►
From YouTube: Antrea Community Meeting 09/28/2020
Description
Antrea Community Meeting, September 28th 2020
A
Recording
started
so
again
welcome
to
hoodie
andrea
community
meeting
today
is
monday
september,
28
or
tuesday
september
29th.
If
you
are
already
past
midnight
and
for
today
in
the
agenda,
we
have
two
topics
proposed
by
anton.
A
B
Let's
see,
let
me
share
my
screen.
You
did
share
the
link
as
well,
but
just
in
case
so
maybe
people
remember
actually
one
or
two
months
ago,
jake
was
working
at
vmware
for
the
summer
worked
on
a
project
called
the
nctl
query,
where
the
objective
was
to
be
able
to
query
the
set
of
network
policies
which
affect
a
given
endpoint
in
the
cluster
where
a
hand
point
is
basically
a
pod
at
this
stage
and
so
jake
added
support
by
the
end
of
his
internship
and
right
now.
B
Sorry
to
look
up
all
the
policies
which
are
either
applied
to
a
pod,
the,
but
that's
provided
as
an
argument
to
nctl
query
or
which
select
the
pod
in
one
of
their
ingress
or
egress
rules
and
those
that's
basically
the
stage
of
the
implementation
right
now
it
was
a
ship
in
entry
of
0.10
and
the
the
way
to
use
it
right
now
is
you
have
to
exec
into
the
pod,
which
is
running
the
entry
controller,
and
you
have
to
use
an
end
call
from
inside
that
pod
and
and
the
rational,
for
that
is
that
right
now
end
call
doesn't
support
for
for
this
api,
at
least
it
doesn't
support
connecting
remotely
to
the
to
the
entry
controller
and
handling
like
https
authentication.
B
Just
like,
we
do
for
other
nctl
commands
that
can
be
run
outside
of
the
cluster,
where
you
just
provide
the
cube
config
and
it
either
connects
to
the
api
server
or
it
connects
to
the
ngr
controller.
Apis
and-
and
you
can
run
commands
like
this
instead
of
having
to
exec
into
the
entry
controller
pod,
and
so
I
was
discussing
with
chan.
B
What
would
be
the
best
way
to
do
it
and
we
kind
of
came
up
with
like
a
workaround
to
be
able
to
do
that
and
handle
https
and
all
https
by
using
the
the
certificate
published
by
the
entry
controller.
And
then
chan
came
up
with
like
a
suggestion,
which
was
because
of
how
this
functionality
is
implemented
in
the
entry
controller,
where
we
basically
use.
Well.
B
And
so
we
use
the
state
which
is
computed
by
the
entry
controller
there.
What
change
suggested
was
that
we
could
kind
of
like
refactor
the
current
entitled
query
and
point
implementation
so
that,
instead
of
using
a
new
api
which
is
like
dedicated
to
that
functionality,
we
could
use
existing
apis
and
basically
just
query,
apply
to
groups
and
address
groups
and
network
policy,
queries
the
contents
of
those
stores
and
do
all
the
implementation
on
the
client
side.
B
This
way,
we
don't
need
to
implement
new
functional
sorry,
we
don't
need
to
define
new
apis
and
worry
about
having
to
version
those
apis.
Basically,
we
just
leverage
existing
internal
apis
to
retrieve
all
the
state.
B
We
need
to
do
the
computation,
and
so
I
wanted
to
bring
this
up
at
the
community
building,
because,
basically,
I'm
looking
for
feedback
about
whether
people
think
this
is
a
good
approach,
and
maybe
this
goes
beyond
just
this
specific
use
case
in
this
specific
api
or
if
people
think
that
that
kind
of
api
that
can
let
you
like
kind
of
like
inspect
the
state
of
your
cluster
inspect
the
state
of
the
network
policies
instead,
should
be
its
own,
dedicated
public
api
that
other
components
beyond
just
encode
may
want
to
leverage.
B
You
could
imagine
like
an
integration
with
another
service
which
is
providing
some
kind
of
ui
for
for
entry
and
network
policies,
maybe
that's
developed
by
someone
else
outside
of
the
entry,
a
project.
Well,
that
could
be
like
an
interesting
api
for
them
to
be
able
to
use,
because,
ideally
for
integrations,
people
would
not
be
relying
on
the
internal
entry
apis.
B
Now,
if
we
think
the
only
use
case
is
nctl
well,
maybe
it
makes
sense
in
that,
in
that
scenario,
to
use
to
use
the
internal
apis
and
implement
all
the
functionality
for
nctl
query
endpoint
directly
in
the
nctl
on
the
client
side.
Instead
of
introducing
new
apis
and
having
to
worry
about
maintaining.
B
Them
so
paul
that
that
kind
of
made
sense-
and
it's
kind
of
like
a
bigger
picture
of
just
nctl-
query
endpoint,
it's
more
about
in
the
future.
We
may
introduce
additional
functionality
like
this
one
and
may
have
to
make
the
decision
multiple
times
of
whether
to
use
internal
apis
and
implement
some
client-side
functionality
in
nctl
or
building
a
dedicated
api
that
can
be
consumed
easily
for
integrations
by
other
clients.
A
I
already
have
one
question
regarding
the
comment
from
chan
here
that
we
see
here
on
the
screen.
Why
do
we
think
that
unknown
of
the
existing
groups
is
suitable
for
this
new
api
and
we
will
need
a
new
group.
B
So
it's
kind
of
like
a
question
that
keeps
coming
up
basically
chan
and
I
thought
that
ops,
ops
would
be
a
good
group,
because,
that's,
I
think,
that's
where
we
define
is
it
trace
flow.
I
think,
trace
flow
is
in
ops.
B
I
think,
but
basically
what
chan
brought
up
earlier
is
that
on
several
occasions
I
think
is
that
when
you
have
an
api
group,
you
can
either
use
it
for
crds
or
you
can
use
it
as
an
api
service
using
the
aggregation
layer,
and
so
in
that
case
a
crd
wasn't
really
appropriate,
and
so,
but
because
the
ops
api
group
already
uses
crds,
you
cannot
mix
the
two
in
one
api
group
kind
of
like
an
api
service
and
ncrds,
and
basically
we
looked
at
all
the
existing
api
groups
that
we
have.
B
I
think
the
only
one
that
we
could
use
was
system.
If
I'm,
if
I
remember
correctly-
and
I
don't
think
system
is
like
very
appropriate
for
that
functionality.
A
No,
you
know
my
comment
is
is
very
simple
that,
ideally,
I
would
like
to
keep
with
clients
as
light
as
possible
and
have
as
much
logic
as
possible
on
the
server
side.
Mostly,
you
know
for
reason
that
you
mentioned
that
you
can
never
know
these.
These
apis
can
be
reused
in
some
other
context,
which
is
nothing
on
ctl
uncatalog.
Oh
sorry,
I
cannot
pronounce
that
and,
and
so
I'm
thinking
of
a
good
reason
for
not
doing
it
on
the
server
side.
B
A
C
But
still
the
api
is
a
little
similar
to
the
existing
ones
like
neural
policy
right
because
it
still
carries
the
net
policy
api
just
with
some
port
as
a
condition.
That
is
just
like
the
asian
side
api
that
we
we
use,
get
narrow
policy
and
we
have
an
option
to
specify
the
related
port
and
only
get
the
related
ports.
C
It
is
also
in
the
same
nail
policy
api
in
on
in
the
api
server
or
for
agent.
So
maybe,
if
we
we
want
a
new
api,
maybe
the
internal
control
control
play
group
could
be
the
group.
What
do
you
think.
B
I
think
it
depends
on
whether
we
see
it
as
like
an
internal
api
or
should
something
that
should
be
easily
consumed
publicly,
because
I
think
we
made
it
clear
that
control
plane
was
was
supposed
to
be
an
internal
api
and
we
may
have
like
different
backward
compatibility
guarantees
and
upgrade
guarantees
for
that
internal
api,
as
opposed
to
the
other
apis
and
like
applied
to
groups
address
groups.
Those
are
like
kind
of
like
concepts
which
are
which
are
like
specific
to
the
entry
implementation.
B
B
That's
true,
that's
true.
Once
again,
I
think
if
it's
just
if
the
scope
is
just
an
encore
as
a
client,
then
I
think
using
internal
apis
is
fine.
B
I
think
my
question
was
also:
do
we
think
there's
going
to
be
a
use
for
an
api
like
this
one
for
integration
with
other
projects,
in
which
case
it's
not
just
encoral?
Maybe
you
want
to
have
like
a
public
api
that
other
components
can
can
consume.
A
Good
point
at
the
moment
you
know,
if
you
ask
me,
is
there
a
use
case?
I
would
say
I
don't
know.
The
thing
is
that
now
there
is
no
use
case
probably,
but
you
can
never
know
if
in
three
four
months
or
an
year,
that
would
be
a
use
case.
So
I
will
say
the
probably
the
problem
can
be
regarded
from
can
be.
A
We
can
look
at
it
from
an
effort
perspective.
Is
it
worth
doing
now
the
effort
for
adding
a
new
api
or
might
be
better
to
defer
this
effort
and
maybe
re-implement
the
feature
on
server
side
and
second
stage,
so
that
mostly
it's
a
question
that
I
cannot
answer,
and
I
don't
know
what
you
think,
because
if
you
tell
me
that
implementing
this
on
the
server
side,
you
require
a
significant
additional
effort.
A
B
I
kind
of
like
chan's
idea
of
maybe
maybe
putting
it
in
the
control
plane
api
right
now
as
encode
is
the
only
consumer
and
if
we
see
a
use
case
down
the
line
where
it
needs
to
be
moved
to
a
public
api
group,
then
I
can
move
it.
We
can
move
it
to
a
public
api
group,
so.
D
D
So,
at
least
I
don't
feel
it's
internally,
I
I
would
say
potentially
there
can
be
other
client
consumer
api
too.
B
I
thought
internal
was
our
favorite
name
for
it
right
that
is
but
yeah
I
mean
I
like
that
plan
I'll
see
if
I
can
use
a
control
plane
api
right
now,
given
that
nctl
is
the
only
consumer
and
if
someone
comes
and
say
I
want
to
use
that,
maybe
you
would
consider
moving
it
to
a
different
api
group
sounds
good.
A
The
second
item-
yes,
please
go
ahead
also
because
we
don't
have
any
other
item
proposed
for
today,
at
least
not
on
the
on
the
on
the
slack
channel.
So
the
second.
The
second
item
is
about
generating
documentation
for
andrea
public
apis
and
crds,
and
that
the
reference
pr
is
the
one
that
that
antonym
is
on
the
screen
and
that
I'm
shooting
on
the
chat.
Please
go
ahead
on
time.
B
I
think
so
is
that
something
I'm
working
on
in
the
background
right
now.
People
may
have
have
noticed,
but
a
couple
months
ago,
and
I
think,
as
I
was
actually
suggested
by
by
stephen
wong
who's,
I
think
he's
on
the
call.
B
A
cii
stands
for
a
core
infrastructure
initiative
and
the
way
you
do
that
is,
there
is
kind
of
like
a
self-service
form
that
you
feel
and
it's
a
linux
foundation
initiative
and
basically
it
shows
people
that
you're
following
you're,
trying
to
follow
the
best
practices
when
it
comes
to
open
source
software,
and
I
think
the
idea
is
that
by
by
filling
the
form,
it's
also
kind
of
like
a
checklist
for
you
as
a
project
maintainer,
to
see
if
your
project
is
following
best
practices
and
probably
make
adjustments
to
to
to
your
project
as
you
go,
and
so
thanks.
E
The
other
reason
for
doing
this
is
that,
if
you
apply
to
get
into
the
cncf
for
sponsorship,
I
think
citing
this
as
the
deck
that
you'd
submit
for
consideration
by
the
voting
members
is
something
that
would
be
helpful.
Also,
the
process
is
just
useful
to
kind
of
put
you
on
a
glide
path
to
be
a
well-run,
open
source
project,
and
I
think
potentially,
some
of
the
users
who
might
adopt
a
project
would
use
this
and
be
impressed.
B
Yeah
thanks,
if
those
are
all
good
points,
and
so
I've
been
working
on
like
basically
getting
all
the
check
boxes
there
on
that
form
for
the
last
two
months
or
so,
and
and
most
of
those
were
like
either
we
already
met,
or
it
was
like
a
pretty
small
change
in
the
entry
code
base
or
repository
in
documentation
to
to
meet
it
at
that
stage.
There
is
only
one.
B
Strict
requirement
that
we've
on
automating
it's
to
provide
reference
document
documentation
to
describe
the
external
interfaces
of
the
software,
and
so,
if
you
look
at
a
project
like
humanities,
for
example,
they
do
have
like
automatically
generated
like
documentation
for
the
rest
api
that
that
you
can
check
online.
I
think,
do
I
have
the
link
here
in
the
issue.
B
and
so
basically
the
way
they
do
it
in
in
kubernetes.
If
I
recall
correctly,
is
they
use
the
the
is
a
good
declaration
of
types
and
then
they
generate.
Actually
they
generate
like
an
open
api
specification
swagger.json
by
running
an
instance
of
the
api
server
and
connecting
to
it
and
collecting
all
the
open
api
specifications
from
the
from
the
running
api,
and
once
they
get
that
swagger.json
file,
they
run
like
a
custom
script
and
they
end
up
with
the
website.
I
was
just
showing.
B
I
guess
both
the
cii
initiative,
for
which
we're
trying
to
get
a
badge
like
steve
described,
and
the
fact
that
this
is
the
last
remaining
piece
of
the
puzzle
before
we
can
get
the
passing
badge
and
if
anyone
has
like
good
ideas
as
to
how
we
can
generate
the
documentation
and
initially
I
was
like
considering
only
generating
the
documentation
for
our
crds,
but,
as
janjun
pointed
out
like
the
so-called
internal
api
control
plane,
maybe
should
be
documented
as
well,
because
other
entry
integrations
may
actually
end
up
consuming
that
api
directly.
B
So
I
wasn't
exactly
sure,
what's
the
best
way
of
generating
documentation
uniformly
for
both
our
crds
and
our
api
services,
because
I
kind
of
like
for
api
services,
I
think
you
can
kind
of
use
like
the
community's
way
of
running
like
an
instance
of
your
api
server,
but
for
crds
or
seems
to
be
like
another
project
which
is
like
simpler
to
use.
B
B
And
by
the
way,
as
part
of
this
change
that
we
may
need
to
like
improve
the
documentation
in
your
in
sorry
in
your
in
our
go
api
declarations
to
add
more
comments
and
make
sure
the
auto-generated
documentation
makes
sense
for
users
and
developers.
A
A
A
A
No,
no,
no,
I'm
I'm
still
here
and
unfortunately,
unfortunately,
I'm.
I
cannot
afford
to
fall
asleep,
at
least
not
for
the
next
16
hours,
so
on
18
hours,
so
yep
it's
anyway.
So
I
think
it's
all
for
today.
I
would
like
to
thank
everyone
as
usual
for
attending.
It's
been
a
very
good
conversation
and
so
before
we
close
the
meeting
just
sometimes
just
a
quick
update
on
the
release
schedule.
B
Let
me
double
check,
but
it's
at
the
beginning
of
november,
and
the
idea
is
to
have
it
right
before
kubecon.
Currently,
it's
scheduled
for
november
4th,
I
think,
but
I
don't
we
may
be
okay
with
postponing
it
a
bit,
because
I
know
that
we
have
an
upcoming
chinese
holiday
and
so
it
may
impact
our
development.
A
That
is
correct,
so,
in
terms
of
meeting
scheduling,
the
chinese
national
holiday
should
not
impact
our
community
meeting
much
because,
thanks
to
the
shift
that
we
did
for
labor
day,
we
are
also
in
a
good
shape
for
for
this
chinese
holiday.
Indeed,
the
next
instance
of
the
meeting
should
be
on
october
13th,
which
is
right
when
people
in
china
should
come
back
to
work.
A
So
on
that
front
we
should
be
good
and
well,
and
then
thanks
everyone
for
attending,
and
I
wish
everyone
a
good
night
good
morning,
good
afternoon
or
good
evening,.