►
From YouTube: Antrea Community Meeting 08/31/2020
Description
Antrea Community Meeting, August 31st 2020
A
For
today
we
don't
have
as
many
topics
as
recently
on
the
agenda.
However,
we,
the
topics
that
were
proposed
on
the
community
channel,
are
a
conversation
about
entry
or
proxy
default
support
in
entry
010.
Sorry,
I
expressed
myself
in
a
terrible
way.
A
I
mean
to
see,
make
entry
a
proxy
the
default
option
in
entry
010
and
then
the
other
topic
that
has
been
proposed
is
a
backward
compatibility
for
cmp
amp
apis,
so
recording
has
started
so
perhaps
we
can
start
the
conversation
on
andrea,
proxy
and
weather
should
be
made
default.
A
I
believe
that
wagehang
performed
some
experiments
related
to
the
andrea
proxy
resource
usage.
So
perhaps
we
change
you
can
start
sharing
your
experience.
B
Yeah
sure
I
I
didn't
get
the
schedule
for
today
this
meeting,
but
I
used
tests
for
the
american
consumption
of
the
entrepreneurs,
with
entrepreneur
proxy
enabled
and
with
with
services
the
angel.
The
answer
agent
cost
about
50
megabytes
yeah.
So
I
think
the
memory
consumption
is
reasonable.
C
Okay,
when
you
say
the
memory
cost
is
50
megabytes
for
2000
services.
Is
that
total,
or
is
that
in
as
compared
to
q,
proxy.
C
Okay,
so
it's
really
you're
really
comparing
entry
proxy,
disabled
and
empire
proxy
enabled,
and
you
observe
that
entry
agent
is
using
an
extra
50
megabytes
when
you
enable.
A
It
okay
and
this
extra
memory-
consumption
anyway,
is
static
right,
it's,
so
it
does
not
increase
over
time.
Unless,
if
you
keep
the
number
of
services,
constant
memory
usage
doesn't
increase
over
time
or
doesn't
depend
on
the
traffic
being
handled
by
the
proxy.
It
remains
constant.
Is
that
correct.
B
A
C
And
how
does
that
compare
to
the
memory
consumption
of
the
agent
without
entry?
A
proxy?
Is
that,
like?
B
A
I
think
controlling
questions
was
like
you.
You
told
us
that
it's
like
50
megabytes
more
but
in
percentages
like
10
20,
more
of
the
cube
proxy,
or
did
you
do?
Did
you
calculate
this.
C
I
meant
compared
to
the
agent
when
you
don't
have
entry,
a
proxy
enabled
like
easy,
and
I
I
understand
that
it
depends
on
the
size
of
the
cluster
and
probably
on
other
things.
But
he's
like
in
your
benchmarks
was
the
agent
using
like
200
megabytes,
and
then
you
enabled
qpr.
You
enabled
an
entry
a
proxy
and
it
was
like
250
megabytes,
or
is
that
very
different
from
that.
C
Well,
I
guess
my
point
is
50
megabytes.
The
number
you
gave
is
like
an
absolute
increase
in
memory
usage.
But
relatively,
is
it
like
a
big
increase,
or
is
that,
like
a
20
increase.
B
The
percentage-
and
I
run
this
this
test
in
my
vacuum-
test
value
without
any
other
resources
like
policies
or
whatever,
so
the
flash
agent
costs
about
five
five
mega
miles
like
I
remember.
D
A
Okay,
thank
you
very
much
for
this
update.
A
Is
there
considering
this
information
is?
Is
there
any
feedback
regarding
whether
it
is
okay
to
enable
entry
proxy
by
defaulting
zero
time,
or
perhaps
you
think
you
we
may
need
to
collect
more
information
before
making
a
decision.
B
E
C
Yeah,
I'm
hoping
we
can
enable
this
by
default
at
some
point,
because
I
mean
right
now,
we
that's
the
only
thing
we
support
for
non-encap
traffic
modes
right.
So
it's
a
bit
weird
that
we,
this
is
the
only
thing
we
support
for
non-encap
traffic
modes,
but
for
end
cap.
It's
still
like
something
you
have
to
enable.
A
Yeah,
that's
that's
a
good
point.
Okay,
so
the
feedback
is
to
wait
for,
let's
say
more
precisely,
more
accurate
measurements
at
scale
to
get
a
better
understanding
of
performance
and
memory
footprint
skill,
but
our
goal
is
still
to
enable
it
for
the
reasons
that
have
been
listed
by
antonin.
A
Okay,
which
means
we
can
probably
move
to
the
next
topic
about
backward
compatibility
of
cmp
amp
apis,
and
I
think
that
at
least
according
to
the
zlak
channel
happycheck
has
a
couple
of
proposals
to
discuss
so
abhishek.
Can
you
can
you
go
ahead?
Please.
D
Yeah
thanks
so
much
so
as
you
guys,
as
everyone
knows
that
in
the
previous
release,
we
released
tears
in
the
form
of
static
form
like
this
direct
tears,
which
essentially
mean
that
you
know
there
are
no
resources
created
for
them.
D
It's
it's
just
a
string
as
part
of
the
enum
in
the
cluster
network
policy
and
anti-network
policy
spec,
and
at
the
time
we
also
made
it
clear
in
the
documents
that
we
will
remove
this
and
supersede
this
stat
these
static
tiers
by
tier
crds,
so
that
users
have
a
flexibility
of
creating
as
many
tears
as
they
want.
D
D
So
as
as
as
we
move
towards
the
tier
crds,
you
know
the
there
was
a
question
that
was
raised
last
week
about
how
do
we
manage
the
the
upgrade,
especially
that
the
five
static
tiers?
Do
we
consider
that
andrea
at
initialization
creates
five
year
crds
corresponding
to
those
static,
tiers.
D
Or
do
we
you
know
considering?
This
is
an
alpha
feature.
Maybe
we
do
not
carry
forward
that
you
know
logic
in
andrea,
keep
it
clean
and,
and
then
you
know
just
starts
starting
you
with
with
the
trc
ids.
So
essentially
there
are,
you
know
two
proposals.
One
is
that
considering
this
is
a
feature-gated
sorry,
this
is
gated
behind
a
feature
feature
and
it's
an
alpha
feature.
We
we
decide
not
to
create
these
tiers
by
default.
D
We
only
create
the
the
the
default
tier,
which
is
the
application
here
for
all
the
policies
which
do
not
have
a
tier
in
their
spec
or
the
other.
One
is
that
we
do
manage
this
upgrade
by
at
this.
At
startup
we
create
one
tier
corresponding
to
each
of
those
five
static
tiers,
so
five
crds
or
five
cr
custom
resources
on
startup.
D
Now
the
logic
essentially
is
you
know
not
very
different
from
creating
one
default
year
versus
five
five
tiers.
It
is
just
that.
Do
we
want
to
handle
this
upgrade,
and
should
we
also
carry
this
code
and
how
long
shall
we
carry
this
and
then
you're
kind
of
forcing
users
to
users
the
five
tiers
which
they
may
or
may
not
be
using?
So
that's
that's
the
question
to
the
to
the
team
or
the
community.
D
Have
I
made
the
the
problem
clear
and
you
know
in
general
my
opinion
is
that
for
any
you
know
ga
release
or
you
know,
any
release
which
is
widely
used
or
feature
which
is
widely
used.
We
should
make
sure
that
the
upgrades
are
seamless
and
without
any
incompatibility
changes
are
introduced.
D
F
Do
we
consider
that
that
we
continue
keeping
this
static,
tl
constants,
as
as
a
hard
coded
tails
and
not
non-managed
by
users?
I
know
there
is
a
similar
case
for
kubernetes
priority
class
that
you
can
use
some
api
to
define
user
defined
priority
class,
but
you
can
also
specify
two
special
priority
class.
One
is
a
system
node,
critical
and
another
is
a
system
cluster
critical
and
they
are
mapped
to
two
to
priority
consistent
consistent.
F
D
Yes,
so
so
we
are
already
we
are.
We
are
going
to
be
creating
one
tier
at
startup,
which
is
the
default
year,
for
let's
say
the
application
here,
and
we
will
not
allow
users
to
delete
that
the
validation
hook
will
ensure
that
any
system
created
tiers
any
updates
or
any
deletes
to
them
will
be.
You
know
controlled
by
that
validation.
Who
can
it
will
be
rejected?
D
Add
the
logic
in
the
validation
web
book
to
ensure
that
users
do
not
delete
them.
D
So
if
I,
if
I
do
a
get
on
these,
you
know
as
a
user,
if
I
want
to
see
what
are
existing
tiers,
then
if
these
are
hard
coded,
then
I
don't
as
a
user
I
do
not
know
about
that,
is
that
is
that
correct,
or
for
you.
F
Yeah
yeah,
that
will
be
that
need
to
be
some
well-known
tails
that
we
need
to
document
that,
if
you
just
want
to
use
this
tales,
you
could
just
reference
them
in
your
policies.
If
you
want
more,
you
can
define
your
own
that
that
divides
the
tiers
into
two
categories:
user
defined
and
the
system
defined.
H
I
Yes,
I
think
do
do
we
still
have
the
constraint
on
the
10
overall
tiers
that
we're
trying
to
we're
trying
to
constrain
that.
D
D
Yeah
on
the
priorities
we
are,
you
know
trying
to
keep.
Maybe
you
know
up
to
255
priorities,
but
maybe
we
start
small.
We
start
with
10
and
then
increase
the
number
of
tiers.
As
you
know,
more
tiers
are
expected
by
users
or
requested
by
users,
but
coming
back
to
cody's
point,
I
think
you
know
having
the
the
tiers
in
the
crd
format
gives
you,
you
know.
If
you
do
a
get
tiers,
you
you
see
all
of
them
and
you
see
all
of
the
priorities
that
have
been
previously
allocated.
D
Instead
of
going
through
the
documents
and
going
through,
you
know
what
are
the
allocated
prior
or
what
are
the
reserve
priorities
and
which
priorities
I
can
use.
So
that
is
one
advantage
that
I
see
about.
You
know
having
them
as
tears,
also
having
them
as
custom
resources
instead
of
a
hard-coded
principle.
D
D
D
H
C
And
yeah-
and
I
guess
if
we
look
at
chan's
analogy
right
with
a
priority
class
even
for
the
system,
cluster
critical
and
system
note
critical.
It
seems
that
they
do
create
api
resources
for
those.
If
I'm
not
mistaken,
I
don't
know
if
the
user
can
delete
them,
but
they
do
create
those
those
api
resources
just
like
we
would
create
crds
for
those
static,
tiers.
C
D
Is
you
know
mainly
for
the
default
consumption
wherein
like
if
you
had
previous
cluster
network
policies,
wherein
you
know
before
the
existence
of
tears?
So
they
don't
have
any
reference
to
it
here,
so
they
they
kind
of
fall
into
a
single
bracket
or
a
single
tier,
and
you
know
you
do
want
to
show
that
there
exists
one
tier
at
least
and
your
all.
Your
existing
policies
have
been.
You
know
classified
as
part
of
that
tier
and
they're
all
at
the
bottom
of
the
of
the
ordering
priority.
I
D
So
at
the
moment
it's
part
of
the
validation
schema.
We
can
always
update
that
the
upper
we,
you
know
you
know
as
as
we
map
tiers
to
you,
know,
obs
tables.
There
are
only
x
number
of
tables,
which
is
a
small
number.
I
think
250
to
55
something.
D
So
we
we
don't
expect
the
tiers
to
be
used.
You
know
that
many
tears
to
be
created.
It
would
be
a
small
number.
C
C
The
five
static
tiers
by
default-
sorry,
if
we
auto
automatically
create
those
five
tiers
by
default.
Does
that
mean
that
we
force
the
pipeline
to
be
five
tables
longer
unless
the
user
deletes
the
crds
and
we
saw
there
were
like
some
performance
issues
with
that?
No,
I
don't.
I
Know,
no,
I
think
we
as
of
now
the
power
resigner
can
handle
more
than
a
tier
in
the
table,
so
we're
we're.
Basically
thinking
of
you
know
for
the
ingress
in
the
in
the
default
in
one
of
the
cmp
tables
we
handle
the
default
tiers
and
all
the
other
rules
in
all
the
other
tiers
can
go
into
a
single
table
and
we
already
have
a
pr
for
that.
So
that
shouldn't
be
the
issue.
Yeah.
C
Okay,
well,
I
kind
of
feel
like
yeah,
maybe
creating
those
five
tiers
is
maybe
both
convenient
and
maybe
the
right
thing
to
do
and
that's
my
personal
opinion-
and
I
don't
know
if
you
want
to
say
okay,
you
can
delete
all
five
tiers
or
you
can
just
delete
those
four
tiers
and
you
cannot
delete
the
default
here
and
going
back
to
chang's
analogy
once
more.
I
just
checked
and
you
cannot
delete
like
those
two
priority
system.
Cluster
critical
and
system-
note
critical
so
that
you
can
visualize
them.
H
H
H
Maybe
maybe
just
hoping
that
we
may
have
some
convention
or
standard.
F
I'm
not
able
to
update
or
delete
the
default
priority
class.
C
D
All
right,
I
think,
that's
fair
enough-
just
want
to
make
sure
that
you
know
everyone's
on
board
with
with
this
approach
or
one
or
the
other
approach
so
seems
like
most
people
on
the
call
prefer
to
have
one-to-one
mapping
to
the
static
tier
to
the
tcrds,
and
then
perhaps
we
can
make
sure
that
only
the
default
here
is
something
that
is
read.
Only
the
other
tiers
can
be
deleted
by
users.
C
Yeah-
and
I
think
it's
kind
of
like
mapping
to
what
cody
said,
I
think
it's
good
from
like
a
documentation
and
a
user
experience.
Point
of
view,
because
we
can,
we
can
describe
security
models
built
for
those
like
five
tiers
and
kind
of.
Like
assumes,
there's
going
to
be
they're
going
to
be
there
in
like
a
standard
installation
of
entry.
D
D
Yeah
so
yeah
that
is
already
part
of
the
pr
it's
just
now,
adding
more
more
tiers
to
be
created,
but
I'll
just
make
sure
that
they
are
not
read
only
so.
It
should
not
be
too
much
work.
D
E
So
then
the
name
is
the
fixed
or
assuming
the
name
can
be
changed.
D
The
name
can
be
changed.
We
we
will
handle
internally,
but
currently
I
mean,
with
the
current
static
tiers
release,
the
application
tier
is
the
name
that
is
already
part
of
it.
So
so
we
you
know.
G
D
If
we
have
a
mapping
to
the
trcrd,
then
I
was
thinking
of
using
the
same
names.
But
but
if
we
have
a
different
name,
then
we
we
explicitly
call
that
out
that
the
static
tier
name
was
renamed
to
you,
know
xyz
as
a
tiercrd,
so.
E
So
basically
I
mean,
after
upgrade
we
will
have
four
sorry,
five
pre-credited
tiers
and
giving
t
repeated
default
here
for
later.
You
can
remove
other
tiers
and
you
can
rename
mapkins
here.
D
D
Yeah,
so
I
was
thinking,
maybe
as
part
of
the
this,
you
know
upgrade
process.
We
we
decide
that
you
know.
Maybe
application
here
is
not
the
right
name
for
the
default
to
be
used,
and
we
want
to
rename
it
to
something
else.
Then
we
create
a
one,
the
tier
corresponding
to
application
tier,
and
we
we
name
it.
We
don't
name
it
application,
we
name
it
something
else,
and
we
call
that
out
in
the
documents,
but
but
then,
once
that
name
is
chosen,
we
keep
that
name.
D
E
Name
is,
I
was
thinking
if
it's
default
here,
maybe
you
can
just
call
it
default
item
for
that.
I
think
the
thing
that
since
you
have
other
tears,
I
forgot
the
names,
I'm
not
sure
they
are.
I
mean
I
list
this
other
names,
much
default,
yeah
or
not.
D
E
I
I
also
have
a
another
question
going
off
cody's
point.
I
think
one
of
the
initial
you
know
concerns
cody
had
was
sort
of
like
if
we
create
all
those
five
static
tiers
and
when
user
wanted
to
create
custom
tiers,
they
they
need
to
be
able
to
sort
of
like
insert
into
two
or
so
originally
created
tiers
in
terms
of
priority.
So
is
that
does
that
mean
that
we
probably
want
to
create
all
these
five
initial
tiers
with
priorities?
I
D
You
know
if,
if
that
was
the
plan,
I
my
my
proposal
would
be
to
space
them
out
from
zero
to
250.
Some,
you
know
between
between
those
digits.
C
What
was
it
going
to
be
like
a
float
like
for
priority,
or
was
it
going
to
be
an
integer?
This
would
be.
D
And
I
mean
integer,
I
mean
the
priority
range
would
be
0
to
255
and
we
will
reserve-
maybe
some
latter,
not
half
a
latter.
You
know
last
few
priorities
for
future
use
and
maybe
first
few
for
future
use
so
that
you.
D
E
So
I
was
still
thinking
the
reason
we
want
to
pre-create
the
five
tiers
just
because
we
want
to
keep
the
comparability
of
course
versions
right.
But
if
we
rename
the
the
tier
then
still
break
the
capability.
D
D
Yes-
and
there
is
a
description
field
for
the
trcrds
that
I've
added-
maybe
we
can
add
some
additional
information
on
that,
but
but
yeah
I
mean
it's,
you
know
as
long
as
we
document
that
maybe
the
user
doesn't
have
to
take
any
action
on
that.
You
know
it's
from
from
users
perspective.
They
don't
really
need
to
take
an
action,
except
that
know
that
there's
a
change
of
names
in
the
other
case
where
we
do
not
create
these,
then
the
user
needs
to.
G
E
C
But,
based
on
the
conversation
with
that,
I
wouldn't
say
that
backward
compatibility
is
the
only
reason
here
I
mean
that's
a
plus,
but
I
think
that
was
the
the
point
that
cody
brought
about
like
kind
of
like
uniformizing
the
security
model,
and
I
think
it's
just
more
convenient
also
for
users
to
have
those
pre-existing
tiers.
E
That
is
true,
but
if
we
go
that
model,
then
it's
underneath
the
switch.
We
keep
the
default
tier
special
from
others.
It
means
you,
I
don't
know
the
reason.
It's
called.
H
E
Name
sure,
but
if
you
want
to
have
five
frequent
tears,
then
maybe
I'll
be
in
here
sounds.
H
Better
by
the
way,
if
don't
all,
of
the
resources
have
some
type
of
a
grid
tracking
them
anyway,
so
we
shouldn't
be
opposed
necessarily
of
somebody
renaming
it.
Maybe
the
the
default
you're
renaming
it
to
another
tier.
B
D
D
C
D
D
Okay,
so
at
least
at
least,
we
have
a
consensus
that
we
move
forward
with
recreating
those
tiers
and
then
and
then
maybe
you
know
which
ones
are
system
one
with.
What
are
the
names
we
can
probably
talk
on
the
p
on
I
mean
you
can
have
a
conversation
on
the
pr.
C
Thanks
evan
salvatore,
there
were
two
quick
things
I
wanted
to
bring
up
before
we
we
stopped
the
meeting
I
mean
assuming.
No
one
else
wants
to
bring
up
anything.
I
just
wanted
to
ask
if
we
intend
to
support
endpoint
slices
in
entry,
a
proxy,
I
think
that's
a
question
that
has
come
up
and
I
think
in
starting
with
communities.
1.19
endpoint
slices
are
enabled
by
default
in
in
the
cluster
and
in
cube
proxy.
A
C
G
D
But
do
we
know
that
was
it?
Is
it
part
of
the
1.15
or
14
release,
because
I
think
one
of
the
reasons
why
we
are
not
moving
towards
new
resources
is
that
you
also
want
to
support
kubernetes
1.15.
C
C
I
think
you
can
basically,
my
point
is:
I
think
you
can
support
those
endpoint
slices
in
entry
or
proxy
without
breaking
support
for
older
communities
versions.
C
I
think
I
don't
think
it's
an
either.
I
think
you
should
still
monitor
you.
You
should
still
watch
both
apis,
but
I
didn't.
I
didn't
look
into
it
too
much.
C
So
so
yeah
I
opened
an
issue
on
github
about
this.
We
can
continue
the
conversation
there.
I
don't
know
if
hui
chan
has
thought
about
it
already
or
or
not,.
C
A
I
don't
think
we
have
an
invite
on
the
calendar
on
the
calendar.
I
don't
think
we
have,
but
I
will
verify
it
and,
if
not
we'll
add
the
new
one
with
the
with
the
new
calendar
yeah,
but
I
don't
think
we
have
it
only
one.
On
the
on
the
main
kubernetes,
you
mean
the
main
kubernetes
meeting
list
right.
C
No,
I
meant,
like
I
don't
know
if,
when
you
created
the
meeting,
you
actually
added
to
the
list
of
attendees
the
mailing
list,
so
that
everyone
got
a
notification.
I
actually
don't
remember,
because
I
know
that
sometimes
we
have
like
a
couple
more
people
attending
and
I
I'm
wondering
if.
A
There
is
surely
there
is
surely
no
reminder
sent
from
zoom
automatically
for
this.
The
me,
what
I
need
to
change
is
the
let's
say
the
zoom
meeting
schedule,
which
is
probably
not
relevant,
because
at
the
end
of
the
day
you
can
start
the
meeting
whenever
you
want,
but
the
meeting
is
scheduled.
You
know,
for
instance,
for
the
to
be
next
tuesday
and
then
that
that
should
be
changed,
but
in
terms
of
our
automatic
notification
strategies,
we
don't
have
anything
because
you
know
being
a
community
meeting.
A
We
don't
have
a
an
attendee
list,
so
there
is
no
way
to
notify
a
single
person,
and
I
don't
know
honestly
if
there
is
a
way
to
send
a
message
to
the
mailing
list.
That's
something
that
I
can
try
send
a
message
to
the
schema
to
the
meeting
list
about
the
meeting
schedule.
That's
something
that
I
can
try
if
it
works.
A
But
anyway,
our
next
meeting
now
is
going
to
be
on
february,
14th,
sorry
february,
it's
september,
14th
and
you
have
you
have
love
on
your
mind
salvatore.
No,
no,
you
know
what
it
is.
It's
just
like
september
september
is
the
month
where
school
begins
and
it
looks
like
january
pretty
much
that's
why
it's
the
year
is
starting
right
now
anyway.
A
So,
yes,
the
next
meeting
will
be
on
september
14th
and
then
we'll
go
with
the
usual
schedule
of
having
a
meeting
every
other
week,
starting
with
the
september
for
september
14th
yep,
and
that
will
be
it.
It
will
also
play
nicely
with
the
holidays
in
china.
A
Abhishek
just
pointed
out
that
endpoint
slides
are
not
yet
ga.
There
will
be
ga
1.20
and
I
believe
that
it's
important
for
us
to
support
them
when
they
become
ga.
So
let's
say
that
it
may
be.
If
it's
not
400
10
400
11,
they
should
be
supported,
in
my
opinion,
all
righty,
and
is
there
anything
else
for
today's
meeting?
I
will
try
and
see
if
I
can
send
notifications
about
meeting
schedule
to
the
developer
developer
mailing
list.