►
From YouTube: Antrea Community Meeting 05/23/2022
Description
Antrea Community Meeting, May 23rd 2022
A
A
B
B
Here
is
the
example
use
case,
and
we
have
defined
and
entered
network
policy
with
stack
like
this,
and
we
want
to
apply
this
enter
network
policy
to
the
external
entity,
which
has
labels
rho,
equals
db,
and
in
this
graph
it
is
vm1.
It
has.
The
label
matches
the
external
entity
selector,
and
I
need
to
mention
that
this
part
is
sorry.
This
part
of
angel
network
policy
change
is
not
supported
right
now
and
it
it
is
the
new
feature
we
want
to
add
it
to
the
entire
network
policy
and
in
the
e-bras
there
are
two
rules.
B
We
want
to
introduce
a
new
crd
called
external
node
to
represent
the
virtual
machine
or
the
benelmetal
server,
which
is
not
a
kubernetes
node,
but
has
an
agent
running
on
it,
and
it
is
the
definition
for
the
proposed
crd
and
in
the
external
node
stack,
we
will
define
the
network
interface
and
for
the
inter
network
interface,
you
can
specify
name
and
ips
or
either
of
them
and
no
no
way
expect.
Ipsum
is
the
must-have
field.
B
If
you,
I
will
see
later
that,
if
you
don't
specify
ip
for
the
network
interface,
we
will
not
generate
the
corresponding
external
entity
for
this
external
node,
and
I
also
need
to
point
out
that
when
we
define
an
array
for
the
interfaces
here,
but
for
the
first
release,
we
will
only
support
one
interface
per
external
node
and
multiple
interfaces
may
be
supported
in
the
future.
Release.
B
C
B
And
okay,
that
is
the
api
part
of
changes
and
for
controller
side
of
changes.
The
controller
will
do
two
things.
One
is
to
convert
the
external
node
to
external
entity.
Another
is
to
manage
the
enter
agent
info
level
life
cycle
and
for
the
first
one
we
will
convert
the
external
node
to
external
entity
based
on
the
following
rules
and
first
it
will
generate
the
for
the
external
entity
name.
If
the
network
interface
name
is
empty,
we
will
use
the
external
node
name
directly.
B
If
the
network
interface
name
is
not
empty,
we
will
instead
use
external
node
name
heaven
interface
name
as
the
external
entity
name
and
as
tng
has
already
pointed
out,
the
all
the
external
node
labels
will
be
added
to
the
external
entity,
and
external
node
name
will
be
set.
The
external
name
field
in
the
external
entity.
B
When
we
define
an
external
node,
which
is
called
vm1
under
the
namespace
vm
demo,
it
has
the
labels
row
equals
db
and
it
has
the
interface
interface
name
can
be
specified
or
ignored
in
the
definition,
and
it
has
one
ip
here
for
the
generated
external
entity.
It
has
the
same
name
as
external
node,
because
interface
name
here
is
not
specified.
B
So
we
will
use
the
external
node
directly
and
for
the
namespace
it
they
are
the
same
and
labels
they
are
the
same.
And
if
there
are
multiple
labels
here-
and
it
will
be
multiple
labels
here
and
we
will,
we
also
add
a
field
called
only
reference
to
let
this
external
entity
to
point
to
the
to
the
external
node.
So
we
will
know
that
no,
which
external
node
is,
is
used
to
generate
this
external
entity
and
for
the
endpoints
it
is
populated
based
on
the
interfaces
field
and
another
important
field
is
the
external
node
field.
B
It
will
be
set
the
same
name
as
the
name
for
this
external
node,
and
basically
the
general
idea
is
that
we
will
generate
an
external
node,
an
external
entity,
for
each
interface
defined
in
the
external
node.
As
currently,
we
will
only
support
one
interface
per
node,
so
currently,
external
node
and
external
antenna
is
one
two
one
mapping.
B
D
So
one
agent
says
starting
up.
We
show
the
first
secure
environment
variable
with
the
external
node
name
as
a
variable
keynote
name
as
what
we
have
done
on
the
container
case,
then
after
agent
is
that
it
you
know
it
knows
who
it
is.
Then
agents
will
get
the
external
node
from
the
kbps
server
with
a
filter
by
its
own
name.
D
D
Okay,
this
page,
I
was
focusing
on
the
realizations
on
everything
phase.
First
of
all
one
case,
the
major
difference
from
the
container
case
is
that
so
we
should
maintain
manage.
The
whole
network
is
what
we
are
focusing
on,
so
to
not
break
the
existing
processes
consuming
the
networking
we
will
try
to
use
a
new
network
interface
can
configure
with
the
existing
name
and
ip
and
max
and
routing
of
the
never
interface
configuring
in
the
external
node.
D
So
when,
after
an
agent
finds
interface
by
the
ipl
drives
on
the
host,
it
first
attached
the
exit
first
server
name,
the
network
interface.
To,
for
example,
I
use
the
pinik
zero
and
in
the
unit
diagram,
and
then
they
create
the
pinik
zero
to
os.
Actually,
this
is
the
physical
interface
on
the
os
at
the
vm.
Then
agent
will
try
to
create
a
new
os
internal
part
which
is
configured
with
the
it
is
there
virtual
it
is.
D
D
We
don't
have
some
ip
pipeline
consumptions,
but
that's
the
nice
details
and
for
the
interface
config
part
after
the
parallel
parts
they
are
added
onto
the
os.
They
create
an
interface
config.
I
mean
one
interface:
config
is
used
to
map
the
pair
port.
So
in
the
new
type
point
we
can
represent
external
entity.
We
have
to
maintain
the
purpose.
We
have
two
overflow
ports,
one
is
the
internal
passport
and
another
is
the
mapping
uplink
port
and
the
interface
config
name
is
actually
the.
D
Actually.
It
is
general.
I
mean
the
the
name
defined
in
the
external
networking
space.
Then
android
agent
also
set
up
some
open
appliance
for
the
external
node
we
have
ipv
pipeline,
but
for
the
external
node
ip
pipeline
we
are
only
focusing
on
the
egress
and
the
ingress,
so
we
don't
have
their
two
hours
forwarding.
As
I
mentioned,
because
of
the
pair
pause.
We
will
try
to
forward
package
from
one
to
the
pair
directly
and
as
we
should
maintain
the
host
network,
we
should
also
maintain
the
non-ip
package
in
the
os
pipeline.
D
So
we
we
need
to
introduce
a
new
table
focusing
on
the
non-ip
packets,
but
for
this
new
pipeline
we
directly
forward
packets
from
one
to
the
pair
with
the
changes
on
the
external
node
for
osf
path.
The
new
pipeline
definition
has
only
four
tables,
and
I
listed
the
table
id
and
mapping
in
in
this
page.
E
D
D
D
F
F
D
F
D
Yeah
yeah
crisis:
this
is
because
well
synchronized.
Maybe
some
other
processes
are
listening
on
the
ets
zero,
but
if
they
just
use
the
region
name
to
os
and
then
create
a
new
report
with
a
different
name
and
since
the
ip
and
ipn
routing
migrated
from
the
existing
interfaces
to
the
os
internal
parts,
the
the
other
processes
listed
on
the
the
pth0
might
be
broken.
E
D
E
E
D
We
are
already
citing
the
target
of
ports
in
a
register
one
and
in
the
last
table
we
only
output
the
package
to
register
one
which
was
passed
in
the
table
in
the
first
table.
So
we
don't
need
the
letter
to
order
three
table
to
forward
package
according
to
destiny
or
destination
mic,
but
we
don't
need
to
analyze
in
external
notice.
E
C
So
winning
I
remember
in
nst
design
we
choose
to
attach
the
fader
interface
to
the
bridge
with
a
wizard
pile,
and
I
remember
one
reason
to
be
for
the.
I
think
it's
for
the
who
says
restart
case,
I
think
there's
some
difference
between
internal
port
and
the
wii
supplier.
In
that
case,
I'm
not
really
sure.
I'm
not
sure
you
know
about
that
or
have
you
solved
it.
C
D
C
D
D
C
C
A
D
A
Well,
I
believe
that
we
probably
want
to
open
for
conversation
with
the
entire
community.
That
was
that
is,
like
a
a
let's
say,
that
from
a
design
perspective,
probably
a
it's
from
this
presentation,
it's
less
than
what
it
looks
like,
because
there
are
many
changes
that
are
going
into
the
obvious
pipeline
for
supporting
vitro
machines.
A
D
A
A
A
Okay,
so
if
there's
another
question,
I
would
like
to
seek
a
clarification
on
the
relationship
between
external
node
and
external
entity.
Can
you
go
back
to
the
slide
that
mandy
presented
so
yep
perfect
this
one?
There
will
be
a
controller.
I
assume
that
reads
this
information
and
creates
the
external
entity
resource
now.
Is
this
just
taking
data
from
one
entity
and
moving
it
into
other
data,
or
does
it
also
involve
a
searching
for
a
vm
using
some
provider.
B
And
if,
if
user
can
fix
some
invalid
information,
assuming
in
the
interfaces
and
when
the
agent
site
monitoring
the
external
node,
it
will
search
the
interface
by
ip
it.
If,
if
it
cannot
find
the
corresponding
interface-
and
it
will
not
do
any
further
procession
and
we
can
see
some
errors
from
agencies.
A
I
see-
and
I
have
another
question-
sorry
in
terms
of
information-
the
resource
on
the
right
external
entity.
What
kind
of
information
is
adding
on
top
of
the
external
load,
because
I
see
that
I
it
seems
to
me-
I'm
sorry.
Maybe
I'm
mistaken
here,
that
there
are
exactly
the
same
attributes
just
in
a
different
order.
A
B
Yeah
yeah
for
external
nokia
note
case
the
we
will
only
set
the
endpoints
field
for
external
entity
here
and
for
for
the
definition
here.
They
are
slight
slightly
different
because
the
interface
network
interface
we
define
it
can
has
one
name
but
multiple
ips
for
a
interface,
but
for
the
endpoint
existing
definition
is
one
name
and
one
ip.
So
if
there
are
multiple
ips
here,
you
will
define
an
array
with
multiple
endpoints
in
this
field.
B
C
C
That's
why
you
don't
have
this
interface
or
you
know,
multiple
interface
or
it's
installed
on
node
crd
earlier,
but
we
just
installed.
We
just
have
install
entity,
but
since
we
start
to
add
the
agent
model
for
when
and
now
we
we
decided,
we
need
a
new
crd
to
express
again
with
agent
and
we
call
this
toner
node,
but
still
for
most
of
our
code
to
handle
policy
and
other
you
know,
data
paths.
A
A
So,
let's
assume
that
I
am
a
clumsy
user,
so
I
have
an
external
entity
which
is
attached
to
a
vm
without
reference
by
an
external
node.
Then
I
decide
to
go
to
two
end
points
and
I
modified
the
ip
addresses
here
in
endpoints
now.
Will
there
be
a
mechanism
that
resynchronizes
again
the
external
entity
to
the
external
node,
or
do
we
have
to
do?
We
have
just
to
tell
users
that
you
should
not
go
and
modify
this.
B
B
C
A
B
Part
change
because
we
monitor
the
external
node,
it
will
not
have
any
impact,
but
for,
if
you
change
the
external
entity
part
because
the
agent
side
network
policy
controller
is
is
watching
the
is
actually
watching
the
external
entity
selector.
So
if
you
modify
the
external
entity
by
accident,
I
think
it
may
have
an
impact.
B
A
E
B
A
Yeah,
I
think
that's
a
good
point.
I
believe
that
you
know
these
are
kubernetes
crs,
so
even
securing
those
should
be
managed
with
the
kubernetes
airbag
so
yeah
it
should
not
be.
It
should
not
be
a
big
deal.
It's
just.
It's
just
a
matter
of
making
sure
that
these
that
you
know
that
access
to
external
entity
as
the
proper
airbag
controllers.
E
A
A
All
right
it
appears,
then
there
are
no
questions
and
we're
looking
forward
to
see
this
feature
in
included
in
andrea
1.1,
and
I
guess
that
now
we
can
move
to
open
discussion.
So
if
there
is
any
topic
that
you
would
like
to
bring
up
any
bug
that
you
would
like
to
discuss
anything
that
you
like
to
complain
about,
please
go
ahead.
A
A
We
didn't
have
many
participants,
but
at
the
highest
we
we
had
like
15
participants
in
in
the
meeting.
We
had
a
small
introductory
short
introductory
presentations
about
a
presentation
about
andrea
features,
the
scope
of
the
project,
the
status
as
a
cncf
project,
and
I
have
to
say
that
was
pretty
much
it.