":"f16de979dfd5e7879318ad58c87ca5bcf228265b","unresolved":false,"context_lines":[{"line_number":45,"context_line":"File Storage"},{"line_number":46,"context_line":"~~~~~~~~~~~~"},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"Almost all applications running on Kubernetes will require persistent storage,"},{"line_number":49,"context_line":"and of those requiring persistent *local* storage, most will prefer RWX"},{"line_number":50,"context_line":"(Read/Write Many) semantics to prevent downtime when pods move around. Manila"},{"line_number":51,"context_line":"provides RWX-capable persistent file storage for containers running in"},{"line_number":52,"context_line":"Kubernetes via the `Manila CSI plugin`_."},{"line_number":53,"context_line":""},{"line_number":54,"context_line":"Networking"},{"line_number":55,"context_line":"~~~~~~~~~~"}],"source_content_type":"text/x-rst","patch_set":4,"id":"bf51134e_7704fc4a","line":52,"range":{"start_line":48,"start_character":0,"end_line":52,"end_character":40},"updated":"2020-06-19 19:48:10.000000000","message":"I dunno, I think there\u0027s plenty of cases of wanting RWO for statefulsets running on top of Kubernetes.  With the Cinder CSI plugin, the time to move a PV/PVC is relatively short.","commit_id":"6debbd218dc73d4800b481694401deba5567be8d"},{"author":{"_account_id":9003,"name":"Tom Barron","email":"tpb@dyncloud.net","username":"tbarron"},"change_message_id":"a19ed52a058f5e32442703daef19265179f8c56b","unresolved":false,"context_lines":[{"line_number":45,"context_line":"File Storage"},{"line_number":46,"context_line":"~~~~~~~~~~~~"},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"Almost all applications running on Kubernetes will require persistent storage,"},{"line_number":49,"context_line":"and of those requiring persistent *local* storage, most will prefer RWX"},{"line_number":50,"context_line":"(Read/Write Many) semantics to prevent downtime when pods move around. Manila"},{"line_number":51,"context_line":"provides RWX-capable persistent file storage for containers running in"},{"line_number":52,"context_line":"Kubernetes via the `Manila CSI plugin`_."},{"line_number":53,"context_line":""},{"line_number":54,"context_line":"Networking"},{"line_number":55,"context_line":"~~~~~~~~~~"}],"source_content_type":"text/x-rst","patch_set":4,"id":"bf51134e_2ee22a02","line":52,"range":{"start_line":48,"start_character":0,"end_line":52,"end_character":40},"in_reply_to":"bf51134e_2b517c63","updated":"2020-06-19 20:58:23.000000000","message":"Manila has no Cinder or Nova dependency -- one Manila back end out of 30+ does (the so-called \"generic\" back end).  This Cinder with Nova Service VM back end is useful for test purposes -- and for general OpenStack integration testing :D -- but as I think you know it has many limitations and we do not recommend it for production deployments.  Production deployments who want open source software defined storage use Gluster or Ceph.  And there are proprietary back ends from the major vendors and others.\n\nAgain, depending on the goal of the starter kit, including Cinder may be appropriate, but not because Manila requires Cinder.","commit_id":"6debbd218dc73d4800b481694401deba5567be8d"},{"author":{"_account_id":1004,"name":"Mohammed Naser","email":"mnaser@vexxhost.com","username":"mnaser"},"change_message_id":"f430ecd9efaed2a612f9905b4946cf0b28c4dea8","unresolved":false,"context_lines":[{"line_number":45,"context_line":"File Storage"},{"line_number":46,"context_line":"~~~~~~~~~~~~"},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"Almost all applications running on Kubernetes will require persistent storage,"},{"line_number":49,"context_line":"and of those requiring persistent *local* storage, most will prefer RWX"},{"line_number":50,"context_line":"(Read/Write Many) semantics to prevent downtime when pods move around. Manila"},{"line_number":51,"context_line":"provides RWX-capable persistent file storage for containers running in"},{"line_number":52,"context_line":"Kubernetes via the `Manila CSI plugin`_."},{"line_number":53,"context_line":""},{"line_number":54,"context_line":"Networking"},{"line_number":55,"context_line":"~~~~~~~~~~"}],"source_content_type":"text/x-rst","patch_set":4,"id":"bf51134e_2b517c63","line":52,"range":{"start_line":48,"start_character":0,"end_line":52,"end_character":40},"in_reply_to":"bf51134e_2bc7bc47","updated":"2020-06-19 20:14:29.000000000","message":"I think what\u0027s tricky is Manila generally will need some form of storage, and if you\u0027re relying on using Cinder with service VMs, you\u0027ve kinda gone back to a minimum requirement?","commit_id":"6debbd218dc73d4800b481694401deba5567be8d"},{"author":{"_account_id":9003,"name":"Tom Barron","email":"tpb@dyncloud.net","username":"tbarron"},"change_message_id":"74b1389de5e10e8ca8e8e33c372179d42566b684","unresolved":false,"context_lines":[{"line_number":45,"context_line":"File Storage"},{"line_number":46,"context_line":"~~~~~~~~~~~~"},{"line_number":47,"context_line":""},{"line_number":48,"context_line":"Almost all applications running on Kubernetes will require persistent storage,"},{"line_number":49,"context_line":"and of those requiring persistent *local* storage, most will prefer RWX"},{"line_number":50,"context_line":"(Read/Write Many) semantics to prevent downtime when pods move around. Manila"},{"line_number":51,"context_line":"provides RWX-capable persistent file storage for containers running in"},{"line_number":52,"context_line":"Kubernetes via the `Manila CSI plugin`_."},{"line_number":53,"context_line":""},{"line_number":54,"context_line":"Networking"},{"line_number":55,"context_line":"~~~~~~~~~~"}],"source_content_type":"text/x-rst","patch_set":4,"id":"bf51134e_2bc7bc47","line":52,"range":{"start_line":48,"start_character":0,"end_line":52,"end_character":40},"in_reply_to":"bf51134e_7704fc4a","updated":"2020-06-19 20:00:11.000000000","message":"Manila CSI supports other access modes than RWX, like RWO, as well.  Is the intent of the starter kits to provide the minimum needed (in which case Manila CSI covers all the access modes) or to provide a richer set of OpenStack projects?\n\nI\u0027m certainly not trying to exclude Cinder CSI in the latter case.","commit_id":"6debbd218dc73d4800b481694401deba5567be8d"},{"author":{"_account_id":11600,"name":"Michał Dulko","email":"michal.dulko@gmail.com","username":"dulek"},"change_message_id":"017e04b046deab63cbee74c4ba8bc031c955d31f","unresolved":false,"context_lines":[{"line_number":58,"context_line":"project (which is also part of the :doc:`Compute Starter Kit"},{"line_number":59,"context_line":"\u003cstarter-kit_compute\u003e`) is included."},{"line_number":60,"context_line":""},{"line_number":61,"context_line":"Kuryr allows tenant clusters to make direct use of Neutron networks from"},{"line_number":62,"context_line":"containers running in Kubernetes, avoiding a second network overlay layer."},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"Load Balancing"},{"line_number":65,"context_line":"~~~~~~~~~~~~~~"}],"source_content_type":"text/x-rst","patch_set":4,"id":"bf51134e_035f2d72","line":62,"range":{"start_line":61,"start_character":0,"end_line":62,"end_character":74},"updated":"2020-06-22 11:48:38.000000000","message":"Technically it\u0027s kuryr-kubernetes, \"kuryr\" was the project targeting Docker. It\u0027s also worth saying that when using kuryr-kubernetes you\u0027ll have it handle Services as well and that\u0027s done through Octavia. If Octavia on the cluster is using Amphora, this means each Service is an Amphora VM and that might be a trade off that people will not take.\n\nObviously ovn-octavia solves it.","commit_id":"6debbd218dc73d4800b481694401deba5567be8d"},{"author":{"_account_id":4257,"name":"Zane Bitter","email":"zbitter@redhat.com","username":"zaneb"},"change_message_id":"3d7dcccd19a2d163a12a4a0d4c5af42c448333ae","unresolved":false,"context_lines":[{"line_number":58,"context_line":"project (which is also part of the :doc:`Compute Starter Kit"},{"line_number":59,"context_line":"\u003cstarter-kit_compute\u003e`) is included."},{"line_number":60,"context_line":""},{"line_number":61,"context_line":"Kuryr allows tenant clusters to make direct use of Neutron networks from"},{"line_number":62,"context_line":"containers running in Kubernetes, avoiding a second network overlay layer."},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"Load Balancing"},{"line_number":65,"context_line":"~~~~~~~~~~~~~~"}],"source_content_type":"text/x-rst","patch_set":4,"id":"bf51134e_bc80fb47","line":62,"range":{"start_line":61,"start_character":0,"end_line":62,"end_character":74},"in_reply_to":"bf51134e_035f2d72","updated":"2020-06-24 01:11:06.000000000","message":"It uses the OpenStack Cloud Controller to do this, or it has an independent implementation of the Load Balancer part of that?","commit_id":"6debbd218dc73d4800b481694401deba5567be8d"},{"author":{"_account_id":11600,"name":"Michał Dulko","email":"michal.dulko@gmail.com","username":"dulek"},"change_message_id":"bb49016826efeb27b0cd06f100429fe6929c1062","unresolved":false,"context_lines":[{"line_number":58,"context_line":"project (which is also part of the :doc:`Compute Starter Kit"},{"line_number":59,"context_line":"\u003cstarter-kit_compute\u003e`) is included."},{"line_number":60,"context_line":""},{"line_number":61,"context_line":"Kuryr allows tenant clusters to make direct use of Neutron networks from"},{"line_number":62,"context_line":"containers running in Kubernetes, avoiding a second network overlay layer."},{"line_number":63,"context_line":""},{"line_number":64,"context_line":"Load Balancing"},{"line_number":65,"context_line":"~~~~~~~~~~~~~~"}],"source_content_type":"text/x-rst","patch_set":4,"id":"bf51134e_73c84921","line":62,"range":{"start_line":61,"start_character":0,"end_line":62,"end_character":74},"in_reply_to":"bf51134e_bc80fb47","updated":"2020-06-24 13:11:26.000000000","message":"It has it\u0027s own implementation of a controller watching Services and Endpoints, so independent.","commit_id":"6debbd218dc73d4800b481694401deba5567be8d"},{"author":{"_account_id":8099,"name":"Graham Hayes","email":"gr@ham.ie","username":"graham"},"change_message_id":"f485c5932eab51c7dbcc482647c8647e52097290","unresolved":false,"context_lines":[{"line_number":95,"context_line":""},{"line_number":96,"context_line":"Key Management"},{"line_number":97,"context_line":"~~~~~~~~~~~~~~"},{"line_number":98,"context_line":""},{"line_number":99,"context_line":"By default, Kubernetes Secrets aren\u0027t. Even if you `enable encryption"},{"line_number":100,"context_line":"\u003chttps://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/\u003e`_, the"},{"line_number":101,"context_line":"encryption keys are merely stored in etcd alongside the data they encrypt,"}],"source_content_type":"text/x-rst","patch_set":4,"id":"bf51134e_63b0a944","line":98,"updated":"2020-06-22 11:10:29.000000000","message":"It might be worth pointing out https://github.com/kubernetes-sigs/secrets-store-csi-driver - this may provide a way for us to use Barbican or Vault as a better replacement for etcd stored secrets","commit_id":"6debbd218dc73d4800b481694401deba5567be8d"},{"author":{"_account_id":4257,"name":"Zane Bitter","email":"zbitter@redhat.com","username":"zaneb"},"change_message_id":"3d7dcccd19a2d163a12a4a0d4c5af42c448333ae","unresolved":false,"context_lines":[{"line_number":95,"context_line":""},{"line_number":96,"context_line":"Key Management"},{"line_number":97,"context_line":"~~~~~~~~~~~~~~"},{"line_number":98,"context_line":""},{"line_number":99,"context_line":"By default, Kubernetes Secrets aren\u0027t. Even if you `enable encryption"},{"line_number":100,"context_line":"\u003chttps://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/\u003e`_, the"},{"line_number":101,"context_line":"encryption keys are merely stored in etcd alongside the data they encrypt,"}],"source_content_type":"text/x-rst","patch_set":4,"id":"bf51134e_b9d3edd4","line":98,"in_reply_to":"bf51134e_63b0a944","updated":"2020-06-24 01:11:06.000000000","message":"I hadn\u0027t heard of that, but it sounds... appalling?","commit_id":"6debbd218dc73d4800b481694401deba5567be8d"},{"author":{"_account_id":11278,"name":"Anusha Ramineni","email":"anusha.ramineni@india.nec.com","username":"anusha08"},"change_message_id":"da3f620de0918b79f4b2f0f9c58eb59d97705803","unresolved":false,"context_lines":[{"line_number":121,"context_line":"~~~~~~~~~~~~~"},{"line_number":122,"context_line":""},{"line_number":123,"context_line":"Although Cinder block storage can be, and often is, used from Kubernetes via"},{"line_number":124,"context_line":"the `Cinder CSI plugin`_, it offers only RWO (Read/Write One) semantics, and is"},{"line_number":125,"context_line":"thus more limited than Manila."},{"line_number":126,"context_line":""},{"line_number":127,"context_line":"Users with other use cases for Cinder (such as requiring persistent volumes in"}],"source_content_type":"text/x-rst","patch_set":4,"id":"bf51134e_235d0ae9","line":124,"updated":"2020-06-22 16:40:53.000000000","message":"there is ongoing effort to support multiattach and will be part of the 1.19, If thats the only reason then can be reconsidered too.","commit_id":"6debbd218dc73d4800b481694401deba5567be8d"},{"author":{"_account_id":11904,"name":"Sean McGinnis","email":"sean.mcginnis@gmail.com","username":"SeanM"},"change_message_id":"eace269298e91ad227d9f62f0813a54b69b03f66","unresolved":false,"context_lines":[{"line_number":121,"context_line":"~~~~~~~~~~~~~"},{"line_number":122,"context_line":""},{"line_number":123,"context_line":"Although Cinder block storage can be, and often is, used from Kubernetes via"},{"line_number":124,"context_line":"the `Cinder CSI plugin`_, it offers only RWO (Read/Write One) semantics, and is"},{"line_number":125,"context_line":"thus more limited than Manila."},{"line_number":126,"context_line":""},{"line_number":127,"context_line":"Users with other use cases for Cinder (such as requiring persistent volumes in"}],"source_content_type":"text/x-rst","patch_set":4,"id":"bf51134e_834056a7","line":124,"in_reply_to":"bf51134e_235d0ae9","updated":"2020-06-22 16:44:14.000000000","message":"It\u0027s a good point, but I would be very hesitant to consider multiattach support the answer for this. From the cinder side, it still comes down to RWO. Somewhere in the stack, something needs to do the fencing necessary to ensure multiple write sources are coordinated to make sure writes don\u0027t conflict with one another.\n\nSo multiattach support takes care of some of the plumbing to get there, but I think greatly increases the complexity to make sure there is no data corruption. A good thing that can be done, but IMO, probably not something we want to get into in a starter kit configuration.","commit_id":"6debbd218dc73d4800b481694401deba5567be8d"},{"author":{"_account_id":9003,"name":"Tom Barron","email":"tpb@dyncloud.net","username":"tbarron"},"change_message_id":"78bc1ef99f2d18493b56f63bd646ff01dbc3edc0","unresolved":false,"context_lines":[{"line_number":121,"context_line":"~~~~~~~~~~~~~"},{"line_number":122,"context_line":""},{"line_number":123,"context_line":"Although Cinder block storage can be, and often is, used from Kubernetes via"},{"line_number":124,"context_line":"the `Cinder CSI plugin`_, it offers only RWO (Read/Write One) semantics, and is"},{"line_number":125,"context_line":"thus more limited than Manila."},{"line_number":126,"context_line":""},{"line_number":127,"context_line":"Users with other use cases for Cinder (such as requiring persistent volumes in"}],"source_content_type":"text/x-rst","patch_set":4,"id":"bf51134e_0ebbcd71","line":124,"in_reply_to":"bf51134e_439d9e08","updated":"2020-06-22 17:40:04.000000000","message":"K8s would need enhancement to install some kind of clustered file system (and manage it across worker nodes) instead of just the current choices -- ext4 and xfs -- both of which are node-local filesystems.  Just mounting these to more than one node can result in file system corruption even if end users aren\u0027t doing I/O at the same time on multiple nodes.","commit_id":"6debbd218dc73d4800b481694401deba5567be8d"},{"author":{"_account_id":11278,"name":"Anusha Ramineni","email":"anusha.ramineni@india.nec.com","username":"anusha08"},"change_message_id":"7983957d399b4cf73389125ea17ec9f21abaaab0","unresolved":false,"context_lines":[{"line_number":121,"context_line":"~~~~~~~~~~~~~"},{"line_number":122,"context_line":""},{"line_number":123,"context_line":"Although Cinder block storage can be, and often is, used from Kubernetes via"},{"line_number":124,"context_line":"the `Cinder CSI plugin`_, it offers only RWO (Read/Write One) semantics, and is"},{"line_number":125,"context_line":"thus more limited than Manila."},{"line_number":126,"context_line":""},{"line_number":127,"context_line":"Users with other use cases for Cinder (such as requiring persistent volumes in"}],"source_content_type":"text/x-rst","patch_set":4,"id":"bf51134e_439d9e08","line":124,"in_reply_to":"bf51134e_834056a7","updated":"2020-06-22 16:54:56.000000000","message":"hmm, got it. Thanks Sean","commit_id":"6debbd218dc73d4800b481694401deba5567be8d"}]}