►
From YouTube: SIG Network Gateway API meeting for 20230116
Description
SIG Network Gateway API meeting for 20230116
A
A
B
Joking,
there
is
a
discussion
in
the
Gateway
API
under
the
GitHub
discussions
section
about
what's
their
local
I'm,
just
going
to
try
to
move
that
forward
with
the
get
so
far
I
just
included
the
intro
some
goals,
non-goals
I,
think
the
known
goals
kind
of
like
kind
of
want
to
avoid
this
be
getting
lumped
into
gamma
stuff,
because
when
people
think
about
like
cluster
local
like
oh,
maybe
you
can
also
link
to
other
clusters.
Thinking
balloon
into
a
larger
discussion.
B
I
haven't
included
implementation,
yet
even
though
Evan
kind
of
just
said
like
a
really
lightweight
one
in
the
GitHub
discussion,
but
because
it
might
be
worth
just
thinking
about
some
Alternatives
prior
to
figuring
out
what
we
want
to
do
so
I'm.
Just
bringing
up
here
see
if
anyone
has
comments,
but
I
can
also
bring
it
up
next
week
for
a
wider
audience.
A
A
Like
yeah,
so
this
is
this
is
like
a
thing
that
you
would
do
in
sort
of
an
old
school
yeah
data
center
Network,
where
you
had
a
firewall.
That
was
like
the
border
of
your
the
border
of
your
security
domain,
so
hair
pinning
is,
when
you
sort
of
reach
out
to
the
outer
edge
of
the
firewall
from
inside
and
then
and
the
traffic
is
routed
back
in
so
it
passes
through
the
firewall.
So
it's
like
a
hairpin
turn,
so
that's
happening,
got
it
yeah,
so
yeah
yeah.
So
that's
that's!
A
C
B
B
A
I'll
put
a
comment
on
there
to
something
like
something
to
that
effect
that
it's
like
this
is
not
like
a
full
service
mesh,
where
you
expect
every
service
to
have
like
all
a
majority
of
services
to
have
this
functionality
turned
on.
This
is
like
you
want
to
expose
the
a
service
on
like
an
internal
like
a
non-public
routed.
Ip
address
is
yeah
yeah,
so
this
is
where
internal
and
external
gets
a
little
bit
confusing,
because
you
know
it's
internal
to
your
Wan,
but
not
necessarily
internal
to
the
cluster
yeah.
A
You
could
do
it
with
cluster
IP
servers,
if
you,
if
you,
if
you
make
the
cluster
IP
subnet
range
routable,
that's
one
of
the
reasons
that
I
haven't
pushed
too
hard
on
this
is
that
you
end
up
getting
into
the
weeds
of
like
exactly
how
does
the
routing
work
and
how
do
you
you?
What
internal
address
range?
A
A
It's
worth
saying
it's
similar
to
that
use
case,
yeah,
yeah
and
like
yeah,
because
because
I
I
spent
a
bit
of
time
like
playing
around
with
Kaden
and
K
native,
so
I
understand
what
you're,
what
you're
doing
you
want
to
be
able
to
have
it
so
that
you
know
you
can
have
do
k-native
stuff,
but
that's
not
on
a
public
iPad,
but
that's
exactly
yeah.
It's
about
avoiding
the
use
of
public
IP
addresses
and
using
obviously
1918
address
space,
not
about
you
having
the
pods
be
directly
reachable
for
one
another.
Yeah.
A
A
So
yeah
I
updated
this
a
little
bit.
I
added
I
changed
a
couple
of
things
where
people
had
some
comments,
but
then
I
also
added
one
other
thing
on
the
end,
which
is
client
certificate
settings
we
currently
don't
have
anywhere
in
the
API
to
represent
I
want
things
that
are
connecting
to
the
outside
of
my
listener
to
require
a
client
certificate
and
I
want
to
do
some
sort
of
validation
on
my
client's
ticket.
A
That's
why
I
left
this
as
italicized
and
bolded
to
be
clear
that
this
is
not
about
from
the
connections
from
the
gateway
to
the
back
end
using
client
certificates
there
yeah,
so
just
for
anybody
watching
the
recording
yeah.
That's
what
I've
started
poking
on
this
again.
I
would
like
us
to
go
back
to
this,
because
this
is
going
to
be
required
for
us
to
do
something
about
what
ended
up
as
back-end
properties
and
didn't
end
up
going
very
well,
because
it
was
too
much
Crossover
with
gamma.
A
What
TLS
use
case
are
we
talking
about
because
it
can
be
very
confusing
if
someone
is
talking
about
https
pass
through
and
the
other
people
think
think
about
they're
talking
about
yeah
termination
and
re-encryption,
because
they've
been
kind
of
similar.
You
know
that
though,
but
they
have
subtle
and
extremely
important
differences.
A
C
A
A
I
think
Mark's.
Suggestion
here
about
saying
you
know:
maybe
should
we
consider
modeling
the
re-encryption
as
a
filter
is
like
that's
a
kind
of
interesting
idea.
It
would
at
least
give
us
a
place
to
hang
the
config
off,
but
yeah
I
think
that's.
The
problem
is
like
new.
As
always,
where
do
you
hang
the
config?
And
what
do
you
put
in
there
in
the
config?
A
B
A
It
would
be
in
this
case,
so
I
mean
that
that
come
starts
coming
more
into
like
what
we're
talking
about
for
gamma,
where,
where
we're
talking
about
you
know,
hey
mtls
in
the
service
mesh
use
case
is
kind
of
an
implementation
detail.
You
know
you
you're
only
talking
about
the
service,
you
use
the
naming
when
you
talk
about
the
services
and
the
fact
that
it's
encrypted
in
mtls
does
not
like
important
in
terms
of
the
routing.
A
You
know
it's
like
an
implementation
detail,
whereas
the
use
case
that
Mikaya
is
talking
about
is.
It
is
important
because
the
person,
the
workload
owner
the
person
who
actually
owns
the
pods
has
handle,
has
sort
of
configured
their
service
to
do
TLS
and
require
TLS
and
thus
yeah.
If
you
want
to
be
able
to
afford
traffic
to
it,
your
thing
needs
to
be
needs
to
do
a
TLS
thing
itself
or
to
deal.
B
B
A
Yeah
exactly
yeah
yeah,
so
so
you're
going
to
be
doing
it
but
like
but
the,
but
this
and
I
guess
maybe
that's
another
thing
that
I'll
go
back
and
add
in
here
that
this
is
not
about
the
you
you're
doing.
You
know
magic
TLS
to
the
back
end
where
everything
is
sort
of
Auto
tier
list.
This
is
about
the
service.
The
person
who
owns
the
service
wants
the
TLs.
A
B
A
B
C
A
A
That
Gap
is
kind
of
held
up
at
the
moment,
because
it
was
a
huge
Rabbit,
Hole
of
shenanigans
and
so
yeah
see
you
can
use
different
kinds
that
are
not
service
like
that's.
Why
there's
a
there's,
a
4gbk
selector
in
there
I
would
not
recommend
doing
it
with
HTTP
route
unless
you
spend
a
lot
of
time,
have
a
read
over
The
Gap
and
the
pr
the
update
PR
for
The
Gap
that
was
sort
of
closed
for
Stillness
a
while
ago.
A
There's
a
lot
of
discussion
on
there
but
yeah
like
if
you
want
to
allow
HTTP
route
to
point
to
another
HTTP
route.
You've
got
to
start
thinking
about
how
many
layers
deep.
Do
you
want
that
to
be?
How
do
you
prevent
Loops?
How
do
you
like?
How
do
you
handle
like
people
overriding
stuff
that
you
need
them
not
to
override
and
a
bunch
of
other
problems
like
that.
B
I
guess
maybe
I
could
backtrack
and
talk
about
my
use
case.
We
have
something
called
domain
mapping,
essentially
just
like
creating
a
top
level
domain
for
like
a
but
it's
pointed
at,
for
example,
key
needed
service
which
would
be
funded
by
HP
route.
So
really,
what
I
would
think
would
be
the
implementation
of
it
would
be
like
hey
for
any
routing.
That's
hitting
this
host
rewrite
the
host
to
be
just
other
hostname
and
then
apply
the
routing
rules
of
that.
A
B
A
A
A
A
B
A
If
that's
yeah,
if
you
can
do
that,
architecturally
but
like
the
important
part
here,
is
that
you
just
have
one
listener
per
domain
name.
That
then
points
to
all
of
the
you
know
the
maps
that
that
does
exactly
what
your
domain
mapping
is
doing
and
maps
that
listener
to
the
to
a
route
that
describes
that
service
I,
see
okay,
because
the
only
reason
yeah
it
feels
like
the
only
reason
you
would
need.
That
is.
If
you
really
need
the.
A
You
do
to
rewrite
the
service
to
the
to
the
candida
theme,
so
rather
than
modeling
it
as
like
around
the
rest
or
another
route
is
just
a
listener
that
listens
to
the
domain
name
and
then
the
right
and
then
the
route,
the
routes,
all
the
traffic
for
that
domain,
name
out
to
the
correct
service.
Let's
see,
okay,.
A
Yeah
and
like
so
I
think
yeah,
like
I'd,
certainly
be
having
to
look
at
that
use
to
the
mirror
board
for
you,
man
like
because
I
think
it's
one
of
the
things
that
we
so
we
need
a
lot
more
of.
Is
that
sort
of
cookbook
style
thing
of
like
I
want
to
do
this,
and
so
we
say,
oh,
the
way
you
do
this
is
to
do.
A
Yo
is
to
have
a
have
a
listener
that
points
the
route,
and
you
know
blah
blah
blah
like
you
and
there's
a
couple
of
other
similar
use
cases
that,
where
people
I
think
there
was
one
where
people
had
were
like,
oh
I
want
to
Auto
generate
I
want
to
Auto,
generate
HTTP
routes
from
a
Swagger
description
and
they're
like
oh,
you
know,
I
wanted
to.
You
know
only
allow
the
get
post
and
stuff
that
the
Swagger
says,
and
then
they
put
it
all
into
one
HTTP
route
and
they
were
like.
A
Oh
there's,
two
I
have
too
many
part:
I
have
too
many
route
maps
to
to
fit
in
a
HTTP
route
and
I'm
like
well.
That's
because
you're
kind
of
doing
it
wrong,
like
you,
want
to
break
those
up
a
little
bit.
Maybe
have
each
endpoint
be
a
you
know.
Each
end
point
be
a
separate
HTTP
route
rather
than
putting
everything
into
one
big
HTTP
route,
and
that
that's
that's
the
exact
sort
of
thing
right.
A
I've
got
to
do
for
myself
to
to
do
to
to
sort
of,
say:
hey
if
you
want
to
use
when
you're
using
the
Gateway
API
like
here's,
some
other
here's,
some
use
cases
that
have
come
up
and
here's
how
we
think
you
should
he's
sort
of
the
recommended
way
to
do
this
and
the
more
that
we
can
have
build
a
sort
of
a
cookbooky
thing
like
that.
Then
I
think
that
will
help
people,
because
it's
a
reasonably
complex
API,
because
it's
got
a
lot.
It's
solving
a
large
problem
space.
A
A
B
B
A
We
had
a
thing
where
yeah.
If
you
wanted
to
be
able
to
specify
which
port
to
use
for
which
type
of
traffic
there
was
like
it
should
be
proxy,
there
was
a.
There
was
a
thing
that
said.
You
know
this
is
a
TLS
yeah
I
want
you,
I
want
the
I
want
Contour
to
do
a
TLS
connection
to
the
backend
service,
and
you
should
use
this
port.
A
You
know,
rather
than
you
should
use
port
four
for
three
rather
than
put
Port
80
or
something
but
yeah,
and
so
like
I
understand
what
you're
saying
it'd
be
nice
to
be
able
to
have
it
be
some
sort
of
Auto
detection,
but
I
I,
don't
know
how
we
could
handle
all
the
conceivable
use
cases
easily.
There
I
think
it
seems
like
it
could.
You
could
do
an
interesting.
Like
extension,
like
a
you
know,
policy
attachment
or
a
you
know
some
other
sort
of
meta
resource.
A
A
You
I
mean
again,
you
could
actually
it
could
be
something
where
you
where
your
your
implementation
could
be
like.
You
know
you
do
a
HTTP
route
and
then
it
figures
out
like
what
port
your
implementation
figures
out.
What
what
the
HTTP
listener
is
listening
on
right
like
he
approves
it
out
or
something
like
that
right.
But
then
that's
an
implementation
detail
right
like
not
a
thing
that
we
need
to
configure.
A
I!
Guess,
that's
the
that's
one
of
the
key
things
is:
that's
really
important
to
remember
with
I.
Think
like
o
API
is
like
you,
we
need
to
put
only
the
things
that
we
really
need,
people
to
be
able
to
configure
and
know
and
no
more
and
then
leave
the
magic
to
be
magic
and
to
be
implementation.
Specific.
A
That
doesn't
mean
that
you
can't
like,
but
it
means
like
if
you
want
to
like,
we
need
to
talk
about
it
and
maybe
do
something
implementation
specific
like
by
that
I
mean
the
support
level
implementation,
not
just
the
generic
term
yeah
so
yeah,
it
is
an
interesting
use
case
and
I
do
think.
I
think
there
was
a
a
note
in
that
TLS
use
cases
thing
about
doing
something
with
alpn
instead
of
just
Sni,
which
would
make
sense
to
me.
But
we
hadn't
considered
that
earlier
so,
okay
yeah.
A
C
If
you
don't
mind,
if
I
weigh
in
yeah
I
really
agree
with
your
point
on,
we
don't
want
things
to
be
too
implementation
specific.
We
want
things
to
be
portable.
I'd
also
add
I'm
wary
of
too
much
magic
in
when
we
talked
you
mentioned
HTTP
HTTP
to
negotiation
using
alpn
that
that
kind
of
thing
scares
me
because
HTTP
2
has
surprises
like
clients,
doing
connection
coalescing,
so
I'm
always
wary
of
too
much
magic.
Auto
detection.
That
kind
of
thing
I
definitely
prefer
explicit,
apis
and
explicit
configuration.