►
From YouTube: Istio Networking WG meeting - 2018-10-25
Description
- CNI Extension demo
- Discuss Traffic Ownership / Controlling Policy Governance with Istio Authorization
A
A
The
first
one
is
CNI
extension
demo
and
John
will
give
us
a
demo,
the
reason
also
an
Associated
document,
but
I'm,
not
sure
John.
If
you
wanna
like
preview
today
or
wait
till
next
time.
It's
up
to
you.
The
second
item
will
have
to.
We
will
have
to
make
a
community
decision
around
the
traffic
ownership,
controlling
policy
governance
with
its
authorization
so
and
the
third
okay.
We
actually
have
four
items
now
discuss
sidecar
lifecycle
manager,
a
management
by
Robert
and
also
the
east
of
CNI
status.
A
D
A
C
So,
let's
go
through
it.
That's
good
good
diagram,
not
a
slide.
Number
three
significant,
just
a
couple
of
slides
to
set
the
context,
so
Oh
lost
thanks
to
Tim
and
Robert
because
of
extending
their
work.
We're
leveraging
that
pretty
heavily
so
the
whole
one
do
is
show
how
to
sorry
it's
not
a
generic
Network
proxy
using
network
namespaces
and
do
some
rewiring.
They
will
think
I
had
some
interesting
tweaks
to
how
we
keep
the
five
boxes
into
Sto
next
slide.
So
what
we've
done?
C
The
architecture
is
really,
if
you
think
of,
on
the
left
hand,
side
what
you
have
today
is
envoy
running
as
a
sidecar,
so
what
we
have
done
is
created
a
new
network
namespace
and
deployed
into
that
Network
namespace
and
then
rewired.
The
network
for
region
V
eats
the
IP
address,
is
still
the
same.
Ip
address
that's
allocated
by
kubernetes.
There's
no
changes!
All
it
is,
is
really
a
bump
in
the
wire
of
traffic
going
from
in
and
out
of
the
pod.
This
could
be
a
couple
advantages.
C
D
C
Questions
we
haven't
done
anything
on
ball
yet
so
we've
just
use
our
sample
DNS
proxy,
which
is
busy
a
bump
in
the
wire,
and
we
don't
do
anything.
Basically,
we
take
packs
in
pack
aside,
I,
don't
think
the
things
we've
done
to
on
voice
I
need
to
go
and
look
at
it.
That's
one
of
the
action
items
we
have
because
as
far
as
envoy,
seeing
is
just
seeing
an
interface.
E
C
F
C
Okay,
I
think
that's
one
of
the
big
things
to
figure
out
how
to
make
this
generic
and
what
has
to
be
done
because
there's
other
proxies
opossum
envoy,
ng
acts
and
bunch
of
others
who
are
I,
think
you
know
tiny
few
millions
generic
as
possible.
So
it's
not
tied
to
one
particular
technology
and
we
need
to
figure
eyes
the.
C
H
C
H
That's
not
what
I'm
asking
you
I
mean
good
lord,
this
lady
soo
regional
destination,
which
the
colonel
actually
preserves
in
place.
If
I
would
traffic
was
captured
and
read
output
to
something
else,
then
this
was
the
action.
There
was
the
question
by
the
collar
and
that's
what
we
actually
used
with.
Unlike
mine,
I.
H
D
F
F
H
How
do
you
restrict
the
mean
today?
We
people
actually
uses
include
IP
ranges
in
all
together,
an
escape
hatch
if
they
have
one
too
many
service
and
freeze
I
mean
one
too
many
external
services.
They
would
like
to
let
you
know
so
on
context,
assets
and
every
I
mean
all
traffic
will
definitely
enter
envoy,
and
so
you
need
I
believe.
F
I
believe
you
can
still
use
IP
tables
to
redirect
stuff
I
mean
you
you,
you
still
have
control
to
say
some
packets,
based
on
whatever
will
go
directly
to
et
tu
V
82,
serial
interface.
I
cannot
problem
and
and
you're
out
some
specific
you
can
you
you
can
you?
Can
it's
basically
specify
different
routing
table
for
four
different
pockets?
F
G
C
We
have
what
we
have
a
working
with
our
be
so
sure
we
were
sure
demo,
but
just
now
the
questions
with
envoy
are
very
apropos
and
we
need
to
say
figure.
Those
out,
but
well
just
want
to
show
us
now
is
the
fact
that,
with
the
extending
you
know
Tim
and
Roberts
work,
we
can
actually
do
this
fairly
simply
and
we
have
a
sample
to
the
sample
code.
C
It's
basically
just
a
packet,
a
map
pump
in
the
wire
that
lose
packets
from
he
means
one
east
zero
to
each
one
and
out
to
get
to
so
just
a
simple
demo
to
try
and
show
that
the
mechanics
of
building
is
fairly
simple.
I
think
there's
a
lot
of
good
questions
here
about
how
would
actually
work
with
envoy-
and
you
know,
TCP
boxes,
I,
don't
think,
there's
any
major
problems.
You
know
Devils
are
also
in
the
details.
So
let's
go
next
slide
and
this
Christmas
really
quickly.
Then
we
talk
more
or
I.
C
C
Yeah
we're
only
using
on
voice
only
in
a
network
namespace,
it's
also
in
the
existing
pod
namespace.
So
some
discussion
last
week
about
how
to
get
keys
and
mount
keys
so
envoy
would
see
the
the
same
amount
points
in
the
parties
every
else.
These
questions
for
the
Google
people
is.
They
are
this
question
of
CNI.
You
know
for
a
cheeky
e,
but
this
not
be
touched
on
just
throw
it
out.
There's
a
discussion
point.
A
F
Was
softly,
prom
technically
technically
on
a
PK
misbehave
application,
Emily
forget
modifiers
are
out
some
kind
of
my
person.
Processes
doesn't
know,
but
does
any
IP
table
requires
the
same
capability,
so
whatever
you
are
doing
that
money
placed
IP
tables
that
you
fall
into
manipulating
around
you
should
do
it
with
a
privilege,
yeah.
K
C
So
you
see
a
little
more
control.
Yeah
it
works
with
is.
This
is
just
some
direct
stuff
from
Tim.
It
works
with
NEC
and
I.
For
us,
it's
interesting
cuz.
The
CMI
gives
us
some
interesting
information
like
the
bridge
name
and
IP
address
so
using
CNI.
What's
really
well
compared
to
some
of
our
previous
approaches,
we'll
try
to
do
yeah
control
of
all
traffic
works.
My
peers,
ipv4
ipv6,
the
proxy
can
I
do
so
certain
things
with
it
can
have
a
little
more
privileges
because
it's
installed
from
someplace
else.
C
It
can
have
the
ability
to
use
packet,
a
map
or
SRV.
Other
things
would
be
interesting.
I
thought
with
chaining
boxes
together,
I
think
Koster
mentioned
the
email,
a
bad
idea
because
of
late
mistakes
totally
agree,
just
throwing
it
out.
There's
a
you
know
has
a
thing
to
think
about:
yeah,
okay,
next
lista
kind
of
just
how
the
flow
works.
The
really
additional
step
we've
added
from
Tim
in
Tim's
work.
C
They
need
apply
some
cross
insertion
mechanism
which
we'll
talk
about
a
little
bit.
What's
a
pause
deployed,
we
it
fires
off
the
C&I,
then
it
starts
creating
to
insert
first
created,
never
name
space,
and
then
it
runs
the
proxy
in
that
namespace
and
then
starts
receiving
traffic
so
fairly
simple,
fairly
straightforward.
We
can
make
it
I
think
complete
transparent
to
the
user
apart
from
having
either
one
or
two
deep
insights
running
on
the
node.
Next
so
example,
just
this
we
have,
you
know
couple
parts
off
each
other
before
without
anything
and
the
Knicks.
C
C
C
So
when
Tim
goes
looks
farther
the
issue,
your
proxy
container,
all
we
do
is
passes
namespace
into
some
code.
We
wrote
before
that
does
essentially
the
East
reworking
and
then
once
that's
done,
we
now
have
a
network
namespace
and
then
we
call
the
add
sidecar,
which
basically
then
allows
us
to
insert.
C
L
L
L
So
this
is
the
cni
that's
basically
getting
copied
over
here,
which
is
nothing
but
an
execution
of
the
code
which
goes
and
moves
that
creates
a
new
name.
Space
creates
a
new
Veatch
there
and
does
all
the
plumbing
for
the
like
a
proxy
insertion,
and
then
it
will
go
ahead
and
insert
the
proxy
also
right
now
and
then
what
we
are
doing
as
part
of
the
DNI
invocation
in
the
conflict
is
for
the
demo.
G
L
L
Yeah
yeah,
yes,
so
now,
I'm
in
the
new
network,
namespace
that
was
created
also
now
I'm,
basically
inside
here,
instead
of
en
FRR
bump
in
the
wire,
should
be
running
and
if
I
do
an
IP
link
show
here.
These
are
the
two
interfaces,
each
one
and
each
two
that
we
have
created
so
these
correspond
to
in
the
in
the
diagram.
These
corresponds
to
be
eat
one
and
we
each
0,
as
we
have
created
your
social
traffic.
Your.
C
L
And
from
here
let
me
try
to
get
the
file
so
the
basically,
the
query
goes
through
our
bump
in
the
wire
BNF
through
the
new
network
namespace
into
the
server,
which
is
also
running
a
bump
in
the
wire
prophecy.
In
the
new
net
in
the
network,
namespace
and
Christ
came
to
file
up
back
to
the
client,
so.
C
C
Yeah
there's
some
open
issues
we
see
one
is
you
know
how
do
we
label
and
annotate
and
pause
in
network
namespace?
You
know
we
can
give
it
Pacific
names
like
history
of
coffee
or
something
you
know
there
may
be
other
ways
of
doing
it.
There
are
some
works
that
Chelsie
Hightower
did
with
initiative
and
initializers
the
lies
annotations
to
allow
you
to
tag
various
things
you
want
to
do
say
you
want
to
initialize,
which
is,
and
then
how
do
you
do
the
upgrade
downgrade?
Now
it's
running
its
own
namespace.
C
Yes,
you
there's
probably
ways
to
do
two
separate
upgrade
and
downgrade
of
the
proxy
from
the
application
how
that
works
or
the
life
cycle
not
quite
sure
yet,
but
I
think
it's
possible.
I
became
a
an
interesting
way
to
upgrade
the
proceeds
infrastructure
with
upgrading
the
application
infrastructure.
C
C
Basically,
just
you
know
taking
simple
steps,
because
we've
done
the
bump
in
the
wire
for
something
stuff.
We
did
it
the
device
plug
in
Jesus,
using
as
a
simple
piece
of
code
without
having
to
learn
on
boy
I,
debug
ability.
You
know
it's
a
challenge,
how
we
debug
this
in
terms
of
its
now
we're
in
network
separate
network
namespace.
The
good
thing
is,
applications,
don't
see
it,
but
the
bad
thing
is
application,
don't
see
it
and
how
we
do
debugging
of
it.
The
last
thing
it's
not
list
is
just
insertion
mechanism.
C
I
talked
a
little
bit
this
list
in
the
paper
last
night.
Just
now
we're
doing
it
fairly
simple
kind
of
using
the
same
approach.
Robert
used
I
would
liked
probably
more
to
use
admission
controllers
or
operators
syllable
dynamic,
and
it
can
isolate
the
permissions
from
the
users
and
keep
them
into
the
daemon
set.
So
it
separates
out.
A
H
Funny
I
mean
like
it:
maybe
I
missed
this,
letting
it
access
to
the
pods
I
mean
when
you
do
this
thing
chaining.
Can
you
actually
access
the
pods
secret
mounts
and
stuff,
so
I
you
break
up
a
little
bit?
No,
so
when
you
do
this,
namespace
chaining,
with
like
with
bump
in
the
wire
stuff,
can
you
access
the
board
secrets
and
other
secret
mounts
other
things
from
the
new
network?
Namespace?
Yes,.
C
C
H
I
still
be
addressed
his
envoy
using
an
IP
delay
because
be
there's
also
use
case,
an
sto
where
we
have
HTTP
proxy
setup
and
as
an
application,
I
could
just
set
up
into
the
proxy
and
I'm
and
variable
directly
from
to
the
local
envoy
and
betters
with
the
Vienna,
which
actually
becomes
completely
transparent
within
the
system.
And
so,
unless
there's
be
nice,
if
you
can
actually
directly
address
the
BNF
if
desired,
I.
F
H
F
C
F
It'll
be
hidden
from
the
user,
I
mean
it's
it's
my
question
is:
can
we
make
it
more
secure
I
mean
try
to
figure
out.
How
much
can
we
isolate
an
application
from
from
from
the
site
current,
whatever
secrets
and
things
that
it
can
do
so
in
this
design?
I
believe
you
are
just
using
the
network
namespace
and,
and
we
can
can
run
in
a
completely
separated.
C
We
you
have,
you
have
the
option
options
of
changing
other
namespaces
as
well,
so
we
don't
since
so
it's
a
question
of
if
you
want
access
to
my
name
space
to
get
secrets.
You
want
to
keep
that
the
same.
But
if
you
want
to
hide
things
in
a
different
name
space,
maybe
it
may
be
interesting
or
approach
so.
A
F
N
John,
let's
I
was
gonna.
Ask
about
that
so
I
think
we
can
just
I
think
there's
about
two
other
topics
for
the
CNI
on
where
you
know
it's
under
the
sto
ecosystem
org
and
we
want
to
potentially
move
it
and
we've
got
CI
that
were
working
on
for
that.
So
yeah
I
think
he
could
put
it
in
a
branch
for
now,
but
it
it
looks
like
he's
off
of
an
older
version,
so
John,
let's
get
together
and
figure
this
out
for
how
we
came
yeah.
C
I
mean
well
I'll,
get
we've
done
the
been
illegal
legal
work
for
submission
to
a
CEO.
So
what
does
he
figure
out?
Push
it
to
a
github
and
then
we'll
figure
imagine
and
figure
out
the
the
best
ways
to
yeah
get
your
get
your
latest
code
and
sort
of
modulized
a
little
more
I
think
the
thing
we
didn't
change
very
much
your
code.
We
just
did
some.
N
A
A
N
A
Else
who
did
the
demo
but
I
missed
the
name
so
Quran?
Thank
you
all
right.
So,
let's
move
on
to
the
second
topic,
which
is
discuss:
traffic
ownership,
controlling
policy
governance
with
this
authorization.
So
and
you
like
requested,
we
make
a
community
decision
basically,
because
there
were
like
multiple
proposals.
A
There
was
the
the
biker
if
a
traffic
ownership
proposal
by
Brian
from
Aspen
mesh
and
also
there
was
Lehman
presented
as
our
Park
or
controlling
policy
governance
with
its
authorization
and
Arabic
rules
right.
So
we
we
need
to
make
a
decision
on
that
and
I
think
we
may
need
to
separate
the
various
aspects
of
this
problem.
So
I
think
we
abbreviate
charted
with
you
and
you
had
like
somebody
on
like
how
we
should
separate
the
concerns
here
so
that
we
they're.
I
They're
kind
of
three
major
API
design
things
in
flight
right
now
and
they
kind
of
have
a
natural
priority.
The
first
one
is
Network
scoping
right.
If
the
ability
to
down
scope
the
amount
of
network
configuration
that
we
deliver
under
operator
controls,
so
we
don't
have
N
squared
networking.
Config
problems
is
where
we
are
today,
and
we
have
customers
suffering
with
those
issues.
H
Know
I
mean
like
all
I
see,
is
that
since
we
added
that
simple
merging
I
mean
we
have
not
seen
that
many,
the
Gateway
issues,
like
you
know,
I
also
you,
author
and
the
authorship
issues
but
yeah
it
would
be
nice
to
actually
validate
with
the
same
users
who
actually
complained
or
like
Andy,
authorship
and
Lester,
to
see
if
the
simple
merging
actually
made
sense
or
if
they
need
something
more
sophisticated,
where
you
know
could
actually
drive
the
traffic
ownership,
propose
those
kind
of
things
or
the
other
traffic
ownership
is
odd.
Orthogonal
to.
I
F
I
A
I
B
Don't
think
that
this
has
to
be
a
a
or
b
decision
right
now,
I
think
it's
okay
for
us
to
decide
how
much
do
we
want
to
involve
existing
automatic
systems
or
how
much
we
want
to
make
our
own
authorization
or
req
system
that
was
kind
of
a
level
that
I
think
would
be
satisfying.
You
know
for
this
kind
of
discussion
right.
I
B
It
could
rise
as
an
example
it's
or
it
delegates
that
to
the
environment
that
is
I
different
than
the
traffic
governance
proposal,
which
sort
of
brings
along
its
own,
our
back
and
so
fundamentally,
I
think
that
that's
sort
of
the
biggest
question
is
this:
the
thing
where
you
just
try
to
declare
objects
and
let
somebody
else
is
our
back
management
or
do
we
say
SEO
needs
to
say
why,
like
our
back
rules,
apply
for
defining
these
policy
objects?
Time
are.
F
I
Know
is,
there's
kubernetes
are
about,
can
is
your
back?
Yes,
it's
to
our
back
is
similar
to
kubernetes
or
about
kept
in
style
in
some
respects,
but
it
has
some
differences.
Yes,
but
it
talks
about
a
different
domain.
It
talks
about
traffic
instead
of
about
resources.
Now
we're
talking
about
using
these
two
are
back
basic,
syntax
and
properties
to
control,
something
which
is
declarative,
which
is
network,
namespace
yeah,
but
still.
I
H
I
B
I
F
Slight
change:
I
means
that
I
want
to
bring
up
is
that
we
are
discussing
isolating
namespaces,
so
so
one
can,
with
with
the
other
purpose
on
the
graph.
We
are
discussing
that
a
mode
where
resources
define
your
namespace
are
only
visible
inside
that
namespace
and
overexcite
outside,
unless
explicitly
exported,
which
would
slightly
change
the
semantics
here,
because
is
any
in
a
namespace.
You
could
define
whatever
you
want,
but.
I
G
I
So
there
is
a
question
something
this
introduce
something
of
an
ordering
question,
because
if
we
prioritize
doing
the
namespace
segregation
without
say
doing
the
name,
the
network
name
control
within
the
namespace.
It
still
gives
a
certain
amount
of
protection
at
the
global
level
or
across
namespace
boundaries,
because
one
namespace
owner
can't
interfere,
interfere
with
the
other
or
at
least
it
starts
to
go
down
that
direction.
F
I
So
yeah
the
discussions
I've
had
with
people
we've
only
just
come
to
the
point
where
we
started
to
talk
tonight.
They
are
back
control
over
the
networking
names.
I
haven't
had
a
chance
to
go
back
over
the
proposal,
so
I,
don't
really
feel
like
I
can
provide
useful
feedback
right
now
in
this
meeting.
A
Yeah
exactly
so,
for
now
it's
definitely
not
going
to
be
hierarchical
right.
It's
not
like
somebody
will
come
and
say
we
do
that
or
we
don't
do
that
it
also
it
matters
vikon.
Whoever
wants
to
work
on
it,
for
instance,
if
and
once
work
on
me
no
matter
what
right,
then,
we
can
maybe
decide
on
what
recommendation.
P
I
B
So
also
that
we
do
have
users
who
need
this
to
move
to
the
next
stage,
with
their
limits.
Yeah
I
think
that
one
option
here
figure
out
if
it
can
be
something
that's
additive
and
on
the
side
like,
for
instance,
when
I
looked
at
this
last
time,
I
almost
feel
like
you
could
compile
traffic
claims
down
to
the
operator
roles
and
operator
role
bindings
if
you
had
to
so.
If
what
it
is
is
that
we
provide
one
to
our
users
and
then
the
migration
path
to
the
other.
B
I
Let's
take
a
survey
within
within
the
attendees
now
right,
I
mean
I
guess
the
first
thing
is:
does
everybody
understand
the
two
proposals?
Do
people
have
a
preference
for
what
the
proposals
are
representing
if
there
is
a
reasonable
migration
path
between
the
two
proposals
moving
from
one
layer
of
sophistication
to
another?
Is
that
documented.
I
And
you
know
the
brutal
hard
thing
is
like
do.
We
have
to
go
and
kind
of
do
a/b
testing
with
users
to
get
like,
if
not
actually
implemented
the
go
in
front
of
them
right
right
up
at
doc
and
say
you
can
have
a
or
B
which
one
would
you
prefer,
which
we're
next
a
useful
exercise
and
I
mean
if
somebody
could
write
that
up,
I
can
get
the
park
managers
here
to
go,
run
that
in
front
of
some
customers
and
get
some
feedback.
I
A
I
Want
to
cover
orthogonal
to
this
is
we
should
at
least
delineate
what
are
the
been
working
proposals
and
what
are
the
prior,
our
ranked
order
of
those
proposals
within
the
working
group
so
that
we
at
least
understand
the
agenda
things
we're
trying
to
resolve
and
they're
rather
the
priority
to
each
other,
and
then
we
try
and
make
a
commitment
to
say:
look,
we're
gonna,
try
and
get
through
this
many.
So
these
were
communicating
what
we're
trying
to
do.
F
What
comment
here
I
think
both
implementation,
but
both
proposal
will
share
kind
of
the
same
kind
of
code,
some
codes
that
has
some
so
I'm
saying
that
this
is
a
tight
surface
and
the
actual
implementation
can
be
slightly
decoupled.
Then
we
can
have
a
prototype
that
implements
most
of
the
code,
and
we
can,
you
know
kind
of,
do
a
be
testing
really
be
testing.
Q
F
In
the
end,
your
hands
are,
there
is
a
destruction
in
both
cases,
he
that
has
what
a
functions
that
they
using
some
data
structure
to
underscore
years.
Don't
know,
are
you
allowed
to
defy
the
DC
source
or
not?
So
it's
not.
In
the
end,
you
probably
construct
the
same
data
structure,
use
kind
of
the
same
code
to
make
the
decision
to.
J
F
Q
F
Know
in
your
application,
your
designer
application
has
the
chorus.
Then
you
try
different
you
ice
and
kind
of
to
see
which
one,
and
so
is
the
UI
and
the
user.
Experience
may
change
quite
dramatically,
but
still
have
the
same
course,
so
that
one
practice
is
that
if
we
can
have
a
prototype
or
two
or
three
to
make
the
decision
much
easier
than
then
alright.
H
Point
I
mean
looking
at
that
my
memory,
so
two
questions
point
this
is
mean.
The
crux
of
this
thing
is
whether
pilot
will
do
in
place
validation
and
detection
of
configuration
or
whether
we
will
do
this
in
an
admission
controller
and
then
within
pilot.
We
just
treat
everything
as
like.
You
know
this
is
blood
nation,
we
won't
touch
it
and
so,
as
a
first
start,
we
could
actually
do
the
other,
the
external
one.
H
H
H
I
Mean
I,
don't
think
we
need
to
conduct
an
experiment
in
code
to
make
a
decision.
I,
don't
think
that's
necessary.
I
also,
don't
think
it's
appropriate
right,
it's
much
easier
to
go!
Get
user
feedback.
Well,
mostly
we're
talking
about!
Is
user
experience
here,
like
the
I'm,
not
worried
about
the
implementation
detail
at
all.
H
I
H
It
is
then,
by
the
next
release
and
say:
hey
this
one
actually
really
worked,
not
just
from
product
managers
to
one
or
two
customers
where
I
mind
you,
your
product
model,
actually
gonna
go
to
some
top-notch
executive
he's,
not
gonna,
go
so,
no,
not
sure,
that's
not
how
we
do
it
right.
We
actually
go
talk.
I
M
H
H
F
I
It's
clearly
that
the
logical
featured
self
is
additive.
There's
no
argument
that
this
is
can
be
layered
on
top
right,
but
you
could
go
and
hear
your
news
over
today
to
do
this
right
now,
with
the
old
admission
controller,
more
or
less
it's,
whether
it's
an
intrinsic
documented
feature,
that's
built
into
this
T
or
not,
and
then
there's
a
separate
thing
about
whether
we
want
to
or
one
unit
at
all,.
K
I
A
B
A
B
I
Q
F
A
A
I
A
I
I
Make
progress
right
we're
still
learning
how
to
make
progress,
nominally
right,
there's
consensus
within
the
community
and
the
leads
understand
what
the
proposals
mean
and
are
comfortable
with
them,
and
if
the
feature
is
important
enough,
somebody
from
the
TOC
might
get
involved
and
need
to
feel
comfortable
too
so
that
they
can
represent
that
feature
to
the
TOC.
Now
three
RAM
and
I
can
do
that.
In
this
context,.
A
I
Like
ideally,
we
would
have
consensus
right,
so
that's
what
we
should
always
strive
for.
We
cannot
arrive
at
consensus
and
a
decision
still
has
to
be
made
right.
That's
what
leads
are
for
and
what
that's
what
the
TOC
is
for.
Okay,
so
hopefully
that
clears
us
up,
but
let's
keep
working
for
consensus,
but
requires
a
lot
of
work
in
everybody's
part.
Right
decisions.
I
Quickly,
when
consensus
is
the
goal,
so
the
other
thing
that
might
need
to
happen
is,
if
we're
not
getting
to
consensus
and
it's
not
because
it's
because
people
don't
have
the
time
right,
then
we
should
have
an
escalation
which
is
looked.
Consensus
is
not
converging
not
because
of
massive
dissent,
but
because
of
lack
of
community
commitment,
then
we
go
to
a
more
formal
escalation
process.
The
leads
and
the
TFC
just
step
it.
I
Does
that
sound
reasonable
to
everybody,
because
the
one
thing
like
I've
seen
happening
kubernetes
is
they
always
try
to
get
to
consensus,
and
there
were
many
cases
where
the
community
collectively
couldn't
put
the
effort
in,
and
so
it
would
just
drag
forever.
I
mean
that's
the
one
thing
we
don't
want
to
happen
right,
that's
the
worst
possible!
Okay,
wait
either
way
me
want
more.
These
two
solutions
that
happen
better.
B
I
I
I
I
We
were
very
ad
hoc
in
terms
of
coordinating
across
api's
across
the
different
domains
and
we're
suffering
a
little
bit
because
of
that
there
was
a
discussion
in
the
TOC
two
weeks
ago
about
this,
and
we
want
to
get
to
a
more
formal,
API
review
process.
So,
even
if
we
have
agreed
on
what
the
domain
and
the
structure
of
the
API
is,
it
would
still
get
reviewed
to
make
sure
that
it
was
syntactically,
aligned
or
semantics
a-line
with
other
features
of
this
time
makes
API
is
hard.
The
API
is
a
nervous
thing.
We
did.
A
A
Okay,
so
for
next
week,
then
we
will
continue
with,
like
generally
the
CNI
and
the
cyber
lifecycle
management
like
Robert
or
your
proposal,
which
it
ties
in
very
well
with
everything
related
to
CNI.
It
seems
that
there
is
a
general
consensus
about
like
going
forward
with
the
CNI
approach
anyway
right,
and
we
will
also
like
discuss
the
survey
results
and
make
a
decision
so
hopefully
done,
and
there
will
be
actually
one
more
third
item
on
the
agenda.
I
don't
even
know
if
we'll
have
time
about
service
entry,
namespacing,
which
I
keep
postponing.
Yes.