►
From YouTube: Network Policy API Bi-Weekly Meeting for 20220815
Description
Network Policy API Bi-Weekly Meeting for 20220815
A
Awesome:
okay,
hello.
Everyone
today
is
august
15
2022..
This
is
a
meeting
of
the
sig
network
policy,
api
subgroup,
cig
network.
This
is
a
cncf
certified
meeting,
so
normal
normal
roundabout.
Please
be
nice
to
each
other
and
yeah.
Let's
see
if
we
can
get
some
stuff
done
today,
so
there
is
not
much
on
the
agenda
for
today.
I
just
wanted
to
highlight
that
I
have
a
website
in
progress
to
document
the
admin
network
policy
api
just
so
that
I
can
like
publicly
announce
it.
A
I
haven't
really
announced
the
api
in
any
channels
yet
just
because
we
had
no
documentation
and
I
didn't
want
to
like,
throw
it
out
there
without
any
documentation,
and
in
line
with
that,
I
haven't
had
much
time
to
do
it.
I
got
to
work
on
a
little
bit
more
today,
but
if
folks,
you
know
are
watching
this
and
want
to
get
involved,
this
is
a
really
awesome
way
to
get
involved.
It's
helping
me
do
this.
A
I'm
kind
of
copying
the
gateway
api
in
this
setup,
but
yeah
I'm
definitely
open
to
thoughts
on
how
we
can
make
it
better.
You
know
what
we
need
to
add
and
I
think
this
should
be
done
before.
At
least
I
start
working
on
implementation
for
oven,
kubernetes
and
hopefully
yang
does
for
andrea.
So
just
something
I
wanted
to
highlight.
B
Is
this
like
an
api
or
a
website,
that'll
go
on
github
like
as
a
readme,
or
is
this
going
to
be
like
I
don't
know
in
the
kubernetes
main,
like
a
page
or
whatever.
A
I'm
mimicking
what
gateway
api
does
and
it's
just
a
github.
It's
basically
a
website
hosted
on
github
pages,
so
I'm
gonna,
I
was
planning
on
doing
the
same
thing
like
I
literally
am
using
their
the
same
library
called
mk
docs
to
build
it,
and
I
was
kind
of
following
their
layout.
It
just
seemed
easiest
to
like
kind
of
align
all
the
apis
coming
out
of
network
to
be.
You
know,
following
the
same
thing.
A
B
B
A
C
Back
from
vacation
good
to
see
you
good
to
see
you.
A
So
I'm
good
to
go
awesome.
I
was
just
talking
about
I'm
working
on
a
website
to
document
the
admin
network
policy
api.
While
you
were
gone,
the
first
draft
of
the
api
did
merge,
so
we're
kind
of
off
to
the
races
now
and
off
to
the
races.
I
haven't
had
much
time
to
work
on
it.
A
No,
I
need
to
figure
out
how
to
auto
render
it.
I
think
I
need
I
would
need
to
add
a
github
actions
to
that
repo,
but
like
right
now
you
can
just
clone
it
and
it's
using
empty
docs,
so
you
can
okay,
okay,
use,
mk,
docs
locally,
to
see
what's
going
on,
but
I'll
put
that
as
an
action
item
and
figure
out
how
to
do
that.
Apart
from
that,
next
steps
are
going
to
be
kind
of
promoting
it
out
to
people
to
spread.
A
Awareness
like,
I
think
the
community
of
folks
who
know
about
this
api
is
pretty
small.
So
once
I
get
like
some
basic
docs
set
up,
I'm
going
to
start
pushing
it
on
twitter
and
all
the
necessary
media
outlets.
I
don't
know
I'm
an
engineer,
not
a
community
manager
yet
so
anyway,
that's
where
we're
at
there.
Apart
from
that,
this
group
has
been
really
quiet
over
the
past
couple
months,
so
I
know
dan.
A
D
I
mean,
if
you
have
nothing
to
talk
about,
then
you
don't
need
to
keep
having
the
the
meetings
you
know
if
people
come
up
with,
you
know.
If,
if
people
find
the
need
for
a
meeting
to
talk
about
a
mid-network
policy,
then
you
know
we
can
bring
the
meeting
back
or,
if
suddenly,
there's
network
policy
stuff
to
talk
about
that.
Isn't
admin
network
policy,
then
we
could
bring
it
back,
but
yeah
there's
no
reason
to
keep
it
scheduled.
If
there's.
A
Anyone
right
and
there's
definitely
some.
Unfortunately,
I
don't
have
admin
rights
over
this
invite,
so
it's
kind
of
annoying
to
go
through
casey,
but
I
can-
and
there
is
stuff
to
talk
about
with
network
policy-
it's
just
a
matter
of
if
we
have
folks
that
want
to
own
it
and
that's
the
harder
part
right.
So
I
know
pair
you
guys
have
been
your.
Your
group
has
been
working
on
kind
of
changing
or
approaching
network
policy
differently.
Right
is
that.
C
We
want
to
reduce
the
amount
of
addresses
that
needs
to
be
known
in
any
given
part
of
the
system
right
and
with
sort
of
a
single
network
like
it
is
now
it's
very
simple
and
it
can
be
made
very
efficiently
and
because
it's
very
easy
today
right
to
say
if
the
pod,
if
an
address,
is
internal
to
a
system
or
not,
I
mean,
even
if
you
would
start
as
we're,
also
looking
at
sort
of
to
be
able
to
to
have
many
default
networks,
basically
default
network
per
per
per
name
space.
C
If
you
want
it's
still
quite
cheap
to
do,
but
if
you
then
start
looking
at
now,
we
have
this
from
me
check
right,
that's
produced,
that's
proposing
this.
How
to
do
multi-networking
call
it
properly.
Kubernetes,
then,
and
sort
of
I
really
like
the
way
network
policies
work
that
you
specify
relations
between
objects
that
your
specs
for
and
not
the
addresses
that
gets
tied
to
these
objects
later
on
right,
but
but
but
you
have,
this
need
to
be
able
to.
C
Tell
first
is
an
address
part
of
us
of
the
cluster,
regardless
then
of
where
it's
attached
right
and
it
might
not
be
as
simple
then
as
doing
just
with
a
network
prefix,
because
I
mean
someone
could
be
stupid
enough
to
have
an
l2
that
covers
not
only
one
cluster
but
many
clusters
and
external
things.
Then
you
actually
have
to
to
look
at
the
individual
address
to
see
if
it's
in
the
system
or
not.
C
So
so
I
think
that's
we're
going
to
have
to
have
a
lot
of
discussions
when
we
talk
multi-networking
to
make
sure
that
sort
of
the
semantics
of
what's
there,
which
I,
which
I
found
you
know.
I
changed
my
mind
a
little
bit
about
two
years
ago
to
be
extremely
sound,
that
we
can.
We
can
reduce
that
with
a
a,
not
too
high
cost
and,
of
course,
if
someone
set
up
system
with
with
the
not
the
smartest
networking,
the
cost
should
be
higher.
C
But
so
that's
what
I've
been
so
looking
at,
and
I
will
work
on
more
now
and
when
I'm
back
really
sort
of
to
help
my
check
to
to
make
sure
that
we
can
do
multi-networking.
C
That
then,
actually
works
in
real
life,
so
I
mean
I
don't
know
how
v6
how
much
v6
you
worked
on
right,
but
on
any
l2
you
can
put
on
as
many
l3
networks
as
you
want
right.
C
You
just
create
new
networks
and
you
have
a
router
that
push
out
prefixes
and
the
pods
can
then
from
one
network
interface,
get
new
addresses
at
any
given
time,
which
then
should
be
precisely
reported
up
into
the
kubernetes
model,
which
would
be
possible
at
piece
to
do
it
so
when
there
is
route
advertisements
and
so
on,
or
if
not,
if
something
changed
to
address,
because
of
timers
and
so
on,
that
that
should
be
possible
to
to
do
with
the
models
we're
having
and
the
way
we
specify
firewalls
with
policies
where
we
don't
have
to
care
about.
C
The
addresses
when
we
do
this
is
to
me
it's
it's
too
good
to
to
sort
of
do
anything
that
would
risk
that
way.
It's
it's
more
important
to
make
sure
that
it
can
work
over
any
interface
that
doesn't
matter
which
network
it
is
it's
because
you
said
that
this
obvious
cannot
talk
to
this
object.
Then
I
don't
care
actually
how
that
pack
gets
got
cut.
A
Well,
it
kind
of
sounds
like
a
network
policy
v2
discussion.
C
Yeah,
so
so
I
think
that
the
the
multi-networking
I
don't
know,
I
hope,
then
agree
sort
of
it's
a.
We
need
to
make
sure
that
the
semantics
is
upheld.
So
that
means
that
it
needs
to
be
people
from
all
networking
groups
in
there.
There
needs
to
be
network
policy
experts
in
there
to
sort
of
make
sure
that
we
do
it
so
that
we
don't
break
the
network
policies.
We
we
need
to
think
about
the
proc.
I
mean
the
the
the
q
proxy
and
the
load
balancing.
C
So
if
it's
going
to
be
able
to
be
set
up
to
work
on
any
network.
Well,
that
needs
to
have
the
same
semantics
and
also
to
understand
that
you,
you
will
not
be
able
to
see
everything
inside
kubernetes
right,
because
you
can
have
two
networks.
They
look
to
be
non-connected.
There
is
an
external
router
answer.
Make
sure,
then
that
we
don't
create
a.
I
rather
just
have
this
stuff.
C
That's
there
now
and
undefined
than
to
have
something
that
looks
like
it's
well
defined
and
explains
everything,
but
in
reality
it's
super
dangerous
because
it
doesn't
cover
all
its
real
life.
How
systems
are
set
up
and
real-life
networking,
then
it's
better
to
leave
it
undefined
and
say
if
you're
doing
this
you're
on
your
own
well,.
C
But
at
least
then
sort
of
you
say
you
broke
the
rules
yeah
and
so
that
that's
when
I'm
a
bit
scared
with
the
multi-networking
that
that
it's
so
easy
to
do
things
wrong,
and
if
that
then
is
designed
into
the
system
that
is
really
easy
to
it.
Was
there
everything
up,
then
it's
better
to
to
not
support
it.
A
C
A
C
A
A
Yeah
coping's
been
a
lot
of
fun.
I
still
like
the
idea
of
doing
network
policy
thing.
No,
the
only
thing
for
network
policy,
same
concept
well.
C
You
know
where,
so
what
what
we
will
push
we're
starting
the
implementation.
Now
I
mean
at
that
time,
there's
too
much
network
policy
today
is
a
specification
and
then
there
is
nothing
and
there
is
implementation
of
cni,
and
that
to
me
is
wrong
sort
of
so
much
of
it
is
controlled
that
that
should
be
made
into
something
that
gets
contributed
into
kubernetes,
so
that
the
same
thing
that
the
there
should
be
plugins
that
implements
the
specific
firewall.
But
the
decision
points
if
something,
if
a
can
talk
to
b
should
be
common
code.
C
I
don't
know
sort
of,
I
hope
to
be
able
to
be
part
of
at
least
pushing
for
or
sort
of
starting
up
a
community
project
that
will
do
that,
but
I
think
it's
I
find
it
a
bit
weird
that
there's
not
well
dan
is
here
now,
but
has
been
not
been
many
from
the
from
the
larger
cni
vendors
right.
That's
participating
and
discussed
this,
but-
and
I
can
understand
then
sort
of
you
say
that
no,
it's
not
a
good
idea,
because
it's
you
already
have
a
control
plane
right.
C
E
C
There's
sort
of
moving
things
around,
but
I
think
now
that
trying
to
organize
it
more
it's
supposed
to
be.
I
think
it
was
now
on
wednesdays,
every
other
wednesday
at
11.
I
think
right,
like
I
said
I
just
got
back
from
vacation.
It's
been
half
an
hour
meeting,
but
I
think
they're
extending
it
to
one
hour
meetings
now.
C
To
do
a
cap
and
propose
the
api
objects,
that's
needed
to
cover
this
and
it's
clear
that
we
all
have
very
different
requirements.
I
mean
I
need
a
system
where
you
can
represent
at
least
200
000
networks
so
because
sort
of
those
are
the
numbers
that
that
we
managed
to
handle
right
and
that's
like
not
200.
C
C
E
Should,
like
you
know,
help
maybe
evaluate,
and
then
I
think
the
point
that
you
bring
up
is
when
the
multi-networking
goals
guys
are
going
about
doing
their
stuff.
I
think
this
should
be
parallel
effort
going
on
in
this
the
network
policy
working
group
to
get
some
effort
moving
to
see.
Okay,
here's
what
you're
doing
here's,
how
it's
going
to
break
the
network
policy
or
not
break
the
network
policy.
E
C
I
know
in
started
to
implement
something,
but
he
made
the
assumption
that
each
network
was
not
connected
to
an
another
network
in
multistem.
It's
like
that
will
never
work.
You
can
never
sort
of
make
such
guarantees
and
sort
of
so
so
I
sort
of
I
don't
know
if
you
stopped
there.
I
he
joined
the
multi-networking
group.
Now
I
think,
to
see
what
goes
on,
because
a
lot
of
what's
in
malta's
right
will
sort
of
be.
I
mean
introducing,
in
that
case,
into
kubernetes
in
some
different
form,
but
I
still
think
that's
like
that.
C
I
don't
know
what
the
maybe
down
for
me.
The
time
track
is
three
years.
I
don't
think
it
will
be
quicker.
I
don't
think
it
should
be
quicker,
so
to
get
quicker
to
get
the
first
parts
in,
but
I
mean
to
finish
everything
it's
better
to
do
it
slow
and
right
than
too
quick,
and
I
mean
we've
seen
I
mean
we-
we
build
routers
and
load
balances
as
I
want,
and
the
large
network
systems
and
5g
ups
right
using
kubernetes
as
a
base,
and
so
we
know
that
is
possible.
C
It's
it's
very
possible
to
build
with
kubernetes
as
a
base,
or
we
use
openshift
as
any
sort
of
network
function.
It's
not
the
problem,
but
it's
difference
to
do
it
for
one
implementation
like
we
have
done
right
now
and
to
do
a
generic
that
will
support
anyone's
or
anyone's
or
any
way
to
do
it
or
many
ways
to
do
it.
So.
C
Yeah,
so
I
don't
know
if
it's
a
working
group
yet
just
started
with
was
totally.
C
Cool
I'll
I'll.
A
C
And
yeah,
but
so
I
like,
I
was
on
sickly
for
a
couple
of
months
right
and
then
vacation.
But
how
is
the
admin
policy
going?
It
looks
good.
A
The
first
v1
alpha
version
is
merged,
and
I
know
it's
been
on
my
back
burner
in
terms
of
priority
this
quarter,
but
the
next
steps
are
to
finish
documenting
it
and
then
actually
get
the
first
implementations
done
so
yang's
been
on
paternity
leave.
He
was
going
to
do
it
for
andrea.
I've
been
downstream
a
lot
this
quarter,
so
I
haven't
had
time
to
start
it,
but
anyone
else
who
would
who
would
want
to
get
going
on
it.
That
would
be
awesome
happy
to
help
yeah.
That's
that's.
E
A
The
api,
the
actual
api
has
also
so
we
are
pretty
much
ready
to
rumble.
I
haven't
made
like
a
general
announcement
about
it
just
because
we
had
no
documentation
like
you
go
to
the
github
and
it's
like
just
the
api,
and
I
didn't
want
people
going
there
and
having
no
idea
what
was
going
on.
So
I'm
working
on
a
website
right
now,
yeah
kind.
E
Of
so
yeah,
so
we
are
google.
We
are
planning
to
do
the
support
for
admin
network
policy,
so
there
are
two
options
for
us.
One
of
them
is
to
use
the.
As
you
know,
we
use
the
psyllium.
We
use
celium
underneath
the
ebpf
right,
the
data
plane
vector,
so
we
plan
to
implement
using
that.
Okay.
E
Option
is
to
do
work
with
tigera
to
do
the
category
implementation,
so,
okay,
so
our
first
priority
will
be
definitely
be
psyllium
stuff
and
I
think
we
are
planning
to
get
some
folks
working
on
it.
If
anyone
wants
to
join
us,
let
us
know
yeah,
but.
D
E
A
E
On
the
call,
as
well
he's
going
to
be
working
on
that
as
well,
yeah.
A
A
A
A
E
A
Believe
so
yeah
how
do.
A
It's
everyone
in
this
call,
I
mean
you,
you
me
and
yang,
I
think,
are
the
three
people
who
are
going
to
look
at
implementing
it.
I
didn't
know
google
was
interested
in
doing
it
for
cilium.
That's
awesome.
I
have
been
involved
in
a
lot
of
evpf
stuff
this
quarter,
so
it
really
okay,
so
follow
along
and
see.
What's
going
on,
there.
A
Yeah,
it's
not
fully
future
complete,
but
the
poc
is
up
and
done
it's
merged
in
three,
so
that's
kind
of
cool
we've
still
kind
of
been
working
on
it,
but
yeah
so
happy
to
help
out
with
the
yeah,
along
with
the
cilium
implantation,
and
I'm
going
to
look
at
implementing
in
an
oven
and
see
how
that
goes.
Okay,.
B
Did
does
anyone
have
any
plans
to
extend
cyclonus
to
admin
network
policy,
as
in
like
we
were
talking
a
lot
about
the
complementary
tooling
and
like
yep
just
to
what
pair
was
saying
like
that
sounds
like
the
first
good
place,
where
oss
can
at
least
help
us
all
out
like
if
we
all
are
conforming
to
the
same
tooling,
then
yeah
at
least
I'm
a
huge.
A
Plus
one
I've
had
a
pr
open
for
a
long
time
now
to
bring
cyclonus
into
the
re
into
our
repo,
and
I'm
I
just
I'm
timebox
like
I
do
not
have
enough
time
to
do.
I
can't
do
documentation.
I
can't
update
the
cap.
I
can't
do
implementations
like
I
need
help
like
fully
and
honestly
like.
I
need
help,
I'm
happy
to
work
with
anyone
who
wants
to
help
me,
but
I
can't
be
the
only
one
doing
it
so.
E
So
let
me
ask
this
question:
are
we
planning
to
officially
publish
a
set
of
conformance
tests
for
network
policy?
Is
that
is
that
something
that
you're
looking
at.
A
We
haven't
really
discussed
it.
I
mean
it's
something
if
we,
you
know
brought
cyclonus
into
our
fold
and
then
actually
wrote
like
a
set
of
tests
that
you
know
maybe
there's
a
baseline
conformance
for
network
policy.
Now
the
network
policy,
like
I'm,
I'm
happy
to
investigate
that
further,
I'm
totally
not
against
it.
I
mean,
I
think
it
makes
a
lot
of
sense.
E
A
And
and
raul
has
a
really
good
point
like
maybe
we
should
be
putting
our
effort
into
making
some
sort
of
conformance
via
maybe
via
cyclonus
or
whatever
else
before
we
start
implementing.
So
then
we
aren't
all
implementing
different
bits.
Obviously
different
bits
are
going
to
be
easier
to
implement
for
some
back
ends,
so
it's
it'd
be
good
to
align
us,
so
I
I'm
happy
to
make
issues
keep
going
forward.
I
just
haven't
had
much
time
for
this.
This
quarter
so
far,
so
hopefully,
next
quarter
will
be
a
little
different.
B
B
We
did
some
internal
surveys
or
like
surveys
with
our
customers,
and
so
we
had
some
data
on
what
people
are
doing
and
I
guess
what
what
we
want
to
do
is.
You
know
just
talk
through
what
we
have
and
then
hopefully
create
a
survey
that
we
can
send
out
to
the
sig
network
mailing
list
as
a
whole
and
then.
E
A
A
E
A
B
Yeah
yeah,
I'm
hoping
armed
with
the
data.
We
can
go
back
to
sig
network
and
make
a
strong
case
for
something
whatever
whatever
that
something
is
totally
yeah
like
next
week,
I'm
gonna
have
make
sure
we
have
the
data
ready
and
we'll
try
to
talk
through
it
in
this
meeting,
assuming
everyone's
okay
with
that.
A
A
Questions
comments
but
yeah,
essentially
the
end
of
the
day,
like
my
goal,
is
to
get
for
administrative
policy
to
get
this
documentation
done,
announce
it
and
try
to
get
people
excited
so
that
we
have
some
more
help
to
work
on
stuff
and
just
kind
of
get
it
out
there.
So
I'll.
Let
everyone
in
this
group
know
when
I'm
gonna
do
that
and
if
we
could
all
just
push
it
on
social
media,
anything
that
would
be
super
helpful.
So.
A
Cool
awesome:
well,
let's
give
everyone
30
minutes
back
reach
out.
If
there's
any
questions
and
we'll
keep
moving
forward
thanks
so
much.