►
From YouTube: SIG Network Gateway API Bi-Weekly Meeting for 20220613
Description
SIG Network Gateway API Bi-Weekly Meeting for 20220613
A
A
B
I
think
so
I'm
joining
this
call
for
the
first
time,
so
my
name
is
sneha.
I
actually
work
at
microsoft
and
we're
definitely
interested
in
looking
at
the
gateway
apis.
So
we
currently
have
a
solution
called
agic
out
in
the
market
for
our
azure
cloud
providers
and
it's
ingress
space
right
now,
like
the
english
apis.
So
we're
definitely
looking
at
the
gateway
apis
and
if
that's
something,
we
should
invest
our
efforts
into
in
the
near
future.
A
That's
that's
awesome.
It
would
be
great
to
have
some
additional
feedback.
You
know.
Obviously
I
represent
a
cloud
provider
lewin
on
the
call
has
also
been
involved
in
this
discussion
too,
so
great
to
have
more
more
involvement
and
really
as
you're
going
through
the
api
or,
as
you
see
things
here,
really
appreciate
your
feedback
throughout
and
welcome
yeah.
Anyone
else.
A
Cool
all
right-
well,
I
think,
that's
great
great
to
have
new
people
and
some
people.
Returning
with
that,
let
me
jump
right
into
the
agenda.
I'm
not
sure
who
added
this.
I
have
some
guesses,
but
I
think
we've
all
been.
We've
all
had
various
discussions
around
the
appropriate
status
code.
Here
it
is
almost
hilarious.
How
much
time
we
spent
on
the
you
know
determining
which
of
these
numbers
is
appropriate,
which
of
these
status
codes.
A
E
A
A
We
have
some
people
out
of
office
that
are
other
sig
network
api
reviewers,
so
tim
is
basically
the
last
person
on
the
hook
and
it's
notoriously
hard
to
schedule
something
where
everyone's
available,
but
this
has
led
me
to
a
broader
themed
idea
of
if
we
could
get
to
a
kind
of
standard
release
sequence
where
you
know
we
know
every
four
months.
Let's
say
we're
cutting
a
release.
Then
we
can
schedule
time
with
these
api
reviewers
months
out
and
block
off
this
block
of
time
on
their
calendars,
where
we
can
all
meet
and
discuss.
A
Like
I
don't
know,
we
started
as
a
503
as
as
a
way
to
represent
when
traffic
is
reaching
the
gateway
and
there's
a
route
that
matches
the
request,
but
that
route
is
supposed
to
forward
traffic
to
a
service
and
that
service
does
not
exist
or
cannot
be
resolved
for
some
reason
right.
So
it's
that
that
kubernetes
reference
is
invalid
for
some
reason.
A
A
I
would
spend
some
time
going
through
the
rfc.
He
seems
to
have
it
memorized.
At
this
point.
I
still
actually
have
to
refer
back
to
it,
but
you
know
I
went
through.
You
know
I
think
the
the
status
codes
that
make
the
most
sense
at
first
we
had
well.
First
we
had
503.
Then
we
went
to
404
because
okay
did
not
find
a
current
representation
for
the
target
resource
seemed
to
make
sense,
but
then
I
think
it
was
mike
had
some
concerns
about
that.
A
A
Don't
need
to
be
more
descriptive
than
that
502s
felt
slightly
more
accurate,
although
the
404
description
feels
relevant
it's
in
the
wrong
class,
in
that
it's
a
client
error
instead
of
a
server
error
which
all
came
back
to
502.
so
without
wasting
too
much
time
on.
This
does
502
make
sense
to
the
group
of
people
on
this
call.
D
E
D
E
I
think
I
mean
I
think
that
the
relevant
thing
here
is
like
we're
going
to
be
whatever
we
do
here.
It's
going
to
be
not
100
correct,
because
the
because,
like
the
the
you,
the
spec,
doesn't
really
like
the
the
exact
codes,
don't
really
mean
like
there's,
there's
no
exact
thing.
That
means
you
know
hey.
This
is
going
through
a
proxy
and
the
proxy
can't
get
to
the
back
end
like
for
some
reason
like
it.
I
think
the
the
more
the
the
first
case
that
rob
talked
about.
It's
not
that
you
made
a
request.
D
A
A
Like
I,
I
get
what
you're
saying
like
service
unavailable,
the
name
is
correct,
and
then
you
read
the
the
rfc
reason
you're
like
well,
not
quite
if
I
have
a
two
back
gateway,
the
name
is
correct,
but
as
you're
pointing
out
it's
not,
you
know
it's
not
like
we're
making
an
upstream
request.
Unless
you
call
that
upstream
request
to
the
kubernetes
api
server
and
hey,
I
didn't
get
a
response
from
it
or
I
didn't
get
the
response
I
wanted
from
that.
I
there
there
is
no
perfect
translation
that
I
can
think
of
here.
A
E
E
A
G
It
I
filmed
my
issue
countdown
dropping
in
slack
in
the
chat.
Sorry,
I
think
the
one
thing
I
was
trying
to
disambiguate
is
the
case
that
you
were
specifically
calling
out
the
attempted
reality
into
a
bad
back
end
from
all
the
back
ends
exist
and
like
are
configured
properly,
but
there's
no
matching
route
that
one
we
might
want
to
keep
as
a
404.
F
Yeah
404,
for
that
one
makes
sense,
even
if
it's
not
like
kind
of
like
you
know
there
isn't
a
proxy
404
equivalent.
Maybe
that's
something
we
should
suggest
to
the
itf,
but
you
know
whatever,
but
it's
like
it
is
a
commonly
understood
to
be
like
this
thing.
Isn't
here
response
code?
It's
like
it's
also
like
500,
I
usually
say
like
something
went
wrong,
whereas
not
finding
like
having
no
configuration
is
not
something
that
went
wrong.
It's
the
expected
result
of
not
having
any
configuration
for
that.
E
Yeah
yeah
agreed,
I
think
I
think
yeah
the
one
where
it's
going
to
get
a
little
tricky
is
the
route's
not
accepted
case,
because
the
if
you,
if
you
go
back
to
the
that
comment,
rob
the
the
one
that
mike
mentioned
there.
The
route's
not
accepted
case
due
to
an
issue
like
supported
kinds
or
you
know,
for
example,
your
reference
policy
removed
or
something
like
that
like
it,
it's
going
to
just
get
we're
actually
going
to
have
to
be
very
specific
about
about
with
different
error
classes.
E
We're
going
to
have
to
say
this
one.
This
one
is
a
404.
This
one
is
a
503
or
50
500
whatever,
like
the.
I
think
we
might
have
to
have
some
guidance
in
the
actual,
like
implemented
guidance
in
somewhere
in
the
actual
thing
that
yo
says
that
actually
lays
out
every
case
we
can
think
of
and
what
needs
to
happen
and
then
have
tests
to
make
sure
they
to
make
sure
that
those
things
are
actually
what
happened
it
could
be.
E
Maybe
maybe
the
answer
here
is
to
either
write
a
longish
issue
that
documents
the
exact
like
each
use
case
and
what
happens
and
or
a
gap
or
something
I
don't
know,
but
it
feels
like.
We
actually
need
to
have
a
document
that
writes
out
here's
all
the
places,
all
the
things
that
we
can
think
of,
and
here's
the
the
the
use
cases
and
if
we
come
up
with
any
more
use
cases
we'll
add
them
to
this
document.
G
I've
been
meaning
to
consolidate
my
assorted
issues
into
a
gap
or
something
like
that.
I
think
like
from
the
implementation
side,
it's
actually
more
straightforward
than
it
may
appear
at
first,
because
the
not
accepted
case
just
means
it
doesn't
get
programmed.
So
it's
actually
like
the
default
handling
of
it.
It's
the
same
as
like
just
a
not
match
thing
so
yeah.
E
F
A
Yeah,
I
agree
actually
shane
were
you
about
to
say
something.
I
hope
I
didn't
cut
you
off
nope.
No,
I'm
just
imagining
sorry
all
right.
So
with
that
said,
does
my
conclusion.
As
I've
outlined
in
this
agenda,
dock
makes
sense
if
there's
no
matching
routes,
it's
a
404
if
there
are
matching
routes,
but
the
back
ends
are
either
not
found.
Not
they're
missing
can't
be
routed
to
it's
a
500..
E
F
It's
kind
of
weird
to
me
because,
like
the
client
that
receives
these
errors,
isn't
going
to
be
able
to
do
anything
with
them
or
really
care
about.
You
know
what
they
happen,
like
the
thing
that
actually
matters
for
getting
it
fixed
is
like
the
admin
who
manages
the
http
route
will
see
like
a
condition
on
it.
It
says,
like
you,
can't
do
this,
because
it
conflicts
with
the
other
thing,
and
you
take
this
corrective
action,
whereas
the
client's
like,
oh
okay,
it's
an
error
message.
I
guess
I
shouldn't
do
that.
E
Yeah
yeah,
I
don't.
I
think
that
personally
I
would
say
this.
This
to
me
rates
is
one
of
the
things
where
practically
there's
probably
tmi,
to
give
a
client
that
you
know
any
any
internal
details
about
how
the
proxy
works
or
anything
like
that
feels
risky
to
me
to
give
to
give
to
the
client,
because
it's
one
of
those
things
that
feels
like
it
might
turn
out
to
be
really
handy
for
enumerating
for
attackers
to
enumerate
exactly
what
has
been
used.
If
you,
if
we
put
too
much
information
in
there.
D
D
A
H
Yeah
there's
a
couple
things
going
on
in
here:
well,
first,
oh
no!
This
is
that
one
okay,
so
I
just
kind
of
feel
like
the
change
log
process
that
I
just
went
through
is
a
little
bit
tedious.
So
I
thought
that,
instead
of
having
to
put
your
change,
log
entries
in
your
issue
is
kind
of
like
just
a
blurb,
and
then
somebody
has
to
go
through
and
find
them
later.
H
E
G
G
We
have
a
similar
system
to
what
you're,
describing
with
the
directory
for
contour,
x
or
console.
The
issue
we
found
with
updating
a
single
change.
Log
file
is
that
it
frequently
makes
prs
stale
and
conflicted
when
you
update
the
change
log
and
then
one
merges
and
then
another
update
said
I
don't
know.
I
haven't
looked
this
closely
to
see
if
that
might
be
susceptible
to
this
issue
or
not.
H
I
mean
there
will
probably
be
some
conflicts
right
after
we
merge
it.
I
would
guess,
but
in
general
the
way
I've
seen
prs
go,
I
mean
one
goes
through
every
couple
of
days.
We
usually
put
the
thing
on
there.
I
think
it
would
be,
and
we
don't
usually
split
our
releases
up
very
much.
We
usually
just
have
everything
in
there
when
we
release.
So
I
don't.
E
A
I
yeah,
I
agree
with
everything
that's
been
said.
I
am
concerned
about
you
know.
In
the
past,
we've
had
different
files
that
ended
up
being
points
of
conflict
where
every
pr
had
a
conflict
needed
rebase,
and
we
took
a
lot
of
effort
to
avoid
those
and
to
re,
rework
our
infrastructure
to
get
rid
of
those
points
of
conflict.
A
This
feels
like
something
that
could
introduce
that
again
because
of
that
I
would
prefer
to
hold
off
on
it
until
after
rc
goes
in
just
so
that
we
we
at
least
get
an
rco,
but
with
that
said,
I
I
am
interested
in
trying
this
out.
I
really
appreciate
all
the
effort
you
went
to
shane
to
run
through
all
those
pr's
and
get
the
changes
out
and
try
and
make
them
into
something
sensible.
Creating
a
change
log
is
not
easy,
especially
with
our
current
lack
of
tooling.
A
H
Yeah
so
travis
and
I
both
have
been
pondering
the
because
we
have
two
implementations
of
gateway
api
now
and
in
both
of
those
implementations,
we've
kind
of
run
into
the
kind
of
interesting
conundrum
conundrum.
That's
the
status
addresses,
don't
necessarily
make
sense,
so
the
the
way
status
addresses
is
documented
on
the
gateway
right
now
is
basically
just
all
addresses
that
ip
addresses
that
the
gateway
is
bound
to.
H
So
in
theory,
I
mean
you
could
put
load
balancer
ips
from
services,
cluster
ips,
pod
ips.
You
could
put
whatever
you
want
on
there,
but
there's
kind
of
this
problem
of
there's
no
context
so
like
as
it
stands.
Right
now
we
put
the
load
balancer
ips
in
our
alpha
implementation.
We
just
put
the
load
balancer
up.
H
We
make
them
the
first
one
so
that
they're
kind
of
the
the
nice
cube
cut
will
get
displayed
ip
address
and
the
only
usage
for
these
addresses
for
us
right
now
tends
to
be
to
just
go
talk
to
the
gateway
via
the
load
balancer
ip
address,
which
is
a
context
that
we
can
only
figure
out
because
we're
humans
so
like
the
the
the
actual
underlying
api
type
for
these
addresses
is
just
a
list
of
strings
so
like
there's.
No
none
of
that
context
can
kind
of
be
programmatically
determined.
H
So
if
you
wanted
to
kind
of
do
an
integration
where,
like
some
piece
of
code,
wants
to
go
talk
to
the
address
or
to
the
gateway
it,
it
would
need
the
context
of
knowing
like
how
it
might
want
the
context
of
knowing
that
it
wants
to
do
it
over
the
cluster
network,
as
opposed
to
like
the
public
internet
stuff,
like
that.
There's
no
way
to
do
that
today.
H
So
I
just
wanted
to
kind
of
throw
that
out
there
that,
like
it's
very
limited,
what
we
can
do
with
the
addresses
today,
we
pretty
much
only
meaningfully
put
the
load
balancer
ip
address
on
there
at
the
moment,
but
we
want
to
do
potentially
more
wondering
if
other
people
had
a
similar
or
dissimilar
experience,
so
just
kind
of
open
the
floor
to
people's
opinions.
Here.
F
F
F
It's
internal,
it's
kind
of
the
open
question
where,
like
definitely
with
ingress
we've,
also
seen
where,
like
people
will
use
ingress
configured,
you
know
proxies
for
traffic
that
is
internal
to
the
cluster
and
whether
like
there
is
any
purpose
to
having
like
cluster
ips
for
those
types
of
clients
or
if
we
just
kind
of
say,
like
you
know,
it's
a
bit
non-standard.
So
if
you
want
to
do
that,
you
just
grab
grab
the
service
host
name
and
use
it
instead,.
E
Yeah,
I
think
it's
in
my
mind.
It
was
definitely
intended
to
be
a
similar
behavior
to
the
to
the
ingress
and
service
like
load
balancer
address
stanzas,
where
it's
like.
The
point
of
this
thing
is
that
if
you
programmatically
want
to
know
how
to
connect
to
this
gateway,
you
can
look
at
the.
You
can
look
at
the
addresses
and
you
should
be
able
to
connect.
E
You
know
from
from
the
view
to
that
address
from
the
context
that
the
gateway's
relevant
for
most,
which
most
of
the
time
is
going
to
be
outside
the
cluster.
You
know,
like
you,
don't
know
about
cluster
internal
networking
internals
I
mean
that's
the
that's
the
sort
of
in
my
mind
the
definition
of
the
of
what
a
gateway
is.
Is
it
translates
from
things
that
don't
know
about
cluster
networking
internals
like
cluster
ip
to
stuff?
That
does
let.
H
Me,
let
me
give
you
an
example
of
where,
in
the
context
of
like
programmatically,
the
context
of
actually
talking
to
it
over,
the
local
cluster
might
be
important.
So
we
might
have
other
ways
to
solve
this,
but
at
least
currently
in
one
of
our
implementations,
we
have
the
notion
of
the
a
control
plane
which
runs
separately
and
being
able
to
communicate
with
this
data
plan,
with
our
gateway
over
addresses
that
it
finds
inside
of
the
gateway
addresses.
H
Theoretically,
I
mean
that's
kind
of
the
the
suggestion
of
like
a
different
context
that
might
be
worthwhile
and
in
our
case
we
at
least
potentially
have
a
use
for
that.
I'm
not
saying
that's
the
only
way
that
we
could
do
it
and
we
could
definitely
like
iterate
on
this,
but
there's
there
seems
to
be
something
there
that
you
would
want
to
potentially
have
like
hey.
I've
got
control,
plane
traffic
going
to
the
gateway
as
it
were,
and
that
control
plane
traffic,
probably
shouldn't
go
over
the
public
internet
when
it
doesn't
have
to
so.
A
Yeah,
I
think
I
think
this
is
really
interesting.
I
know
it
would
benefit
a
number
of
implementations
like
for
for
google
cloud.
We
have
internal
load
balancers
right
and
it
is,
although
most
people
who
are
provisioning
gateway,
class
ilb,
basically
know
that.
Okay,
this
is
going
to
give
me
an
ilb
if
you
want
to
write
something
programmatically,
just
against
gateways
as
a
whole.
Understanding
that
this
is
something
like
I
have
to
reach
a
different
way.
This
is
this
is
an
internal
address
that
requires
some
separate
way
of
referencing
it.
A
It
is
helpful
to
understand
that
this
type
of
address
needs
some
kind
of
custom
round
trip
or
logic
like
the
the
request
has
to
originate
in
some
other
place
or
some
other
way
or
in
the
in
the
case
where
there
are
multiple
addresses,
like
I
think,
shane
is
describing
here,
understanding
which
one
you
can
pick
like.
If,
if
I
know
that
I'm
in
the
same
network,
I
should
pick
the
one:
that's
you
know
the
same
ip.
A
I
think
I
I'm
not
sure
how
to
represent
this,
but
I
would,
I
think,
it's
useful
for
a
variety
of
different
cases.
I
agree
that
it's
it's
basically
the
same
thing
as
load,
balancer,
service,
type,
load,
balancer
or
ingress
addresses,
but
this
could
use
some
more
some
more
context.
I
think
so.
I
I
would
personally
love
to
see
a
gap
around
this.
E
Yeah,
I
think
I
don't
know,
I
think
that
yeah
right
writing
it
up
with
like
some
issues
and
some
some
sort
of
more
detail
about
the
exact
use
cases
that
people
are
thinking
here
would
be
useful.
The
in
my
mind,
I
think,
I'm
like
the
there's
two
things
that
I'm
thinking
of
like
I
can.
I
understand
it
is
good
to
have
more
context,
but
the
on
the
other
side.
E
B
D
B
D
Those
are
two
very
different
things,
and
even
with
with
the
second
one,
where
it's
you
know,
basically
it's
like.
Is
it
the
traffic
interfaces
or
is
it
the
the
management
interface?
You
know
which
could
be
the
same,
but
in
many
cases
won't
be.
You
know,
then,
if,
if
you're,
this
isn't
a
service,
but
you
know
you're
running
this
in
your
own
kubernetes
cluster.
D
H
Yeah
and
like
travis
corrected
me
because-
and
I
think
I
was
the
one
that
actually
did
this-
we
did
at
one
point
just
put
like
the
service
cluster
ip
into
this,
just
because
I
think
it
was
just
kind
of
a
misnomer,
but
all
we've
meaningfully
done.
The
only
thing
that
we're
meaningfully
doing
is
the
load
balancer
ip,
the
public
ip
address.
H
The
only
thing
that
we,
I
think
really
matters
today-
is
the
load
balancer
ip,
the
public
id.
So
maybe
it's
just
a
like
it's
possible
that
just
documenting
that
better
and
just
saying.
Actually,
this
is
just
for
publicly
internet,
accessible,
ips
or
or
something
like
that.
I
mean
something
that
kind
of
pushes
people
towards
using
it
for
the
purpose
that
is
most
generally
used.
Right
now
might
be
okay,
as
opposed
to
like
going
all
out
and
trying
to
add,
like
different
networking
contexts
that
you
can
add
to
your
ip
addresses.
E
Yeah,
I
think
I
think
that
documenting
it,
a
little
better
is
probably
good.
I
think
that
we
need
to
be
careful,
though,
because
it's
pos,
it's
possible
that
and
external
to
the
cluster.
Ip
may
not
be
a
publicly
visible
ip
right.
Like
that,
you
yeah
you
might,
you
might
be
doing
like
something
rob
talking
about
as
like
an
internal
load
balancer,
it's
internal
to
your
network
but
external
to
the
cluster.
E
All
right,
that's
the
like!
It's
the
outer
edge
of
the
cluster,
so
you
don't
know
about
cluster
networking.
That's
again,
I
keep
coming
back
to
that's
why
I
keep
using
that
language
to
talk
about
what
a
gateway
is.
Is
that
you,
you
have
stuff
that
is
owned
by
you
and
probably
uses
like
an
rfc
1918
space,
but
doesn't
it's
not
like
public
address,
but
it's
still
external
to
the
cluster
right,
and
so
that's
the,
I
think.
That's!
A
H
H
I
we
don't
necessarily
have
an
impetus
right
now
to
make
this
a
get,
because
we
can,
for
instance,
like
reference
the
service
that
is
ultimately
load
balancing
traffic
to
the
gateway
and
like
do
things
that
way
for
the
purposes
of
the
one
case
I
can
think
of
right
now,
which
is
like
the
control
plane
traffic
to
the
to
the
data
plane.
So
I
don't
know
if
I'm
actually
going
to
go
ahead
and
make
a
gap
on
this
right
now.
I
think
maybe
I'll
start
with
based
on
the
feedback
that
I've
heard
here.
H
Some
clarification
and
yes
I'll,
be
careful
about
what
you
just
said.
Nick
about,
like
you
know,
just
be
the
distinctions
that
are
made
in
in
what's
supposed
to
actually
be
in
there
and
then
maybe
something
else
will
come
of
it
later,
because
at
least
today
I
don't
know
for
sure
that
there's
anything
else
that
we
would
be
like
there
would
be
a
lot
of
pressure
for
us
to
make
any
other
change.
E
Yeah,
I
think
I
think
the
one
thing
that
I
would
also
include
in
that
is
that
it
it
feels
like
gateway.
The
gateway
api
is
all
about
defining
the
data
path,
not
about
the
control
part,
about
the
control
path
and
about
management
traffic.
So
I'd
be
pretty
minus
one
on
on
any
of
the
addresses
that
are
included
in
that
status,
having
anything
to
do
with
the
control
plane,
I
think
if
we
want
to
do
something
else
for
control
plane,
we
should
do
a
separate
control
plane
thing
that
is
very
clearly
separate.
A
I
guess
also
agreeing
on
something
nick
had
said
earlier
that
I,
when
I
see
addresses
in
status,
I
assume
that
they
are
externally
accessible.
What
I
think
could
be
helpful,
at
least
the
cases
that
interest
me
about.
This
is
some
kind
of
optional
indicators
additions,
some
some
kind
of
indication
that
this
address
may
not
be
externally
accessible
but
is
accessible
via
this
particular
with
this
specific
modification
like
this
may
be
internal
to
your
network
internal
to
your
cluster.
A
Some
other
thing,
some
set
of
well-known
traits,
as
has
kind
of
been
alluded
to
this,
is
a
very
similar
problem
in
the
service
and
ingress
apis
that
we
have
survived
without
any
better
representation
of
that,
so
it
can
work
without
any,
but
I
I'm
open
to
a
better
way
to
represent
that.
Obviously,
we
have
motivation
for
that.
I
know
I've
seen
some
implementations,
maybe
it's
istio,
where
they.
A
The
first
thing
they
set
in
gateway
status
addresses
is
a
hostname
for
service
and
then,
if
that
services
type
load
balancer
it
switches
over
to
the
load
balancer
ip,
when
it's
assigned,
so
you
could
see
it.
You
could
see
like
in
that
initial
step.
You
may
want
to
have
some
kind
of
indication
hey.
This
is
not
broadly
accessible.
It's
limited
to
the
cluster
you're
in.
I
think
there's
probably
some
other
use
cases
like
that,
but,
as
of
others
have
said,
we've
survived
without
this.
A
Cool
all
right,
I
candace.
Thank
you
yes
june
20
is
a
new
u.s
holiday.
I
I
meant
to
add
this
to
the
agenda.
Thank
you
for
adding
it.
I
personally
have
the
day
off,
so
I
am.
I
will
not
be
able
to
make
it
to
the
meeting.
Are
there
enough
people
that
would
like
to
continue
to
have
a
meeting
on
june
20
so
a
week
from
today.
A
Okay,
I
will
call
that
cancel
all
right.
Next,
one
is
the
o5o
milestone.
There's
been
some
movement
in
here.
Thank
you
to
nick
for
adding
most
of
these
issues.
This
is
basically
just
a
follow-up
from
tim's
feedback.
Last
week
I
have
addressed
two
of
them.
I
chatted
with
meha
about
the
last
one
in
here
the
status
code,
one
she
has
said
that
she'll
get
it
done
in
the
next
24
hours
or
less.
A
A
I
would
appreciate
any
reviews
on
this.
I
think
hope
this
one
is
pretty
straightforward
and
the
last
one
is
just
that
where
we
had
web
hook
and
crd
validation,
this
just
changes
it
to
just
web
of
sorry,
crd
validation,
so
a
net
removal
of
lines.
In
this
case,
so
two
relatively
small
changes.
I
would
love
to
get
these
in
asap.
A
G
E
A
Good
call
thanks
for
that
reminder
with
that.
I
set
aside
some
time
tomorrow
for
myself
to
work
on
cutting
rc
one
out.
I
I'm
really
hopeful
that
tomorrow,
at
the
same
time,
we'll
actually
be
able
to
get
rc1
out
the
door
with
that
said,
I
am
very
welcome
to
anyone
who
wants
to
be
part
of
that.
If
you
want
to
just
sanity
check
what
I'm
doing,
cutting
a
release
is
still
kind
of
a.
A
We
have
documentation,
but
we've
also
changed
a
lot
since
our
last
major
release
so
like
this
is
our
first
time
with
release
channels,
so
a
second
set
of
eyes,
or
a
third
or
fourth
or
whatever
double
checking
what
I'm
doing
or
if
someone
else
wants
to
drive
I'm
great
with
that
too.
But
my
goal
is
to
cut
a
release
tomorrow
afternoon
if
it
makes
it
and
by
tomorrow
afternoon
I
know
everyone's
in
a
different
time
zone,
but
I
mean
the
same
time
is
now
just
tomorrow,
just
24
hours
from
now.
F
Yeah,
so
I
was
looking
at
basically
previously.
We
kind
of
didn't
really
do
listener
conflicts
correctly
for
a
variety
of
reasons.
Looking
at
finally
implementing
those
properly,
it
seems,
like
you
know,
hey
if
you
have
an
existing
listener,
there
is
nothing
stopping
you
from
just
changing
the
hostname
port
or
protocol
to
something
else
that
could
result
in
a
conflict
and
overall
it
looks
like
the
designing
or
listener
conflict
system.
I've
tried
to
make
it.
So
the
idea
is
that
if
you
add
a
new
listener,
that's
conflicted
it
doesn't.
F
F
It
seems
like
the
only
way
that
you'd
be
able
to
track
that
like
if
you
you
know,
enforce
that
you
have
to
like
need
to
say,
like
you
know,
if
something
critical
in
the
listener
changes,
so
it's
hostname
porter
protocol,
you
essentially
have
to
treat
it
as
new
and
remove
that
sort
of
precedence
from
it
and
that
seems
like
you'd
have
to
maintain
state,
which
I
think,
generally,
you
don't
want
to
do
in
a
reconciler.
So
I'm
curious.
E
E
You
know
change
a
kubernetes
object
and
have
your
config
go
away,
but
at
the
same
at
the
end,
at
the
same
time,
the
config
just
change
like
the
config
is
changed
like
I,
I
am
kind
of
a
bit
of
a
purist
that
whatever's
in
kubernetes.
You
should
do
and
if
it's
broken
then
yeah
sure
it
breaks
be
careful
yeah
like
yeah.
E
That's
I
think
the
the
trying
to
hold
state
in
the
controllers
like
you're
talking
about
is
so
fraught
with
race
conditions
and
danger,
and
you
know
all
that
sort
of
stuff
that
I'm
you
I'd
kind
of.
You
say
like
I.
I
don't
think
it's
worth
the
the
sort
of
trade-off
in
user
experience,
because
the
big
risk
you
run
by
doing
that
sort
of
thing
is
that
you're
trying
to
do
stuff
to
hold
the
user's
hand
to
make
sure
that
they
don't
cause
himself
a
problem.
E
F
Yeah
they're
still
at
least
informed
about
it
and,
like
you
know,
one
of
those
listeners
will
definitely
be
conflicted
so,
like
they'll
know
that
there's
some
click
conflict
available,
even
though
it's
not
both
of
them
that
standpoint
up
at
least
okay
with
it,
but
I
can
see,
like
you
know,
yeah
just
you
know.
If
you
make
break
like
bad
configuration,
will
warn
you
about
it
and
like
you,
it
will
actually
be
broken.
A
To
be
determined
how
that
works
out,
but
it
is
something
we're
exploring
this
is
this
is
a
tough
problem.
I
I
don't
know
I
I
I
completely
understand
and
get
the
idea
of
it
like
what
nick
was
saying
like
we
should
do
what
the
user
wants
like
it
in
many
ways,
it's
better
to
fail
more
quickly,
so
that
it's
when
a
user
is
changing,
something
and
so
they're
aware
of
it
they're
there
they
can
recover
as
opposed
to
changing.
A
This
is
a
I
don't
have
a
good
answer.
I
I
just
we're
exploring
something:
we're
exploring
a
different
approach,
I'll
try
and
do
some
digging
and
see
what
we
can
like.
There's
some
docs
I'll
see.
If
what
we
can
share,
but
high
level,
it's
trying
to
it's
trying
to
store
last
known
good
state
somewhere
else.
F
That
one
may
work
for
us
reasonably
well
like
we
have,
unfortunately
like
state,
that's
outside
the
controllers
already,
which
causes
us
problems,
but
we're
not
going
to
get
rid
of
it
anytime
soon.
So
we
could
take
an
approach
of
like
you
know.
If
you
create
configuration
that
results
in
a
conflict
like
you,
we
just
won't,
even
if
you
added
like
other
listeners
that
aren't
conflicted
in
that
same
set
of
changes,
we
just
don't
apply
to
until
you
clear
all
the
conflicts
yep.
E
Yeah
so
like
we've
had
so
one
of
the
biggest
concerns
I
have
so
we've
had.
One
of
the
biggest
problems
we've
had
in
contour
is
that
okay,
I'm
going
to
delve
into
some
implementation
details
for
a
second,
because
they
are
relevant.
Give
me
a
minute
so
that
when
you're,
when
you're
doing
an
envoy,
xcs
programming
envoy
can
send
back
a
ack
or
a
knack
whenever
you
send
changes
right
now,
contour
doesn't
handle
the
knack
case
where
you
send
config
to
envoy
and
it
it
basically
says.
E
I
can't
accept
this
for
some
reason
and
contour.
Does
it
just
drops
that
on
the
floor
and
so
it'll
just
keep
trying
to
send
the
bad,
config
and
boy
I'll
say
hey?
I
can't
take
that
practically
what
that
means
is
for
users
is
that
if
we
generate
a
bad
config,
because
we
take
some
user
user
intent
and
turn
it
into
onboard
config
and
send
it
over
to
envoy
and
envoy
responds
back
and
says
no.
E
I
think,
if
you're
going
to
do
something
like
that,
an
external
data
source
out
of
the
controller
is
a
necessity
because
of
the
problem
that
if
your
controller
restarts
for
some
reason,
if
you're
holding
that
state
and
your
controller
restarts
and
you
then
then
the
change
will
you
then
it'll
start
up
and
then
then
the
config
will
be
dropped,
probably
because
you'll
read
it
in
as
new
as
net
new
and
be
like
hey.
I
don't
have
a
last
name
good
conflict.
This
config
is
bad.
You
know
I'm
going
to
send
no
config
right,
like
that.
E
F
A
So
I'm
interested
in
in
what
that
means
or
how
that
would
work,
you're
right
with
ingress
with
ingress
class.
It's
just
invalidation
that
exists
inside
core
code,
api,
slash,
validation
for
networking,
but
the
same
thing
we
have
web
hook,
validation
for
gateway,
class
controller
name
that
enforces
immutability.
A
I
really
wish
there
was
a
built-in
construct
that
did
for
us.
There's
not,
but
we
do
have.
We
do
have
a
thing
in
gateway
api.
That
means
immutable.
With
that
said,
for
this
specific
concept,
it
feels
complicated
what
what
defines
a
listener?
Is
it
the
listener
name?
Is
that
kind
of
the
the
thing
that
so,
if
you
change
name
at
the
same
time
as
you're,
changing
host,
name,
port
and
protocol?
Does
that
just?
Is
that
fine?
Because
it's
a
net
new?
A
I
think
that
would
be
a
little
hard
to
define
and
then
my
other
concern
is,
as
we
are
nearing
a
beta
release
once
we
get
to
that
point.
Adding
more
restrictive
validation
is
going
to
be
near
impossible,
unfortunately,
but
if,
if
there
is
a
compelling
thing,
it
may
be
something
we
can.
We
could
look
at
between
rc1
and
but
I
it
sounds.
E
Yeah
we've
we've
specifically
left
the
exactly
how
the
listeners
work
to
be
up
to
the
implementations.
Like
the
you
know,
we've
got
some
guidance
that
hey
you,
can
it's
it's
acceptable
to
take
multiple
gateways
that
have
distinct
listeners
and
merge,
merge
the
gateways
into
like
an
eventual
config.
That's
100
fine
and
we
did
like.
E
I
think
it
is,
as
you
say,
it's
a
very
complex
problem,
but
I
think
the
the
the
overarching
question
that
is
very
important
for
us
to
answer
is
how
much
behavior
should
we
mend
like
how
much
user
protecting
behavior?
Should
we
mandate
in
the
upstream
api
like
how
much
should
we
encourage
people
to
do
that?
That's
the,
I
think,
that's
the
sort
of
the
underlying
question
that
underlies
this
symbol,
probably
underlying
other
other
issues
as
well
and
having
an
answer
to
that
question
I
think,
is
really
important.
E
I
mean
you
can
tell
by
what
I've
been
saying
you
I
my
my
opinion
is
this:
is
software
for
people
who
should
have
a
fair
idea
of
what
they're
doing
it's
bet.
It
is,
at
the
end
of
the
day,
a
better
overall
user
experience
to
like
screw
over
the
people
who
are
making
conflict
changes
than
it
is
to
screw
over
the
end
users
and
have
you
change
copy
changes
happen
at
random
translator.
B
B
E
A
A
A
All
right,
I
think,
nathan
added
this
one
and
unfortunately
he
had
to
leave.
I
missed
that
we
could
have
moved
this
up
in
the
agenda,
but
I
think
this
is
this
specific
pr
is
about
conformance
yeah.
I
have
been
failing
to
get
caught
up
on
conformance
tests.
I
I
do
want
to
get
some
of
these
conformance
test
vrs
in
as
soon
as
possible.
I
think
nathan
is
saying
that
this
is
ready
to
go
and
we
can
leave
additional
assertions
for
later.
E
But
I
think
that
this
one
is
a
good
is
a
good
example
of
a
thing
that
that
I
also
want
to
talk
about.
I
know
we're
almost
out
of
time,
but
I
just
wanted
to
drop
it.
I
can
drop
it
and
run
the
that
right
now.
We
don't
have
any
way
for
implement
for
the
conformance
test
to
conform,
assess
all
or
nothing.
If
you
install
just
the
standard
crds,
then
you
will
not
pass
conformance
because
it
includes
tests
about
reference
policy
and
reference
grant
which
are
not
in
the
standard
crds.
E
So
I
think
we
we've
got
two
things
we
need
to
solve
here,
number
one.
We
need
to
move
reference
grant
to
just
to
be
in
the
standard
ones
as
soon
as
possible,
which
I
think
we
need
to
do
anyway,
but
also
we
need
to
have
some
mechanism
that
you
can
specify
like
what
resources
you're
being
conformed
for
or
what
version
you're
being
conformed
for,
or
something
like
that.
We're
going
to
need
something
like
that
as
well,
because
the
current
conformance
test
suite
is
for
like
layer,
7
controllers,
not
for
layer,
4
ones.
E
G
E
E
A
Yeah
it
that
took
me
off
guard
too,
because
it's
weird
to
move
reference
policy
or
grant
to
experimental,
because
it
I
mean
technically
we're
just
moving
a
subset
of
things
to
stay
to
standard
and
everything
prior
to
that
was
always
experimental,
but
it
still
feels
weird
because
the
you
know
prior
to
o50
the
standard
set
up
or
the
default
set
of
crds
and
be
careful
of
my
wording
here.
The
default
set
of
crds
we
installed
included
reference
policy
and
in
o50
it
won't
you'll
have
to
install
experimental
crds.
A
For
that,
that's
gonna
be
weird
and
so
yeah
like
like
you're
saying
we
need
to
be
careful
in
how
we
document
this
and
how
we
communicate
it.
I
once
we
cut
rc
one.
I
want
to
spend
a
lot
of
time
working
on
documentation,
blog
posts,
etc,
making
this
approachable,
because
it's
a
big
change
and
as
much
as
it
could
technically
be
a
no
op
for
implementations
of
the
api.
A
It's
going
to
require
some
thought
and
understanding
for
anyone
trying
to
upgrade
themselves
so
yeah,
okay,
yeah,
that's,
I
think,
that's
all
I
have
and
we're
at
time
any
last
things
before
we
call
it
all
right.
I
will
see
everyone
in
a
couple
weeks
and
enjoy
your
week
and
we'll
talk
to
you
soon.
Hopefully,
after
an
rc
cool,
see,
ya.