►
From YouTube: SIG Network Gateway API meeting for 20230220
Description
SIG Network Gateway API meeting for 20230220
A
Okay,
everyone
welcome
to
Gateway
API
meeting
for
February
20th
2023,
although,
as
always,
it's
the
21st
for
me,
let's
get
started
Shane.
Do
you
want
to
run
through
your
couple
items.
A
Awesome
sorry
yeah
I
forgot
to
mention
the
usual.
The
usual
code
of
conduct
disclaimer
be
nice
to
each
other
everybody.
This
is
subject
to
the
usual
kubernetes
to
contacts
Goshen.
B
Where
is
that
so
I'll
be
basically
just
saying
this
at
every
meeting
until
then,
but
recently
we
decided
we
wanted
to
try
and
do
an
earlier
morning,
or
rather
an
earlier
time
meeting
one
that
would
be
more
friendly.
Is
the
EU
time
zones
Brazil
East
Coast,
that
sort
of
thing
so
March
6th
is
the
selected
date
that
one
will
be
at
9
00
a.m.
Pacific
time
just
it's
on
your
calendar
already,
if
you're
using
the
Sig
networking
calendar
I
just
wanted
to
remind
people
and
then
another
General
call
out
from
the
Greater
kubernetes
Community.
B
If
you
are
using
any
images
that
were
on
the
previous
case.gcr.io,
there
is
a
big
movement
right
now
to
get
everybody
off
of
those
as
it's
being
deprecated
and
moved
to
registry.katesio
k8.io.
So
if
you're
using
it
in
integration
tests,
anything
like
that,
please
go
through
and
replace
the
GCR
dot
IO
with
vks.io
registry.
It
is
I,
it
is
identical,
but
the
old
one
will
be
shutting
down.
Eventually,
that's
it
for
me:
okay.
A
Cool
yeah
I
had
a
couple
of
reminders
and
a
couple
of
things
that
are
that
have
come
up
for
me
this
week,
as
I
have
go
back
up
to
speed
after
sort
of
traveling
for
a
few
weeks.
A
The
first
one
is
this
discussion
about
allowing
TLS
to
Route
using
alpn
negotiation,
the
yeah
so
I
think
it
would
be
nice
to
this
feels
like
a
nice
to
have
to
me,
but
yeah
I'd
be
interested
to
have
more
people
comment
on
here.
It's
been
me
and
David
and
John
Howard
so
far
are
talking
about
it,
but
I'd
definitely
like
to
get
some
other
people
to
have
a
think
about
it.
B
A
While
yeah
I
think
it'll
be
yeah,
I
mean
the
TLs
route
is
currently
still
Alpha,
but
even
if
even
if
it
moves
to
Beta,
this
would
be
you
know,
experimental
and
extended
field
right
to
that.
C
Awesome
yeah
I
was
just
waiting
for
more
feedback.
There's
like
one
concern
around.
You
know
how
many
proxies
actually
support
it,
but
yeah
we're
not
too
worried
about
that
right
now,
yeah.
A
Yeah
I
mean
I
think
with
yeah.
If
you
say
you,
you've
tried
it
with
nginx
and
Envoy
and
yeah
it's
traffic
as
well
supports
it.
That
covers
a
lot
of
implementations.
I
actually
have
something
to
to
show
you
for
that
in
a
minute,
but
yeah,
that's.
That
seems
pretty
good.
That
seems
certainly
good
enough
it
to
me
to
put
it
in
extended,
yeah,
yeah
yeah.
That's
really
it's
a
really
cool
idea,
I
think
yeah,
so
yeah
I
definitely
will
keep
an
eye
on
this.
A
One
David
make
sure
that
it
doesn't
fall
through
the
cracks.
I
do
think
that
if
we
can
just
get
like
I,
just
like
a
few
more
people
to
sort
of
give
us
some
feedback
here
before
I
tell
you
to
go
and
do
a
get
because
doing.
C
A
All
the
feedback,
if
you
haven't
but
like
I
I'll,
be
honest,
I
think
this
is
pretty
close
to
like
hey
like
you
know,
kick
off,
kick
off
and
get
and
and
let's
see
what
happens
when
we
actually
propose
doing
this
for
reals.
E
A
We'll
leave
that
online.
If
you
the
the
discussions
there,
though,
if
you
want
to
add
something
to
it
later,
okay,
another
one
from
me,
this
one
came
up
while
I
was
away,
I
did
keep
a
bit
of
an
eye
on
it.
A
A
I
think
the
policy
attachment
is
not
very
usable
without
us
solving
the
way
to
get
feedback
about
what's
attached
where
and
we
definitely
need
some
patterns
and
some
guidelines
about
how
to
do
that.
I
think
that
the
concern
of
Keith
has
here
about
CID
for
information
is
100
true,
but
I.
Don't
think,
there's
any
better
way
around.
That
I'd
put
a
big
comment
on
here.
Further
down,
yeah
like
I
I,
really
only
see
three
things
like
you.
A
We
either
add
full-fledged
fields
or
we
add
more
CRTs
like
there's,
there's
no
and
adding
full-fledged
fields
for
this
kind
of
sucks,
because
you
know
you'll
be
kind
of
building
up
stuff.
That's
you
know
very
optional
into
the
API.
That's
why
we
wanted
to
do
extra
crds.
A
To
start
with,
I
think
that
the
thing
we
need
to
keep
in
mind
here
is
that
we
want
to
try
and
work
towards
having
you
know,
having
the
cids
be
as
standardized
as
possible,
and
so
maybe-
and
so
that's
why
I've
moved
on
to
the
next
item
in
the
agenda
about
timeouts
before
I
get
on
to
talking
about
timeouts
Arco
I
see
you're.
Here
you
raised
that
great.
A
You
raised
a
great
issue
with
with
those
things,
but
before
we
get
on
to
talk
about
that,
yeah
I'd
like
if
everyone
could
have
a
look
at
this,
this
PR
well
can
I
get
a
few
more
reviews
on
this
paper.
Please
Shane,
you've
already
done
yours,
but
yeah
it'd
be
good
to
get
a
couple
more
people
comments
or
feedback
on
this
PR.
A
The
idea
here
is
to
just
update
the
language
around
policy
attachment
no
I'm
gonna
fix
the
yeah
to
add
the
fact
that
policy
attachments
are
meta
Resources,
by
which
you
know
a
meta
resource
is
a
a
resource
that
changes
and
modifies
the
functionality
of
another
resource
for
all
policy
attachments
and
meta
resources.
Not
all
meta
resources
are
policy
attachment
reference.
Grain
is
another
meta
resource
that
changes
the
functionality
of
the
targeted
resource.
A
The
important
part
about
policy
attachment
is
it's
about
this,
having
config
flowing
across
the
the
hierarchy.
That's
how
I
think
of
it
anyway.
So
that's
what
this
update
is
about
is
about
clarifying
the
language
there.
So
if
we
could
get
some
more
feedback
on
this,
one
I
would
very
much
appreciate
it.
That
will
be
very
useful
for
us
talking
further
about
policy
sentiment,
so
yeah
that's
most
of
what
I
had
to
say
about
policy,
this
policy
judgment
thing.
A
Okay,
okay,
cool
we'll
leave
that
online.
For
now
so
yeah
I
have
I've
done
a
first
first
cut
of
a
finance
Gap
I'm,
going
to
go
straight
to
the
deploy
preview
I
only
this
is
this
was
done
like
at
11
PM
last
night.
My
time
so
I
have
there's
some
more
stuff
I'm
going
to
add.
Today,
Arco
I
saw
your
great
issue
about
what
you
proposed.
We
should
probably
hit
so
I.
A
Think
I'm,
definitely
gonna
address
that
in
here,
but
the
most
important
part
about
this
was
that
yeah
I've
done
I
did
a
survey
of
all
of
the
current
listed
implementations
and
what
data
plane
they
use.
A
I'll
do
some
summary
numbers
and
stuff
like
that,
as
well
in
terms
of
what
data
plane
they
use.
It
is
important
to
note
here
that
I'm
talking
about
the
layer,
7
stuff
in
HTTP
route,
not
more
General,
timeouts
I,
think
the
layer
4
stuff
is
interesting,
but
we'll
have
cute.
There
are
interesting
places
where
you
can
put
timeouts
there
yeah
so
anyway,
and
then
the
the
most
important
thing
is.
He
I've
made
these
flow
diagrams
I'm,
just
gonna
open
this
bit
go
so
this
is
this.
A
Is
the
basic
flow
diagram
I
made?
It's
literally
like
you
know,
hey
here's.
What
happens
when
you
create
a
client
connection
proxy
sends
the
connection
to
the
upstream
and
then
gets
a
response.
You
know
pretty
basic
stuff,
but
that
gave
me
then
a
place
to
put
where
all
the
timeouts
are.
So
this
is
the
envoy
timeouts
diagram
with
the
14
available
timeouts.
That
Envoy
allows
you
to
configure.
A
Envoy
has
the
biggest
number
of
timeouts,
but
the
thing
that
I
was
hoping
to
do
is
to
sort
of
take
that
those
timeouts
and
sort
of
wash
them
against
the
nginx
ones
and
proxy
ones,
and
the
traffic
ones,
and
this
way
we
have
some
better
data
on
on
what
the
timeouts
are
actually
available
and
what
timeouts
we
can
like
it's
possible
for
us
to
to
configure
like
a
standards
or
sort
of
as
John
said
on
on
that
policy
thing,
a
more
vague
sort
of
description
of
what
a
timeout
should
be
so
yeah
I've
talked
a
lot.
D
B
C
D
Great
Nick,
thanks
for
yeah,
drawing
all
drawing
it
all
out,
yeah.
D
B
A
Yeah
no
problems,
yeah,
there's
quite
a
bit
to
look
through
in
terms
of
these
diagrams
yeah
I
must
admit
that
part
of
the
point
was
for
me
to
say
to
people.
You
know
you
know
how
I
told
you
this
was.
You
know
harder
than
you
might
think
these
diagrams
sort
of
make
it
a
little
bit
more
clear.
I
think
that
it's
yeah
there's
more
there's
more
to
timeouts
than
just
a
request.
A
Timeout
and
all
of
these
are
there
for
a
reason
like
you
can't
people
don't
add
stuff
to
their
programs
for
no
reason
so
yeah
it's
it's
harder
than
it
might
seem.
Sorry,
okay,
you
go.
D
Yeah
next
I
think
I
I
in
the
issue,
I'm
forgetting
the
number
I
I
think
I
described
four
kinds
of
timeouts.
There
are
two
at
the
HTTP
level.
One
is
close
to
request
timeout,
so
yeah
the
time
it
takes
for
a
request
to
complete
so
I
think
each
proxy
calls
it
something
different
based
on
right,
so
I
think
that's
that
could
be
a
high
level
term,
another
one
it's
idle
timeout.
So
that's
between
consecutive
requests.
What's
that
yeah
and
I.
Think
I
think.
D
Therefore,
timeouts
are
important
because
they
affect
layer
7.
So
something
like
a
connect
timeout.
So
how
much
time
do
you
wait
for
to
sort
of
set
up
a
connection
with
an
upstream
and
the
other
part?
I
think
this
is
an
open
question,
is
do
keep
alive
fit
into
this
model
or
blue
keeper
lives
as
in
live
on
at
a
top
level,
a
different
sort
of
noun.
A
Yeah
yeah
so
I
think
again,
cable
lives,
cable
lives
become
more
complicated
because
you've
got
both
like
four
people
eyes
and
last
seven
keeper
lives
and
they
are
important
more
or
less
important,
depending
on
whether
you've
also
done
stuff
to
upgrade
your
connection
to
a
long-running
one
like
a
grpc
one
or
a
websockets
one.
A
So
yeah
I
think
there's
a
few
there's.
Definitely
a
few
things.
There
I
think
I
agree
that
it's
likely
that
some
sort
of
request
timeout
will
be
pretty
reasonable
and
some
sort
of
idle
timeout
and
some
sort
of
connect
timeout.
A
Most
things
support
something
that
performs
those
functions
to
some
extent:
mm-hmm
yeah,
the
and
I
and
I
think
that
I
think
John's
John
said
that
you
know
his
point
is
fair
that
as
long
as
there's
something
that's
roughly
analogous
to
it,
you
know
probably
okay,
for
it
not
to
be
exactly
the
same.
I
do
think
it'll
make
it
complicated
if
we
want
to
add
conformance
for
timeouts
if
they
don't
work
close
pretty
closely
to
the
same,
but
hopefully
the
we
can
make
the
definitions
work
but
yeah.
A
If
we
do
a
request,
timeout
and
a
connect
timeout,
then
you,
the
top
three
or
four
data
plane
implementations
can
do
something
like
it
and
it's
possible,
and
so
that's
that's
the
point
of
what
of
what
I
wanted
to
start
here
so
I
will
I
will
take
the
stuff
that
you
put
in
that
issue
Arco
thanks
again
for
that
and
update
this
update
this
with
sort
of
some
suggestions
that
yeah
about
things
that
we
can
handle
and
then
and
then
leave
this
for
you
all
to
have
a
bit
of
a
read-off.
A
Awesome
yeah
I
know
it's
I,
know
it's
holiday,
so
I,
don't
wanna
hold
you
all
up.
That
is
the
end
of
all
the
stuff
I
had
on
the
agenda.
So
we
got
a
bit
of
time
left.
Does
anyone
have
any
questions
they
want
to
ask
or
any
other
things
you
want
to
talk
about?
E
Hi
there
one
question
I'm
Thomas
nice,
to
meet
you
first
time.
I
joined
just
want
to
know.
If
I
want
to
talk
about
something,
I
can
add
something
to
the
to.
A
The
agenda
absolutely,
for
example:
yes,
yep,
yeah,
so
yeah,
you
feel
free
to
add
the
agenda
anytime.
That
is
a
general
rule
for
everybody.
The
agenda
is
open.
You
can
add
things
to
talk
about
now
or
next
week.
Absolutely
yeah,
perfect.
Thanks,
no
problem.
E
A
I'm
in
Barcelona,
so
it's
pretty
late
here,
yeah,
oh
yeah,
wow,
that's
pretty
rough!
Hopefully
the
the
meetings
that
Shane
is
Shane
is
talking
about
hosting
free.
All
should
should
be
a
bit
helpful.
So
let's
not
keep
you
but
yeah
like
if
you,
if
you
do
have
a
minute
to
talk
about
what
what
sort
of
stuff
you're
looking
at
doing,
we
go.
Api
I'd
be
super
interested,
but
if
you
want
to
do
that
at
a.
E
Time
I
can
talk
briefly
yeah
sure,
like
so
I'm
involved,
I'm
from
Red
Hats.
E
Doing
projects
using
policy
attachments
so
when
it
came
up,
I
still
have
to
read:
I
didn't
I
didn't
see.
I
didn't
know
that
issue
about
the
complexity
of
policy,
testment
existed,
I,
guess
I
could
have
written
it
myself,
maybe,
but
so
we're
doing
rate
limiting
and
and
off
and
we're
trying
to
make
sense
of.
You
know
policy
attachment,
and
there
are
there's
this.
You
know
of
course,
for
example:
Envoy
Gateway,
going
the
the
filter.
D
E
And
we're
just
wondering
okay,
so
we
we
really
like
the
policy
attachment
thinking
of
different
roles
and
overrides
and
defaults
and
the
whole
thinking
behind.
It
makes
a
lot
of
sense
to
us,
but
in
the
details
there
are
problems
and
and
and
yeah.
We
have
to
fear
like
that.
It's
some
things
are
easier
to
do
through
filters
and
how
and
yeah
well
so
like
it's
like
discussing
that
topic,
the
topic
of
policy
assessments
and
how
to
make
more
sense
of
it
and
how
to
make
it
better.
A
So
yeah
I
think
the
to
summarize
the
comment
that
I
put
on
that
discussion.
Polysat
attachment
is
complex
and
it's
unfinished.
You
know
like
it's.
It's
the
skeleton
of
an
idea,
not
a
fully
expect
idea.
A
The
the
idea
here
was
to
sort
of
have
us
say
yeah.
This
is
a
thing
that
we're
that
we'd
like
to
be
able
to
do.
The
defaults
in
the
overrides
party,
in
my
mind,
was
a
large
part
of
like
the
reason
why
you
would
do
it
this
way
and
I
think
Arco
you
and
the
other
you
and
the
folks
who
are
actually
actually
active
on
Envoy
Gateway.
A
Unlike
me,
you
know,
did
a
great
job
there
of
sort
of
making
the
call
that,
for
the
sorts
of
things
that
you're
working
on
that
filters
were
better
one
of
the
updates
that
I
did
in
the
pr
in
1565
is
one
that
I
mentioned
is
to
actually
change
the
language
in
the
initial.
In
the
as
it
stands
today,
policy
attachment
document,
it
says
you
can't
do
yeah,
you
can't
do
policy
over
custom
filters.
A
I
think
that
was
a
mistake,
although
the
the
like
an
extension
filter,
I,
think
that
the
complexity
there
is
definitely
around
knowing
what
config
is
available,
but
that
is
a
larger
problem.
A
A
The
so
yeah,
that's
part
of
what
I
wanted
to
update
here
is
that
I
have
changed.
The
wording
right.
I
have
changed
the
wording.
A
I'll
read
up
yeah
yeah
I've
changed
the
wording
to
say
like
hey
you
can
you
can
do
you
can
do
it's
okay
to
do
Custom,
Custom
filters
with
custom
policy
attachment
objects
to
sort
of
set
defaults
for
those
filters,
because
I
think
the
biggest
downside
of
using
a
extension
ref
custom
filter
is
that
without
something
like
policy
attachment,
you
have
to
specify
that
in
every
place
that
you
want
it
to
apply
and
that
kind
of
sucks
that
you
know
for
a
rent
limit.
A
E
A
E
Yeah
what
you
do
have
with
the
filters
of
course,
if
you
have
like
you,
can
have
a
each
row,
can
have
its
filter
in
an
HTTP
route,
for
example,
and
with
the
policy
you
attach,
you
attach
it
to
the
to
the
object.
So
you
you
have
the
route
and
that's
it
like
so
you'd
have
to
repeat,
for
example,
all
the
rules.
If
you
want
to
have
that
specific
specific
specificity
in
the
you
know,
what.
A
I
mean
yeah,
absolutely
yeah,
and
so
so
that's
what
what
I'm?
What
part
of
what
I
was
aiming
for
here
was
to
be
able
to
say
Hey,
you
have
the
specificity
if
you
want,
but
if
you
don't
want
it,
you
can
also
default
things
easily
easily
for
a
given
value
of
easy
I.
Think
the
massive
the
massive
open
big
problem
of
all
of
this
is
how,
as
a
user,
how
do
you
see
what
policy
is
an
effect
on
your
object?
This
is
a
this
is
a
very
unsolved
problem.
A
A
If
you,
if
you're,
not
careful
about
what
happens
when
one
one
of
your
resources
gets
updated
and
if
that
generates
20
other
object
updates,
because
a
policy
has
fallen
in
or
out
of
scope,
then
that's
not
great
yeah,
so
it's
really
cool
yeah
yeah.
So
anyway,
I
have
a
read
of
that
posts
are,
and
please
yeah
feel
free
to
come
back
to.
Maybe
the
March
16th
meeting
might
be
a
good
one
for
you,
but.
A
Do
that
yeah,
yeah
and
I
encourage
everyone
else
to
get
involved
on
this
one.
This
is
going
to
be
a
sort
of
a
long-ranging
lot,
probably
a
long
running
and
long-ranging
and
important
change
that
will
impact
a
lot
of
stuff
in
the
future,
so
yeah
I
definitely
encourage
people
to
to
post
your
thoughts
on
there
like
I
said
like
I.
A
It
needs
to
be
finished
now
that
we're
actually
getting
to
the
point
of
end
where
we're
trying
to
use
it,
and
so
yeah
like
I,
really
want
as
much
people
as
many
people
to
be
involved
as
possible
so
that
we
can
so
it
could
not
just
be
me
writing
this
down
and
doing
things.
The
way
my
way.
A
Okay,
so
yeah
does
anyone
else
have
anything
they
would
like
to
add
or
ask
questions
about.
Remember
it
is
an
open
Agenda.
You
don't
need
to.
You,
don't
even
need
to
put
the
item
on
the
agenda
if
you
just
want
to
ask
a
question
now
knock
yourself
out,
but
otherwise
I
will
give
everyone
their
holidays
or
evenings
back.
A
Okay,
thanks
very
much
everybody.
We
will
see
you
all
next
week
remember
about
the
months
March
16
being
at
the
different
times.
That
probably
means
I
won't
be
able
to
make
it
because
that
puts
it
at
two
o'clock
in
the
morning.
My
time
I
think
I
will
see
you
all
around.
Please
feel
free
to
ask
questions
here
or
on
Slack
thanks.