►
Description
Meeting agenda: https://docs.google.com/document/d/1aPgGRl4WewM3txrCYvkepsxLUvGdMG1EzlVfCNeV74M/edit#bookmark=id.k8ag858j65zp
A
All
right
welcome.
Everyone
today
is
Wednesday
the
20th
of
September
2023,
and
this
is
the
kubernetes
API
server
Network
proxy
meeting.
This
meeting
is
a
sub-project
of
Sig
cloud
provider,
which
is
also
we
follow
kubernetes
Sig's
Community
guidelines,
which
basically
means
please
treat
everyone
as
you
would
expect
to
be
treated
explicitly
so
please
be
kind
to
each
other
and
if
you'd
like
to
talk,
please
raise
your
hand
and
I'll
call
on
you,
but
there's
there's
really
a
few
of
us
in
here.
So
it
shouldn't
be
that
big
a
deal.
A
So
it
looks
like
imran's
added
a
couple
topics
to
the
agenda
for
today.
So
please
Imran,
take
it
away
with
the
first
topic.
B
So
I
had
a
question
on
the
0.1.4
tag:
PR
that
I
created
on
kubernetes
repo
and
it
needed
a
rebase.
So
I
was
trying
to
get
to
that
and
I
found
out
that.
Why
are
these
the
commands
that
we
run?
So
if
you
scroll
down
the
step
number
four
I
guess
the
pin
dependency
yeah.
These
three
commands
had
independency.
B
Why
are
these
not
either
important?
Because
even
after
running
those
commands
and
I
tried
to
run
it
again,
just
to
make
sure
that
everything
was
correct?
I
still
saw
some
changes
in
the
git
report.
A
That
is
a
great
question.
I
I
have
not
run
those
scripts
personally,
I,
don't
know
yeah
Joseph,
please.
C
I
can
take
an
initial
stab
at
this
and,
let's
see
I
see,
we
have
Tim
Eau
Claire.
So
you
could
also
maybe
check
me
for
accuracy.
The
first
one
pin
dependency
seems
like
it
should
be
item
potent
as
long
as
we
don't
change
a
given
Network
proxy
tag,
which
we
shouldn't.
We
certainly
shouldn't
do,
but
the
other
two
update
code,
Gen
update
vendor
I,
think
these
scripts.
This
is
a
KK
question.
C
Those
scripts
touch
go
mod
files
and
you
know
blast
a
bunch
of
files
into
a
sort
of
vendored
directory.
So
it's
pretty
common
in
my
experience
to
get
merge
conflicts
with
like
anybody
else
who
did
a
similar
PR,
it's
kind
of
frustrating
but
I
think
that's
a
KK
piece
of
friction
and
we're
just
we're
just
using
that
command
as
a
client
dependency
of
API
server.
B
Just
just
to
point
out
one
thing:
I
did
try
to
run
the
independencies
clip
multiple
like
second
time
after
committing
the
changes.
The
first
time
and
I
could
still
see
diff.
You
know
after
running
the
second
time
so.
B
C
B
Yeah,
so
what
I
thought
was
when
I
ran
it
for
the
first
time,
I
thought:
okay,
now
everything
else
I
have
submitted
it,
and
let
me
just
run
it
again
just
to
make
sure
that
everything
is
all
good.
I
shouldn't
see
any
diff
changes
since
I've
already
committed
the
changes,
but
I
saw
them.
So
that's
where
my
question
right
like
this,
should
be
at
important.
C
Yeah,
if
you
provide
the
exact,
like
maybe
Delta,
what
happens
on
the
second,
where
you
expect
no
change
that
might
help
someone
give
a
second
set
of
eyes,
yeah
sure.
B
A
Awesome,
thank
you.
Imran
and
and
Joseph
I
I
missed
what
you
said,
because
I
was
trying
to
hack
up
the
docs
here
the
update
code,
gen
and
update
vendor.
Were
you
saying
those
those
may
not
necessarily
be
adem
potent
or
they
should
also
be
item
button.
C
In
terms
of
item
potency,
I
almost
always
start
from
a
clean
slate
and
then
try
all
three
again
so
I
actually
don't
have
experience
around
this
item.
Potency
question
I
was
just
trying
to
give
some
context
that
these
scripts
touch.
You
know
widely
shared
files
like
Goma
go
some
and
the
full
like
copied.
You
know
vendored
Source
tree.
A
C
It's
like
very
natural
to
get
merge
conflicts
and
have
to
start
over
from
scratch,
which
is
what
I
thought
you
were
kind
of
coming
at
this
from
like
a
the
angle
of
sort
of
being
surprised
and
frustrated
with
that
friction.
But
in
terms
of
this
item,
potency
actually
I'm,
not
I'm,
not
sure
about
the
item.
Potency.
B
Okay,
yeah
I
I
did
the
same
as
well
like
I
I
didn't
want
to
deal
with
much
conflicts,
so
I
just
dropped.
My
earlier
commit
and
revisit
the
latest
master
and
ran
these
scripts
again
and
before
running
the
like
the
second
script,
I
tried
to
ensure
like
okay.
Let
me
learn
the
first
script,
just
in
case
again
and
see
if
everything
is
as
expected
and.
D
Wait
are
you
saying
that
diff
was
after
but
like
you
rebased
and
re-ran
the
scripts,
and
then
it
was
different.
B
So
I
dropped
the
original
comment
that
contains
or
like
the
changes
after
running,
these
three
changes,
three
splits
and
basically
the
blinds
was
pointing
to
the
master
Branch.
This
is
master
and
then
I
ran
it
again.
B
Okay
again
and
then
I
will,
as
I
said,
always
an
issue
and
then
I'll
post
a
diff
as
well.
A
B
A
Okay,
yeah
great:
are
there
any
other
questions
or
comments
about
that
topic?.
A
Okay
doesn't
seem
so
so
Imran
you've
got
the
next
topic
as
well.
Please
take
it
away.
B
So
the
second
topic
is
about
an
enhancement
like
we
talked
about
adding
a
cap
to
Eagle
selector
configuration
where
you
know
we
don't
want
certain
endpoints
or
a
way
to
tell
currently
server
or
a
way
to
tell
API
server,
not
to
proxy
for
certain
endpoints,
but
there's
I
thought
about
it
like
there
could
be
another
way
where
we
provide
a
list
of
endpoints
to
connectivity
server,
rather
than
make
changes
to
the
eager,
selector
configuration
and
and
then
like
us
connected
so
not
epoxy.
B
C
I
can
take
a
stab
I'm,
not
sure
how
this
would
work,
given
that
it's
Upstream
from
connectivity
server,
it's
API
server
that
you
know
makes
the
decision.
C
According
to
you,
know,
code
path,
plus
egress,
selector
config,
whether
to
dial,
Direct
or
go
through
the
proxy
in
one
mode
or
the
other,
and
by
the
time
it
dials
or
I
should
say,
begins
to
proxy
and
send
the
request
through
to
connectivity.
Server
I,
don't
know
that
connectivity
server
could
then
somehow
push
back
and
allow
API
server
to
then
you
know
fall
back
to
a
direct
dial.
I,
don't
think.
Api
server
currently
supports
any
sort
of
fallback
like
that.
B
Nothing
but
well
well,
in
that
case,
I
was
thinking
more
along.
The
lines
of
it
still
does
to
the
right
now.
Folks
in
the
community
are
doing,
along
with
the
workaround
of
having
connectivity
agents
in
the
same
namespace,
sorry
same
Network
as
the
connectivity
server
and
using
identifiers
to
sort
of
say
that,
okay,
if,
if,
for
example,
for
these
endpoints
diverted
traffic
to
this
agent,
which
is
in
the
same
network
and
for
everything
else,
Let
It
Go
to
a
different
connectivity
agent,
which
is
in
a
different
network.
B
So
perhaps
we
can
alleviate
that
need
for
that
workflow
and
have
something
inbuilt
in
connectivity.
Server.
A
Tim,
you
have
your
hand
up.
Please.
D
Yeah
I
need
to
think
a
little
more
about
what
the
implications
of
this
would
be
for
the
API
server,
but
I
think
from
a
technical
feasibility
standpoint.
D
D
D
D
Just
saying
it's
an
interesting
idea,
maybe
worth
exploring.
B
My
thought
causes
game
film,
like
there's
already
a
work
to
know
that
Community
folks,
in
we've
known,
are
following
with
connectivity
agents
in
the
same
network,
and
perhaps
we
can
think
more
about
it
like
either.
Have
that
workflow
be
part
of
like
a
documentation
or
if
this
workflow
is
not
something
that
makes
sense,
or
perhaps
you
can
do
better
on
it
and
have
some
inbuilt
capabilities
in
particular
server
that
would
like
I
I
felt
like
okay.
That
could
be
something
to
work
on.
C
Yeah
one
thing
that
might
help
is
it
does
look
similar
to
the
the
issue
that
was
discussed
here
and
then
I
think
there
was
a
consensus
to
move
the
discussion
over
to
KK
for
API
Machinery.
It
might
help
me
understand
if
you
could
clarify
the
difference
between
this
proposal
and
that
discussion
or
it's
effectively
the
same
and
you're
curious
about
the
feasibility
of
maybe
like
a
support,
a
workaround
while
that's
still
being
discussed.
B
Right
so
well,
my
my
this
is
my
thought
was
like
it:
it's
much
easier
to
do
something
in
connectivity
server
to
bring
about
a
change
rather
than
doing
it
in
kubernetes
level,
because
that
would
involve
a
lot
of
process
kept
towards
from
other
others
other
things,
and
if
something
similar
can
be
achieved
within
productivity,
so
I
thought
that
would
be
much
more
easier.
That
should
that
should
be
helpful.
C
B
B
Yeah
at
this
point,
I
thought
it
was.
It
would
be
something
like
a
flag
that
you
passed
to
so
similar
to
what
Walter
is
doing
in
terms
of
like
providing
a
list
of
connectivity
agent
like
endpoints.
Oh
sorry,
the
the
connectivity
server
endpoints
to
the
agent.
Similarly,
we
provide
a
list
of
endpoints
to
connect
to
the
server
as
a
flag
like
okay,
for
these
addresses
do
not
proxy.
B
Do
not
send
a
traffic
to
connect
to
the
agent,
send
it
directly
because
it's
in
the
same
network
use
uses
something
that
can
directly
to
send
it
back
into
that.
A
C
Think
there
is
it.
Oh
sorry,
okay,
I
was
gonna,
say
I.
Think
there
is
a
separation
of
concerns,
argument
against
supporting
this,
because
that
agent
list
of
endpoints
for
a
server
that
Walters
iterating
on
you
know
they're
very
related
related
since
they're
both
pieces
of
the
overall
connectivity
proxy.
But
here
you
know,
I
can
imagine
wanting
to
like
dynamically
change
this
list
of
endpoints
to
not
proxy
and
sort
of
you
know
it
seems
nicer
to
keep
the
proxy
infrastructure
as
agnostic
as
possible
to
the
workload.
B
D
I'm,
sorry,
probably
a
pretty
minor
concern,
but
this
also
adds
an
extra
hop
to
the
request
over
just
doing
it
direct
from
the
API
server.
A
Okay,
so
it
sounds
like
yeah
Imran
you're
gonna
do
a
little
bit
more
research
to
kind
of
come
up
with
some
use
cases,
but
it
also
sounded
like.
Maybe
there
was
another
action
item
in
here
that
that
Tim
Might
Have
Been
hinting
at,
which
is
that
there
might
be
a
way
to
handle
this,
but
it
might
require
a
little
bit
of
Investigation
to
figure
out
how
to
do.
C
Well,
one
thing
I
will
say:
I
think
that
we
should
involve
API
Machinery
in
what
we
may
do
here
along
these
lines,
because
I
think
that
we
could
not
do
this
without
touching
API
server
to
support
either
the
handle
the
new
protocol
to
say.
Oh,
please,
dial
Direct
for
this
request,
because
I
think
there's
a
security
posture
implications.
D
Yeah
I
agree
with
that.
If
there's
an
existing
cap
I
think
adding
this
is
a
alternative.
To
consider
to
that
cap
might
be
a
good
starting
point.
C
And,
and
maybe
a
piece
of
advice
to
to
you,
Imran
I,
think
if
you
go
and
just
play
with
the
API
server
egress,
what
is
it
egress
selector.go
if
you
go
and
play
with
that,
it
might
be
a
little
bit
non-trivial
to
implement
this.
C
If
you
never
touch
that
code,
I
would
encourage
you
to
try
prototyping
this,
like
pushback
or
like
this
retry.
If
proxy
server
is
unavailable,
you
might
find
it
non-trivial
I'm
a
little
bit
familiar
with
that
code.
I
can
help
you
navigate
it
if
you've
never
looked
much.
B
C
A
B
I
I
would
like
to
reach
out
to
them,
but
I'm,
not
sure
whom
should
I
reach
out
to
like
who
are
the
concerns.
Also,
here.
A
Yeah,
that's
a
good
question.
I
I
do
not
know
that
the
the
members
of
that
Sig
that
well
so
we
might
need
to
figure
out
who
is
a
good
contact
to
go
there,
or
maybe
maybe
Imran
you
might
just
need
to
show
up
at
a
meeting
and
kind
of
you
know,
present
the
problem
and
see
what
you
know
see
who
responds
or
whatnot.
A
Well,
if
it
said
An
Inconvenient
time,
for
you
then
I
think
probably
what
we
should
do
is
you
know
just
figure
out
someone
else
from
from
this
working
group
who
can
kind
of
go
and
and
represent,
and
if
it
you
know
I'm,
not
sure
which
time
zone
are
you
are
you
in
Imran.
A
Okay,
so
if
it's,
if
it's
during
the
daytime
in
the
United
States
I'd,
certainly
be
willing
to
go
to
the
meeting
to
represent,
if
you
and
I
could
have
some
time
to
collaborate
ahead
of
time-
and
you
could
just
kind
of
bring
me
up
to
speed
on
it,
I'd
be
happy
to
go
at
least
present
the
problem
there.
And
then
maybe
we
could
start
building.
You
know
building
some
sort
of
bridge.
D
A
D
Is
there
another
tracking
issue
for
for
this
issue
of
not
boxing
some
addresses.
C
In
My
Memory
somebody
opened
an
issue
in
the
API
server
Network
proxy
repo
that
basically
addressed
this
kind
of
feature,
and
then
we
decided
to
close
it
and
move
it
over
to
KK
I.
Think
that's
what
we're
discussing.
C
Yeah,
that's
the
one
and
it
ref
it
also
references
the
the
other
issue
that
we
migrated.
Yep.
D
If
there
should
be
deduped.
A
A
B
B
A
So
we've
we've
got
about
four
minutes
left
in
the
meeting
for
the
planned
time
that
we
have.
Are
there
any
other
questions
on
this
or
do
we
want
to
take
a
quick
look
at
at
the
previous
issue,
or
do
we
maybe
want
to
take
three
minutes
back
in
our
day
here.
A
All
right,
if,
if
nobody
has
further
topics,
then
I
would
propose,
we
call
it
here
and
I
will
bring
all
the
action
items
together
done
in
the
bottom
of
today's
agenda.
So
that's
not
good
for
everyone.
A
Okay,
yeah
I'm,
not
hearing
any
any
objections
thanks
everyone
for
coming
out
and
I
guess
we'll
see
you
again,
probably
in
two
weeks.
Thanks
thank.