►
From YouTube: SIG Network Gateway API for 20221031
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
All
right
happy
happy
for
Halloween.
This
is
October
31st,
at
least
in
North
America,
and
we've
got
a
few
things
on
the
agenda
for
the
Gateway
API
meeting
actually
way
more
than
I
think
we'll
get
to.
But
thank
you
everyone
for
making
it
again.
This
is
just
a
normal
kubernetes
community
meeting
we're
subject
to
the
same
code
of
conduct
as
any
other
kubernetes
community
meeting.
So
again,
just
please
be
nice
to
each
other.
A
This
agenda
that
I
have
screen
shared
here
should
be
editable
by
anyone.
If
you're
looking
for
a
link,
I
can
post
it
in
chat,
but
the
high
level
thing
is:
if
you
see
something
on
here
that
or
don't
see
something
on
here
that
you'd
like
to
talk
about.
Please
add
it
to
the
agenda
today.
I
feel
like
our
agenda
is
going
to
be
packed,
so
we
may
not
get
to
everything
but
we'll
see
I'm
terrible
at
predicting
these
things.
A
So
yeah
first
off
I,
want
to
say
thank
you
to
everyone
that
was
able
to
make
it
to
kubecon.
It
was
great
to
see
many
people,
but
also
apologies
to
anyone
who
couldn't
make
it
for
for
any
kind
of
reason.
I
wish
we
could
have
included
you
better,
I
I
know
for
working
sessions,
especially
I
wish.
We
had
better.
You
know
technology
in
the
room
that
would
have
made
a
hybrid
meeting
more
practical.
We
tried
to
include
a
bunch
of
notes
from
our
meetings
down
below,
but.
A
Yeah
no
worries,
and
yes,
everyone
that
couldn't
be
there
was,
was
definitely
very
missed.
These
meetings
largely
were
just
like
extensions
of
our
virtual
gamma
and
Ingress
focused
meetings,
so
you
know
nothing,
nothing
too
groundbreaking
there,
but
maybe
I'll
just
highlight
a
couple
things
one.
A
There
was
some
interest
so
in
in
one
of
the
contrib
summit
talks
I
presented,
you
know
some
of
the
pain
points
we've
run
into
with
Gateway
crds
and
there's
been
some
interest
as
a
result
of
that
in
getting
a
new
working
group
spun
up
to
try
and
address
some
of
these
things
so
that
we
can
have
kind
of
cross
sake,
effort
to
ensure
that
the
pain
points
we're
experiencing
are
smoothed
over
by
the
time
the
next
Project's
behind
us
run
into
them.
So
really
excited
about
that.
A
If
that's
the
kind
of
thing
that
is
interesting
to
you
definitely
reach
out,
but
it
seems
like
something
will
happen
there
talking
to
people
from
say,
auth
and
security
bit,
there's
some
interest
or
recommendation
for
us
going
through
a
third
party
security
audit.
This
is
something
that
K
slash.
K
goes
through
on
occasion
and
I.
Think
we've
been
missed
because
of
where
we
are,
but
it
would
make
sense
for
us
to
go
through
the
same
process.
A
So
we
need
to
get
the
wheels
going
on
that
process
and
again
that's
reaching
out
to
sagazi
security,
I
think
sick,
Arch,
a
few
different
sigs,
but
again
just
another
follow-up
out
of
here
it
seemed
like
there
was
sufficient
interest.
A
I
talked
to
people
in
cigarth
and
Sig
storage
about
reference
Grant
again
and
just
moving
that
not
just
to
a
neutral
home
but
directly
to
K,
slash
k,
you
know,
and
then
this
was
one
of
the
things
specifically
out
of
our
working
session,
that
grpc
route
every
implementer
I
talked
to
said:
oh,
that's.
You
know
that
that
is
something
we
definitely
want
to
support,
but
it's
not
on
our
you
know
six
month
roadmap.
Basically,
it
is
not
something
that
is
coming
tomorrow
and
because
our
graduation
criteria
is
the
way
it
is.
A
We
really
need
some
implementations
before
we
can
get
to
standard
channel
before
we
can
get
to
Beta
Etc
I'm.
Seeing
a
comment
here
from
Sunjai
that
Contour
is
looking
at
prioritizing
this
soon
I
don't
know.
Does
it
does
anyone
else?
Is
anyone
else
aware?
Implementations
are
coming
down
the
pipeline
that
might
be
ready
in
the
next
six
months.
Let's
say.
D
E
F
Great
traffic
director
as
well.
F
For
the
most
part,
yes,
if
you
pair
it
with
some
conformance
tests
for
like
HTTP,
2
compatibility
and
I,
actually
have
written
a
translator
like
that
it
hasn't
been
spruced
up.
But
theoretically
anybody
should
be
able
to
use
that
translator.
Yeah.
D
F
I
mean
yeah,
it
basically
does
exist,
but
before
like
putting
my
stamp
of
approval
on
it
and
saying
people
should
pull
it
into
their
controllers,
I'd
wanna,
you
know
just
clean
it
up
a
bit.
First.
F
Yeah
status
status
is
definitely
a
gap
with
the
the
current
translation
approach.
So
not
at
the
moment,
though
I
do
think
it
would
be
possible
to
make
something
like
that
happen.
A
Cool,
so
just
catching
up
with
notes,
so
so
status
is
Gap
and
translator
right
now,
but
possible.
Potentially,
okay,
hopefully
I,
didn't
miss
anything
else,
but
yeah
that
that
is
a
thing
that
I
just
again
lots
of
interest
in
grpc
route.
I
just
want
to
make
sure
that
we
can
move
it
forward
and
move
it
forward.
We
need
people
actually
implementing
it
yeah,
so
it
sounds
like
we
have
some
coming
and
I
appreciate
that
as
a
whole,
this
kubecon
was
very
memorable
to
me.
A
I
I
feel
like
this
was
a
kubecon
that
we
clearly
made
it.
This
was
a
very,
very
high
interest.
You
know,
Shane
and
I
had
a
talk
on
Thursday
and
there
were
people.
You
know,
like
you
know,
standing
all
the
way
around
it
was
overflowing.
There
were
people
sitting
in
the
aisle
of
the
you
know
and
in
front
of
the
screen
and
just
like,
we
were
way
over
capacity
and
I.
A
Just
yeah
I
appreciate
all
the
support
and
it's
you
know
it's
great
to
actually
see
so
much
interest
in
this
and
yeah
I
went
to
most
of
the
Gateway
API
related
talks
and
all
of
them
seemed
to
have
high
levels
of
Interest.
A
I
also
should
call
out
John
and
Keith
both
both
here.
They,
they
had
a
great
talk
on
gamma
and
also
lots
of
interest
in
that
one.
So.
A
Yeah
before
and
and
the
last
thing
I'll
say
on
kubecon
cfp
for
kubecon
EU,
it's
always
awful
like
this,
but
you
just
get
out
of
a
kubecon
and
right
away.
It's
like
oh
I,
gotta
figure
out.
If
I
want
to
speak
at
the
next
kubecon,
but
I
would
love
to
have
Gateway
well
represented
again.
We
you
know
if
you
have
ideas,
I'd
love
to
get
some
kind
of
centralized
pool
of
ideas
and
then
distribute
speakers
or
potential
speakers
as
well
as
we
possibly
can
here.
A
I
I'd,
say:
there's,
there's
no
real
need
to
give
a
Gateway
API
talk
on
your
own.
There's
lots
of
people
interested
in
helping
to
present
Gateway
API.
So,
let's
you
know
get
as
many
people
as
we
can
through.
If
we
can
yeah.
B
I'll,
probably
reset
me
the
reference
Grant
talk
that
I
was
going
to
give
it
this
one
to
EU,
which
is
by
myself
sorry
I've
got
the
talk
written
already.
Oh
no,.
A
That's
fine,
that's
fine!
Completely
fine,
but
yeah
I
know,
there's,
there's
lots
of
interest
in
making
it
the
kubecon.
So
maybe
we
can
just
have
a
pool
of
ideas.
I
have
three
or
four
different
ideas
are
Gateway
related
that
I
can
share.
I
know,
I
was
talking
to
Shane.
He
has
some
I
I
feel
like
there's
got
to
be
something
like
on
camera
again,
I,
don't
know
what
exactly
would
present
there,
but
yeah
yeah
would
love
to
have
be
well
represented
again,
yeah,
okay!
A
A
Foreign
I'll
keep
on
going
then
I
think
John
that
that
means
you're
up
next
conformance
testing
for
mesh.
D
Hey
yeah,
so
I
initially
was
gonna.
Just
do
this
in
the
game
meeting,
but
I
realized
it
probably
overlaps
quite
a
bit
here.
So
I'll
discuss
it
here
and
if
you
want,
you
can
tell
me
to
go.
Take
it
again,
I'm
a
meeting
so
there's
kind
of
a
kind
of
a
broad
set
of
issues,
but
the
the
primary
issues
that
for
mesh
the
way
we
do
can
form
assessing
just
simply
doesn't
work
right.
D
Today
we
have
the
actual
go
binder
and
it
makes
an
HTTP
call
to
the
Gateway
IP,
which
must
be
reachable.
So
this
is
oftentimes
like
an
external
load
balancer.
So
it's
no
problem,
that's
fine
for
testing
Ingress,
but
for
mesh
we
need
to
test.
You
know,
connections
between
two
pods
that
are
running
in
the
in
the
mesh,
so
we
need
a
way
to
do
that.
Basically,
obviously
in
istio,
we
have
a
way
that
we
do.
D
This
I
think
it's
decent
if,
if
complicated
others
probably
have
ways
to
do
this
as
well,
that
we
could
look
into
so
kind
of.
My
request
is
that
we
in
this
meeting
at
least
get
some
feedback
on
the
types
of
things
that
we
do
or
don't
want
to
solve.
D
You
know
we're
not
going
to
come
with
a
solution
here.
Obviously,
and
if
you
know
people
have
feedback
on,
you
know
what
they've
done,
what
they
like
or
don't
like
and
whatnot
more
broadly
than
just
like
the.
Where
is
the
request
coming
from
there's
also
like
we
just
use
the
go
HTTP
client,
which
works
fine
for
testing
HTTP
route.
D
If
we
want
to
test
a
TCP
route
like
sure
we
can
make
a
tsp
connection,
write
some
bits,
but
it's
kind
of
painful
API
to
use
and
then
what's
the
back
end
like
do
we
want
to
go
write
another
back,
end
Etc,
so
that's
kind
of
where
the
overlap
with
the
non-mesh
came
in
is
like.
Do
we
do
kind
of
a
more
broad
re-haul
of
what
we're
doing
for
conformance
testing?
D
So
in
the
Easter
world
we
kind
of
made
our
own
Echo,
client
and
server.
That's
like
the
whole
kitchen
sink
right.
It's
got
like
UDP
TCP,
HTTP,
all
the
protocols,
one
two
one,
two,
three,
whatever
crazy
thing
that
clients
are
doing,
we
can
even
send
like
invalid
HTTP
requests,
for
example,
because
we
want
to
test
like
all
these
different
things
right
and
then
they're
controlled
through
a
grbc
endpoint.
So
we
can
tell
like
the
client
to
send
their
request
to
someone
else
so
that
we
don't
have
to
you
know.
D
So
we
can
do
the
mesh
testing.
So
like
one
option
here
is
like
we
just
lift
that
and
use
that
I
I'm,
probably
biased,
I,
don't
know
how
this
feel
about
that
feathers.
Have
better
Solutions
happy
to
do
that
as
well.
We
could
build
our
own
thing,
so
I
just
want
to
get
some
kind
of
high
level
feedback
on
on
that.
A
G
Honestly,
the
what
John
described
is
fairly
similar
feels
like
there
are
more
scenarios
in
the
Echo
server
that
ichio
uses
so
I'm
I'm.
Fine
doing
that,
just
whatever
makes
the
most
sense
is
gonna
be
more
extensible
is,
is
what
I'm
cool
with
but
yeah
the
the
solution
is
I.
Think
there's
General
agreement
about
like
how
to
do
it.
Broadly,
there's
not
a
lot
of
of
drift
there.
It's
just
a
matter
of
okay.
G
What
kind
of
features
we
want
to
add
to
what
kind
of
traffic
do
you
want
to
send
what
interface
you
want
to
provide
for
folks
to
extend
and
use
it
for
conformance
testing
and
things
of
that
nature,
so
I'm,
I
I,
wouldn't
feel
basically
using
the
SEO
one
or
we
can
do
the
osm
approach
to
just
does
not
matter
to
me.
D
Yeah
one
thing
I
will
say
on
using
the
exec
specifically
I,
don't
know
how
many
tests
we'll
have,
but
at
least
at
the
East
Geo
scale
of
testing
I,
don't
think
that
would
perform
well
we're
doing
like
50
000
requests
across
all
of
our
tests,
something
to
consider
I.
Don't
we
probably
won't
have
that
many
here
unless
we're
an
exounding
success
on
our
testing.
G
But
yeah
it
is
it
is.
It
is
slow,
we're
starting
to
see
that
as
osm's
scales
as
well.
So
that's
a
that's
a
fair
amount
for
sure.
A
So
what
this
is
kind
of
a
higher
level,
I
I
mean
this.
This
all
sounds
fine
and
I'd
love
to
get
conformance
in
sooner
than
later,
for
mesh.
Just
a
higher
level
thing.
Everything
we're
saying
here
and
it's
not
unique
to
this
seems
to
basically
rule
out
the
idea
of
more
than
one
mesh
implementation
being
present
in
the
same
cluster.
D
I'm
I'm
not
sure
and
I'm,
not
sure
why
this
discussion
draw
you
to
that
conclusion
either.
So.
A
Okay,
so
to
clarify,
with
with
the
conformance
test
we
have
for
Ingress,
you
specify
a
like
I
want
to
test
this
specific
class.
You
know
in
this
cluster
with
this
I
think
you're
just
expect
I
I'm,
assuming
the
way
mesh
conformance
test
would
work
is
you
would
expect
the
mesh
to
be
present
in
the
cluster
and
then
just
expect
a
set
of
behavior
to
happen
without
specifying
a
mesh
name
or
anything
beyond
that
yeah.
D
I
think,
since
we
don't
currently
in
the
spec
declare
like
an
enablement
API
like
we'll
need
for
the
testing
to
have
some
way
to
say
like
this,
mesh
should
be
enabled
for
these
tests,
like
if
everyone
did
namespace
label,
for
example,
like
we
could
just
say
like
okay.
What's
the
namespace
level
to
apply
right
and
it's
almost
like
Gateway
class
name,
I,
don't
know
if
that
will
work,
because
it's
not
everyone's
doing
namespace
label,
but
you
know
in
some
way
shape
or
form.
B
I
think
that
the
the
one
thing
that
we
did
just
talk
about
earlier
on
in
gamma
robita,
even
in
the
case
where
there's
only
one
mesh
running
in
the
cluster
there
may
be
times
at
which
you
end
up
with
two
of
them
running,
because
you're
doing
an
upgrade
and
so
yeah
yeah,
so
yeah,
exactly
and
and
so
for
yeah
facilium,
it's
essential
thing
like
you
know,
there's
only
one
psyllium,
because
it's
a
cni
and
happens
to
be
immersed
as
well,
so
yeah
I
think
it
feels
like
it's
the
edge
cases
there
that
are
going
to
be
the
tricky
bit
and
I
I.
B
Think
that,
as
as
John
says,
it's
it's
all
about
enablement.
That
was
one
where,
when
we
talked
about
it,
we
were
like
this
is
a
this
is
a
big
can
of
worms.
We're
gonna,
leave
it
for
later,
so
yeah
I
think
that's
the
that's
where
that
is.
This
is
the
where,
like
enablement,
is
hard
everyone's
doing
it
differently,
let's
figure
out
what
we
want
to
how
we
want
to
represent
the
mesh
stuff
first
and
then
figure
out
the
enablement
story
later.
E
G
That
seems
fair
all
right
go
ahead.
Keith
I
was
going
to
say
kind
of
the
next
point
that
this
is
something
that
I
think
we
we
will
definitely
talk
about
in
the
game
meeting
tomorrow
and
you
know,
tests
are
very
useful
and,
as
we
all
agree
and
I
think
that
this
may
potentially
like
make
us
go
back
some
of
those
things
that
we
were
punting
and
flush
that
out,
because
conformance
tests
are
kind
of
making
those
edge
cases
more
bringing
those
forward
more
than
we
would
have
considered
previously.
A
Yeah,
this
is
great.
I
am
fully
supportive
of
getting
mesh
Focus
conformance
tests
in
soon
yeah,
and
it
seems
like
this
General
approach
is
reasonable.
So
yeah
any
any
last
comments
on
this
one.
B
B
It's
I
think
yeah,
it's
just
a
matter
of
yeah
I,
don't
think
the
tool
matters
as
much
as
the
fact
that
yeah
we
have
to
do
something
to
be
able
to
reach
into
the
cluster
and
remote
control
things,
and
it
would
be
nice
if
we
can
use
something
similar
for
outside
the
cluster
for
the
the
sort
of
the
Ingress
traffic
testing.
B
Yeah
man
it'd
be
nice.
If
we
could
have
like
us
the
same
approach
for
everything,
even
if
you
have
to
run
like
the
client
outside
the
cluster
or
something
like
that
to
make
it
work
because
it
right
now
the
the.
B
Tests
do
the
actual
requests
themselves
like
if
you're
going
to
have
a
client
thing
and
you're
doing
it
trying
to
do
it
the
same
between
the
Ingress
stuff
and
the
mesh
stuff,
then
you
have
to
like
have
the
conformance
to
start
the
start.
The
client
like
outside
the
cluster,
so
that
then
you
can
test
the
the
Ingress
path,
but
anyway,
I
think
that's
that's
something
we
can
talk
more
in
the
gamma
meeting
about
for
sure
I
think
we
got
too
much
other
stuff
to
spend
too
much
more
time.
Talking
about
this.
A
Yeah,
that
is
a
really
good
point
in
my
head.
I've
been
just
kind
of
assuming
that
there's
kind
of
a
you
know
we're
independent
of
each
other.
You
know
there
was
your
mesh
conformance
tests
and
there
were
Ingress
conformance
tests
and
they
didn't
over
that,
but
I
realized
that
is
likely
naive
and
figuring
out
how
we
bring
those
together
is
going
to
be
fun
John
when
you
were
starting
on
this,
did
you?
How
did
you
imagine
starting?
Would
you
like?
A
Would
this
be
like
two
separate
things
that
eventually
become
one
or
is
it
I
I,
don't
know
any
ideas.
D
Yeah
I
mean
if
we're
going
like
I
feel
like
they're,
probably
not
separate
because
like
if
we
have
to
go
include
this
whole
like
in
cluster
thing,
then
we
might
as
well
just
go
to
the
end
State
and
not
try
and
do
it
like
twice
so
yeah.
It
seems
like
it
like
they're
kind
of
disjoint
things,
but
they
should
probably
happen
at
the
same
time.
E
B
A
Yeah
I
I,
don't
know
I
I
like
like
you
said
we
do
have
other
things
to
get
to,
but
I
am
highly
supportive
of
this,
and
just
let
me
know
how
I
can
help,
whether
it's
two
separate
things
that
become
one
eventually
or
it's
easier.
Whatever
it
is
yeah,
maybe
some
kind
of
you
know
we
had
a
conformance
gap
initially.
Maybe
the
next
step,
for
this
is
just
to
extend
that
conformance,
Gap
or
create
a
new
one,
depending
on
your
preference.
A
That,
just
you
know,
is
basically
the
design
of
how
this
would
work.
Maybe
that's
the
next
best
step.
A
Yep
cool
all
right
next
up,
I
think
we've
got
Candace.
Sorry
I
did
not
follow
much
last
week,
but
I
I
did
notice.
There
was
a
slack
conversation.
A
A
You're
really
quiet
for
me:
I,
don't
know
if
it's
anyone
else,
I'll.
I
Sorry
so
I
started
last
week
or
maybe
the
week
before,
trying
to
get
some
clarification
of
pass
through
the
the
you
know
the
the
spec
for
pass
through,
because
we
had
you
know
finally,
sort
of
sank
in
that
pass-through
is,
is
currently
experimental.
Now
it
never
made
it
to
the
V1
beta
V1
beta,
1
1,
milestone,
so
I
had
asked
about
it
and
it
turns
out
that
there
aren't
enough
implementations
of
it
and
there
there
aren't
enough
conformance
tests
for
it.
I
So
I
started
looking
you
know
through
our
documentation.
The
documentation
for
pass
through
and
I
had
some
questions
about
it
myself
and
now,
I'm
wondering
if
there
aren't
any
if
there
are
a
few
implementations
of
it,
because
it's
it's
not
exactly
as
clearly
specified
as
it
could
be.
I
E
I
Okay,
so
let's
see
it's,
it's
supported,
experimentally,
so
it's
it's
in
the
alpha
directory.
It's
not
in
it
hasn't
graduated
to
Beta
in
Gateway
types
we
have
pass
through
on
the
listener,
so
you
can
Define
pass-through
on
The,
Listener
and
then
also
in
in
the
the
user
documentation.
I
Which
talks,
which
is
which
is
not
exactly
aligned
with
where
it
doesn't
seem
to
be
aligned
with
how
we
describe
TLS
as
a
function
of
the
listener
to
me
anyways,
it
doesn't
seem
like
the
two
things
go
together
properly,
so
I
thought.
Maybe
it
seems,
sort
of
like
a
mistake
that
there's
a
or
not
a
mistake,
but
I'm
not
sure
why
there
is
a
TLS
mode
in
in
the
Gateway
listener.
I
I
I
I
And
and
into
stable
Channel,
is
that
enough
background.
E
E
Yeah,
no
no
I
I
was
gonna
hand
off
to
you.
Actually
nick
you
are
about
go
for
it.
B
It's
you
know
and
I
think
that
it
is
basically
I
think
the
nicest
way
I
can
say
this
is
organic
growth,
so
yeah,
like
we
kind
of
went
backwards
and
forwards
on
exactly
how
we
were
going
to
handle
like
terminate
first
pass
through
a
couple
times,
while
we
were
making
our
way
through
and
this
you
know
this
is
yeah.
This
basically
is
like
an
appendix
like
it's
like
it's
a
vestigial
organ
that
you
know
is
there
and
it's
going
to
be.
B
You
know
tricky
to
remove
now,
so
I
think
the
I
think
the
the
things
that
we
can
do
to
tidy
it
up
are,
as
you
say,
I
mean
it's
possible
for
us
to
just
remove
the
like
it's
possible
for
us
to
just
remove
the
TLs
mode
field.
B
That
is
a
large
change,
because
we
would
need
to
do
like
a
deprecation
cycle,
and
some
other
stuff
like
that,
but,
like
I,
think
that
everything
we
were
trying
to
represent
in
that
TLS
mode
field
is
better
represented
in
in,
like
the
choice
of
route
that
you're,
using
like
the
choice
of
Route
resource
that
you're
using
it
would
be
better
to
just
say:
hey,
let's,
you
know
if
you're
using
a
TLS
route,
that's
passed
through
if
you're
using
HTTP
right,
that's
terminate,
that's
that's
the
story
like
that
would
be
much
simpler,
I
think
the
there's
there's
a
cut.
B
There
is
sort
of
into
play
with
a
couple
of
other
features
like
the
protocol.
The
protocol
field
is
sort
of
intended
to
he's,
actually
ended
up
working
like
it's
kind
of
a
like
route,
restrictor,
where,
if
you
say
like
TLS
for
the
protocol
for
that
listener,
then
it
kind
of
implies,
hey.
You
need
to
be
terminating
https
or
or
using
a
HTTP
route
or
using
a
TLS
route
to
to
forward,
but
I
think
that
yeah,
that's
that's
the
feel.
B
I'm
talking
about
yeah
I
think
the
TLs
mode
typing
is
like
completely
obsolete
at
this
point,
and
it
would
be
better
to
just
be
like
the
type
of
route
that
you
attach
sets.
The
type
of
listener.
D
B
I
D
At
this
point,
do
we
have
to
have
a
certificate
there
or
not?
We
need
to
validate
this
right.
So
at
this
point
we
we
can't
reject
it
because
it
could
be
passed
through
and
then
later
they
add
an
HTTP
route.
Now
the
Gateway
is
invalid.
Actually
right
yeah.
So,
okay,
we
report
that
in
satisfying
and
now
they
add
a
TLS
route,
now
does
the
TLs
route
win
or
does
hbr
win?
Okay
was
there
first,
but
the
TLs
remote
kind
of
makes
it
valid,
and
then
the
user
goes
and
adds
a
certificate
to
it.
Now.
D
What
happens
right
is
the
HTTP
out
wins
and
the
TLs
rabbit
isn't
valid
like
I
get
I
get
the
motivation.
It
just
seems
hard
in
practice.
E
D
B
D
I
don't
know
if
this
is
something
we
care
about
sorry
to
interrupt,
but
you
may
also
I
I,
don't
know
if
we
have
Conformity
on
this,
but
like
terminating
the
TLs
connection
and
then
having
no
routes
might
be
different
than
not
terminating
the
TLs
connection
like
maybe
that
would
have
a
Gateway
with
no
routes.
I'm,
not
sure.
If
that's
true
and
it's
kind
of
it's
credible.
B
But
yeah
I
think
that's
undefined
at
the
moment.
There's
a
few
things
like
that
that
we've
that
we
haven't
defined
yet
I
see
Travis
has
a
good
point
in
the
chat
that
yeah
so
I
think
this
is
a.
This
is
kind
of
like
a
term
a
terminology
thing
as
well
a
naming
thing
that
you
know
for
some
people.
B
That's
only
valid
if
you
can
inspect
the
HTTP
stream
at
the
Gateway,
and
so
you
have
to
terminate
you
have
to
either
have
no
TLS
or
you
have
to
have
terminated
the
TLs
beforehand
before
you
can
inspect
the
HTTP
stream,
and
so
the
idea
here
is
the
TLs
route
is
specifically
designed
to
not
inspect
the
TLs
stream.
Aside
from
doing
the
the
Sni,
the
handshake
enough
to
get
the
Sni
and
Route
it
off
to
the
place
where
it's
going
to
end
up
and
I,
think
that's
in
my
mind,
that
is
the
the
key
thing.
B
The
key
difference
between
the
two
things
are
why
they're
named
the
way
they
are
but
like?
It
is
very,
very
clear,
because
we've
got
lots
of
questions
about
this,
that
we
have
not
done
a
good
enough
job
of
explaining
that
that's.
Why
we've
named
the
things
this
way
and
that's
what
they're
intended
to
do
and
yeah
like
the
fact
that
you
know
I
mean
you
know,
Travis
I,
think
the
the
way
you
wrote
it
is
100
Fair,
it's
just
not
the
way
we
ended
up,
designing
the
API
and
so
like.
B
We
need
to
sort
of
ease
people
into
the
fact
that
maybe
this
may
not
match
up
to
their
initial
expectations
and
we've
got
to
you
know,
get
people
across
the
you
know.
This
is
the
conceptual
Gap
and
I
think
the
same
is
true
for
for
type
like
you
know,
there's
a
conceptual
Gap
there
of
like
you
can
set
the
TLs
mode
on
the
listener.
B
But
what
does
it
mean?
Well,
it
depends
on
the
route
that
you've
got
attached
and
so,
like
that's,
that's
like
not
a
it's,
not
a
very
clear
or
it's
not
a
very
clear
place
for
the
expect
to
be
in
and
yeah
like
I
said,
this
is
organic
growth
right,
like
you
know,
we
we
went
backwards
and
forth
on
this
a
lot
and
that's
why
it's
like
that.
It
is
not
like
that
for
any
specific
design
reason.
E
A
I
I
would
good
good
summary
of
current
state
and
current
issues
and
I
I.
Think
organic
growth
is
a
really
good
term
for
the
mess
we
found
ourselves
in
here.
Travis's
comment
in
chat
specifically
reminds
me
of
a
PR
that
I
think
just
got
stale
I,
don't
know
if
we
ever
came
to
a
good
conclusion
on
it,
but
I
remember
there
was
a
community
discussion
of
whether
TLS
route
should
support,
terminate
as
a
TLS
mode.
I
think
that
was
the
discussion.
A
I'm
remembering
and
yeah
I
can
see
how
that
would
be
confusing
of
the
you
know.
You
want
to
use
TLS
as
your
routing
mechanism,
but
you
can
still
terminate
on
the
Gateway
and
then
encrypt
again
between
Gateway
and
Route
and
yeah
anyway,
I
I
I
think
we
have
a
lot
of
work
to
do
here.
I'm,
not
sure
the
best
way
to
I
you
know,
I,
don't
think
we
can
remove
the
TLs
mode
field
now
it
is.
A
It
is
something
like
that
has
made
it
in
the
apis
this
far,
but
we
definitely
can
do
what
you
know,
something
to
improve
the
documentation
and
maybe
getting
some
implementations
of
TLS
route
out.
There
will
help
clarify
and
certainly
conformance
tests
will
help
clarify
our
desired
Behavior.
Here
out
of
curiosity,
who
has
anyone
implemented
TLS
route
so
far,.
B
The
payoff
that
is
due
to
be
merged
sometime
this
week
for
silence
Gateway,
because
I
support,
oh
I,
think
I
actually
know
I
can't
remember
if
it's
tail
is
to
adjust
the
termination
of
the
route.
But
it's
going
to
happen
soon
for
Taylor
Swift.
E
B
So
I
mean
I,
think
the
I
think
the
biggest
thing
here
is
conformance
tests.
If
you
know
it's
not
going
to
take
much
conformance
test
stuff
for
us
to
be
able
to
like
we've
got
three
or
four
implementations
already
it's.
If
we
have
some
folks
write
some
performance
tests
for
Taylor
Sprout,
then,
like
that's
in
my
mind,
there's
not
much.
B
You,
then
that
that
starts
locking
in
the
behavior
enough
that
we
can
be
like
okay.
This
is
ready
for
beta
and
the
conformance
tests
are
where
we
can
have
vigorous
discussions
about
about.
Why
about
exactly
what
the
fields
mean
and
why
they
should
be
that
way
and
if
that's
the
right
way
to
do
it
and
all
that
sort
of
stuff,
because
then
the
conformance
tests
are
going
to
lock
in
what
those
fields
mean
and
what
how
how
the
different
fields
interoperate.
A
Yeah
no
I
agree,
I,
think
that
you
know
Shane
had
been
talking,
I've
been
talking
with
Shane
and
some
others
at
kubecon
about
L4
routes,
and
he
is
specifically
trying
to
get
TCP
and
TLS
routes
through
I.
Think
those
two
are,
you
know
high
on
the
priority
list
for
070
of
getting
them
to
Beta
so
and
I
know.
A
Shane
has
has
said
that
he
wants
to
spend
more
time
working
to
move
those
through,
but
I
know
we
can
always
use
more
help,
but
but
those
two
routes
specifically
are
are
high
on
my
priority
list
of
just
and
I
think
others
of
getting
them
to
Beta
and
standard
Channel
yeah,
any
Candace
I
I,
don't
know
did
any.
Did
that
any
of
that
discussion
help
do
you
have
any
additional
comments,
thoughts,
questions,
ideas
for
how
we
can
improve.
I
Do
we
have
do
you
consider
this
something
important
enough
to
try
to
promote
in
the
next
Milestone
I?
Think
it's
too
late
for
for
this
Milestone
right.
A
Yeah,
it's
yeah
it's
too
late
for
this
Milestone
I.
Don't
think
we
have
as
in-depth
tracking
as
we
want
for.
A
The
next
Milestone
070
I
know
we
discussed
some
of
these
ideas.
No
you're
right,
Mike
I
mentioned
this
as
well.
I
had
thought
that
I
talked
with
Shane
about
TLS
as
well,
but
anyway
I.
We,
some
of
this
have
been
discussed
at
kubecon,
but
again
we
we
don't
have
anything
written
down
in
any
formal
way
about
070.
I
Just
registering
my
interest:
if
this
being
some,
we
we
kind
of
need
this.
We
need
pass-through,
we
need
re-encrypt,
I'm,
also
sort
of
interested
in
whether
pass
through
would
have
any
any
changes
to
pass
through
or
any
clarifications
would
have
any
impact
on
re-encrypt.
B
Yeah
I
think
because
of
the
way,
because,
as
I
talked
before
about
how
generally
we've
kind
of
assumed
that
people
want
the
reason
you
want
to
terminate
and
then
re-encrypt
is
that
you
want
to
be
able
to
use
HTTP
stream
properties.
To
do
routing
is
that
then
most
of
the
Terminator
re-encrypt
use
cases
fall
under
HTTP
route,
because
then
you
can
use
the
HTTP
properties
for
routing
in
the
case
that
you
do
want
to
terminate
in
real
it
and
re-encrypt
a
TLS
stream.
B
You
know,
like
I,
think
we've
been
like
well
yeah.
What
would
you
do
that,
like
yeah,
like
I,
think
that's
the
been
the
sort
of
the
you
know
most
of
the
time
when
people
are
terminating
and
re-encrypting
a
lot
of
the
time
they
want
HTTP
inspection
rather
than
like
just
re-encrypt
so
and
so
I
think
we
need
like
we
just
need.
B
This
is
one
where
we
need
people
to
sort
of
write
down
like
why
you
would
do
it
that
way
and
what
you're
trying
to
achieve,
and
that's
like
the
that's,
probably
the
Matrix
we
want
is,
like
you
know,
HTTP
route
terminate,
re-encrypt,
HTTP
route
terminate
HTTP
out,
you
know
don't
just
just
route
Basin
based
on
the
Sni
like
just
you
know,
like
we
almost
need
like
a
big
list
of
use
cases
and
then
like
how
you
do
that
you
know
table,
and
so
that
they're,
like
you
know,
maybe
that's
cool
book
style.
B
B
You
know,
even
if
it's
not
in
this
documentation,
yet
until
we
do
all
agree,
but
that
feels
like
something
that
would
sort
of
be
well
worth
writing
up
like
and
then
once
we
get
some
use
cases.
My
experience
has
been
that
people
have
other
use
cases
that
the
first
dollar
hasn't
thought
of
yeah,
and
so
this
you
know
writing
at
a
table
like
this
and
then
having
being
people
like
contribute
your
use
cases
and
we'll
figure
out
how
we
represent
them,
even
if
it's
not
representable
yet.
B
B
That's
domain
fronting
yeah,
and
that
is
a
definitely
a
use
case
that
we
need
to
talk
about,
because
sometimes
you
want
to
do
that,
but
a
lot
of
times
if
you,
but
we
don't
have
client
certificate
off
yet.
B
But
if
you
have
client
certificate
author
and
you
allow
domain
fronting,
you
have
just
given
people
a
way
to
finish
the
Sni,
handshake
and
then
route
to
some
other
HTTP
service,
so
big
security
problem,
so
yeah
like
this
is
this
is
the
exact
reason
why
you
want
to
write
down
like
use
cases
and
be
like
you
know.
We
want
to
have
the
Sni
and
the
host
net
and
and
the
HTTP
host
had
a
mismatch,
yeah
and
you've
got.
Then
you
have
a
risks,
column
or
something
like
that.
But
this
is.
A
And
just
just
to
respond
to
micaiah's
last
question
in
chat,
specifically,
we
we
have
strongly
recommended
that
implementations
ensure
that
S9
header
match
to
avoid
domain
fronting,
but
the
only
record
the
only
requirement
is
that
if
you
don't
verify
that
you
must
clearly
document
that
you
don't
so
there
there
is.
We
left
some
room
open
for
domain,
fronting
yeah,
so
wow
we've
got
a
lot.
I
can't
keep
up
with
everything
in
chat,
wow,
I
didn't
even
know
we
had
this.
A
We've
got
this
all
over
the
place
yeah.
This
is
inconsistent.
B
I
mean
I
think,
and
this
is
the
problem
right,
there's
like
four
or
five
different
places
where
this
information
is.
It's
been
written
at
different
times
where
we
have
different
ideas
or
something
like
that.
B
Think
that,
like
it
just
this
is
one
of
the
times
when
one
person
needs
to
get
all
of
it
into
their
head,
be
like
here's
all
the
problems
and
then
you
can
and
then
we
can
all
start
talking
about
like
what's
the
solutions,
but
one
person
needs
to
do
the
review
and
get
in
the
head
like
and
and
write
down
a
list
of
all
the
problems
and
all
of
the
things,
maybe
one
or
two
people
and
then
and
then
we
will
have
a
Way
Forward
like
like
I
did
like
I
did
with
the
the
status
thing
right.
B
Like
you
know,
I
had
to
go
and
read
like
every
status
thing
we
did
and
figure
out
like
what
were
we
doing
and
make
some
ideas
up.
Yep.
I
I
can
try,
we
have
a
vested
interest
in
it.
A
So,
thank
you.
I
appreciate
that
yeah.
Thank
you
for
all
your
help
with
this
I
think
we
should
move
on,
but
yeah.
Thank
you
for
bringing
this
up.
This
is
a
very
confusing
part.
I
didn't
even
realize
how
confusing
I
have
I
have
behavior
that
I
expect
in
my
head
and
then
sometimes
I
look
at
the
dots
and
they
yeah
it
doesn't
always
match
up.
So
thank
you.
Thanks.
A
So
next
up
the
vo60
Milestone.
We
really
need
to
get
something
out
soon.
I,
let's
run
through
I,
think
a
lot
of
these
left,
our
status
I,
don't
know.
Maybe
Nick
do
you
have
any
status
update,
I.
B
Do
not
I
do
not
have
status
status,
updates,
I,
think
80s
100.
A
lot
of
this
is
this:
a
couple
of
people
have
picked
up
some
of
the
issues
that
were
spun
out
of
this,
so
I
think
the
there
was
a
question
in
the
channel
by
Lucas
Papa,
that's
yeah
about
picking
up
accepted
the
septic
condition.
I
think
the
I
need
to
check
in
with
him
about
which
issue
he's
got
and
which
is
who's
still
outstanding.
B
So
yeah
it
looks
like
Lucas
is
doing
the
ad
programmed
ready
condition
and
move
ready
to
Extended
conformance
part
I
think
that
actually
is
not
in
the
Milestone
and
it
should
be
18070.
Okay,
I
think
that
probably
should
be
060,
because
it's
part
of
the
status
rewrite
I
will
fix
that
now.
Yeah.
E
B
Yeah
yeah
I
I
have
I,
I
must
admit,
I
needed
to
not
be
doing
too
much
work
last
week,
while
you
were
all
having
a
good
time
and
catching
up
and
stuff
and
I
was
sitting
at
home
by
myself.
B
So
I
have
am
a
little
bit
behind,
so
I
will
go
through
the
the
Gap
1364
and
just
check
yeah
check
where
things
are
at,
and
you
know
do
a
bit
of
an
update
today
on
that
issue
and
make
sure
the
make
sure
that
we've
got
all
of
the
outstanding
work
covered
in
issues
that
are
assigned
to
somebody.
I.
Think
that
should
cover
out
most
of
most
of
the
most
of
the
remaining
things.
A
Great
now,
thank
you
for
all
the
work
on
this.
It
looks
like
we
have
somebody
assigned
to
basically
everything
in
the
Milestone
now
I
appreciate
all
that
you've
done
to
help
make
status
better
in
this
release.
The
one
thing
that
I
want
to
call
out,
as
nobody
is
working
on
this
right
now
that
I'm
aware
of,
is
the
problem
that
John
found
in
our
conformance
tests.
A
This
feels
like
just
anybody,
can
work
on
this
I
John.
If
I'm
remembering
correctly,
the
actual
the
actual
change
we
need
to
our
conformance
test
is
pretty
minimal
right.
It's
just.
A
Not
sure,
but
anyway,
I
think
this
is
a
really
small
small
fix
and
I
know.
At
least
one
of
the
things
is
changed,
but
we
still
need
some
more
work.
So
if
anyone
has
some
time
to
spend
on
performance
tests,
this
would
be
very
useful
and
we
do
need
to
have
it
fixed
before
we
try
and
release
l60
yeah.
So
if
anyone
has
exercises,
take
a
look
at
this
one,
this
is
14.73.
A
All
right
and
I
know
we
are
quickly
running
out
of
time,
so
I
want
to
keep
on
moving
on
this
one.
Let
me
just
mention
that
Ingress
to
Gateway
finally
has
some
code
and
actually
thank
you.
Some
giant
looks
like
we
have
another
PR
yes,
this
is.
This
is
still
Rough
Around
the
Edges,
but
you
know
one
of
those
works
on
my
cluster
kind
of
thing.
So
you
know
it
works
good
enough.
We
we
presented
it
at
kubecon
last
week
and
yeah.
Thank
you.
A
A
If
you
have
any
annotation,
you
want
to
convert
from
Ingress
to
Gateway
Jump
On
In
I
want
this
to
be
something
that
anyone
feels
like
they
can
contribute
to,
and
I
appreciate
that
Sunjai
has
taken
the
time
to
actually
document
the
current
behavior
of
how
this
works.
So
I
think
anyone
can
feel
welcome
to
review
any
PRS
here,
create
issues
ETC,
just
I.
A
Look
at
this
as
just
an
extension
of
the
Gateway
API
subproject
so
definitely
keep
an
eye
on
this,
and
if
you
want
to
contribute
very
welcome
all
right
next
one
up
just
a
question
for
for
the
group
here.
This
was
actually
Arco,
I
think
you're
on
the
call
so
I
I
think
this
all
looks
great,
but
I
think
this
is
the
first
time
we've
had.
A
implementation
on
our
implementations
page
include
their
conformance
test
status.
As
you
know,
this
implementation,
as
of
this
release,
passes
conformance
tests.
A
H
The
and
I
think
that
yeah
I
mean
having
something
is
better
than
nothing,
and
you
know
the
more
people
put
stuff
in
here,
the
more
we
can
figure
out
what
information
needs
to
be
in
there
and
what's
useful
and
stuff,
and
that
will
help
us
write
the
the
standardized
way
to
do
it.
So,
yes,
I'm.
Definitely
in
favor
of
more
of
us
doing
this.
A
Cool
I
think
that's
good
enough
for
me:
I'll
just
LG
TM
this
and
it
can
go
in,
but
just
wanted
to
make
sure
and
again.
If,
since
we're
letting
this
in
one
way,
I
think
if
you
have
an
implementation
and
you
want
to
update
the
conformance
status
better.
A
Yep-
and
at
this
point
we
are
just
blindly
trusting
you,
please
don't
take
too
much
advantage
of
that,
but
at
some
point
we
will
have
centralized
conformist
reporting
that
had
come
with
some
form
of
verification
as
well.
Oh.
H
Yeah,
there's
there's
a
bunch
of
Hoops.
We
need
to
jump
through
to
make
it
work.
The
way
like
the
Upstream
one
is.
There
is
quite
the
I:
don't
want
to
call
it
Ruby
Goldberg
machine,
because
it's
quite
like
that's,
not
very
complimentary,
but
there
there
are
a
lot
of
pipes
and
wiring
that
fits
together
to
make
that
thing
happen.
A
And
then
next
up
I
think
we
have
a
few
minutes.
Sunjai
I
think
you're
on
this
car.
Yes,
policy
attachment.
C
Yeah
so
doesn't
have
to
be
too
in-depth
since
we're
not
right.
We
don't
have
that
much
time,
but
Contour.
C
We
started
experimenting
with
in
implementing
some
more
advanced
features
with
policy
attachment
or
filters
or
whatnot
I
got
a
there's,
some
links
to
some
spikes
and
Contour
where
that
that
work
not
tested
or
anything,
but
just
just
some
some
things
that
work
so
got
a
couple
examples
of
things
where
policy
attachment
is
kind
of
a
little
funny
so,
and
we
saw
I,
saw
in
the
original
gift
for
policy
attachment
that
there
was
the
idea
that
it
could
be
extended.
C
The
target
ref
in
it
policy
could
possibly
be
Extended
with
a
section
name
field
and
I
think
my
conclusion
out
of
this
little
experiment
that
that
would
be
quite
useful
because,
let's
take
the
example
of
triangular
policy
trying
to
apply
different
policies
to
different
listeners
right
now,
you'll
have
to
actually
separate
them
out
into
different
gateways
and
depending
on
your
implementation,
that
could
mean
that
you
actually
end
up
getting
a
whole
different
control
plane
in
the
data
plane,
because
you've
got
a
second
second
Gateway
resource.
C
C
If
you
want
to
apply
to
a
policy
to
a
particular
route,
you
need
to
separate
that
out
into
its
own
resource,
there's
ways
that
you
can
work
around
these
sort
of
organizational
things,
but
they
kind
of
force
you
as
a
user
as
a
as
an
organization
different
personas,
to
into
a
kind
of
a
prescribed
way
of
organizing
all
of
your
resources
in
your
cluster,
which
I
assume
is
not
kind
of
what
we
want
to
do.
C
We
want
to
let
people
have
as
much
flexibility
as
we
can
so
yeah,
so
the
spikes
that
I
did
is
just
implementing,
like
rate
limiting
with
contour
and
Envoy,
with
a
with
a
policy
and
also
did
it
with
a
filter
just
to
see
how
that
would.
How
that
would
play
out
so
got
some
other
notes
on
when
you
would
use
policies
versus
filters.
C
Yeah
having
to
talk
with
anyone
about
about
that
started
a
discussion
here,
so
we
can
start
discussing
asynchronously,
but
yeah.
A
Oh,
this
is
awesome.
We've
been
needing
more
examples
of
policy
attachment
I,
thank
you
for
trying
it
out
and
finding
the
gaps
in
our
approach
right
now,
right
now
it's
pretty
theoretical.
A
There
was
actually
there
was
a
coupe
contact
actually
about
policy
attachment
from
Linker
d
yeah
mate.
If
you
remember
he
was
at
some
of
our
earlier
meetings,
but
yet
he
had
written
that
talk
and
yeah
so
interesting
stuff.
A
There
I
actually
was
talking
at
the
same
time,
so
couldn't
make
it
directly,
but
I've
watched
it
since
it's
I
highly
recommend
I
I
think
this
is
you
know
everything
you've
described,
I
haven't
read
this
yet,
but
everything
you've
described
makes
sense
as
kind
of
the
gaps
right
now
and
the
other
thing
that
I'm
unsure
of
right
now
is
our
kind
of
inheritance
model
is
very
complicated
and
I.
Don't
know
that
that's
been
tested
well
enough
or
you
know
so
I
yeah
I
I
am
very
I.
A
Very
much
appreciate
you
trying
this
out
and
writing
this
up.
I'll
try
and
make
a
note
to
respond
to
this
once
I
have
more
time
to
look
through
it,
but
yeah.
We
we
need
more
time
spent
on
policy
attachment
to
see
if
the
model
we've
proposed
actually
does
work
well
and
if
not,
what
we
can
do
to
make
it
better,
and
it
seems
like
at
least
a
section
name
is
a
good
starting
point.
B
Yeah
I
mean
we're
using
the
section
name
in
other
places.
It
does
make
sense
to
allow
tighter
targeting,
but
it
just
means
that
we'll
need
to
be
specific
about
how
the
defaults
and
overrides
work.
If
you're
subselecting
by
section
name.
H
C
Yeah
and
just
generally
I
mean
I,
don't
even
I'm
starting
thinking
about
like
how
would
what
would
a
conformance
test
for
this
or
something
for
this
even
look
like
I,
don't
I,
don't
know
right,
that's
also
quite
difficult
to
generically
do
but
yeah.
B
Know
what
that
the
only
thing
that
I
can
think
of
that
even
comes
close
enough
to
being
standard
that
we
would
want
to
do
it
as
a
standard
policy
is
like,
maybe
like
the
TLs
version,
or
something
like
that,
something
very
simple
like
that.
That
would
explain
it.
That
would
show
people
how
the
The,
Inheritance
and
stuff
works,
but
like
most
of
the
things
that
you're
going
to
want
to
do
with
this.
B
The
reason
that
you
use
policy
attachment
is
you
can't
make
it
standard
enough
to
be
able
to
just
make
it
a
resource,
and
so
that's
the
policy
attachment
is
like
one
of
the
Escape
valves
that
we
have
for.
We
can't
all
agree
on
how
this
works,
and
so
everyone's
going
to
need
to
do
their
own
thing.
Where
everyone,
you
know
you.
B
To
go
back
to
the
classic
timeout
example:
you
know
you
would
need
an
Envoy
timeout
policy
and
an
engine
next
timeout
policy,
probably
you
know,
or
whatever
other
data
path,
timeout
policy
right
like
the
because
the
timeouts
are
so
different
between
implementations.
So
if
we
wanted
to
have
conformance
testing
for
policy
attachment,
it
would
need
to
be
something
very
simple
that
then.
B
Is
attached
by
a
policy
that
might
be
useful
to
then
just
to
then
make
clear
to
then
give
people
a
concrete
example
of
how
the
the
defaults
and
overrides
should
work,
and
that
would
let
us
say
you
know,
write
performance
testing
to
say
if
you
default
you,
if
you
default
with
a
section
name,
here's
what
happens
and
if
you
override,
with
a
section
name,
here's
what
happens
for
a
Gateway
or
something
like
that
right,
like.
H
It's
only
ever
going
to
be
like
for
policy
attachment.
B
So
yeah
I
think
yeah
I,
really
like
the
discussion.
Man
I
really
appreciate
it.
It's
you
know,
I'm,
really
glad
that
someone's
actually,
finally
doing
it,
I
actually
have
had
in
mind.
B
I
need
to
go
and
watch
that
talk
Rob,
because
I've
had
in
mind
a
little
bit
of
a
rewrite
of
those
docs
for
a
while
the
sort
of
break
out
the
difference
between
policy
attachment,
as
we
currently
describe
it,
and
the
meta
resource
pattern
that
we've
used
a
bit
with
like
reference,
Grant
and
other
resources,
where
you
have
like
a
a
resource
that
wraps
some
other
resource
like
in
that
invisibly.
B
You
know:
we've
used
that
pattern
with
reference
Grant
and
some
other
and
like
I,
think
that's
a
useful
pattern
as
well,
but
it's
not
the
same
as
policy
attachment
and
people
have
called
it
policy
attachment
I'm
like
no
policy
attachment,
is
all
about
the
whole
defaults
and
overrides
oh,
but
but
we
don't
have
a
name
for
the
other
thing
so
yeah,
so
we
need
to
give
the
other
thing
a
name
so
that
we
can
all
talk
about
it
in
the
same
way.
So
that's
that
is
definitely
a
thing.
That's
on
my.
A
Yeah,
no,
no
that's
great
I
think
we
are
at
times
so
I
don't
want
to
keep
anyone
too
much
longer.
But
thank
you
thank
you
for
bringing
this
up
lots
more
to
come
on
policy
attachment,
I,
think
Nick
kind
of
alluded
to
the
idea
of
like
Envoy
policies.
There's
some
broader
interest
in
that.
Maybe
that's
topic
for
another
meeting,
but
yeah
I
would
love
to
see
what
we
can
do
here.
A
There's
a
lot
more
in
this
list.
I
want
to
highlight
if,
if
people
have
time
on
their
own
to
run
through
this
list
of
potential
release,
blockers,
there's
some
issues
nprs
that
need
review.
So
if
you
can
kind
of
follow
up
from
this
and
and
run
through
some
of
these,
that
would
be
very,
very
helpful.
A
But
with
that
we
have
gone
over
time
if
you're
interested
in
gamma.
We
may
see
you
tomorrow
at
the
community
meeting
otherwise
have
a
great
week
and
we'll
talk
to
you
next
week.