►
From YouTube: Antrea Community Meeting 07/18/2022
Description
Antrea Community Meeting, July 18th 2022
A
All
right,
so
thanks
everyone
for
joining
andrea's
community
meeting
today
is
monday
july
18th
in
the
us,
and
I
think
on
the
agenda.
We
have
two
items.
I
think
the
main
item
is
waning,
who's
going
to
be
presenting
a
support,
bundle
for
vm
virtual
machines-
if
I'm
not
mistaken,
and
then
after
that,
I'd
like
to
give
a
short
update
on
elm
support
in
in
entry
and
entry
and
charts,
that's
correct
right.
Winning
you're
presenting
support
bundles
for
for
vms.
B
Okay,
thanks
also
for
this
meeting,
and
I
would
like
to
share
something
about
to
present
something
about
the
super
boundary
implementation
plan
in
verm
case
this
is
the
agenda
ever
introduced.
The
motivation
for
the
implement
super
boundary
implementation
and
secondly,
I
would
like
to
give
the
design
for
salt
eight
and
the
last
part
is.
I
will
introduce
some
corner
cases
we
might
hit
in
the
vam
scenarios
and
our
plan
to
support
to
resolve
the
countries,
the
motivation,
as
we
may
notice,
for
the
existing
and
chair.
B
We
have
implementation
for
support
bundle
and
we
run
two
agents
on
every
work
nodes
and
enter
agent
stats,
ports
and
run
api
server.
Listening
on
the
ports,
then
the
user
can
use
aunt
cattle
to
collect
the
logs
from
manchester
agent
and
get
the
bundle
files
to
to
the
place
where
and
kaito
is
running.
B
So
it
is
not
easy
to
configure
ports
to
run
your
app
server
for
for
the
for
to
solve
the
request
from
other
places,
and
secondly,
it
says
for
them
cases.
We
know
that
we
might
have
some
different
vpcs
and
we
would
like
that
so
one
agents
on
one
wing,
one
on
one
vm-
has
the
the
permissions
only
allow
it
to
access
the
development
itself
information.
B
B
So
my
proposal
said
so:
we
want
to
introduce
a
mechanism
to
not
financial
agents
running
on
the
vms,
to
collect
small
bundle
files
and
actively
upload
the
files
to
a
central
pass.
So
with
this
proposal
we
want
to
have
a
crd
configured
to
configure
the
those
requests
on
the
bundle
files
collection,
two
paragrams,
what
we
want
to
collect
and
which
vms
we
want
to
create
bundle
files
and
where
we
expect
the
bundle
files
to
upload
and
secondly,
to
avoid
the
vms
untrained.
B
To
avoid
the
ramps
get
out
of
vm's
information,
we
introduce
internal
objects,
used
between
entry,
controller
and
venture
agent,
so
that
so
we
can
ensure
the
agents
running
on.
Vm
only
gets
the
information
focusing
on
itself
and
the
agents
running
on
the
vm
can
report
the
progress
of
the
pondo
file,
collection
and
uploading,
and-
and
we
also
use
a
secret
to
start
authenticator
for
the
agent
to
use
to
up
to
to
excise
the
file
server
while
uploading
the
files
in
the
design
way.
First
is
about
the
crd.
B
B
We
spot
two
kinds
of
nodes:
one
is
the
general
kubernetes
work
node,
and
the
second
is
the
external
node
which
are
used
to
represent
the
the
vms
in
the
entry
and
with
the
nodes.
We
can
use
these
two
methods
to
to
configure
the
the
expected
nodes.
We
can
list
names
of
the
expected
node
nodes
and
we
can
use
a
label
selector
to
tell
ensure
controller
to
choose
the
expected
notes
by
the
selector
with
the
name
list.
B
If
it
is
an
empty,
it
means
that
all
the
nodes
in
the
namespace
for
external
nodes
are
required
for
work
nodes.
We
don't
require
namespace
fill
configured
and
the
second
configuration
item
in
the
crd
is
a
duration.
It
tells
agents
what
logs
are
expected
and
the
logs
newer
than
the
given
duration
are
requested.
B
We
can
use
one
day,
two
hours
or
20
minutes
or
something
like
this,
and
if
the
duration
is
empty,
it
means
that
all
logs
in
the
agent
run
time
are
required
and,
as
the
third
item
is
the
timeout,
it
means
that
how
long
the
request
is
efficient.
If
the
timeout
is
come
true,
it
means
the
request
is
expired
and
the
request
might
be
failed
if
the
required
vms
doesn't
have
completed
uploading.
The
files-
and
the
first
item
is
the
file
server.
B
B
If
the
http
works
as
ported,
but
it
is,
if
it
is
not,
configured
post
is
used
as
default,
and
the
last
path
is
about
the
authorization
it
tells
agent
how
to
connect
how
to
excise
the
file
server.
By
now,
we
plan
to
support
two
authorization
methods.
One
is
token,
and
the
second
is
api
key
and
both
the
values
are
passed
using
a
secret.
The
secret
reference
is
provided
by
the
values
are
stored
in
the
secrets,
with
a
base
1664
encoding
in
the
third.
B
You
will
also
have
a
status
configured
which
tell
use
the
for
unsure
controller
to
to
aggregate
the
status
of
the
request
in
the
status.
We
have
these
things
that
so
we
have
a
face
to
tell
the
user
that,
in
which
stage
the
the
super
bundle
processing
is
on
it
has
a
much
state
machine
is
like
this.
After
the
series
is
created,
the
status
is
marked
as
pending
and
any
vm
starts
working,
for
example,
collecting
the
the
bundle
of
uploading
elements
and
where
the
the
ram
is
starts.
B
No,
the
current
notes
means
that
how
many
nodes
has
completed
the
fail,
uploadings
and
the
theorem
knows
means
that's.
How
many
expected
external
nodes
like
calculated
about
your
controller
and
the
last
part
in
the
status
is
a
further
reason.
It
is
used
to
tell
user
why
we
marked
the
crd
status
as
field
by
now.
We
planned
these
two
list,
three
reasons,
including
the
node
conflict,
not
uploaded
or
unknown.
B
A
note
conflict
means
that,
if
a
request
involves
some
notes
which
are
involved
in
another
request
and
the
the
the
second,
the
other
request,
saturday
request
is
still
in
the
processing
state.
The
further
reason
might
be
marked
as
node
conflict,
but
not
uploaded.
It
means
that
so
one
time
is
up
some
some
note,
some
agents
on
the
rams
and
are
not
completed
the
processing.
B
B
C
C
B
We
can
think
about
it,
maybe
it
it
it
is
working
but
okay.
So,
but
if
so
that's
my
one
concern
from
my
adrenal
original
thought
is
I
I
don't
I'm
not
sure
if
we
can
configure
what
can
I
mean
that
if
we
have
one
kubernetes
organ
nodes
and
one
external
node
using
the
same
name
and
how
to
process
it
just
using
the
the
label
selector
or
name?
C
D
C
B
B
For
example,
put
our
patch
or
something
actually
we
want
to
like.
We
would
like
some
because
we
don't
know
what
the
file
server
is
exactly
is
so
I
mean
there's,
so
we
don't.
We
don't
know
if
the
what
verbs
are
actually
expected
for
the
file
server
to
to
upload
the
files.
So
we
want
the
user
to
tell
us
that
what
rob
he
wants
us
to
use
the
intro
agents.
C
Okay,
okay,
got
it
and
for
ftp
there
can
be
multiple
verbs,
too
or
ftp
doesn't
have
web,
but
we
don't
have
robbie
ftp,
okay,
okay,
probably
we
can.
We
can
discuss
more
when
we
review
the
seal
yeah.
I
just
just
want
to
understand.
I'm
trying
to
see
if
we,
if
we're
not
very
sure,
probably
we
don't
need
to
you-
know,
define
what
the
future
is
tensions
if
we
yeah
for.
D
B
B
D
B
D
D
D
D
B
Actually,
we
don't
expect
that
agent
to
know
any
other
vm's
name
in
the
in
the
vm
cases.
So,
but
for
crd,
we
don't
like
that.
So
we
configure
one
crd
for
dedicated
for
1vm.
We
expect
that
a
crd
may
use
maybe
use
the
phone,
the
the
multiple
vms,
which
has
the
same
configuration
expectations,
but
so
we
would
like
that
ram
can
get
its
own
names
name
information!
D
B
B
So,
while
our
bike
is
used
per
vm,
so
we
can
specify
the
names
in
in
the
arbeit
configurations
but
of
our
unsure
agent
to
logic,
but
we
don't
have
the
logic
to
a
list
of
other
external
nodes
how
to
get
other
external
nodes
names.
In
a
logic,
we
only
configure
the
name
of
the
of
the
itself,
so
android
agent
only
gets
it
its
own
external
nodes.
B
But
if
we
have
sync
up
all
the
vms
in
the
in
the
support
bundle
in
the
two
two
or
one
control
agents,
it
means
that
from
android
agents
logic
it
can
get
multiple
vms,
not
only
itself.
But
if,
if
the
hiker
mod
financial
code
to
get
some
additional
configuration
for
other
vms,
it
can
work.
So
that's
not
what
we
want.
D
I
understand
that
we
only
get
the
the
node,
the
external
node
of
itself,
but
I
think
the
token
has
the
permission.
So
I
think
there's
no
difference
that
user
gets
the
known
names
from
the
log
or
it
use
the
token
directly
to
list
the
other
nodes
in
that
namespace
because
they
already
have
this
permission.
D
B
D
B
D
B
B
B
Sure,
thanks
and
then
we
can
continue
to
the
next
okay.
This
is
about
okay,
superman's
status,
and
it's
about
the
internals
for
bound
objects.
As
we
used
to
mention
about
it.
It
is
try
to
think
the
the
resources
from
a
trade
controller
to
enter
agents
and
android
agent
only
has
the
permission
to
rate
the
internal
objects
from
entry
controller,
and
so
so
that's
what
we
come
to
the
the
targets.
Mem
agents
cannot
never
know
advanced
information
from
this
channel
for
internal
objects.
We
only.
B
D
B
Then
come
to
the
workflow.
The
expected
flow
is
like
this:
first,
the
user,
creases
power
boundary
crd
in
summary,
pc
and
the
the
request
is
coming
to
aps
server
and
your
controller
watches
vultures.
The
the
super
bundle
adding
vents
from
eps
server.
Then
it
calculates
the
internal
object
and
synced
to
the
agent,
but
the
agent
only
means
that
the
vms
which
are
selected
are
defined
in
the
crd
nodes,
so
other
vm
cannot
be
able
to
receive
the
internal
objects.
B
That's
what
we
I
will
introduce
some
details
in
the
counter
cases
for
security
control.
We
would
like
to
say
something
one
is
that
the
agent
only
watches
internet
object
from
venture
controller
and
other
nodes
information
is
not
included
in
the
network
object
and
the
credentials
like
the
token
or
api
case
are
not
provided
in
the
city
directly,
but
using
a
secret
disk
styles
and
for
token
is
used
for
hpp's
and
to
to
enhance
the
security
user
can
generate
a
one-time
token
with
timeout
control,
if
necessary,
yeah.
B
B
So
it
means
that
if
we
don't
process
it,
it
means
that
there
must
be
some
rep
duplicates
on
the
super
boundary
collection
agents.
So
to
resolve
the
the
current
case.
We
have
two
option
solutions
once
that,
so
we
can
use
a
webhook
validation
to
check
the
note
in
the
list
of
the
second
request
and
compared
with
the
existing
and
growing
requests.
B
B
We
will
use
a
webhook
validation
hook
to
reject
such
operations,
and
the
third
case
is
that,
if
there
are
many
vms,
for
example,
hundreds
of
thousands
of
vms
included
in
the
salary
request
how
to
list
the
originals
are
failed
to
upload
the
bundle
files.
It
is
not
efficient
if
we
include
all
the
other
know
the
names
in
the
api
response,
so
the
solution
says
controller
will
write
a
file,
including
the
field
nodes
list
and
upload
it
to
the
file
server
provided
by
the
in
this
bundle.
B
File
and
mark
does
the
the
serial
status
as
filled
there.
There
might
be
two
two
two
types
of
the
no
list
in
the
file
once
that,
if
the
spellbound
object
is
marked
as
failed
because
of
not
conflict,
the
failed
another
list
file
only
includes
the
conflicted
nodes
and
if
the
bundle
object
is
marked
failed
because
of
some
agents
fails
to
upload
files,
the
failed
at
least
only
include
which
nodes
fail
to
upload
the
files.
D
B
B
D
A
B
A
D
Multiple
teams
are
working,
are
troubleshooting
together
and
they
have
their
own
target.
They
have
their
own
targets.
Oh,
we
could
make
this
even
more
simple
that
we
allow
a
concurrent
request,
but
we
only
have
one
we
only
had
handle
handle
one
request
at
any
given
time
and
we
only
proceeded
the
second
one
after
the
first
one
finished.
D
C
A
C
C
B
C
If
you
finally
want
to
support
truthful
for
external
for
wins,
then
you
have
the
exact
same
issue
like
permission
or
it's
supposed
to
bring
them
to
other
agents.
Something
like
that.
Maybe
there's
some
other
cases.
I
have
the
ratio
like
realization,
for
example.
I
I'm
actually
I'm
not
like
show
all
the
cases,
but
I'm
just
thinking.
C
C
A
A
Okay,
so
I
just
wanted
to
let
everyone
know
that,
starting
with
the
next
entry
release,
starting
with
entria
v1.8,
it
will
be
possible
to
install
entry
using
game
charts.
So,
as
you
guys
probably
know,
for
the
last
couple
of
months,
we
switched
to
using
elm
to
generate
entry
templates,
but
sorry
to
generate.
We
switched
to
using
elm
templates
to
generate
the
entry.
A
Yaml
manifests,
but
the
templates
were
not
like
user
facing,
but
starting
with
entry
v1.8,
it
will
be
possible
for
end
users
to
install
entry,
are
using
elm
charts
and
so
we're
going
to
have
like
three
charts
one
for
entry
itself,
one
for
the
flow
aggregator
and
one
for
taiya
and
actually
elm
is
already
the
primary
installation
mechanism
for
teya.
Since
entry
ivy
1.7.
A
A
Information
about
the
entry
here
charts
will
be
added
to
this
file.
Right
now
we
have.
We
did
some
experiments
with
a
an
alpha
release,
and
so
you
can
see
we
have
like
an
entry
a
chart
and
there
should
be
a
flow
aggregator
chart
as
well
and
the
chart
for
thea
and
that's
about
it.
And
since
we
now
have
m
charts,
I
was
able
to
register
entry
on
artifact
artifact
up
dot
io,
which
is
kind
of
like
a
central
website
where
you
can.
A
Find
and
install
kubernetes
packages,
and
so
the
primary
mechanism
for
registering
new
packages
is,
is
to
use
m
chart.
Basically,
you
need
to
have
a
m
chart
to
be
able
to
list
your
project
on
that
website,
and
so,
if
you
type
entry
here,
you
will
find
the
three
three
different
charts
that
we
have
for
entry
and
right
now,
those
are
like
alpha
alpha
charts.
But
as
soon
as
we
release
1.8
for
entries
and
0.2
for
thea,
there
will
be
the
let's
call
them
the
production,
ready,
charts.
A
D
A
No,
I
don't
think
so.
I
think
artifact
tube
is
really
just
to
a
registry
for
available
packages,
and-
and
so
I
think,
if
I
click
on
it,
is
it
gonna
have
the
installation
and
I
click
on
install
see.
It
still
gives
me
the
steps
that
I
need
to
do.
Basically.
So
it's
still
like
a
central,
it's
just
a
central
registry
where
you
can
discover,
charts
and
and
and
look.
D
A
A
A
new
version
of
entry
have
been
released
and
as
a
chart,
owners
are
all
the
features
you
have
access
to,
like
you
can
advertise
security,
vulnerabilities
and
and
the
release
in
which
you're
fixing
that
very
vulnerability
and
things
like
this.
There
is
like
a
changelog
feature,
but
we're
not
we're
not
using
that
at
the
moment.