►
From YouTube: Kubernetes SIG Network meeting 20200618
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
B
Okay,
let
me
let
me
bring
the
my
update
about
the
network
policy
for
Matt
Mira
interface,
so
crying
through
the.
As
you
know,
the
January
February
timeframe
I'm,
showing
the
edema
about
the
macula
Network
policy
as
the
prototype
under
still
I'm
working
on
the
ADIZ
code
and
then
the
I'm
bringing
the
update.
So
so
the
one
stuff
is
the
previously.
B
C
The
problem
we
then
hit
there
is
because
we
don't
control
the
control
plane,
that's
controlled
by
PI
AWS,
that's
still
running
on
the
the
a
degrace
Network,
and
it
knows
nothing
about
the
we
in
that
network.
So
any
admission,
weblog
communication
web
hooks,
for
example,
can't
be
triggered
from
from
the
control
plane.
So
one
thing
we
wanted
to
do
is
swap
out
the
specific
things
the
default
network
and
set
it
back
to
be
a
dove
USD
ni.
C
So
things
like
these
web
hooks
that
you
need
to
be
called
from
the
control
plane
rather
than
having
it
as
a
secondary
one
and
having
a
complication
there.
The
second
point
is
something
that
raised
as
an
issue
on
mortis.
Recently,
it's
being
able
to
add
the
already
agreed
upon
annotations
at
the
namespace
level,
rather
than
individual
pod.
C
So
one
being
it'd
be
nice
to
have
anything
in
the
Koon
system,
for
example,
uses
the
default
edge
where
CNI,
so
that
we
then
anything
can
go
in.
There
will
automatically
be
able
to
support
these
web
hooks
and
things
the
other
one
is
if
you're
in
a
multi-tenant
environment
it'd
be
nice.
The
teams
that
have
their
own
own
specific
namespaces
logged
off
to
there
would
be
good
if
they
could
have
their
own
kind
of
network
either
in
the
side
arrange
or
they
may
need.
C
A
special
connections
from
you
know
to
another
network
from
the
host
or
or
whatever,
and
then
also
you
know,
any
any
pod
annotations
would
be
the
the
overriding
aspect,
so
they
would
still
always
say
present
over
easily
the
namespace
wide
or
the
cluster
wide
animation
yeah.
How
they
fell,
wants
to
propose.
B
B
Thank
you
so
I'm
I'm
just
remember
that
the
previously
we
talking
about
the
Oberon
default
Network
India
disk,
the
community
that
time
they
made
my
expert
or
some
guys
is
mentioned-
that
if
we
replacing
the
over
the
default
Network,
let
Syria
is
a
zero
as
the
different
network
at
that
time.
T
as
the
foo
guarantee
that
the
connectivity
to
the
kubernetes
a
peer
stuff.
So
so
that
is
the
one
consideration
so
the
so
Kranti
we
do
not
have
any
clear
solution
for
that.
As
far
as
I
know,.
D
Yeah,
let
me
just
add
to
that
a
little
bit.
First
of
all,
Marcus
thanks
for
joining
I
think
this
is
a
great
place
to
talk
about
this
and
I'm
really
happy
to
hear
your
use
case.
I
had
been
kind
of
following
the
bouncing
ball
a
little
bit
on
the
Maltese
github,
taking
a
look
as
well
yeah,
I
guess.
Part
of
my
concern
too,
is
that
the
way
that
the
spec
is
currently
written
is
it's
like.
Basically,
a
one-line
and
I
mean
in
my
own
head
when
I
boil
it
down,
it's
basically
one
liner.
D
That
says
you
should
always
be
connected
to
the
default
network,
so
I'm
a
little
bit
concerned
about
how
much
complexity
it
adds.
Although
I
mean
at
like
a
first
glance
and
at
face
value,
it
sounds
legitimate.
What
you're
doing,
but
I
definitely
also
act
almost
concerned
about
how
it
guarantees
your
connectivity
to
you
know
stuff
that
you
would
assume
that
you
would
have
like
connectivity
to
any
given
pop
in
the
network
and
connectivity
to
the
API.
Those
are
my
first
thoughts
on
it,
but
I
definitely
think
that
it.
This
deserves
consideration
without
a
doubt.
C
Still
don't
have
the
capability
other
to
dare
they
to
do
it
on
a
pod
level,
using
a
spirit,
mortis
annotation
to
override
the
default
I,
don't
know
specifically.
What
was
him
wrong
with
that
in
terms
of
ensuring
connectivity
and
always
receiving
is
any
my
impression?
Was
that
kind
of
a
not
guarantee?
Is
it's
always
going
to
be
there,
because
the
following
the
this
spec.
D
C
C
Yes,
the
second
point
I'd
like
to
be
able
to
use
that
kind
of
annotation
at
the
namespace
level,
rather
than
the
may
be
that,
in
addition
to
attend
upon
level,
you'll
be
good
to
kind
of,
like
all
coupe
system
being
able
to
say,
I
think
this
is
going
to
use
the
data
quest
Network,
because
you
know
we're
expecting
a
lot
of
connectivity
to
our
on
would
be
with
the
control
plane,
but
by
default
for
all
the
main
spaces
we
want
to
use.
We've
met,
for
example,
or
flannel
or
whatever.
D
From
a
like
technical
feasibility
standpoint,
does
anyone
see
any
potential
issues
with
just
say
having
an
annotation
on
a
namespace
that
say
it's
just
this
default
network
on
a
namespace
and
just
having
whatever
meta
plug-in
or
whatever
other
kind
of
plugin
like
multi
is
just
read
that
from
the
namespace
and
have
that
is
there
anything
wrong
with
that?
Is
that
the
right
I
don't
I.
A
A
A
That
we
definitely
need
to
figure
out
and
then
I.
Think
I
also
put
a
note
there
about
permissions,
because
there
are
cases
it's
easier
to
do
our
back
and
knock
down
a
namespace,
that's
kind
of
an
organizational
unit
in
cube
as
opposed
to
pods,
and
so
there
are
some
organizations
that
want
to
give
more
control
to.
A
You
know,
like
a
namespace
or
an
organization
administrator
to
restrict
what
things
might
be
able
to
be
done
in
that
namespace,
as
opposed
to
just
letting
application
authors
decide
everything
that
they
want
for
for
pods,
it's
kind
of
along
the
same
lines
as
network
policy.
You
know
the
network
policy
is
defined
as
on
a
namespace
basis,
not
as
like
you
know
something
attached
to
pods,
and
that
was
partly
to
have
a
little
bit
more
of
that
organizational
control.
A
D
A
So
what
should
next
steps
be?
Do
we
kind
of
chew
on
this
for
a
little
bit
and
talk
again
next
meeting
and
see
if
anybody
has
more
thoughts
on
it
or
another,
step
could
be
to
develop
a
proposal
in
the
format
that
we
have
for
proposals
to
actually
amend
or
change
the
specification
I'm
not
sure
it's
quite
there
yet,
because
I
think
we've
got
a
lot
to
discuss
still,
but
either
of
those
paths
would
be
some
good
ones
to
pursue.
A
D
D
Is
there
a
possibility
that
you
know?
Maybe
you
could
do
a
quick
and
a
little
less
dirty
for
another
iteration
and
come
back
and
talk
about
some
of
the
challenges,
and
then
we
could
use
that
to
like
generate
some
content
and
discussion
in
this
meeting,
and
then
we
could
move
on
to
the
next
phase,
which
would
be
coming
up
with
a
proposal
and
seeing
you
know
what
parts
of
the
specification
might
need
to
change
and
give
some
more
considerations
to
stuff
like
precedent,
stuff,
like
that
etc.
What
does
that
sound
like
a
possibility?
Marcus
yeah.