►
From YouTube: SIG Network Gateway API Bi-Weekly Meeting for 20221114
Description
SIG Network Gateway API Bi-Weekly Meeting for 20221114
A
Eating
hello:
everybody
welcome
to
Gateway
API
meeting
for
November
14
2022.
As
a
reminder,
this
meeting
is
governed
by
the
kubernetes
community
code
of
conduct,
which
boils
down
to
be
nice
to
one
another.
A
We
have
reasonably
full
agenda
today.
I
might
see
new
names,
I'm,
not
really
sure.
If
anybody
wants
to
take
a
minute
to
introduce
themselves
or
just
kind
of
say,
hi
and
talk
about,
you
know
what
they're
doing
and
why
they're
here
and
stuff
like
that
feel
free
I'll
give
a
couple
seconds
for
that.
Otherwise,
we'll
get
started
with
the
agenda.
A
D
C
We
go
yeah
cool,
so
it's
a
fairly
small
group
here
today
but
curious.
If
anybody
is
going
to
be
around
to
meet
on
the
Monday
after
Thanksgiving
as
it
turns
out,
it
looks
like
both
myself
and
Shane
are
going
to
be
out
of
office.
That
day,
will
anybody
be
around.
E
E
F
I
mean
honestly
I
mean
I've,
got
a
I
missed
everybody,
unfortunately,
at
the
kubecon,
because
I
got
stupid,
covid
and
and
I
do
have
some
real
generic
questions
about
how
to
get
more
involved,
and
you
know
who's
interested
in
egress
and
service
provider,
and
you
know
some
sort
of
orientation
stuff.
F
So
if
there
were
a
less
attended
meeting
for
me
to
just
kind
of
talk
about
that
or
ask
questions,
I
wouldn't
I
wouldn't
mind
it.
Okay,.
E
Well,
let's
leave
it
on
then
and
I'll
I'll
host
that
one.
C
Yeah,
that's
great.
We've
had
full
agendas
for
a
long
time,
so
it'd
be
great
just
to
go
through
anything
that
we
haven't
had
time
for
just
random
questions.
We
used
to
have
an
office
hours
meeting.
This
seems
like
it'd,
be
a
great
purpose
for
that.
C
A
Nick
yeah.
Thank
you
all
right.
This
is
just
an
update
on
something
that
I
brought
up
last
week,
so
I
started
working
on
for
the
bleaks
project,
which
is
a
sub-project
of
Gateway
API
that
we're
working
on
right
now,
rust
bindings
for
Gateway,
API,
Linker
D
also
had
these,
but
I
had
a
zoom
with
them
last
week,
and
we
kind
of
discussed
like
if
they're
married
to
it
like
what
they
what
they
want
to
do
with
that.
A
Ultimately,
they
like
the
they're
doing
those
by
hand,
and
they
do
like
the
generated
approach
better
so
in
the
future
I'm
going
to
continue
to
kind
of
push
for
this.
But
we
look
like
we
oh
and
the
age.
The
one
issue
that
was
missing
for
HTTP
routes
to
work
was
now
fixed
in
copium,
which
is
the
generator
so
we're
in
pretty
good
shape
and
there's
a
new
patch
release
I
just
put
out
last
week
and
we're
using
it
as
far
as
the
trajectory
goes.
A
Rob
and
I
are
talking
with
the
cube
RS
cncf
group,
so
kubr
s
is
rust.
Kubernetes,
API,
clients
and
stuff,
like
that.
There's
a
an
org
for
that
and
we're
considering
putting
it
in
there
rather
than
kubernetes
six.
So
we'll
kind
of
keep
you
all
up
to
date.
If
we
decide
to
actually
adopt
this
as
like
an
official
bindings,
but
that's
what
we're
kind
of
aiming
for
right
now,.
A
A
G
G
G
E
But
I
think
it's
probably
fine
to
talk
about
this
now,
but
Dave
you've
got
your
end
up.
H
Hey
how's,
it
going
just
a
quick
question
because
I
I've
been
meaning
to
read
the
the
Gap.
What's
the
current
status
of
backing
capability
capabilities
right
now,.
E
It's
proposed,
but
and
Candace
had
has
done
a
PR
to
to
put
an
implementation
in
the
Gap,
and
then
we
had
a
whole
bunch
of
spirited
discussion
on
the
on
the
get
pit
on
that
implementation,
PR
that
has
kind
of
stopped
last
a
while,
it's
actually
so
Candace.
You
haven't
forgotten
to
do
anything.
This
one
is
actually
on
me.
I
haven't
gotten
to
it.
E
The
Last
Action
was
that
I
was
supposed
to
go
back
and
update
the
original
Gap
with
a
bit
more
info
about
what
we're
trying
to
do
here
and
why
we've
done
it.
This
way,
the
more
that
I
have
thought
about
this,
though,
and
to
sort
of
address
a
couple
of
your
questions,
Candace,
the
more
I
thought
about
this
I
think
that
I've
made
a
mistake
here
by
I'm
trying
to
make
this
too
generic
there's
too
much
crossover
into
service
mesh
land.
E
This
thing
was
originally
intended
as
a
purely
north-south
exercise
and
a
way
to
handle
the
the
use
case
of
someone
saying.
I
am
running
a
process
inside
my
pods
that
has
a
TLS,
cert
and
I
want
to
be
able
to
expose
this
on
a
Gateway
and
I
want
the
gateway
to
be
able
to
talk
TLS
over
the
wire.
To
my
thing,
right,
like
don't
I,
don't
care
about
service
meshes
doing
magic,
mpls
I,
don't
care
about
any
of
that
stuff.
I
just
want
to
be
able
to
make
my
thing
that
I
already
have
work.
E
So
I
think
that
I
have
made
a
mistake
here
by
making
this
a
bit
by
trying
to
be
by
trying
to
make
it
more
reusable,
and
so
it
has
ended
up
running
square
up
against
the
fact
that
a
lot
of
the
stuff
that
we're
talking
about
here
has
a
confusing
amount
of
overlap
with
things
that
you
talk
about
in
service
mesh,
like
particularly
the
sort
of
the
service
mesh
generated,
mtls
I.
E
Think
John
made
a
good
point
when
we
were
talking
about
that
on
the
gamma
stuff
that
that
we
should,
he
is
of
the
opinion
and
I
agree
that
we
shouldn't
have
to
have
the
mtls
stuff
described
in
the
API.
That
should
be
an
implementation
detail
for
a
service
mesh
product,
but
I
think
the
I
think
the
thing
that
I
failed
again
here
on
was
that
I
wasn't
clear
enough
that
this
is
about
when
there
are
when
the
process
running
inside
the
Pod
has
TLS
certs.
What
do
we
do
about
it
right?
E
Like
that's
the
thing
that
we've
been
trying
to
solve
here
and
I?
Think
I
went
to
a
generic,
so
that's
I
think
so
it's
on
me.
You
know
the
actions
have
been
on
me.
I
also
have
a
bunch
of
other
stuff
on
my
plate
and
this
one
hasn't
I
haven't
been
able
to
get
to
it.
So
I'm,
sorry,
I
know
you
really
want
to
get
this
into
this
release
Candace.
So
yeah
I'm,
like
yes
like
I,
said
I'm
sorry
to
have
held
this
up.
H
E
Well,
that's
that
that
is
one
of
the
questions
that
the
pr
has
run
up
against
is
like
you.
What
do
words
even
mean?
You
know
so
I
think
that
I,
that's,
why
I'm
kind
of
thinking
that
maybe
we're
better
off
retargeting?
Is
it
something
smaller
Bowie,
you
get
your
hand
up.
B
Yeah
I
was
I
was
going
to
say:
does
that
make
sense
to
retrench
this
a
little
bit
less
like
try
to
take
smaller
steps
towards
this,
because
I
think
he
tried
to
jump
ahead
and
try
to
solve
everything
all
at
once.
Yeah
I
was
trying
to
figure
out
where
to
comment
on
the
VR
and
did
we
resolve
the
issue
of
who
should
own
what
piece
of
configuration
from
like.
F
B
I
don't
know
if
that
was
like
explicitly
laid
out
yeah.
E
Yeah
I
think
you're
100
right
that
the
the
one
of
the
reasons
there
was
a
lot
of
confusion
about
like
are
we
talking
about
the
producer
or
the
consumer?
Is
that
we've
spent
a
lot
of
time
talking
about
that
for
gamma
stuff,
you
know
like
that.
A
kubernetes
service
resource
can
be
used
as
either
a
producer
or
a
consumer
or
and
as
a
front
end
or
a
back-end
right
like,
and
so
in
this
case.
E
You
know
not
as
front-end
a
HD
period
attachment
point,
cluster,
IP
or
any
of
that
stuff,
so
I
think
the
and
I
think
the
that's.
Why
I
think
the
best
way
forward
here
is
to
sort
of
leave
the
is
to
leave
the
is
to
either
mark
the
the
original
Gap
as
like,
like
rejected
and
just
have
another
crack
at
something
very
similar.
E
That
is
just
about
handling
the
case
that
you
have
TLS
running
inside
the
process
inside
the
inside
the
pods
and
then
so,
and
then
we
just
so.
We
have
like
a
you
know,
I,
don't
know
a
TLS
connection
Properties
or
something
like
that,
or
something
even
less
generic
than
that
right.
Like
a
you
know,
Gateway
TLS
connection
properties,
I,
don't
know
something
that
makes
it
very
clear
that
this
is
for
that
specific
use
case,
and
that
specific
use
case
only
I
mean
I.
E
Think
there's
a
lot
of
other
things
that
plays
into
this,
because
TLS
is
used
in
many
many
things
in
many
different
ways
and
yeah.
That's
one
of
the
reasons
that
this
discussion
has
been
confusing,
but
that's
I
think
that
maybe
that
is
maybe
that's
a
more
approachable
and
solvable
problem.
E
We
tightly
scope
these
two
only
north-south
traffic
and
solving
the
specific
problem
of
you
have
a
you
know:
pods
running
TLS
that
it
gets
the
where
the
Gateway
has
already
terminated
the
outside
TLS,
and
you
want
to
re-encrypt
that
solves
that
problem
right,
like
the
I
think
in
the
case
that
you
know
we've
got
your
next
thing.
Is
about
TLS
route,
and
that
is
a
separate
case,
though
like
this
is
about
re-encrypt.
E
E
E
So,
like
I
mean
I,
think
part
of
the
problem
is
that
this
discussion
has
very
romantic
run
squarely
into
you
know
what
happens
when
we,
when,
where
you
have
a
back-end
properties
attached
to
it
to
a
service
that
also
has
a
HTTP
route
or
you
know
like
like
attached
to
it
or
you
know
what
happens.
E
How
is
this
relevant
when
you're
using
a
you
know
in
the
service
mesh
context,
and
so
what
I'm
trying
to
do
here
is
to
say:
okay,
there's
a
very
clearly
defined
use
case
to
call
the
north
south
context
that
that
is
currently
big
hole
in
the
API.
Let's
just
try
and
close
that
up
for
now,
it'll
at
least
be
an
experiment
that
we
can,
you
know
refer
back
to
and
see
how
it
goes.
I
mean
it's
going
to
be.
E
E
Maybe
we
maybe
we
do
it
and
then
we
choose
not
to
go
forward
it
and
we
do
something
else,
but
like
this
way,
this
way
we've
at
least
got
something
started.
Yes,
Shane.
A
Do
we
have
an
issue
tracking
that
one
specific
bit
like
something
codified?
That
says
like
the
bucket
of
the
back
ends
bit
that
we
want
to
do
and
the
specifically
the
TLs
part
that
you
were
just
talking
about?
Is
that
in
an
issue
somewhere
or
is
it
inside
of
something
else?
A
I
can't
remember
if
it
is
I
would
just
say
action
item
from
this
would
seem
to
be.
If
we're,
if
nobody's
strongly
opposed
to
Nick's
approach,
I
would
say
the
action
item
is
make
sure
we
have
that
in
an
issue
and
then
track
that
and
start
working
on
just
that
little
bit.
E
Yeah,
that's
right,
yeah
that
was
made
us
open.
A
discussion
and
I
was
sort
of
like
oh
I'm,
thinking
about
a
more
General
way
to
do
this.
You
know,
let's
try
and
solve
it
in
a
more
General
way.
Dave.
H
Just
the
question
does
gamma
sub-project
refer
to
multi-cluster
or
traffic
within
a
cluster
as
well
like?
Could,
for
example,
his
back-end
capabilities
be
consumed
by
like
Services
hitting
each
other
within
the
cluster,
or
is
that
like
is
that?
Is
it
I'm
just
trying
to
figure
out
like?
Is
that
a
gamma
thing
or
or
not,
etc,
etc?
I
I
I,
don't
think
that
at
this
point
we've
this
is
basically
like
part
of
what
Nick
is
saying.
The
issue
is
is
like
I,
don't
think
at
this
point
that
we've
considered
potential
implications
for
like
attaching
back-end
properties
to
a
service
import
object
as
an
example
which,
like
just
figuring
out
the
semantics
of
service
import,
is
like
by
itself
like
not
a
current
goal
yet
of
gamma.
You
can
know
it's
something
that
we
know
that
we
want
to
do
in
a
abstract
way.
H
C
Thanks
I
think
just
to
follow
up
a
little
bit
more
on
Bowie's
question
or
a
comment
in
chat.
It
seems
like
one
of
the
ways
we
could
I
think
we
all
agree.
C
We
need
smaller,
incremental
updates
to
to
have
any
chance
of
moving
this
forward,
because
everything
seems
fairly
contentious,
we're
not
sure
exactly
where
things
belong,
how
they
fit,
and
we
keep
on
running
into
different
barriers,
whether
whether
that's,
how
does
this
work
with
Gamma
or
what
roles
you
know
like
lots
of
lots
of
different
questions
and
I'm
kind
of
curious
if
we
can,
if
we
can
take
a
step
back
yet
again,
I
know,
but
to
identify
the
roles
that
you
know.
C
Basically,
the
key
roles
that
are
involved
here,
you
know
who
do
we
expect
to
configure
this
specific
property?
Who
do
we
expect
to
configure
this
property?
You
know
we
that
that's
been
so
great.
It
seems
like
right
now
we're
struggling
to
understand
one,
what
we're
trying
to
configure
and
two
where
that
should
be,
and
we've
we've
gone
so
heavily
into
this
role-oriented
model
right.
The
this
specific
role,
maps
to
this
specific
resource
and
I,
don't
think
I.
Clearly
understand
how
these
bits
of
config
that
we
want
mapped
to
those
roles.
C
So,
even
just
like
you
know,
if
we
just
take
small
PR's
to
kind
of
like
adjust
and
say
Here's,
you
know
we
know
we
want
this
thing.
We
we
know
we
want
these
people
to
be
able
to
configure
this,
and
we
know
we
want.
You
know.
Just
agreeing
even
more
in
more
detail
on
the
specific
requirements
could
help
us
get
a
little
bit
further.
G
Don't
know
I
agree
with
you,
but
I
think
that
was
one
of
the
contention
points
was:
whose
role
is
it
because
I
mean
that
depends
which
I
it
depends
so
I
started
the
conversation
with
noting
that
everything
else
about
termination
is
set
on
is
set
in
the
the
TLs
mode
types
and
in
in
this
is
one
kind
of
termination
that
we
cannot
set
in
the
TLs
mode
types
and
we
determined
I
am
not
100
sure
why
we
determined
that,
but
it
to
me
it
seems
more
natural
to
set
up
the
the
re-encrypt
termination
in
the
same
place
that
you
would
set
up
that
the
Ed,
the
regular
termination
or
the
or
the
pass-through
termination,
but
I
think
you
guys
said
everybody
was
in
agreement
that
that's
not
that's
not
the
case.
B
I
think
the
interesting
thing
is
talking
about
this
from
a
re-encrypt
perspective
versus
decoupling,
the
two,
because,
technically
speaking,
the
communication
from
this
from
the
proxy
to
the
back
end
and
the
communication
for
the
proxy
are
actually
very
they're,
actually
not
connected
to
each
other,
I
mean
sometimes
they
are,
but
from
a
cons
like
if
you
think
about
it
right
like.
Why
does
the
how
you
terminate
a
connection
which
is
from
your
clients
to
you
dictate
or
are
related
to
how
you
communicate
further
on
to
your
backup?
B
G
B
B
That's
a
fairly
common
one
or
you
could
have
encrypted,
but
with
a
totally
different
trust
domain.
B
C
So
what
we're
saying
right
now
is
that
you
know
the
existing
mode
that
we
have
is
basic,
is
describing
connections
to
the
Gateway
and
then
connections
from
the
gateway
to
the
back
end
are
somewhat
different
right.
You,
you
could
have
any
number
of
combinations,
and
you
could
you
know
re-encrypt
this
basically
you're
you're,
representing
one
possible
combination
of
that.
But
let's
say
that
you
know
you're
serving
on
Port
80,
but
you
still
want
to
encrypt
traffic
to
your
back
end
from
like
from
Gateway
to
back,
and
then
you
need
like
a
encrypt
mode.
C
I
guess
right!
You
need
you
need
some
other.
So,
basically,
if
you
can
decouple
how
those
are
configured
that
feels
good
but
I
I
agree
that
the
same
general
location
and
the
same
general
means
is
effective.
I
just
think
a
separate
configuration
for
that
extra
hop
could
be
useful,
but
there's
a
lot
of
hands,
so
I
should
yield
my
time.
F
Yeah
I,
so
my
specific
concern
is
mostly
around
Communication
service
providers
like
people
launching
5G
and
so
I
think
the
talk
about
the
roles
is
really
important
because
you,
in
that
context
you
have
where
the
service
providers
say
you
know
18t
or
Verizon.
Something
wants
to
control
everything
having
to
do
when
things
are
encrypted
and
how
they're
encrypted
and
the
certificates
and
may
have
mtls
to
external
clients
in
a
way
that
most,
you
know,
Enterprise
other
kinds
of
use
cases
might
not
versus
the
sort
of
app
developer.
F
You
know
for
whom
it's
completely
invisible
and
so
I
think
you
know
making
sure
that
we
think,
through
the
roles
and
the
complete
set
of
of
variables,
because
again,
like
you
know,
I
have
to
worry
about
call
tracing
like
they
need
to
figure
out
where
it
can
be
decrypted
for
call
tracing
all
kinds
of
other
things
that
are
can
get
really
complex
with
PLS.
E
Yeah,
okay,
I
think
that
this
is
also
run
afoul
of
the
fact
that
TLS
has
a
number
of
confounding
things
in
the
way
that
the
listener
is
designed.
Tls
also
has
the
protocol
field
and
the
like
the
then
we've
in
the
TLs
mode
field,
which,
like
I,
consider
huge
mistakes
in
the
API.
We
completely
screwed
that
up,
because
that
makes
it
really
confusing
right
like
so.
E
We've
also
got
the
documentation
that
that
you
mentioned
in
the
next
one
about,
like
you
know
in
the
summary
table,
like
TCP
route
can
be
terminated
or
or,
and
it
doesn't
mention
pass
through
it,
and
that's
because
you
know,
for
example,
for
TCP
route
conceivably,
you
could
have
a
TCP
route
that,
like
a
listener
that
terminates
TLS
for
some
arbitrary
TLS,
a
TCP
stream
and
then
forwards
the
TCP
stream
on
right.
E
Like
that's
the
use
case,
that
is
capturing,
but
in
the
case
that
you
want
to
pass
through
TLS
on
a
TCP
connection,
you
just
don't
do
anything.
E
You
just
have
a
TCP
route
right
like
you,
just
don't
inspect
it,
because
the
TLs
route
is
not
being
used
for
routing
at
all,
and
so
that's
why
I've
emphasized
in
a
number
of
places
that
I
think
the
most
important
thing
to
remember
about
when
you're
passing
to
like
TLS
through
a
Gateway
is
like
what
are
you
using
to
Route
the
traffic
to
the
back
ends
right,
like?
Are
you
using
the
HTTP
properties,
in
which
case
it
has
has
to
be?
E
What
who
owns
that
config
and
then
that
will
help
us
figure
out
like
where
that
config
should
live.
I
hear
what
you're
saying
Candace
that
like
to
some
extent,
it
makes
sense.
When
you
were,
when
you
are
a
Gateway
implementer,
it
really
makes
sense
to
think
of
the
re-encrypt
as
being
like
a
listener
level.
Setting
right
like
you
want
to
terminate
here,
and
you
want
to
re-encrypt
all
the
settings
there,
but
like
the
reason
that
I
haven't
gone
for
that
in
the
past.
E
Is
that
generally,
the
person
who's
controlling
the
certs
that
you're
using
for
that
re-encrypt
is
not
the
Gateway
owner
It's?
Usually
the
person
who
owns
the
service
that
you're
the
pods,
not
the
service,
object
a
lot
of
the
time,
that's
the
same
person,
but
it's
the
person
who
owns
the
process,
that's
running
inside
the
pods
and
so
I.
Think
that's
that's
where
I
agree
with
everyone.
I
think
what
we've
got
to
do
is
go
back
again.
E
We're
going
to
write
down
all
these
use
cases
around
TLS
and
what
we're
talking
about
when
we
say
re-encrypt
and
when
we
say
like
pass
through
and
stuff
like
that
and
I
think
that
this
discussion
will
probably
help
like
Define
some
stuff
up
about
like
what
TLS
route
is,
and
it
clarify
some
of
these
things
that
are
that
aren't
clear
in
the
next
to
General
item
as
well,
because
yeah
yeah
I
think
so
when
we
conceived
of
the
the
sort
of
the
the
protocol
and
the
TLs
mode.
E
Originally,
that
was
when
we
didn't
have
such
a
good
sort
of
definition
of
like
what
a
HTTP
route
did
versus
what
a
TLS
Rod
did
versus
what
a
TCP
route
does,
and
so
the
and
we
didn't
have
grpc
route
at
all,
then,
and
so
I
think
that
the
yeah,
like
I,
think
that
writing
down
some
of
these
use
cases
and
being
like
in
this
case.
You
use
this
in
this
case.
You
use
this.
E
In
this
case,
you
use
that
you
know
and
sort
of
trying
to
be
exhaustive
about
it
may
help
people
have
a
better
understanding
of
what
you
of
what
we're
trying
to
achieve
with
the
the
work
that
Candace
has
been
trying
to
do.
Sorry,
Rob.
C
Yeah
so
I,
just
a
quick
time
check
here.
I
know
we're
well
into
this
discussion.
It's
been
really
helpful.
I
just
I
want
to
make
sure
we
get
to
the
rest
of
the
items
while
we're
here.
Do
we
have
a
clear
understanding
of
what
you
know
what
the
next
items
are.
I
I
know
Nick,
you
said
you
have
okay,
go
ahead:
Shane,
yeah,
sorry,.
A
Sorry,
sorry,
sorry
I
was
gonna
time
check
it,
but
I
was
gonna
say
it
sounds
like
the
next
action
item
is.
We've
got
a
redo
of
the
Gap,
but
another
action
item
is
that
redo
whatever
it
ends
up?
Looking
like
needs
to
have
the
exhaustive
list
of
use
cases
kind
of
figured
out
a
little
bit
up
front,
like
user
stories
need
to
be
kind
of
up
front
to
help
drive
this.
C
Yeah
and
I
I
would
argue
that
I
don't
know
that
we
need
to
call
it
a
redo
so
much
as
just
iterating
on
the
part
of
the
Gap
that
has
merged
and
like
small
pieces
at
a
time.
You
know
these
are
the
specific
use
cases
you
can
add
like
it
doesn't
need
to
be
an
exhaustive
list
of
use
cases.
Everyone
can
just
add
a
use
case
as
they
come
up
with
it,
but
again
just
trying
to
get
small
pieces
in.
So
we
have
a
clearer
picture
of
what
we're
trying
to
solve.
E
Yeah
I
think
that's
why
I
I
think
that
I
think
that
not
the
doing
PR's
to
the
Gap
is
actually
going
to
be
like
I
think
it
might
not
work
Rob,
because
we've
got
because
we're
kind
of
part
of
what
we're
doing
here
is
kind
of
saying:
hey
his
back
end
capability
is
the
right
way
to
solve
this.
Is
it
too
generic?
E
You
know
that's
one
of
the
questions
we
need
to
answer
here
and
so
I
think
we've
got
to
go
back
to
Google
doc.
Again
we
got
it
and
you
know
we
got
it
so
I
think
what
we
need
to
do
is
I
will
post
this
meeting.
E
I
will
start
a
Google
doc
with
like
the
with
the
your
use
cases,
I
can
think
of
and
the
yeah
the
use
cases
I
can
think
of,
and
then
my
suggestions
and
I
will
put
my
name
next
to
my
suggestions
for
how
I
think
we
should
handle
the
use
cases
well,
I
think
we
should
conceive
the
use
cases.
E
So
that's
so
I'll
set
up
the
format
of
the
document
and
stuff
so
that
we
can
gather
people's
ideas
about
the
use
cases
and
then
I
will
make
it
well
little
world
editable,
so
that
people
can,
you
know,
add
in
their
own
use
cases,
and
that
way
you
know
Philip.
You
know
you
can
put
some
information
in
there
about
the
sort
of
use
cases
you're
talking
about
as
well,
so
that
we
can
make
sure
we're
not
missing
anybody.
E
This
time,
I
suspect
that
what
we're
going
to
need
to
do
like
so
Candace
I
need
to
be
upfront
with
you,
though.
I
don't
see
that
I
don't
know
if
we
can
get
that
in
as
part
of
that
API
like
it's
going
to
take
a
little
while
for
us
to
do
this,
you
know
we
might
be
able
to.
If
we
can.
All
sort
of
you
know
go
pretty
fast
on
on
pulling
these
use.
Cases
together,
but
like
like
it's
gonna,
be
hard
to
get
this
done
in
like
the
next
month
or
so.
E
Yeah
yeah
I
think
so
this,
so
this
particular
release
has
been
held
up
by
a
few
factors
like
the
big
status
rewrite
and
a
couple
of
other
stuff
like
that.
So
I'm
hoping
we're,
hoping
that
we
should
be
able
to
make
like
more
regular,
faster
releases.
Now
that
we,
you
know,
don't
have
as
many
things
in
train
yeah.
A
We
tried
to
break
this
one
up,
but
it
it
it's
too
messy
way
to
finish
this
one
and
then
hopefully
we're
gonna
get
into
like
these
smaller,
more
small
iterations,
okay.
So
there
we
got
some
action
times
for
that
good
discussion.
Actually
it's
just
really
the
one
action
item:
All
Things,
Considered
yep.
Let's
move
on
to
the
next
one,
so
talk.
A
E
E
It
depends
on
exactly
what
comes
out
of
the
discussion
on
the
use
cases
so,
like
the
I
think
that
the
like
it
depends
on
if
going
forward
with
back-end
capabilities
is
viable
or
if
that
that
is
too
big
a
chunk
to
chew
yeah.
So
I
think
that
I
think
yeah
there's
that's
my
feeling
anyway.
C
Yeah
I
think
that
makes
sense,
I
think
in
addition
to
what
you
have
already
said,
I
think
a
comment
on
that
PR
just
to
explain
the
current
state
of
that
that
it
is
frozen
in
time
for
the
time
being
and
we're
moving
discussion
back
to
a
doc.
Okay,.
A
Yep
Candace
TLS
route.
E
Yeah
so
and
I
think
the
the
quickest
thing
to
say
here
is:
we've
got
the
the
list
of
things
that
we
need
to
do
for
beta.
The
main
thing
is
implementations,
implementations
already
Implement
TLS
route
performance
tests.
We
need
a
you
know,
a
decent
conformance
test
suite
for
hotel
as
well.
Those
are
the
things
that
we
need
to
do
to
be
able
to
graduate
TLS
route
to
Beta
I.
Don't
think
that
that
anyone's
really
suggesting
that
there's
a
lot
of
features,
we're
missing
out
of
TLS
route,
but
those
are
the
you
know.
C
C
Go
ahead:
Richard
traffic
director
has
one
as
well.
Okay,.
D
A
Okay
cool,
so
it's
pretty
much
just
that
yup
performance
test
and
go
yes.
I.
E
Think
this
would
be,
this
will
be.
Rob
has
recently
changed
things
to
sort
of
you
know
sort
of
got
like
feature
flaggy
kind
of
behavior
for
the
performance
tests.
We
need
to
put
okay,
let's
write
behind
the
feature
Flags
and
just
have
tests
that
do
stuff.
Like
you
know,
you
can
route
to
an
Sni.
The
o
that
sort
of
stuff
I
mean
there's
not
much
to
test
right
like
different
snis
are
out
to
different
back
ends.
That's
pretty
much
it
like.
I
A
Yep
yep
I'm
gonna
take
the
action
item
to
just
make
sure
that
we're
actually
tracking
this
properly
take
a
look
over
what
we
have
and
make
sure
we
have
issues
and
stuff
that
are
actually
tracking
for
a
release
for
this
I'll-
probably
just
put
it
in
v070
but
again
we'll
kind
of
bucket
things
in
there.
The
things
are
a
little
bit
bucketed
in
there,
but
we
might
spread
them
out.
So
we
can
do
more
iterative
releases,
so
don't
be
afraid
to
just
be
like
a
ton
of.
A
G
G
A
G
C
Right
yeah,
so
let's
talk
about
Milestone
we're
getting
awfully
close,
which
again
was
the
goal.
I
got
confirmation
that
at
least
Tim
and
I
think
Cal
are
going
to
be
able
to
do
a
API
review
this
well
at
least
start
this
week.
So
we
need
to
get
the
the
infrastructure
in
place
for,
for
that,
that's
just
a
big
PR!
That's
a
diff
between
this
and
our
previous
release.
There
is
not
much
left
in
that
actual
Milestone.
C
So
if
you
look
I
think
there's
two
issue:
an
issue
in
a
PR
that
are
about
to
close
the
partial
acceptance.
One
I
think
we
can
probably
just
pull
out
of
the
milestone,
because.
E
It's
a
little
bit
related
to
the
status.
Okay,
it's
like
a
single.
It's
like
a
single
performance
test.
So
it's
actually
oh
yeah.
It's.
B
E
E
C
All
right
so
I
missed
this
one
I
is
there
anyone
on
this
call
that
feels
like
they
they'll
have
time
to
work
on
it.
This
week,.
E
I
can
make
time
if
no
one
else
does
because
I
just
want
to
get
this
060
closed
out.
So
yeah.
C
E
Yeah
so
yep
those
those
two
issues
once
that,
once
that
PR
merges
for
the
that
is
linked
to
those
two
issues.
So
sorry,
if
you
go
back
to
the
Milestone
chain,
eating
that
yeah
those
two
ones,
there
see
there's
a
there's,
a
link
PR
on
the
right.
C
A
C
E
So
once
those
two
are
done,
you
know
I
think
we
can
close
out
the
conditions
and
status
update,
get
and
yeah
I
mean
the
these
conformance
test
is
really
the
last
little
tiny
piece
of
the
conformance
the
conditions
and
status
update.
But
then,
after
that,
I
think
we're
done
and
that
will
close
out.
Okay.
C
Okay,
great
so
I
think
that
means
we
are
in
the
final
final
stages
of
this
I'll
I'll
share
my
optimistic
view
of
the
world.
I,
don't
know
if
we're
gonna
hit
this
timeline,
but
what
I
would
love
to
see
happen
here
is
that
we
we
do
the
initial
round
of
API
review
this
week.
C
C
We
may
be
able
to
release
a
release
candidate
as
early
as
next
week,
it's
the
week
of
Thanksgiving
so
in
the
U.S.
So
we'll
see
what
happens,
but
my
optimistic
view
is:
that's
there's
a
chance,
I'd
love
to
get
that
in
after
the
RC.
We
wait.
We
let
things
soak.
We
do.
The
final
review.
There's
certainly
going
to
be
tweaks,
at
least
that
come
out
of
this
final
review
and
then
best
case
scenario.
I'd,
say:
final
o60
releases,
early
December
sometime
in
December.
C
Yeah
but
I
I've
been
wrong
many
times
before.
This
is
just
my
view
of
the
world
today
and
and
again,
help
from
everyone
to
address
any
issues
as
they
come
up
from
Signet
API
review
would
be
really
helpful
and
especially
thanks
to
Nick
for
getting
that
last
PR
in
and
yeah
I
think
we'll
be
good.
E
I
think
one
question
that
I
feel
like
maybe
we
didn't
quite
answer
for
Candace
earlier
was:
is
there
any
chance
that
if
we
do
the
conformance
tests
for
TLS
route,
we
would
move
that
to
Beta
4060.
C
E
C
I
A
C
Another
thing,
that's
really
top
of
mind
for
me-
is
redirects
and
rewrites
it's
in
the
same
state
it
just
it
just
needs
a
conformance
test,
and
we
need
to
show
that
implementations
are
passing,
that
conformance
test
and
that
graduates,
so
I
feel
like
that.
Bundled
with
TLS
route
is
a
pretty
easy.
070
and
I'm
I'm,
a
big
fan
of
smaller,
faster
releases.
E
E
A
A
All
right,
conformant,
implementation
or
environment.
C
Yeah
this
is
a
bit
of
a
rabbit
hole,
but
it's
a
bit
of
a
follow-up
from
an
issue
that
Nick
created
recently
yeah
last
week
and
yeah.
This
I
think
a
lot
of
us
have
already
chimed
in
on
it.
I
just
want
to
be
clear,
like
it's.
It's
kind
of
a
weird
thing
that
we're
in
right
now,
where
we're
we're
kind
of
the
first,
the
first
API
doing
it
this
way,
and
so
you
know,
kubernetes
conformance
tests
are
slightly
different
than
what
we're
trying
to
do
are.
C
Are
we
trying
to
ensure
that
the
underlying
implementation
is
valid
or
that
the
environment
as
a
whole
is
valid?
I,
don't
know,
but
we
haven't
clearly
defined
that
right
now
and
this
specific
issue.
If
we
go
ahead
and
implement
it
takes
a
squarely
from
ensuring
that
the
implementation
is
valid
to
ensuring
that
the
environment
is
valid.
So
it
kind
of
expands
the
scope
of
what
we're
doing
yeah.
A
C
E
You
know
some
sort
of
sort
of
ignore
test
where
it's
like
try
and
apply
an
invalid
object
and
either
it
gets
rejected
on
apply
or
it
gets
accepted
and
then
has
a
status
update
that
is
mandated
in
the
performance
right
in
in
my
mind,
that's
that
still
meets
what
I
wanted
to
get
out
of
this,
which
is
that
invalid
objects
don't
do
stuff.
That's
the
that's.
The
thing
that
we're
trying
to
end
up
with
here
is
that
if
you
have
invalid
objects,
everyone
handles
them.
E
Similarly,
I
think
it's
like
I
think
we
all
agree
that
it's
far
far
better
ux
than
an
invalid
objects
never
makes
it
into
etcd,
but,
like
Rob,
is
100
right,
that
there
are
ways
that
you
can
get
around
a
web
hooker
running
or
you
know,
race
conditions
or
whatever
like
and
so
having
a
standard
way
that
implementations
have
to
handle.
This
would
be
nice
I'll
put
a
comment
to
this
effect
on
there,
but
yeah.
My
thought
is:
hey,
like
my
proposed
plan,
is
something
like
hey.
E
What
the
end
state
that
I
would
like
to
end
up
with
is
that
we
have
a
conformance
test,
the
test
you
does
this
get
accepted
if
it
like
it
shouldn't,
but
if
it
does,
then
does
it
get
its
status
updated
in
a
certain
way
like
you
know,
and
we
do
another
round
of
do
another
small
updated
status
to
be
like
if
there
is
something
that
the
web
hook
would
normally
block.
That
is
true
on
this
object,
then
this
status
update
should
happen
in
order
to
make
that
easier.
E
What
I
would
suggest
we
do
is
that
we
do
the
stuff
that
I
think
John
mentioned
somewhere,
that
you
know
we
take
the
webhook
thing
and
make
it
a
ex
like
a
properly
exported
package
such
that
there's,
like
a
validate
method,
that
you
can
call
on
a
resource
and
have
it
be
like
you
know,
and
have
the
the
same
logic
that
the
web
hook
runs.
Give
you
a
yes
or
no
from
inside
your
implementation.
E
That
will
mean
that
you
don't
have
to
keep
track
of
as
long
as
you're
bumping.
Your
dependency,
then
you
as
an
implementer,
won't
have
to
keep
track
of
like
exactly
what
is
happening.
All
you
need
to
do
is
be
like
you
know:
hey,
failed
validation
and
then
the
the
test,
the
webhole,
can
either
test
that
the
web.
E
I
will
put
a
comment
on
this
issue
to
that
effect,
but
I
just
wanted
to
put
this
here.
So
people
have
time
to
think
about
it.
A
C
E
I
mean
practically
Albert
would
check
that
easy
to
have
to
run
the
same
logic
as
the
webhook
and
then
like,
but
and
then
so.
What
that
would
mean,
though,
is
that
the
implementation
would
also
need
to
be
validating
where
book
like
it
would
just
mean
that
you'd
have
to
because
the
only
way
to
stop
stuff
showing
showing
up
in
the
API
server
is
a
validating
workbook
right
like
that's.
The
only
way
that
you
can
have
it
never
show
up
in
the
API
server
at
all.
That's
why
I
was
like
hey
if.
E
E
A
C
Mean
so
I
think
we
I
think
we
should
definitely
document
that
that
is
required
for
a
conformant
environment,
but
that
whether
or
not
a
controller
is
always
running
in
conformant
environment
is
kind
of
unknown
right.
A
E
If
you're
say
running,
something
that
is
that
handles
Gateway
API,
that's
also
a
service
mesh
like
me,
then
you
know
then,
and
you
you
can
end
up
with
weird
dependency
problems
where
you
have
to
be
really
careful
about
when
you
start
the
cni
and
make
the
network
available
versus
when
you
start
doing,
reconciling
like
Network
objects
and
stuff
like
that,
whereas
with
the
API
server
the
validating
stuff
is
built
into
the
API
server.
E
So
there's
no
there's
no
sort
of
network
hop
required,
so
yeah
I
think
the
fact
that
we're
out
of
tree
and
validating
where
pork
needs
to
be
like
an
extra
extra
service
that
requires
the
network
to
be
up,
means
that
there's
like
and
like
some
people
are
just
like.
I,
don't
want
one
I,
don't
want
to
run
extra
web
books
they're
hard
and
they
they
can
go
wrong
and
things
can
get
weird
if
they're,
not
there
and
like
I.
E
A
E
D
Yeah
I
guess
I'll
answer
that
and
have
my
own
question
personally
I
think
it
makes
sense
devout
to
validate
that
there's
some
validation.
If
that
makes
sense,
my
one
question
I
had
was
I,
got
some
kind
of
bits
and
pieces
of
this,
but
I
figured
to
ask
directly
I
sent
NPR
to
estio
to
kind
of
embed
the
validation
logic,
because
there's
a
fixed
cost
of
running
a
web
hook
and
like
we
already
paid
that
cost,
so
it
seems
logical
to
add
an
option.
D
E
I,
don't
know
I
mean
I.
Think,
as
you
said
in
your
comment.
The
worst
case
scenario,
if
you
have
lots
of
validated
running,
is
that,
like
your
API,
calls,
take
a
little
bit
longer
because
you've
got
to
reach
out
to
a
few
things
but
like
if
you're
already
going
to
be
running
a
validating
workbook
for
a
bunch
of
resources,
then
it's
like
you're,
adding
and
getting
the
gateway
to
I
wanted
your
one
is
probably
not
ever
good
cost
like
and
so
and
that's
why?
E
That's
actually,
one
of
the
reasons
why,
when
I
was
writing
this
issue,
I
was
like
the
important
part
is
that
the
validation
happens,
not
that
you're
running
the
the
webhook
container
image
that
we
Supply,
and
so
that
is
100.
That's
actually
what
I
wanted
to
get
to
from
having
this
issue.
Oh
perfect,
thanks.
A
C
All
right,
yeah,
so
I've
I've
got
a
bunch.
I'll
just
go
real
quickly
through
all
these,
because
yeah
first
up
just
right
now
in
Gateway
API
we
have
a
role,
that's
known
as
maintainer
and
and
that's
you
know
basically
Bowie
Nick,
Shane
and
myself,
and
then
we
have
gamma
leads,
but
there's
not
really
any
clear
role
between
that.
Like
there's,
not
a
clear
contributor
ladder
and
that's
unfortunate,
and
so
one
of
the
things
that
we've
been
talking
about
is
adding
kind
of
a
clearer
first
step.
C
If
you
want
to
have
a
formal
role
in
this
project
that
isn't
all
the
way
to
maintainer
Project
Lead
whatever
so
one
of
the
things
we're
working
on
is
defining
a
new
reviewer
role
and
the
specific
requirements
that
go
along
with
that.
We've
got
lots
of
room,
tons
and
tons
of
PR's
and
activity
that
we
could
use
help
reviewing.
So
just
keep
that
in
mind.
We're
we're
trying
to
think
of
ways
to
get
more
people
involved
and
recognize
all
the
contributions
that
are
already
out
there,
but
yeah.
C
We
do
want
to
have
a
clear
ladder
and
progression
from
reviewer,
approver
maintainer.
So
there's
a
clear
path:
next
up,
I'll
just
keep
on
moving
here.
Kubecon
cfp
is
coming
up,
Friday,
really
really
soon
I.
You
know
anyone
can
submit
anything
and
that's
great
I
I
feel
like
we're
going
to
have
some
Gateway
content
at
this
next
kubecon
I'd
love
to
see
whatever,
but
if
you're
interested
in
trying
to
coordinate
so
you're,
not
there's
not
10
people
posing
the
same
talk.
I
I
have
some
understand,
I.
C
Think
all
of
the
maintainers
have
some
understanding
of
like
at
least
some
of
the
talks
that
are
being
proposed.
So
if
you
want
to
just
you
know,
run
it
by
any
one
of
us
either
to
help
review
what
you're,
saying
or
say
you
know
check
if
it's
conflicting
with
someone
else,
definitely
happy
to
help
out.
E
I
would
say
yeah
for
if,
for
the
reviewer
thing,
if
you
are
interested
in
you
know,
climbing
the
contributed
ladder
like
I
would
strongly
recommend.
You
take
ping,
one
of
us.
E
If
you
don't
want
to
talk
about
it
here
or
on
the
public
Channel,
then
ping,
one
of
us
privately
and
sort
of,
say,
hey
I'm,
interested
in
climbing
the
ladder,
and
you
know
I
think
it
should
look
like
this
or
you
know,
or
even
just
I'm
interested
in
client
and
Ladder
means
that
then,
once
we
have
this,
we
can
come
back
around
and
be
like
hey.
We
made
it
so
that
you
need
to
do
this.
You
know,
if
you
go
and
do
this,
then
we
will.
E
C
Yeah
for
sure
well
said,
and
then
the
last
thing
I
had
on
the
agenda
was
if
this
is
a
big
topic.
So
maybe
just
comment
on
this
if
you're
interested,
because
this
is
a
big
one,
but
if
you
have
I
feel
like
other
people
have
mentioned
this
before,
but
the
idea
of
just
a
single
field
somewhere
on
Gateway
that
you
can
redirect
HTTP
to
HBS,
has
been
requested
right
now.
C
Just
throwing
that
out
there.
Trying
to
you
know
gauge
interest
level
in
that.
Maybe
just
comment
there
for
now:
I
haven't
even
created
an
issue,
but
yeah
we're
past
time
and
the
the
very
last
thing
that
Shane
just
had
up
is
this
one,
which
we're
also
way
past
time
to
discuss
in
any
meaningful
way.
But
we
want
to
have
conformance
tests
on
multiple
TLS
certificate
routes,
because
we
said
one
specific
aspect
of
it
needed
to
be
done
this
specific
way,
but
we
haven't
defined
the
rest
of
it.
C
We
have
no
clue
what
it
means
to
Define,
multiple
certificate,
refs
and
how
that
should
be
implemented.
So
please
take
a
look
at
this
one
I
added
a
comment
or
two
but
I'm,
really
just
looking
for
some
broader
feedback
of
people
that
have
actually
implemented
this
and
have
ideas
on
how
we
should
support
this
because,
right
now
we
just
don't
have
any
guidance.