►
From YouTube: SIG Network Gateway API meeting for 20221128
Description
SIG Network Gateway API meeting for 20221128
A
Hi
everyone:
this
is
the
November
28th
meeting
of
Gateway
API.
As
always,
this
is
kubernetes
meeting.
So
usual
code
of
conduct
stuff
applies,
please
be
excellent
to
each
other.
Okay,
Philip
I
think
you
are
up.
B
B
We
don't
want
to
just
use
F5
specific
crds
for
what
we're
doing
and
we're
kind
of
focused
on
at
the
moment
on
a
lot
of
our
communication
service
provider
problems
so
like
launching
the
hygiene
and
having
Cloud
native
Network
functions,
so
not
sort
of
normal
apps,
but
where
the
application
is
networking
and
there
are
a
couple
of
sort
of
key
things
that
we
are
really
interested
in
working
on.
B
One
of
the
the
biggest
is
egress
and
not
just
sort
of
HTTP
egress,
but
you
know
for
our
customers
sort
of
the
whole
back
matters,
and
so
the
question
is,
you
know:
I
know
there
isn't
any
work
currently
in
Egra
on
egress
I.
Think
there's
been
discussion
of
maybe
doing
it.
B
A
I
think
that's
a
great
question,
so
I
would
definitely
say:
there's
definitely
interesting.
Egress
I
think
everybody
knows
that
it's
a
problem
that
we
have
to
solve
at
some
point
up
until
now,
it's
been
like
sort
of
further
down
the
priority
list
for
for
most
of
the
people
working
on
it.
So
in
terms
of
getting
started,
yeah
I
mean
there's
no
reason
why
you
can't
just
get
started.
A
Like
start
thinking
about
egos
start
thinking
about
how
you
want
to
describe
it,
you
know
start
writing
some
docs
or
something
like
that
on,
like
what
what
you
want
the
about
what
you
want
the
Gateway
API
to
do
for
you
right
like
what
what
is
what
do
you
want
your
egos
description
to?
Look
like
you
know.
What
do
you
want
it
to
do
like
and
you
know
start
start
with.
Some
use
cases
start
writing
down.
A
Yeah
the
you
know
that
sort
of
stuff
and
that's
how
we
that's
how
we
start
this
conversation
off
generally,
and
that
goes
for
anybody
who
wants
to
add
more
features
in
general
yeah,
that's
the
right!
That's
the
best
way
to
get
started
is
to
usually
the
best
thing
to
do
is
just
start.
A
Google
doc
talk
about
it
in
here
post
about
it
in
the
in
the
slack
and
yeah,
and
then
we
can
all
sort
of
start
talking
about
it
on
there
I
think
yeah.
B
A
B
A
Yeah
so
yeah,
just
just
so
I
mean
the
the
headline
is
start
a
Google
doc
start
writing
down
the
sorts
of
things
that
you're
thinking
about
the
sorts
of
use
cases
you
want
to
cover
like
in
reasonably
specific
kind
of
ways
like
we
need
TCP.
We
need
UDP,
we
need.
We
need
it
to
do
this
yeah
and
that
sort
of
stuff,
and
then
people
other
people
can
start
adding
their
own
use
cases
and
that's
how
we
end
up
with
like
a
sort
of
more
reasonable.
A
A
The
that
you
can
end
up
sort
of
talking
about
in
circles
a
lot
because,
although
generally,
we
all
think
about
things
in
roughly
the
same
way,
the
fine
detail
can
be
very
different
and
that
can
have
huge
impacts
on
how
you
talk
about
a
design,
the
stuff
that
you've
got
a
API,
that
you've
got
to
use
to
represent,
and
so
spending
some
time
talking
about
use
cases.
And
what
everyone's
trying
to
achieve
is
almost
always
time
well
spent.
C
Question
are
you
interested
in
egress,
Gateway
use
cases
or
just
regular
egress
from
application
to
the
internet?
That's
a
good
question.
B
Sort
of
oh
depends
on
the
protocol.
You're
talking
about
yeah.
Sorry
I
mean
one
of
the
one
of
the
biggest
things
that
we're
seeing,
for
example,
in
in
service
provider.
When
people
are
launching
Network
function,
is
they?
You
know?
You
just
need
to
be
able
to
identify
traffic
as
having
come
from
a
particular
Network
function,
because
some
of
them
will
get
access
to
your
radio
access
networks
and
will
get
access
to
the
internet.
B
Some
will
get
access
to
other
things
and
the
way
they
set
up
their
firewalls
is
all
therefore,
so
you
you
need
to
do.
You
know
math,
based
on
the
specific
Network
function,
based
on
the
specific
ads
and
right.
So
you
know
even
just
something
as
simple
as
that
and
then
at
higher
level
protocols.
B
Sometimes
egress
yeah
Ingress
have
to
be
tightly
coupled
because
you
have
a
peering
relationship
so.
A
Yeah
as
as
someone
who
worked
on
a
on
word-based
English
controller
for
a
long
time,
one
of
our
most
common
use
cases
was
people
saying
oh
Contour.
This
is
what
I
was
talking
about.
Contour
people
would
be
like.
Oh
Contour
is
great,
but
I'd
really
like
it
to
do
UDP
Ingress
as
well
and
I'm
like
yeah.
Well,
we
can't
do
that.
A
Like
you
know,
you
can
send
a
UDP
stream
to
Envoy
and
envoy
can
fold
it
onto
your
pods,
but,
like
you've
got
two
options,
then
either
your
pods
get
Envoy
as
the
source
of
the
UDP
or
they
don't,
and
traffic
doesn't
go
back
to
Envoy,
and
so
it
goes
straight
back
out.
The
default
gateway
and
probably
will
probably
get
dropped
because
it'll
more
than
likely
the
RFC
1918
space
or
something
like
that.
A
A
So
yeah,
that's
exactly
what
I
mean
by
let's:
let's
talk
about
use
cases
and
the
place
to
start
is
to
start
talking
about
the
sorts
of
things
you
want
to
do
and
then
people
can
say:
oh
you
know,
you'd
have
you
have
you
considered
doing
it
this
way
or
that
way,
and
we
can
talk
about
like
what's
the
best
ways
to
do
these,
and
if
we
have
tools
already
that
we
can
use
to
sort
of
accomplish
those
use
cases
and
if
not,
then
what
are
we
going
to
build
right
like
so,
we've
got
to
sort
of
understand
what
we
have.
B
B
Sense,
yeah
I
have
one
more
question
and
what
is
there
sort
of
a
pre-existing
Vision
on
how
how
someone
might
layer
in
like
security
policies
like
if
you
wanted
to
add
a
firewall
or
an
application
firewall
or
you
know.
A
Whatever
yeah
so
right
now
a
lot
of
that
stuff,
we
had
we've
intended
to
sort
of
Leave
it
to
meta
resources
like
policy
attachment,
just
because
it's
very
difficult
for
a
lot
of
those
things.
It's
very
difficult
to
write
them
in
a
standardized
way
that
works
across
lots
of
implementations.
I
mean
that's
the
core
problem.
The
core
design
goal
and
problem
of
Gateway
API.
Is
that
it's
about
making
something?
That's
implementable
across
lots
of
implementations
for
whatever
you're
talking
about,
and
so
you
for
something
like
HTTP
Ingress.
That's
reasonably
straightforward!
A
Right,
like
there's
a
whole
bunch
of
stuff
that
you
can
do
that
everybody
can
do
and
there's
some
stuff
that
only
some
people
can
do.
That's
extended,
yeah
and
then
there's
some
for,
but
when
you
start
doing
like
more
advanced
use
cases
so
for
the
last
seven
stuff,
like
rate
limiting
auth
that
sort
of
stuff
there,
then
the
capabilities
that
different
implementations
can
provide
become
very
different,
I
think
for
firewalling,
it's
a
lot
more
standard,
and
so
it
should
be
possible
to
sort
of
talk
about
what
we're
trying
to
do.
A
But
the
the
other
thing
that
we've
got
to
keep
in
mind
then,
is
that
the
concepts
need
to
like
make
sense.
Like
you
know,
one
of
the
things
that
we
worked
really
hard
on
was
I,
see
a
question.
I'll
get
you
in
a
sec
was
on
like
defining
a
gateway
to
be
like
it's.
A
Basically,
the
point
at
which
you
go
from
not
knowing
about
the
cluster
internals
to
knowing
about
the
cluster
internals
from
external
to
internal
is
a
lot,
is
the
you
know,
but
external
Intel
are
not
always
good
ways
to
describe
that,
and
so
you,
when
we're
talking
about
like
firewalls
and
and
stuff
like
that,
like
a
lot
of
what
we
talked
about
so
far,
is
load
balancing,
which
kind
of
you
know
shares
a
lot
with
firewalls,
but
we've
got
to
be.
A
You
know
that
we
don't
overlap
too
much
with
what
other
people
are
doing
or
we
use
existing
mechanisms,
or
you
know
that
sort
of
stuff,
and
so
the
more
we
overlap
with
software
that
has
existing
mechanisms.
The
more
we
need
to
allow
for
the
sort
of
overlap,
constant
yeah.
C
Pretty
much
what
you
said:
they
just
want
to
to
kind
of
clarify
a
bit
that
your
different
vendors
may
do
different
things
notification.
We
are
also
trying
to
have
some
common
ground
in
some
common
policies.
I
mean
at
least
for
what
what
we
can
do
common
and
also
some
common
patterns.
For
example,
you
know
if
we
all
use
certificates
for
for
workload
identity.
C
You
know
maybe
study
understanding
format
for
the
certificates
and-
and
you
know
how
to
distribute
those
and
other
stuff
so,
and
there
are
two
main
Trends
I
think
one
is
a
network
policy
where
again
they
are
all
kind
of
the
existing
apis
that
are
in
Broad
using
kubernetes
and
may
be
mappable
to
egress,
and
since
there
is
a
certificate
based
approach
that
again,
it's
also
pretty
common
and
obviously,
if
you
want
to
define
something
new,
we
are
interested
to
hear
about
it.
C
But
it
would
be
great
in
your
in
the
talks
that,
hopefully
you
will
start.
If
we
can,
you
know
kind
of
figure
out
which
of
those
options
you
you
are
interested
in
and
maybe
we
can
collaborate
on
it.
A
Yeah,
so
hopefully
that
does
that
sort
of
answer.
A
few
of
your
questions,
I
mean
look,
I've
got
to
be
clear.
There's
no,
like
you
know,
game
API
is
still
in
an
early
enough
stage.
There's
no
hard
like
solidified
process.
Aside
from
the
fact
that
big
changes
need
to
get
like.
That's
the
that's
the
one
bit
of
like
process
that
we
have
really
is
big
changes
need
a
gap
and
then
whatever
we
make,
has
to
pass
kubernetes
API
review.
A
What
we've
found
is
that
having
a
Google
doc
or
something
like
that
is
a
great
way
to
get
some
async
discussion
happening
outside
of
these
meetings
and
then
once
you've
done
that
a
bit,
it's
good
to
bring
them,
bring
that
to
the
meeting
and
then
do
some
high
bandwidth
backwards
and
forwards
and
then
usually
that
you
know
one
or
two
rounds
of
that
is
enough
to
then
make
something
that
we
can
turn
into
a
proposal
or
a
gif
or
something
like
that.
A
B
A
Look
so
and
I
mean
look,
we've
already
got
in
terms
of
special,
like
we've
basically
got.
You
know
a
Sig
already
for
gamma,
like
that's
like.
Let's
focus
on
the
you
know,
using
Gateway
bi
style
objects
for
mesh
constructs.
You
know
I,
like
I,
see.
No
reason
why
you
couldn't
do
the
same
sort
of
thing
for
let's,
let's
focus
this
on
egress
or
you
know,
or
more
specifically,
on
sort
of
network
functions
and
a
lot
even
lower
layer.
Stuff
I
mean.
Oh,
we
read
all
the
the
layer
four
stuff
right
now.
A
That's
in
the
API
is
very
basic,
because
not
a
lot
of
people
spent
enough
time
on
it.
You
know
I
mean
I'm
working
at
I
surveillance
now
on
psyllium,
and
you
know
it's
definitely
on
my
list
of
things
to
do,
because
you
know
it's
a
thing
that
psyllium
can
do
as
well.
So
yeah
like
I'm,
definitely
interested
to
help,
contribute
there
and
I
think
a
lot
of
other
people
will
be
too.
A
A
You
that's
a
great
question
and
I
like
awesome
that
you
raise
it
yeah.
Well,
that's
it!
If
you're,
if
you
don't
have
anything
else
to
ask
there,
then
what
else?
What
else
would
anyone
like
to
talk
about.
A
Candace,
it
looks
like
you
have
a
you,
have
a
conformance
test
question.
A
A
E
A
Yeah
so
I
mean
I,
know,
Contour
definitely
has
celium
definitely
has
because
I've
been
involved
in
both
of
those
the
I
think
ice,
pretty
sure
custom.
You
can
correct
me
if
I'm
wrong,
but
istio
has
has
the
components
tests
running
already
yeah.
A
Yeah
yeah
so
yeah
I
guess
my
question
would
be
like
okay
yeah
cool,
so
my
test
console
has
been
running
them
as
well.
A
There's
a
handful
skips
that
are
passed
yet
is
I,
guess
Candace,
maybe
if
you
just
want
to
you,
can
get
the
audio
working,
that's
cool,
but
if
you
want
to
just
put
in
a
chat,
maybe
are
you
talking
about
like
how
to
actually
like
run
the
like
command-wise,
the
conformance
test,
because
I
know
we
don't
have
a
great
out
to
or
anything
like
that
at
the
moment
or
you
know
how
to
run
it
for
your
implementation
or.
B
A
Sort
of
the
because
yeah
I
think
you
can
run
it,
but
it
doesn't
pass
okay.
Does
it?
Is
it
it's
not
passing
because
I
mean
there
are
a
bunch
of
assumptions
that
probably
are
poorly
explained.
A
It's
kind
of
the
conformance
tests.
Look
for
expected
this
Gateway
class
installed
that
will
expected
as
a
Gateway
class
installed
that
can
handle
having
multiple
gateways.
Oh
there
you
go,
can.
E
You
hear
me,
oh
okay,
great
sorry
about
that.
Okay,
so
yeah
I,
I
I
can
run
the
conformance
tests
I'm
trying
to
get
conformance
tests
for
pass
through
right
now
and
with
the
the
first
implementation
that
I
selected.
It's
it's
not
running.
So
I
am
going
to
try
I,
guess
I'm,
going
to
try
a
different
implementation
and
and
see
so
it
is
running.
But
it's
not
passing
so
I'm
going
to
try
a.
B
A
So
I
think
Quantum
was
one
Contours
once
should
do
that,
I,
don't
know
if
the
guys
have
updated
since
we
updated
the
performance
tests.
I
think
the
support
was
there,
yeah,
I,
think
and
so.
A
I
definitely
think
that
if
you,
if
you've
got
a
lot
of
issue
with
like
some
of
the
stuff
you've
done
and
like
you
know
how
it's
not
working
and
that
sort
of
stuff
I
think
that
there's
absolutely
a
lot
of
space
for
us
to
make
some
pretty
good
improvements
to
the
like
to
the
how
to
run
the
course
to
have
a
how
to
run
the
conformance
test
document,
which
we
currently
don't.
A
Yeah
yeah,
okay,
it's
been
a
little
while
since
I
ran
it
myself,
I'll
be
honest,
yeah,
maybe
one
of
the
others
who
have
been
running
it
might
be
able
to
like.
Maybe
you
could
take
up
a
time
to
pair
with
someone
or
something
like
that
to
sort
of
walk
through
how
they
do
it
and
how
you
do
it
and
you.
D
Know,
yeah
I
think
it
would
help
probably
just
throw
this
to
Slack
and
they
just
get
live.
Debugging
yeah.
A
I
think
that
that
feels
like
the
the
right
thing
here
is
Trump:
let's
try
and
get
let's
try
and
get
you
like
paired
up
with
someone,
and
that
way
you
can
like
that
seems
like
the
fastest
way
to
get
your
Healthy,
because
it'll
take
me
longer
to
figure
out
how
to
do
everything
because
I
haven't
done
it
ages.
We.
E
Don't
we
don't
have
a
table
of
people
whose
conformance
tests
have
passed,
I
mean
whose
implementation
has
passed
the
conformance
tests
or
anything
like
that
right.
D
E
D
I
think
is
working
on
a
way
to
submit
documentation
for
it.
There
is
I
think,
there's
an
issue
to
track
this.
A
Yeah,
but
there
is
there's
no
table
or
anything
like
that
at
the
moment,
Rob
has
been
looking
at
like
how
Upstream
does
it
for
kubernetes
performance
and
so
we're
trying
to
like
make
something
yeah
make
something
more
yeah
more,
so
that
there
will
be
a
reference
somewhere,
but
yeah
I'm
I'm,
pretty
confident
that
yeah
like.
But
there
are
quite
a
few.
A
You
know
at
least
those
four
that
we've
mentioned,
that
either
performance
tests
do
work,
and
so
yeah
Mike
said
in
the
chat
that
he's
happy
to
jump
in
it's
like
total
pair
with
you
later
in
the
week.
Thank
you,
Mike.
A
Yeah
yeah,
so
yeah
thanks.
This
is
actually
a
really
good
question.
Let's
let
me
make
a
note
here:
okay,
that
I
will
check
into.
A
That
way,
you
can
have
an
issue
to
put
updates
in.
B
A
I
think
there
was
this
year
as
well:
I
I
suspect
that
Kong,
the
Kong,
maybe
as
well
Candice
but
yeah.
Thanks
for
the
question
all
right,
great
question:
the
yes.
E
I'm
actually
using
istio,
so
it's
not
there's
some.
It's
a
little
bit
behind
some
of
the
changes
in
the
conformance
tests.
A
Yeah,
okay,
no
worries
so
I
think
yeah.
It
makes
sense
for
you
to
have
a
chat
to
someone
else
then
and
see
if
you
can
get
that
working
or
maybe
I
can
help
you
do
a
console
consoles
ones
or
something
like
that.
Just
so
you
can
see
them
see
them
work.
A
D
We
could
do
triage
or
we
could
continue.
I,
don't
know
if
we
had
a
follow-up
on
the
SSL
or
TLS
to
backend
discussion,
whether
or
not
what
the
state
of
that
is.
A
The
I
think
where
I'm
at
at
the
moment
with
that
is
that
I
think
that
that
the
sort
of
back-end
capabilities,
back-end
properties
object,
was
too
big
in
scope
and
had
too
much
sort
of
bleed
into
other
use
cases,
and
so
what
I'm
thinking
is
that
we
should
consider
doing
a
more
tightly
focused
sort
of
back-end
property
style,
meta
resource
that
that
just
just
just
literally
just
handles
you
know:
back-end
properties,
re-encryption
to
a
back
end
and
just
yeah,
making
it
just
focused
on
that,
so
that
it's
very
clear
about
what
what
the
use
case
is
because
I
think
part
of
the
problem
we
had
was
like
people
like.
A
Oh,
but
what
happens
when
you
use
that
use
this
backing
capabilities
for
something
other
than
what
you're
talking
about
there,
which
I
hadn't
thought
about
at
the
time.
So
I
think
that's
probably
where
it
is.
That
means
that,
for
me
for
the
the
action
there
is
for
me
to
go
back
and
sort
of
put
some
of
that
into
the
original
Gap
and
sort
of
update
the
original
Gap
I'm
happy
to
hand
that
off
to
someone
else.
If
anyone
wants
it
but
yeah,
that's
where
it
is
at
the
moment.
D
A
A
Sorry,
let
me
just
make
a
note
about
fill
up
your
previous
question.
Do
you
wanna
and
yeah
Philip?
Do
you
want
to
hit
your
next
question
while
I
type
up
into
some
notes
about
the
previous
discussion.
B
Yeah
I
mean
this
may
just
be
an
ignorant
question,
because
I
am
still
trying
to
understand
like
how
exactly
PLS
route
works,
because
it's
and
not
the
way,
I
think
of
this
problem,
I
think,
but
the
term
passed
through
is
there
going
to
be
a
general
concept,
though
passed
through
in
Gateway
API,
or
is
that
a
specific
way
of
laying
out
TLS.
A
A
B
A
So
yeah!
So
when
we're
talking
about
pasta,
we're
meaning
passing
through
the
Gateway
so
like
passing
through
the
Gateway
without
being
sort
of
unwrapped,
that's
what
that's!
What
we're
meaning
when
we're
talking
TLS
pass
through,
is
that
you're
not
terminating
the
TLs
and
then
re-encrypting
it
or
and
you're,
not
yeah.
D
Yeah
I
I,
don't
know
if
at
least
this
is
how
I
interpret
it.
I
don't
know
if
it's
like
immediately
generalizable
like
across
all
protocols,
because
you
could
imagine
okay,
you're
like
doing
some
kind
of
rapping
or
unwrapping,
but
basically
as
an
important
use
case.
There
are
lots
of
things
that
will
route
TLS
based
on
the
S
and
I,
but
not
necessary,
necessarily
manipulate
and
terminate
the
TLs.
So
that's
what
we
mean
by
a
pass
through
TLS.
D
B
D
B
Attached
to
like
a
higher
layer
route
and
that's,
why
that's
why
HTTP
route
has
separate
PLS
information
in
it?
Yes,
you
don't
connect
a
TLS
route
in
an
HTTP
route,
no.
A
Okay,
yeah,
so
so
the
so.
Basically,
the
idea
here
is
that
the
different
routes,
route
based
on
sort
of
more
or
less
information
so
again,
I
think
this
needs
to
be
sort
of.
We
need
to
bring
this
closer
to
the
top
of
the
documentation,
but
like
the
idea
behind
the
different
routes
is
TCP
route
and
UDP
route.
They
traffic
arrives
at
a
Gateway
listener,
and
is
this
and
you
can
pick
out
where
that
traffic
goes
to
based
only
on
the
stuff,
that's
in
the
the
route
and
so
TCP
route
and
udprout.
A
Allow
you
to
route
on
Source
address,
destination,
address
and
new,
conceivably
Source
Port
I
mean
destination.
Port
is
included
in
the
listener
in
the
listener
definition
and
those
ones.
That's
it.
That's
all
you
have
available
to
Ralph
and
you
can't
route
on
I
mean
conceivably.
We
could
allow
routing
on
stuff
that
doesn't
require
you
to
terminate
the
connection.
Maybe
you
know
conceivably
use
like
def
serve
bits
or
you
know
other
bits
in
the
TCP
or
UDP
on
the
IP
headers.
But,
like
you
can't
you
it's
the
the
point
here.
A
A
We
said,
use
the
Sni
to
Route
things,
so
the
usual
use
case
there
is
that
you've
got
one
one
Gateway
listening
on
443
and
you've
got
like
one
to
many
services
that
are
all
that
all
have
different
snis
and
you
can
route
those
to
different
pods
in
the
back
ends
based
only
on
the
Sni,
but
because
it's
a
TLS
route.
A
What
the
the
implicit
assumption
is
that
you're
not
unwrapping
the
traffic
you
can't
inspect
inside
the
traffic
any
more
than
the
Sni
and
then
HTTP
route
is
sort
of
again
hot,
that
the
ceiling
is
higher.
In
that
you
can
it's
expected
that
the
Gateway
can
inspect
the
HTTP
traffic
somehow,
usually
that
means.
A
Obviously,
if
it's
encrypted,
you
can't
right,
like
you,
have
to
unwrap
the
traffic,
you
can't
have
it
encrypted
and
be
able
to
see
the
headers
or
the
path
or
the
you
know
anything
like
that,
and
so
that's
where
I
you
know,
that's
where
we
talk
about
re-encrypt
for
HTTP
route,
because
you
know
if
you've
terminated
it.
A
Sometimes
you
want
to
re-encrypt
it
as
it
leaves
the
load
balance
for
the
Gateway
right
like,
and
so
that's
that's
sort
of
how
the
different
route
structures
work
and
the
grpc
route
is
effectively
syntactic
sugar
on
top
of
a
HTTP
route
that
lets
you
talk
about
things
in
the
way
that
grpc
poker
used
to
talking
about
them,
rather
than
having
to
turn
them
into
path,
calls
and
stuff.
Like
turn
method
calls
into
path
calls.
Does
that
make
sense.
B
A
C
So
two
quick
points
on
this
one.
It
may
go
away
soon,
because
a
new
versions
of
TLs
are
kind
of
duplicating
the
SMI
and
encrypting
this
on
high,
so
for
client
communication.
It
may
no
longer
be
that
effective
as
it
is
now
and
second,
there
are
other
things
that
can
be
used:
I
mean
in
Indonesia,
for
example,
we're
using
some.
C
You
know
mtls
over
operation,
so
there
are
all
kind
of
standards
in
RFC
to
to
kind
of
encapsulate
opaque
traffic,
provide
them
to
End
security,
which
is
the
primary
goal
of
this,
but
with
different
with
better
ways
to
to
convey
metadata.
So
it's
another
interesting
discussion
to
have
at
some
point
about
this.
A
Yeah
so
I
think
and
again
the
the
one
of
the
whys,
the
reasons
that
we
designed
the
API.
The
way
we
have
is
that
it
is
absolutely
intended
that
we
can
add
further
routes
to
do
different
types
of
routing
based
on
some
using
some
other
metadata
as
routing
discriminators.
That's
the
that's
the.
As
we
said,
the
term
of
Auto
I
like
to
use
is
that
you
know
you
the
different
routes,
the
thing
that
tells
the
different
routes
apart
are
what
you
know
what
routing
discriminator
you
can
use
to
to
pick
where
things
go.
A
You
know
like
I
mean
I've
said
before
that
I
could
conceivably
see
that
we
would
have
to
change
the
listen,
the
definition
a
little
bit
to
to
handle
the
all
ports
use
case
to
do
it,
but
you
know
conceivably,
you
could
also
have
an
IP
route
right
that
described
a
Gateway
that
is
effectively
a
router
that
and
an
IP
route
would
be
an
entry
in
the
route
table
like
there's
no
like
conceptually.
That
is
possible
right
now.
A
A
Let's
I
mean:
let's
give
everybody
a
message,
then
it's
better
that
we
have
that
we're
talking
than
just
sitting
around.
Not
not
talking
so
does
anyone
else
have
anything
they
would
like
to
ask
anything
at
all.
Maybe
this
is
like
an
open
Agenda
meeting
like
we're,
not
I,
I,
say
bye.
The
reason
I
didn't
want
to
do
triage
was
I
kind
of
wanted
to
to
give
everyone
a
discussion
chance
rather
than
it's.
D
Good,
it's
the
post-us
holiday
everyone
just
kind
of
chill
out
yeah.
G
I
feel
like
a
really
high
level
question
about
the
cross,
namespace
secrets
for
gateways,
so
I
work
on
assortments
only
have
like
an
integration
for
like
automatically
generating
search
manager,
certificates
for
gateways
and
that
does
not
doesn't
really
work
across
namespace.
So
I'm
curious
about
whether
you
think
it
will
be
like
widely
used
Secrets
at
different
time
spaces
or
it's
just
for
like
very
specific
use.
Cases.
A
I
think
it
is
for
very
specific
use
cases,
but
like
I,
don't
I
mean
I,
mean
I've
used,
search
manager,
it's
awesome
and
nice
work
and
I
think
that
it's
definitely
it
seems
possible
to
me
that
you
could
make
it
work.
It
would
be.
You
know,
there's
there's
a
couple
of
extra
Hoops
that
you
would
need
to
jump
through
to
make
it
work.
A
The
I
mean
the
the
idea
here
is
that
is
actually
sort
of
for
people
who
want
to
do
like
for
people
who
don't
want
the
secret
to
live
next
to
the
Gateway
right,
like
that's,
you
know,
and
so
I
mean
I
I,
agree
that
in
most
most
of
the
time
for
certain
manager,
you
want
the
secret
to
live
next
to
the
thing
that
you're
automatically
generating
for
you
know,
but
the
sort
of
use
cases
that
I
have
seen
people
want
this,
that
specific
functionality
for
have
been
somewhere
where,
where
it's
either
not
automatically
generated
or
it's
there
are,
you
know
some
significant
sort
of
barriers
to
generating
more
ones
like
people
are
actually
buying.
A
A
He
doesn't
want
to
like
put
that
where
anybody
or
just
anybody
can
read
it
right,
like
you
know
the
key
more
more
importantly,
and
so
like
that's
the
sort
of
use
case
where
you've
got
some
big
shared
suit
or
a
wild
card,
cert
more
more,
usually
that
that
you
want
to
sort
of
keep
away
from
everyone's
sort
of
prying
Fingers,
but
yeah
like
I
mean
I,
don't
like
I
think
you
could
do
it,
but
I,
but
I
agree
that
it
seems
weird
to
need
to
do
it
for
so
manager.
G
Well,
like
right
now,
I,
we
actually
I
think
we
weren't
even
aware
that
it
was
possible
to
specify
our
namespace
so
right
now,
if
you
were
to
use
our
gate
version,
feature
to
just
create
a
certificate
in
the
exact
same
nice
password.
The
Gateway
is
the
reason
why
it
may
not
be
possible.
I
think
is
probably
because
we
had
like
an
owner
reference
to
that
certificate
of
the
Gateway
so
and
the
certificate
would
need
to
be
in
the
same
namespace
as
the
secret.
So
probably
that
wouldn't.
G
Yeah
plus
I
guess
we
would
need
to
use
I've
not
really
looked
at
this
in
depths
I
guess.
We
would
also
need
to
use
your
reference
Grant
mechanism
to
actually
figure
out
that
this
user
can
create
these
certificates,
but
yeah
I
mean
I,
guess
I'm
curious,
whether
it's
something
that
we
actually
people
would
be
wanting
and-
and
it
sounds
like
from
what
Nick
said-
that
it's
likely
not
certain
manager
use
cases
where
this
would
be
needed.
D
Although
I
have
to
say,
like
you
know,
multiple
areas
in
kubernetes
are
looking
at
sort
of
cross
names
based
resources.
So
the
fact
that
the
owner
reference
does
not
allow
this
behavior
is
an
interesting
one
like
we
may
see
like
hey.
Do
we
want
to
add
unnamed
space
field
into
owner
reference
itself?.
A
Expression
on
Tim's
face
when
I,
when
I
think
about
telling
him
about
doing
that,
but
the
I
think
I
I
think
to
me.
It
certainly
makes
sense
that
for
now
it
would
make
sense
for
cert
manager
to
just
say
yeah.
We
don't
do
this.
If
you
want
to
come
talk
to
us
right
like
that,
would
be
the
that
would
be
what
I
would
do
if
I
was
you
you
I
would
I
would
say:
hey
yeah
we're
not
supporting
this
at
the
moment.
A
If
you
really
need
it,
then
we'd
love
to
talk
to
you
and
we'd
like
to
understand
more
about
how
you
need
it
and
see.
If
anyone
comes
to
talk
to
you.
H
So
just
to
I
actually
had
a
question
regarding
that
the
cert
manager
does
provide
a
grpc
interface,
not
widely
used,
but
can
that
be
leveraged
to
keep
things
in
memory
and
just
communicate?
You
know
any
way
you
need
to.
H
Okay,
okay,
so
that's
an
extension
that
okay,
if.
H
Okay,
exactly
so,
we
were
just
doing
some
work
around
it
and
I
thought
my
team
was
leveraging
something
that
already
existed
and
extending
that,
but
maybe
they
just
built
the
whole
thing
from
scratch.
I'll
take
a
look.
A
Cool
so
yeah
I
think
Candace
I
saw
your
question
we'll
jump
to
that
in
a
sec.
Yeah
I
just
want
to
round
out
this
sort
of
cert
manager,
so
slash,
search,
discussion,
providing
certs
not
through
Secrets,
certainly
does
have
value.
That's
why
people
have
that's
why
people
have
built
the
CSI,
The,
Seekers,
plugin
interface
and
that's
basically
kind
of.
A
Does
that
it's
a
bit
weird
because
you
can't
use
it
with
Gateway,
because
there's
no
pod
to
sort
of
Mount
a
CSI
plug-in
secret
into,
but
I
think
that
that
sort
of
pattern
of
I
mean
I
could
see
sort
of
extensions
that
you
could
try
with
the
Gateway
API
to
say
you
know,
hey
you
reach
out,
grab
this
secret
from
you
know,
I,
don't
know
Vault
or
something
you
know,
or
gke's
certificate,
storage
or
AWS
certificate
sort
of
drug
case.
A
It's
like
anybody's,
like
some
external
certificate
store
or
something
like
that
would
be
pretty
useful
as
well
so
yeah
I
think
definitely
that
I
can
conceivably
see
that
we
would
do
that.
But
haven't.
Has
anyone
spent
any
time?
Thinking
about
that?
No
sorry,
I
I
didn't
I,
don't
think
I.
Don't
think
we've
actually
spoken
before,
but
a
person
from
site
manager.
Would
you
mind
just
putting
a
couple
of
notes
in
the
in
the
agenda
about
it,
because
otherwise
I'm
going
to
forget
the
details.
A
Thank
you,
and
thanks
for
the
great
question
too
yeah,
sorry
to
not
met
you
before
no.
A
No
problem,
yeah
I,
think
that
there's
definitely
there's
definitely
some
discussion
to
be
had,
though,
about
sort
of
dynamic
certificate,
provisioning
and
how
that
crosses
over,
with
keeping
certs
in
different
namespaces
from
things
and
using
cross.
A
Namespace
references
Bowie
alluded
to
it
before,
and
we've
discussed
it
a
couple
times
that
you
know
we
have
reference
Grant
right
now
to
handle
sort
of
cross-name
space,
references
of
all
types
of
Secrets
included
and
that
we
are
speaking
to
API
machinery
and
other
groups,
because
reference
grants
seems
useful
enough
that
that
there
is
a
case
to
be
made
that
maybe
it
should
be.
You
know
more
General
Place
in
core
or
in
some
other
place.
That
is
consumable.
That's
not
just
part
of
the
Gateway
API
yeah.
A
So
watch
that
space.
For
those
of
you
who
haven't
heard
that
before
Candace,
you
have
a
couple
questions
about
session
persistence
and
exported
for.
E
Yes,
just
those
those
two
things
we're
looking
to
just
find
out
whether
there's
any
prior
art
or
any.
If
there's
been
any
discussion
about
it
in
the
past,
that
I
have
to
admit,
I
haven't
looked
through
the
issues
or
discussion
sections
yet
of
the
repo
just
a
a
general
idea
of
whether
this
is
important
to
anybody.
That's
been
to
the
meetings
and
whether
there's
any
any
work
being
done
on
it
on
either
of
those.
D
E
Looking
for,
how
are
you
power?
Is
there
standard
way,
you're
telling
people
to
implement
it
for
Gateway
API
how
people
should
implement
it?.
A
So
the
answer
there
is,
we
have
not
done
any
work
on.
This
is
in
the.
We
have
not
done
any
work
on
this
yet,
but
there
are
definitely
people
interested
kind
of
bucket
as
well
again.
Contour
does
have
a
session
of
assistance
and
I
mean
it's
it
uses
envoys
Envoy
has
pretty
magic
support
for
exported
for
the
basically
with
most
Envoy
things.
If
you
kind
of
don't
need
to
mess
with
it
too
much
and
it
will
usually
just
work.
A
There's
a
couple
of
settings:
you've
got
to
set
for
Envoy,
but
then
it
just
you,
the
x5004
will
be
set
pretty
much
correctly,
so
I
think
on
Contour,
which
we
fiddled
around
for
a
while
and
found
the
settings
that
worked
for
us
and
then
never
touched
them
again
because
we're
like
don't
mess
with
this
but
yeah,
but
for
session
persistence
we
do
have
the
Contour
sorry
I
say
we,
but
I
I,
don't
work
for
Potter
anymore,
but
yeah.
So
Contour
does
have
a
bunch
of
stuff
there.
A
So
there
is
some
prior
art
in
Contours
HTTP
proxy.
But
again
this
sort
of,
like
I,
said
This
falls
into
the
bracket
of
yeah.
Most
people
are
going
to
want
it,
but
we
haven't
worked
on
it
enough,
yet
to
sort
of
you
know,
sit
down
and
write
down,
use
cases
and
talk
about
and
figure
out
the
language
and
do
the
whole
thing
again.
You
know
it's
the
case
for
sort
of
most
of
the
things
that
are
not
in
the
API.
A
Yet,
if
you
can
think
of
doing
it
with
HTTP
I
guarantee
you
we've
talked
about
it,
you
know,
but
like
most
of
the
stuff
has
been
very
much
in
the
we
need
to
get
the
basic,
HTTP,
routing
and
conformance
and
stuff
sorted
out
first,
and
then
we
can
look
at
how
we
add
how
the
add
the
other
stuff
later
I
mean
it
is
later
now.
So
it's
100
valid
to
be
asking
these
questions.
A
You
know
but
yeah
it's
most
of
these
are
just
we
haven't
talked
about
them
yet,
and
you
know
same
same
thing
as
Phil.
Like
you
know,
let's
you
make
some
Mason
docs
gets
get
it
started.
I
know
you
I
know:
I
have
LED
you
down
the
wrong
path
there
before
with
the
back
end
capabilities,
but
I
think
that
more
tightly
scope,
things
should
be
should
be
a
lot
easier
to
do.
Like
you
know,
session
persistence
is
pretty
tight.
A
A
D
Yeah
so
I
I
would
say
that
if
you're
looking
for
more
fine
grain
configuration
of
these
things,
there's
basically
a
couple
of
answers.
One
is:
is
it
standardized
in
some
way
that
we
would
expect
really
broad
adoption?
So
then
that
makes
sense
to
take
into
Upstream
the
other
one
is
if
it's
not,
then
the
apis
design,
in
a
way
that
you
can
very
easily
create
your
custom
extension
and
just
kind
of
be
able
to
do
what
you
need
to
do.
E
Thanks,
thank
you.
Yeah
I
think
it's
more
the
standard,
the
standard
way
of
doing
it,
rather
than
trying
to
figure
out
a
way
to
do
it.
Just
you
know
to
make
sure
that
everyone's
following
the
same
way
of
doing
it
in
in
the
end
would
make
it
much
more
valuable.
I
I
feel
like
so
yeah
I'll
keep
an
eye
on
it
and,
if
and
You,
probably
see
something
from
us
regarding
that
in
the
future.
A
Yeah
awesome
and
that
one
I
would
say
yeah
like
don't
be
shy
like
make
them
make
the
docket
like
get
the
dock
out
as
a
Google
doc
as
early
as
possible,
and
so
that
we
can
yeah
not
spend
yeah
like
get
the
conversation
happening.
I
Hi
I
wanted
to
say
from
in
my
opinion,
the
more
important
thing
is
to
know
whether
or
how
these
things
are
implemented.
So
I
think
we're
coming
at
this,
often
from
the
implementer's
perspective,
and
not
so
much
the
admins
or
operators
perspective.
But
if
I'm
someone
using
Gateway
API,
it's
really
important
for
me
to
know
I
have
an
HTTP
route
on
this
implementation.
How
will
it
behave
on
that
implementation?
Can
I
depend
on
session
Affinity
or
can
I
depend
on
exported
four
to
be
set?
I
I,
don't
want
to
code
to
this
implementation
and
then
have
my
assumptions
invalidated
when
I
go
to
that
implementation.
So,
from
my
perspective,
what's
if
I
put
on
my
user
hat,
what
I
really
want
is
that
it
be
documented,
so
it
is
there
some
agreement
that
this
is
something
where
implementations
need
to
document,
how
or
whether
they
Implement
session
affinity
and
export
it
for.
A
Yeah
so
yeah
I
agree
that
should
absolutely
be
part
of
it
and
the
way
that
we
like
document,
that
is
the
conformance
tests
you
know
like
we
have
performance
tests
that
you
know
set
exported
four
to
something,
and
then
you
sort
of
have
the
conformance
tests
assert
that
what
it
should
be
on
the
other
side
and
then
so,
then
there
should
be.
A
If
there's
no
way
to
configure
it,
it
should
behave
in
a
standard
way
or
if
there
is
a
way
to
configure
it,
should
behaving
and
stand
away
without
the
config
and
then
with
the
config.
You
can
change
the
config,
and
you
know
what
I
mean
like
that's
what
the
way
that
we
would
Define,
that
is,
with
the
conformance
tests
and
I
100
agree
with
you
that
stuff,
like
succession,
persistence
and
exported
four,
should
be
in
the
conformance
test.
A
thousand
percent
agree.
I
A
A
You
know
exactly
how
they
get
that
to
work
is
up
to
them,
but
like
some
some,
like
the
most
basic
level,
you
should
be
able
to
retrieve
the
you
know.
The
the
client
address
from
the
thinking,
so
the
client
address
should
be
visible
at
the
Pod
that
it
gets
around
the
two
right
like
that's,
not
that's,
not
a
high
level
functionality
and
the
same
and
the
same
for
like
social
assistance
right
like
you
should
be
able
to
say
you
know
stuff
about.
When
you
do
this,
the
you
know
the
PO.
A
The
request
should
all
end
up
at
the
same
point,
and
you
know
we
have
conformance
tooling
that,
like
lets,
you
like
lets
the
lets,
the
the
part
of
the
conformance
test
that
makes
the
request
check
that
it
check,
which
part
it's
going
to
or
if
we
don't.
That
is
definitely
a
thing
that
we
can
and
should
build,
and
so,
like
yeah
like
I,
think
in
my
mind
those
feel
like
capabilities
that
we
should
document
with
conformance
tests
like
that.
If,
if
not
everybody
can
do
them,
then
they
can
be
extended.
D
A
I
mean
I
I
suspect
that
the
best
way
there
is
to
just
write
a
conformance
test
put
in
the
extended
and
see
who
and
make
it
a
feature
that
you
can
turn
on
and
see
whose
implementation
passes
will
probably
be
the
easiest
way
to
figure
that
out,
but
the
you
know,
but
and
then,
if
everybody
does,
then
we
just
promote
that
conformance
test
to
be
part
of
the
court
and
it's
you
know
not
optional,
but
yeah
so
like
for,
for
both
of
those
for
those
two
separate
issues
are
exported
for,
and
social
persistence,
yeah
issues,
issues
of
the
place
to
start.
A
Let's
have
issues
that
we
say:
hey
we
want
we
want
to
do.
We
think
that
you
know
social
persistence
and
exported
Force
should
be
covered,
should
be
standardized
features
that
that
will
that
have
affordability
between
implementations.
A
You
know
this
is
just
to
cover
doing
that,
and
then
we
figure
out
how
to
you
know.
Can
everybody
support
the
the
stuff?
Can
we
describe
it
and
if
so,
how
do
we
do
it
again?
Great
questions,
because
yeah,
all
of
those
things
are
definitely
things
that
we
should
I
agree.
We
should
be
doing.
E
A
Awesome
well:
we've
got
10
minutes
left,
10
minutes
where
you
your
the
floor
is
open
anybody
else:
okay,
cool.
B
So
you
know,
as
you
mentioned,
about
the
the
Gateway
being
essentially
from
inside
to
outside,
but
what
has
knowledge
of
What's
going
on
inside
of
kubernetes
and
what
it
doesn't
I'm
wondering
if
there
are
plans
around
IP
address
assignments,
so
you
know,
and
maybe
specifically
the
planting
service
type
load.
Balancer
address
assignments,
so
you
know
like
again
in
in
my
area.
B
Fighting
on
an
IP
address
is
not
something
that's
done
automatically
it.
You
know
you
spend
months
or
at
least
weeks
assigning
an
IP
address
for
a
network
function
and
it
needs
to
move
around
with
that
Network
function.
B
Is
there
a
plan
to
do
anything
around?
You
know
these
exposure
ideas,
the
virtual
IDs,
the
external
IP.
A
Well
so
I
mean
we
have
some
functionality
there
already
with
Gateway
that's
what
the
address
is.
Fielding
Gateway
is
for
in
the
spec
address
is
field
in
Gateway
is
to
say
you
might
want
this
gateway
to
have
these
addresses
it's
a
list,
so
you
have
more
than
one,
but
also
you
can
only
have
one
so
that
lets
you
explicitly
ask
for
a
particular
address,
the
intent
there.
A
We
also
have
it
in
the
status
and
the
intent
there
is
that
that,
if
you
don't
ask
for
a
specific
address,
you
can
you
know
you
can
see
what
address
you
ended
up
with.
So
that's
definitely
intended
to
replace
some
type
of
load
balancer.
That's
what
so
that
that
part
of
the
Gateway
with
in
combination
with
TTP
route
and
UDP
route
is
definitely
intended
at
sort
of
replacing
service
type
load
balancer
in
a
level
layer.
A
Four
General
General
case
do
I
think
that
those
will
go
away
anytime
soon,
no,
no
Services,
GA,
it's
never
going
anywhere.
I'm
gonna
be
stuck
with
it,
but
like
the
idea
here
is
to
make
it
so
that
there's
a
more
usable
portable
alternative
to
sort
of
stoplight
balancer.
A
In
terms
of
more
advanced
sort
of
iPad
address
allocation
functionality,
we
haven't
talked
too
much
about
that
yet,
but,
like
we
have
mentioned
it
previously,
that
you
know
hey,
maybe
you
might
want
to
specify,
pool
or
or
something
like
that,
but
we
haven't
sort
of
got
too
far
down
that
road.
Aside
from
yes,
that's
the
thing
that
people
sometimes
want.
D
A
D
B
So
I
mean
part
of
it.
Is
it's
just
you
know
again
at
some
point,
if
you're
talking
about
egress,
you
know
the
IP
addresses
that
you
present
for
Ingress
tonight
for
exposing
a
service
on
the
IPS.
B
You
know
you
probably
have
to
have
some
relationships
with
that.
I
was
just
wondering
if
there
were
any
specific
plans
Beyond
this.
A
I
mean
again
all
that
comes
under
the
we
haven't
that
the
we're
key
to
the
egress
problem
down
the
road
thing
a
couple
times
and
yeah.
That's
where
I
I
100
agree
with
you
like.
It
totally
makes
sense
that
you
need
to
make
sure
that
you
know
if
you're,
if
you're
doing
any
sort
of
nat,
that
the
the
addresses
match
up
so
that
you
don't
end
up.
You
know
falling
foul
of
reverse
path,
forwarding
checks
and
stuff
like
that,
yeah
that
the
flow
makes
sense.
B
A
Cool
five
minutes
left
does
anyone
else
have
anything
if
not
we'll,
probably
just
call
it
early,
but
yeah
welcome
everyone's
welcome
to
ask
more
questions.
Please
do.
F
Okay
regarding
this
reference,
Grant,
so
I
asked
the
question
last
week
and
then
I
I
read
up
on
it
so
anyway,
so
like
the
to
and
from
all
those
things
is
it
up
to
the
Implement
implementer
to
enforce
these
allow
tune
from
references.
It's
not
there's,
no,
like
a
web
hook
or
a
web.
You
know
validator
that
will
enforce
these
things.
A
No
so
right
now
it
is
the
responsibility
of
the
implementation
to
implement
the
reference
Grant
and
that's
how
you
pass
the
conformance
tests.
That's
one
of
the
things
that
we're
trying
to
we're,
hopefully
looking
at
achieving
at
some
point
in
the
like
middle
to
long
distance,
is
that
you
know
something.
That's
not.
A
The
implementation
will
be
able
to
do
some
of
these
checks
for
you,
but
for
now
it
is
on
the
implement
the
implementor
to
and
the
implementation
to
be
the
ones
that
that
do
the
checks
and
that
that
you
know
that
yeah
and
that
pass
the
performance
test,
basically
yeah,
so
Shane
and
some
others
have
been
looking
at
writing
this
tool.
A
Blixt,
that's
you
know,
is
intended
sort
of
as
a
reference
implementation
for
like
basic
stuff
like
for
layer,
forefooting,
and
so
the
idea
there
is
that
that
can
then
be
a
reference
implementation
for
how
reference
Grant
works,
and
we
can
move
our
reference
Grant
test
to
be
doing
doing
Blix
tests
so
that
so
that
we
can
have
CI
against
those
reference
Grant
tests
that
that
they
work
with
the
reference
implementation
and
then,
as
long
as
you
work
like
the
reference
implementation,
then
you
will
be
able
to
pass
the
reference
grade
tests,
that's
probably
as
good
as
we're
going
to
be
able
to
get
for
quite
a
while,
because
doing
this,
this
sort
of
stuff,
you
know
webhook
or
something
like
that,
is
going
to
be
a
bit
complicated.
A
It's
conceivable.
We
could
make
some
of
the
code
of
it
like
make
some
helpers
available
to
help
you
but
yeah
and
I
and
I.
We've
done
that
a
bit
in
the
past
and
I
certainly
think
that
that's
a
thing
that
we
could
do
more
of
is
to
have
like
data
methods
and
stuff
like
that.
That
will
validate
reference
grants
or
you
know
that
sort
of
thing,
but
that's
all
to
be
done.
F
F
A
lot
like
during
the
implementation,
what
what
a
little
bit
that
we
have
done,
there's
a
lot
of
those
references
that
are
like
enforced
like
it's
up
to
the
the
implementer
to
kind
of
like
make
sure
that
hey
the
parent
ref
to
a
big
way,
you
know,
exists
in
both
ways
and
I
think
I
mean
I.
Think
it's
fine!
It's
just
I
kind
of
wonder
where
the
line
is
between,
like
whatever
the
web
hook
validator
and
then,
where
the
implementer
takes
over.
A
The
web
of
validator
is
good
for
things
first,
before
contradictions
that
arise
within
a
single
resource.
F
A
Once
you
start
needing
to
deal
with
multiple
resources,
then
that's
kind
of
needs
to
be
left
up
to
the
implementation,
because
the
web
all
can
only
look
at
each
resources
that
comes
in.
You
can't
go
and
look
at
other
resources
as
a
result
of
what
you
can't
do.
A
Reconciliation,
that's
kind
of
that's.
A
Yeah
exactly
right,
like
you
know
the
our
web
hook,
a
webhook
can
only
look
at
the
object
that
it's
given
right,
like
it
gets
given
the
object
when
you
try
and
apply
it,
and
you
can
look
at
that
object
and
be
like
you
know,
this
makes
sense,
or
this
doesn't
make
sense.
That's.
A
Yeah
yeah,
yeah,
and
so
we've
so
most
of
the
stuff.
That's
in
the
workbook
at
the
moment
is
stuff
where
the
rules
are
just
the
reason
we
need
you
to
run.
The
workbook
is
that
sometimes
the
rules
are
more
complicated
than
you
can
express,
expressing
like
a
regex
field,
or
you
know
a
regex
pattern,
you're
in
a
validator
or
something
like
that
or
you
know
a
number
of
items
or
you
know
some
other
really
simple
things
like
that.
The
the
validation
language
that
you
have
available
for
cids
at
the
moment
is
pretty
limited.
A
Some
there
has
been
some
talk
about
having
a
more
structured
evaluation
language
that
will
hopefully
like
obviate
a
lot
of
the
reason
we
need
the
workbook
right
now,
but
yeah,
but
I,
don't
think
that
you'll
ever
end
up
with
something
like
a
webhook
that
will
do
sort
of
those
like
referential,
Integrity
kind
of
checks.
A
That's
kind
of
you
need
much
more
than
a
single
object.
Foreign.
A
Cool
with
that,
we
are
out
of
time,
so
unless
anyone
has
anything
really
urgent,
oh
I
should
give
a
quick
update.
The
I
am
working
on
the
changelog
for
the
rc1
release.
I
should
have
that
out
in
the
next
couple
days
that
change
already
and
then
once
that's
done.
We
should
be
able
to
push
the
buttons
on
on
the
release
on
the
RC
release
pretty
soon,
and
then
we
are
aiming
for
the
060
release
sometime
in
December.
A
A
Okay,
with
that
I
will
call
the
meeting
done.
Thank
you
all
for
your
time.
Thanks
for
the
awesome
questions,
if
we
have
discussed
the
question
that
we
haven't
taken,
any
good
notes
about,
please
feel
free
to
drop
some
notes
in
there
in
the
agenda
yourself.
I'll
try
and
make
a
couple
of
notes
myself
for
what
I
remember,
but
I
had
a
good
chance.
I'll
forget
things
because
I
was
talking
thanks,
everybody
and
we'll
see
you
all
next
week
cheers
bye.
Thank.