►
From YouTube: SIG Network Gateway API Bi-Weekly Meeting for 20220411
Description
SIG Network Gateway API Bi-Weekly Meeting for 20220411
A
All
right,
it
is
april
11.,
we've
got
full
agenda
today.
So
thanks
everyone
for
coming
out.
This
is
the
gateway
pi
meeting
for
april
11..
I
I
see
some
new
names
to
me.
At
least,
I
think,
if,
if
anyone
does
feel
like,
they
want
to
introduce
themselves
we'd
love
to
find
new
new
faces
and
and
see
what
brings
you
here,
but
also
no
pressure,
if
not,
but
we're
always
happy
to
have
more
people
at
this
meeting
and
taking
part
in
gateway,
api
and
contributing
cool.
Okay.
A
B
All
right
so
yeah.
This
is
something
that
I
ran
into
when
implementing
support
for
reference
policy.
I
was
initially
thinking
of
the
case
where
resources
are
modified
after
a
route
was
initially
accepted,
but
one
of
the
contour
maintainers
also
pointed
out
that
their
implementation
differs
in
from
what
we
I
proposed
in
the
conformance
test
for
how
a
route
should
initially
be
treated
as
accepted
and
routing
traffic.
B
When
a
back
end
draft
in
the
route
may
not
have
permission
granted
through
a
reference
policy
so
and
that's
potentially
more
complicated
if
resources
are
modified,
if
a
route
should
ever
like
become
unattached
when
it's
modified
or
when
a
reference
policy
is
modified
or
if
traffic
should
default
to
like
503
errors,
as
is
mentioned
in
some
places
in
the
spec.
The
fact
I
think
is
contradictory
around
this
there's
some
parts
that
say
invalid
resources
should
not
be
accepted
and
there's
other
parts
that
say.
B
Traffic
to
invalid
back
ends
should
give
a
503
response,
so
basically
just
open.
This
up
topic
of
discussion
would
love
to
hear
from
other
implementations
other
maintainers
in
terms
of
how
y'all
are
approaching
this
and
try
to
get
some
consensus
on
what
is
correct,
or
we
should
be
checking
for
conformance
purposes.
A
Just
to
make
sure
I
have
the
question
correct
here,
this
is
in
the
case
where
reference
policy
allowed
a
reference
initially
or
allowed.
This
cross
name
space
reference
to
exist
and
then
that
reference
policy
that
allowed
it
is
modified
or
deleted
in
some
way
that
no
longer
allows
that
to
exist.
What
do
we
do
in
that
state?.
B
B
A
B
A
We've
had
a
similar
conversation
before
and
the
problem
is
you
you
it's
very
difficult
to
define
that
appropriate
threshold
right,
because
what,
if
it's
the
other
way
and
you've
got
a
back-end,
that's
used
to
handling
one
percent
of
traffic
and
you
send
all
your
traffic
to
your
canary
backend,
for
you
know
whatever
reason
yeah
it
jeff
did.
You
want
to
say
something.
C
C
What
do
you
do
with
the
route
and
I'm
not
sure
the
answer
on
that?
One.
From
my
perspective,
I
think
that
the
second
issue,
though,
that
mike's
getting
at,
is
you
know
what,
if
they're
everything's
fine,
you
know
I've
got
a
functioning
route
and
and
back
ends
and
everything,
and
then
the
administrators
of
the
name
space
with
the
the
say
the
resources
are
in
the
back
end
reference
to
they
change
the
the
the
reference
policy
and
no
longer
allow
that
gateway
to
access
those
resources.
What's
our
behavior?
B
A
A
Or
do
you
just
drop
the
entire
route
and
yeah?
I
I
want
to
back
up
one
more
step
and
agree
with
jeff
that
this
should
be
dynamic,
that
we,
this
is
a
security
thing,
and
if
someone
removes
a
reference
policy,
we
don't
want
that
access
to
persist
indefinitely
like
we.
We
want
that
to
be
an
immediate
as
close
to
immediate
response
as
possible.
A
I
think
thank
you
for
whoever's,
taking
notes,
I
think,
related
to
that
it
may
be
practical
or
wise
to
consider
a
finalizer
pattern
here
of
you
know
this
reference
policy
is
being
used
to
grant
access
to
the
to
some
set
of
resources
and
I'm
gonna
drop
a
finalizer
on
it
and
you
can
I'll
remove
the
finalizer
as
long
as
this
is
no
longer
relevant
for
my
implementation.
This
again
that
doesn't
change
the
the
end
result.
A
A
D
Say
hi,
I'm
travis,
I
work
on
the
kong
team
with
shane
and
this
kind
of
just
was
something
I
was
looking
at
today.
I
kind
of
agree
so
far
we'll
fill
in
the
stuff
like
should
it
might
be
dynamic
or
not.
It
should
like
that's
kind
of
the
way
that
our
information
is
going
to
work
inherently
anyway.
If
we
get
a
change,
we're
going
to
rescan
all
the
objects
to
see
if
they
can
still
apply,
I
think
we
really
need
to
do
that
like
otherwise.
D
A
Yeah
great
great
thoughts-
and
I
I
agree
that
it
would
be
nice
if
we
could
reject
immediately
every
time
I've
tried
to
push
for
cross
resource
validation
upstream,
it's
gotten
shot
down
pretty
quickly,
just
because
it's
so
hard
to
guarantee
order
of
operations,
and
you
very
likely
end
up
preventing
you
know
valid
configuration
that
just
came
in
out
of
order
or
something
like
that
yeah.
I
wish
we
could
find
a
way
to
provide
immediate
validation
here
and
maybe
maybe
there's
something.
But
I
agree
with
everything
you're
saying
here.
E
Just
a
quick
question
for
someone
who
knows
the
answer
to
this
mike
mentioned
something
about
reconciliation
at
the
top.
Does
that
mean
that
that
there's
an
operator
that's
examining
the
status
of
the
back
end
of
all
the
multiple
back
ends
that
might
be
attached
to
this
route?
That
might
be
able
to
mark
it
as
degraded
or
you
know
not
quite
ready,
for
you
know
in
some
way,
not
quite
a
valid
route.
A
That's
a
good
question.
I
don't
think
we've
defined
any
any
kind
of
standard
guidance
or
suggestion
to
do
that.
I
yeah
what
I
think
mike
you
may
be,
the
one
taking
notes.
I
think
you're
suggesting
yeah,
that
the
resolve
ref
status
of
we
we
already
have
all
of
this
conversation
seems
to
overlap
with
any
other
instance
where
back
and
ref
is
invalid
right.
So
someone
makes
a
typo
on
their
back
and
ref
and
it
references
just
a
service
that
doesn't
exist
because
the
name's
wrong,
or
something
like
that.
A
E
A
What
we're
you
know
what
an
implementation
is
supposed
to
do
so
yeah
we
we
need
some
kind
of
more
well-defined
pattern
than
we
have
today
for
what
that
can
be.
I
think
part
of
part
of
why
what
has
prevented
this
from
happening?
So
far,
is
you
know?
In
some
cases
we
just
say:
well,
whatever
the
implement
implementation
has,
when
there's
no
routing
is
what
happens,
which
there's
some
variation.
I
would
imagine
this
feels
this
feels
different
than
that.
A
B
A
All
right:
well,
thanks
for
bringing
this
up
reference
policy,
is
one
of
those
things
that
I
think
is
both
very
exciting
about
our
api,
but
also
needs
more,
better,
better
document,
more
thorough
documentation
and
implementation
guidelines.
So
thanks
for
pushing
this
forward,
I
really
appreciate
the
upcoming
tests
conformance
test
for
reference
policy.
It's
gonna
be
very,
very
helpful,
yeah,
okay,
so
milestone.
A
A
I
don't
currently
have
the
time
myself,
but
maybe,
if
there's
enough
interest,
we
could
at
least
have
an
issue
to
track
that
this
is
something
we
want
to
do
and
if
someone
wants
to
is
anyone,
does
anyone
have
time
mike?
Is
this?
Is
this
something
you're
interested
in
working
on
as
well
or
just
I
know,
I'm
sure
you
have.
A
Yeah
yeah-
I
I
am
in
a
similar
place
of
I
would
love
to
see
this
happen,
but
my
my
plate
is
also
more
full
than
I
would
like
to
admit.
So,
at
the
very
least,
I
think
this
is
this
is
something
we
should
add
to
an
issue
and
say:
if,
if
someone
is
interested
in
working
on
this,
here's
how
it
would
happen
and
there's,
I
think,
broad
support
from
project
maintainers
to
move
forward
with
it.
If
anyone
has
time
to
to
make
it
happen,
yeah,
so
I
I
can.
A
So
next
one
is
api
review,
one
of
the
things
in
the
oh,
I
kind
of
skipped
over
the
v1
beta
one,
while
so
sorry
for
that
there
are
a
few
things
going
on
in
v1
beta
one
milestone,
we're
still
at
the
same
spot
of
almost
entirely
focused
on
documentation
and
yeah,
basically
entirely
focused
on
documentation
and
web
hook.
Things
I
did
raise
a
bug
the
other
day
that
I
found
going
through
api
review
myself,
and
this
just
does
not
seem
accurate.
A
We
had
a
gateway,
spec
addresses
that
was
listed
as
core
support.
It
did
not
seem
like
it
like
many
implementations
could
support
this
so
anyway,
there's
a
pr
that
will
switch
this
to
extended.
I
don't
even
know
that
this
is
an
api
change.
So
much
it's
just
a
clarification,
but
that's
one
thing
that
got
added
to
the
milestone
in
the
past
week.
A
A
If
there's
anything
that
you
really
want
to
make
sure
is
included
or
fixed
in
v1
beta
1.
Please
please,
please
raise
it
now
or
soon.
Just
so,
we
don't.
You
know
graduate
resources
to
beta
and
regret
having
something
in
here
once
we
do
get
to
beta
that
the
resources
we've
graduated,
the
fields
that
are
in
those
resources
are
basically
locked.
We
can
do
some
basic
changes,
we
can
add
things,
but
we
can't
really
re
remove
things
or
make
significant
modifications
to
what
already
exists.
C
A
Yeah,
there's
a
so
there's
already
a
pr.
What
we
do
need
is
a
release.
Note
just
you
know
and
we'll
make
sure
it's
part
of
our
change
log.
This
is
one
that
could
probably
be
cherry
picked
back
as
a
patch
release.
It's
I
look
at
it
as
more
of
a
clarification.
I
don't
think
any
implementation
out.
There
really
looked
at
that
and
said.
Oh,
this
should
be
poor,
because
you
know
it's
it's
frankly,
not
supportable
by
enough
that
yeah.
So
I
think
I
think
of
it
as
a
clarification
or
bug
fix
primarily
yeah.
A
I
okay,
so
great
question.
Thank
you.
I
one
of
the
key
things
in
v1
beta
1
that
did
make
progress
last
week,
was
going
through
api
review,
the
last
api
review
session
that
we
had
for
with
sig
network
reviewers.
I
just
set
up
some
time
on
friday
and
had
you
know
time
where
any
api
reviewer
could
chat
with
me
and
work
through
any
any
api
issues?
Anyone
is
welcome
to
attend
these,
but
it's
so
hard
to
find
the
logistics
of
scheduling
things
with
larger
groups
of
people.
Tim
showed
up
for
this
review.
A
A
Okay,
one
of
them
was
mine.
This
one
I'm
going
to
cover
shortly
another
one.
I
kind
of
chatted
with
shane
about
a
little
bit
and
tim
has
been
tim,
had
a
few
questions
that
I
am
unfortunately
not
equipped
to
answer,
because
I
it
feels
like
so
long
since
we
did
the
address
matching
that
I
didn't
have
a
clear
answer
for
him
about
source
addresses
in
tcp
and
udp
routes.
A
F
F
F
A
F
A
C
Sorry,
there's
actually
there's
actually
a
pretty
good
use
case
for
this,
and
it's
when
you
need
to
block
specific
resources
from
like
a
country
which
is
not
in
common.
You
you
like
they
can
look
at
your.
You
know,
look
at
your
web
page
and
stuff,
but
they
can't
download
your
software
kind
of
thing.
C
F
Yeah,
that's
that's
true,
and
actually
that
was
fathomed
when
we
originally
wrote
the
gap
it
was,
but
the
problem
being
in
its
current
state
there's
no
sitter
support
for
a
type.
So
I
think
that
reduces
that
use
case
quite
a
bit
by
having
to
put
in
like
every
ip
address
of
a
country
of
course
good
point.
So
so
that's
something
that,
like
I
do
think
eventually,
I
thought
originally
eventually.
A
I
think
that's
a
good
point.
What
tim,
what
tim
specifically
was
calling
out
here,
is
that
what
we
say
right
now
in
source
addresses
is
is
unclear.
It
doesn't
say
that
we're
dropping
you
know
traffic
that
doesn't
match
we're
just
say
it
seems
to
indicate
we're
just
ignoring
it
and
letting
it
continue
through
matching,
which
is
in
inherently
different
than,
for
example,
what
we
have
yet.
A
And
so
anyway,
I
think
it's
unclear
here
and
we
need
to
revisit
it
and
yeah.
Like
you
said
shane,
we
should
just
go
back
to
the
history
and
figure
out
at
what
point
we
added
this,
and
maybe
we
can
find
some
more
context
on
why
we
added
it.
I
know
like,
and
the
thing
is
it
it
very
well
could
have
come
for
me.
It's
been
so
long.
I
don't
remember
but
anyway,
that
that's
just
the
thing.
A
A
I
think
this
I
think
destination
address
matching
is
clearer
to
describe
the
use
cases
for,
but
it
is.
It
is
still
admittedly
hard
to
understand
when
combined
with
a
gateway,
but
I'm
interested
if
anyone
else
can
can
help,
add
use
cases
here
or
for
you
know
I
I
did
a
first
shot
at
like
the
two
use
cases
I'm
familiar
with,
but
maybe
others
can
add
or
better
explain
those
use
cases.
A
I
think
someone
was
about
to
say
something:
I
cut
them
up:
okay,
so
yeah.
If
if
this
is
a
feature
you're
interested
in
the
one
that
I
am
less,
I
I
think
this
is.
This
is
a
real
use
case.
The
you
know
further
filtering
based
on
destination
address,
but
it's
not
as
obvious
as
some
of
our
other
much
of
our
other
config
routing
config,
so
yeah,
okay
and
the
rest
yeah,
that's
that's
about
it.
Any
any
comments
follow
up
on
on
these
things.
A
This
is
this
is
1086..
If
anyone
wants
to
help
keep
an
eye
on
this
pr,
I
expect
we'll
be
getting
some
additional
feedback
in
the
coming
days.
So
anyone
can
help
with
responses.
Maybe
follow-up
changes
whatever
is
needed.
That
would
be
great,
and
yes,
this.
This
discussion
with
tim,
led
to
a
thread
on
the
kubernetes
api
reviewers
mailing
list
which
I've
linked
in
the
agenda,
and
that
is
really
this
pattern
we
have
all
throughout
our
api.
Is
we
have
a
type
and
a
value
field
right?
So
you
think
of
path
matching.
A
A
I
can
spell
the
day
and
then
you
have
a
little
bit
more
room
to
work
within
that
structure,
so
that
that
is
a
high
level
pad
pattern
that
came
out
of
that
thread.
I
think
that
may
lead
to
more
broad
changes,
or
at
least
changes
for
how
we
add
things
in
the
future,
but
also
that's
api
reviewers
thread,
so
you're
welcome
to
respond.
A
I
I
had
a
conversation
with
someone
internally
that
I
work
with
who's
been
running
conformance
tests
with
us
against
our
implementation,
and
they
were
talking
about
all
the
gaps.
They
helped
identify
all
the
gaps
in
our
current
performance
tests,
which
I
you
know
I
recognize
our
conformance
tests
are
not
in
in
any
way
exhaustive
right
now,
but
it
seemed
like
it
would
be
helpful
to
at
least
have
a
path
forward
to
understand
the
gaps
and
document
the
gaps
in
our
conformance
tests
right
now,
so
I
made
a
very
rough
attempt
at
organizing
these.
A
This
is
actually,
I
think,
jeff.
You
had
a
comment
asking
about
this
a
couple
weeks
ago,
so
very
related
to
that
too.
So
I
have
a
area
conformance
label
now
and
I'll
just
drop
into
one
of
these
to
give
a
rough
idea
of
what
they
look
like
and
in
this
case,
mike
you're
working
on
a
pr
that,
I
think,
will
knock
off
all
of
the
things
from
route
to
service,
and
then
we
still
have
more
for
gateway
to
secret
and
we
should
probably
still
add
additional
tests
here.
A
A
What
I'm
really
hoping
to
get
out
of
this
is
some
idea
of
who
can
help
write
conformance
tests,
because
this
is
a
large
project
and
it's
also
one
that
is
easily
distributed.
It's
one
where
anyone
on
this
meeting
can
say
hey.
I
want
to
contribute
this
one
test.
I
want
to
contribute
a
test
that
covers
cross
namespace.
Reference
is
not
allowed
by
a
reference
policy
from
gateway
to
secret
and
that's
all
if,
if
that's
something
you
are
able
or
interested
in
contributing,
that
would
be
really
helpful.
A
This
again
is
just
this
just
a
way
of
trying
to
structure
and
get
some
organization
around
who's.
Taking
on
these
tests
jeff,
I
know
you
mentioned
you've
been
working
or
your
team
had
been
working
on
some
additional
conformance
tests.
Is
there
any
overlap
with
the
tests?
I've
been
the
the
tests
I've
described
in
any
of
these
issues
and
what
might
be
coming
from
your
team.
C
A
You
know
a
sunset,
you
know
even
just
one
conformance
test,
but
just
to
have
a
a
truly
broad
set
of
contributors
to
our
conformance
test,
because
not
only
do
we
want
everyone
to
pass
conformance
tests,
but
we
want
everyone
to
have
a
shared
understanding
of
what
to
have
have
contributed
to
the
definition
of
conformance,
so
so
we're
all
invested
in
the
same
definition
yeah.
I
know
I
I
have
plans
to
to
help
out
with
some
of
these
myself.
A
I
think
I
chatted
with
the
person
who's
been
helping
us
with
with
our
docs
review.
She
has
been
volunteered
to
start
on
one
test
from
one
of
these
items,
but
again
this
is.
This
is
not
meant
to
be.
I
know
this
is
a
overwhelming
list,
but
this
is
not
meant
to
be.
You
have
to
solve
everything
in
one
go.
That's
there's,
there's
lots
of
small
little
pieces
to
this
and
you
can
just
pick
a
tiny
little
piece
and
work
on
that.
You
know.
A
I
think
that
the
matching
is
a
good
example
of
we
have
an
example
test
for
what
it
looks
like
for
prefix
matching.
If
you
take
that
same
pattern
and
use
it
for
exact
path,
matching
or
header
matching
it,
it
should
be
a
fairly
good
starting
point
and
just
reading
a
comment
from
mike,
it's
you're
saying
you
may
be
able
to
help
with
the
other
set
of
reference
policy
tests.
The
gateway
to
secret
ones,
yeah
that'd,
be
awesome,
wow
cool
is,
is
anyone
else
interested
in
contributing
to
conformance
tests.
E
A
Interested,
oh
awesome,
awesome.
Well,
definitely,
you
know
message.
Anyone
on
slack
drop,
something
in
the
main
sig
network
gateway
api
channel.
I
I
know
I've
just
kind
of
I
what
I
think
I
probably
need
a
better
starting
point
of
here's.
Here's
how
you
write
a
conformance
test
and
here's
how
you
run
it,
but
in
lieu
of
that
don't
hesitate
to
just
ask
ask
questions,
because
you
know
I'll
always
want
to
make
it.
A
Cool
and
same
goes
for
anyone
else,
don't
hesitate
to
to
reach
out,
and
in
the
meantime
I
will
try
to
have
a
slightly
clearer
definition
of
what
it
looks
like
to
add
additional
tests.
I
I
will
point
out
that
mike's
pr
somewhere
down
here
is,
is
a
great
one
for
for
reference,
and
I've
lost
track
of
it.
Oh
yes,
here
it
is.
Thank
you
mike
for
adding
conformance
tests.
This
is
a
really
good
example.
A
A
B
A
That
makes
a
lot
of
sense.
Okay,
cool,
it
looks
like
everything
else
is
a
little
bit
older
here,
so
I'm
going
to
let
this
one
stay
and
then
for
pull
requests.
I
think
I've
I
think
I
have
touched
on
everything
pretty
recently.
If
I've
missed
your
pr
or
someone
else
has
missed
your
pr
like,
if,
if
you
are
needing
feedback
on
a
pr
that
you've
written,
please
ping
any
one
of
the
maintainers
in
slack,
I
know
that
we're
all
busy
and
miss
things.
A
A
C
It
just
kind
of
put
in
a
plug
here
that
for
the
route
inclusion
delegation
gap,
the
documents
the
gep
document
itself
is
up
there.
I
actually
updated
it
this
morning
because
nick
rewrote
his
the
route
status
section,
and
so
I
merged
his
changes
in
and
those
are
there.
So
that
section
is
no
longer.
You
know
a
draft
from
his
perspective
and
so
far
I
think
rob
is
the
only
one
who's
who's
reviewed
made
comments
which
thank
you
very
much
rob.
I
appreciate
it.
A
Yeah
I,
this
is
an
absolutely
massive
gap.
I
appreciate
the
efforts
here-
and
this
is
this
is
a
perfect
example
of
where
additional
reviews
would
be
very
helpful,
because
it's
it's
it's
hard
for
any
any
individual
reviewer
to
catch
everything
or
to
really
understand
everything,
but
especially,
if
you're
thinking
about
implementing
this
api.
A
A
Inclusion
and
delegation
is
at
least
from
what
we've
heard
from
contour
team,
something
that
is
very
easy
to
turn
into
a
very
complicated
thing
to
develop
and
implement,
and
you
can
you
can
end
up
regretting
different
parts
of
the
api
if
you're
not
very,
very
careful.
So
this
is
one
I
want
to
make
sure
we
have
as
many
reviews
as
possible
and
we've
thought
of
every
little
edge
case.
I
know
like
looking
at
the
size
of
this
gap
already
it's,
I
think,
probably
our
most
detailed
gap
ever
so.