►
From YouTube: Kubernetes SIG Network meeting 20200723
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
B
B
D
E
C
C
E
Oh
you
can
assign
to
me
the
mr
hall
is
the
last
comment.
Thank
you
perfect.
B
B
F
Why
don't
you
stick
me
with
it
and
I'll
route?
It.
G
B
F
A
B
B
B
F
This
an
rfe,
yes,
the
question.
F
A
F
Well,
ingress
v1
is
going
to
be
with
us
for
a
very
long
time,
so
it
seems
like
if
we
wanted
to
do
this,
we
would
have
to
scope
just
how
rich
we
want
the
api
to
be
and
how
useful
it
is.
If
it's
not
rich,
why
don't
you
assign
this
one
to
me
also
and
I'll
I'll,
just
say
what
I
just
said.
J
G
E
B
I
did
already
start
typing
garbage,
but
happily
it
was
on
the
other
laptop.
So.
B
B
F
I
don't
mind
I
can't
pay,
for
I
can't
say
for
sure
that
there
is.
Can
you
assign
this
to
rob
scott
rob?
I
don't
know
if
you're
here
but
yeah.
A
D
Yeah,
there's
yeah
there's
another
pr
in
progress
that
may
affect
that
may
potentially
help
fix
that,
but
I'm
not
sure
yet.
J
D
No,
not
the
indented
issue,
just
the
it
deals
with
endpoint
controller
deletion,
handling.
J
Well,
matt
had
mentioned
that
he
thought
this
might
have
been
related
to
the
the
other
contract
issue.
That's
udp
related
that
antonio,
I
think,
is
working
on,
but
antonio's
related.
A
A
B
A
B
A
B
K
Already
have
assignment
the
fix,
for
this
is
actually
really
trivial
and
it
just
needs,
like
you
know,
a
keep
ctl
approval
on
that.
One.
B
B
A
F
L
I
think
this
is
two
part.
One
is
a
bug
which
I
think
they've
opened
in
calico.
The
other
is
a
feature
request
wherein
they
want
to
open
sorry
block
only
one
port,
but
you
know
there's
no
good
way
of
doing
that,
except
that
you
have
to
allow
all
the
ports
that
you
want
and
not
have
a
rule
for
the
block
port.
J
B
Have
that
okay,
is
this
assigned
right
now?
Does
that
person.
F
A
Is
it
assigned
to
dan
winchester?
No,
it's
assigned
a
it's.
L
F
B
B
J
N
Yeah,
so
what
what
they
have
said
here
is
is
that
they
have
a
service
with
a
with
the
same
on
two
different
hosts
with
the
same
name
and
the
same
service
board.
N
B
J
That
was
yeah.
This
is
so.
This
is
a
yeah.
I
was
wondering
about
those.
This
looks
like
a
cni,
so
this
is
a
so
let
me
see
the
beginning
of
this
okay,
so
yeah.
I
had
a
question
on
this,
because
this
is
a
you
know
that
cni
plug-in
is
lives
in
the
cni
providers.
Repo
right.
A
Yep
and
it
it
does
not
reconcile-
and
it's
like
saying
I
plug
in
that's
just
a
binary
that
gets
run
once
on
container,
add
so
yeah.
This
would
seem
to
be
a
gap
of
some
kind,
I'm
not
sure
exactly
how
we'd
solve
it.
Maybe
by
making
those
firewall
d
rules
permanent
or
something
like
that.
I
mean
it's
the
same
problem.
As
you
know,
somebody
goes
and
manually
flushes
ip
tables.
While
a
container
is
running
yeah,
just
with
firewall
d,
it.
J
F
This
is
this
is
where
cni
shows
its
inadequacy
like
doing
these
things
in
cni
was
convenient,
but
doesn't
follow
sort
of
what
we
understand
to
be
best
practices
of
reasserting
things
and
I'm
not
really
sure
that
it's
fixable
without
sort
of
a
major
like
a
v2
level,
cni
sort
of
thing.
I.
A
F
A
Don't
think
that's
unreasonable,
though
I
mean
there
are
some
considerations
around
when
does
that
demon
exit
those
kinds
of
things,
but
those
aren't
unique
to
port
map.
At
this
point,
so
I
mean
I
think
it
could
be
addressed
within
the
context
of
the
current
cni
framework
in
kubernetes
framework.
F
Discussion
yeah,
but
because
I
yeah
I
mean
I
wonder
how
many
different
things
we
could
lump
together
into
this
sort
of
cni
as
a
purely
exec
based
thing,
is
finding
gaps
whereas
running.
A
A
Yeah
for
sure
that
the
exec
base
setup
is
not
as
conducive
to
this
and
that's
kind
of
where
the
ideas
around
grpc
and
some
other
kind
of
longer-lived
connection
based
thing
came
from
and
having
a
slightly
richer
api
there
that
kind
of
paused
from
our
side.
I
know
mike
cambria
was
working
on
that,
but
he
had
to
move
off
to
some
other
things.
F
A
Cnn
maintainers
have
talked
about
it
periodically.
It
needs
some
resourcing.
F
Maybe
we
can
schedule
something
like
I
think,
it'd
be
interesting
to
bring
to
have
one
of
these
signet
meetings
where
we
just
talk
about
cni
and
the
known
issues
with
cni
and
the
work
that's
sort
of
in
flight,
because
I
feel
like
there's
a
pretty
big
disconnect
between
the
majority
of
this
group
and
the
cni
group.
I
don't
have
any
idea,
what's
really
going
on.
A
Okay,
what
do
you
think
I
mean
I?
I
can
fill
you
in
on
that
at
any
point,
I
can't
breathe.
B
And
for
this
issue
and
we're
over
time
for
triage
at
this
point
for
this
issue,
do
we
leave
it
with
jay
for
the
moment
and.
J
Assign
me
to
yeah,
you
can
take
me
off
of
it.
I
just
was
looking
at
it
initially,
I
mean
I'm
happy
to
help
dan
if
there's
anything
but
okay,
I
think
it's
a
little
beyond
my
scope.
J
B
Okay,
should
I
I
feel
like
we're,
probably
over.
A
A
Time
if
we
have
an
extra
thank.
A
We
will
come
back
to
triage
so
keep
the
window
open,
bridgette,
but
thanks
all
right.
Next
jay
you
have
iperf
and
burstiness,
I'm
assuming
that's
not
supposed
to
be
under
triage.
There
was
yeah.
J
F
J
F
J
F
J
J
Yeah
so
so
I
thought
maybe
that
pr
we'd
have
to
not
accept
it
or
whatever
or
tell
them
to
do
it
in
another
repo.
But
I
don't
know,
I
guess.
J
F
I
mean
this
is
this:
is
one
of
the
the
problems
with
the
project
of
the
scope
like
we
could
spend
time
researching
it.
I
personally
I
don't
know
anybody
who's
had
a
problem
like
I've
never
heard
a
customer
complain
about
this,
so
I
have
no.
I
don't
feel
like.
I
have
anything
to
add
to
the
conversation,
except
that
it
looks
like
it's
an
incompatible
change
strictly
speaking,
practically
speaking,
I
have
no
signal.
A
Yeah,
I
part
of
the
problem
is
that
we
don't
have
an
effective
way
to
express
the
burst
bits
for
kubernetes,
like
the
annotation
that
we
keep
using
for
bandwidth.
Limiting,
does
not
express
that
at
all,
and
there
are
some
intricacies
with
how
tc
actually
uses
that
value
that
are
specific
to
the
tc
implementation.
A
J
A
F
Yeah,
exactly
and
and
doing
this
through
annotations
was
a
hack
from
the
beginning,
so
I'm
I'm
I'm
torn.
On
the
one
hand,
there's
probably
nobody
else
who
cares
and
it
would
probably
practically
be
safe.
On
the
other
hand,
if
it's
not
we're
going
to
explode
somebody-
and
I
don't
I'm
anxious
about
that.
F
Clearly,
well
this
in
this
particular
one
like
we,
it
was
added
with
a
official
sounding
name,
and
so
at
some
point
we
made
the
decision
that
it's
been
around
long
enough,
that
we
were
just
going
to
keep
supporting
it,
but
nobody's
made
time
to
invest
in
it
to
do
better
than
what
we
have
moving
it
out
of
tree
doesn't
make
it
less
officially
official
sounding
right.
It
would
like
it
doesn't
say:
docker
shim,
dot,
case.io,
slash
network
bandwidth.
It
says
kate
said.
A
A
G
F
That's
true:
it
is
completely
undefined
what
the
behavior
should
be
other
than
what
described
very,
very
loosely.
F
Yeah,
I'm
fine
to
leave
it
open.
It's
on
my
I
if
I
recall
I
think
I'm
assigned
this
one,
and
so
I
would
circle
back
to
it
at
some
point,
but
I
still
don't
know
what
to
do
with
it.
A
E
Yes,
I
added
that
entry.
So
yes,
what
about
a
question?
So
lately
we
found
an
issue
when,
when
users
delete
a
service
with
a
finalizer,
sometimes
somehow
we
link
the
cluster
ip
and
notepad,
and
then
a
week
ago
we
looked
across
that
it's
because
like
when
you
did
this
service
and
while
you're
waiting
for
the
finalizer
to
be
removed,
we
already
de-allocate
ip
and
port
when
the
deletion
call
is
issued.
E
But
on
the
other
hand,
we
have
a
repair
controller
that
lists
out
all
the
existing
services
which
include
the
pending
service
and
it
repaired
it.
So
we
edit
the
cluster
ipnobotback
and
then
when
the
finalizer
gets
actually
removed
and
the
service
went
away,
the
the
allocation
step
doesn't
happen
again,
so
we
link
those
type
import.
E
And
yes,
that
was
the
issue
and
then
originally
I
was
sending
out
a
fix
that
okay,
maybe
we
shouldn't
let
a
repair
controller
to
repair
the
padding
surface
if
it
is
going
away
and
then
jordan
actually
raised
another
concerns
that
like
if
we
do
not
repair
it
like.
If
we
advocate
the
crosstalk
a
new
point,
when
you
issue
the
edition
core
and
possibly
you
can
have
another
service,
get
created
and
then
get
assigned
the
same
course
type
import.
E
Then
I
forgot.
Actually
I
forgot
actual
step,
but
eventually
it
would
reach
a
point
that
you
may
have
conflicting
iv
on
two
different
services
and
then
yeah,
and
then
that's
why
we
have
a
question
raised
there
that
asking
whether
we
should
allocate
ip
and
port
when
you
issue
the
tradition,
call
or
whether
we
should
do
that
when
the
service
actually
go
away
in
the
std.
I
F
C
F
So
there's
there's
a
life
cycle
in
the
abstract,
there's
a
life
cycle,
diagram
of
a
resource
and
when
finalizer
was
added,
it
moved
sort
of
the
last
state
further
out
and
we're
deleting
things
sort
of
prior
to
the
last
or
we're
releasing
the
ip
prior
to
the
last
state
right
so
zeong.
I
saw
the
prs.
I
saw
the
discussions,
but
is
there
a
hook
to
trap
into
the
I'm
actually
deleting
state
in
the
rest
registry
stage?
E
E
Yeah,
I
actually
went
back
to
the
issue
again
and-
and
the
issue
is
like,
if
you
just
leaving
along,
don't
don't
repair
the
ipn
port
but
could
be
some
other.
Some
other
people
create
another
service
that
would
get
allocated
the
same
ibm
port
and
then
you
can
continue
issuing
the
edition
core
to
the
previous
service
and
that
would
trigger
again
the
the
allocation
which
happened
to
like
broke
the
outside
of
this.
F
E
F
If
you
just
leave
it
like,
if
you
don't
deallocate
it,
you
just
leave
it
and
let
the
repair
controller
catch
up
with
it
later.
Then
you
have
this
weirdness
of
somebody
who
wanted
to
use
that
can't,
even
though
it's
not
actually
used
by
anybody
cal-
and
I
actually
were
discussing
that
this
week
too,
but.
A
F
I
E
I
actually
I
give
it
a
try
a
month
ago,
and
then
I
did
hit
some
coil
cases
that
it
did
not
actually
trigger
the
hook
for
some
reason,
because
we
override
the
service
registry
in
a
weird
way,
so
that
I'm
still
trying
to
figure
out
like
what's
going
on
there.
But
it
seems
to
work
in
most
of
the
cases
most.
A
I
So
it
doesn't
really
look
at
deleted.
It
looks
at
current,
get
services
for
each
service
get
the
ip
and
then
look
at
the
snapshot
that
you
just
loaded
is
ibm.
Marketers
are
located,
if
not
then
allocate
it
and
then
does
the
other
way
inverse
of
the
end,
for
course,
as
well
and
the
inverse
of
this,
which
is
for
every
ip
that's
marked
as
allocated,
is
it
actually
allocated
or
not?
I
If
not,
then
it's
leaked
marked
as
leaked
and
then
once
the
snapshot
is
modified,
it
just
slaps
it
on
top
of
whatever
the
system
system
have.
That
includes
overwriting
what
the
the
the
allocation
has
done.
So
there
are
situations
actually
which
is
yeah.
I
see
tim's
point,
but
I
just
want
to
bring
your
attention
that
we
have
that
in
the
system.
There
is
a
situation
where
you
allocate
ipx
and
the
snapshot
will
slap
it
on
top
of
your.
I
F
N
I
N
I
I
just
worked
on
on
top
of
this,
so
for
a
couple
of
seconds,
or
so
the
system
does
not
know
that
this
iip
is
allocated,
but
the
repair
loop
will
do
it
again,
because
the
repair
loop
looks
at
oh.
Is
this
the
service
x,
the
new
service?
Oh
it's
here
it
has
this
ip
it
says
allocated,
then
I
should
mark
it
as
I
look
at
it.
C
I
I
F
C
C
I
I
asked
the
api
guys
because
if
we
have,
we
are
able
to
to
to
not
using
the
bitmap
and
locators
and
used
directly.
It
is
td
and
they
told
me
that
it's
not
possible
right
now.
So
if
you
store
the
ip
and
you
filter
by
the
ip
fill,
you
don't
have
to
to
deal
with
the
locators
or
the
node
parts,
and
they
told
me
that's
not
possible
right
now.
They
need
to
do
this.
I
don't
know
what.
A
Also,
given
the
time
we
have
left
in
the
agenda,
I
think
we
should
probably
take
this
either
to
the
mailing
list.
The
google
group
or
back
to
the
issue
yeah.
A
Okay,
let's
see,
can
we
do
a
really
quick
follow-up
for
the
s3
style
dns
with
stateful
sets.
Q
M
Hey
so
we
had
a
quick
discussion
on
the
sig
network
mailing
list,
but
there
didn't
seem
to
be
a
strong
opinion
against
it.
So
we
were
wondering
if
the
sub
domain
forwarding
to
a
service
might
be
a
feasible
way
that
we
can
progress
where
a
stateful
set
can
offer
more
than
one
dns
addresses
or
some
domains
that
it
hosts.
F
M
So,
in
essence,
if
the
schedule
set
is
backed
by
service
name,
dot,
name,
space
start
or
service
name
can
be
something
that
just
forwarded
to
the
stateful
set
and
that
or
and
to
the
same
clustering,
so
that
we
don't
have
like
a
cluster
ip
scaling
issue.
M
So
this
would
be
how
an
in-game
controller
would
do
it,
for
example,
but
it's
just
not
possible
to
do
it
for
the
internal
network
and
a
lot
of
the
times
for
performance
reasons.
People
don't
want
to
go
through
ingress,
but
keep
traffic
local
to
the
internal
network.
F
Yeah
this
thread
just
died
and
we
didn't
really
reach
a
conclusion
yeah
apologize
for
that.
I
think
I
just
lost
track
of
it
in
my
inbox,
I'll
move
it
back
there
because
I
felt
like
maybe
we
actually
had
maybe
progress,
yeah.
M
F
Yeah,
I
need
to
think
about
the
implication
of
what
I
suggested
there,
but
the
what
I
suggested
was
some
way
for
service
to
opt
into
having
at
a
dns
level,
the
wild
card
of
their
service
name,
so
star.service.namespace
etc
be
routed
to
their
service,
which
the
only
thing
that
it
really
is
in
violation
with
is
so
I
can't
do
two
things.
Let
me
move
this
back
to
my
inbox.
Smart
got
red
where'd,
you
guys
go.
I
lost
your
window
there.
F
You
are
the
the
risk
there
is
for
headless
services,
which
already
use
the
host
part
of
there's
one
one
extra
token
right,
yeah.
M
Yeah
yeah
yeah,
so
in
this
meeting
right
now,
I'm
just
looking
for
next
steps.
I
understand
that
there
needs
to
be
to
make
sure
that
whatever
proposal
comes
up
is
compliant
or
is,
is
breaking
in
a
good
way.
So
I
I
just
because
I
didn't
see
much
discussion
over
there.
I
just
thought
I'll
bring
it
up
today
and
see.
F
I
I
appreciate
you
bringing
it
up.
I
think
the
next
step
is
to
keep
going
with
the
mailing
list.
I
don't
know
how
I
lost
track
of
that
thread,
because
I
thought
it
was
actually
really
interesting,
so
I
I
will
try
to
respond
to
that
as
soon
as
I
can.
M
F
A
cap
might
be
premature
if
you
want
to
move
it
to
an
issue,
if
you
think
that's
got
a
better
discoverability.
That's
fine!
That's
fine,
too,
but
I
wouldn't
open
a
cap
until
we
have
a
model
that
we
think
might
work.
M
Yeah,
this
is
kind
of,
as
you
thought,
about
really
integrating
the
s3
implementation
with
kubernetes.
This
has
been
a
very
sore
point
for
us
because
trying
to
offer
an
experience
where
they
don't
have
to
think
about
network
costs
and
english
controllers
within
the
network
and
still
be
compliant.
It's
almost
impossible
unless
you
take
over
dns,
which
is
often
a
big
friction
for
product
putting
s3
to
production.
A
A
So
james
major
themes
in
118
release
notes.
O
Hello,
my
name
is
james,
I'm
with
the
on
the
humanities,
119
release
team
as
a
release,
knit
shadow
we're
about
a
month
away
from
the
scheduled
release
of
kubernetes
119
now,
which
is
scheduled
for
august
25th,
we're
beginning
to
draft
the
final
release
notes
as
part
of
that
we're
visiting
all
the
sid
groups
to
ask
what
their
major
changes
are
and
what
they
want
to
highlight.
If
anything
so
kind
of
interesting
to
hear
your
thoughts
on
that.
O
F
I
have
to
admit
that
I'm
terrible
at
keeping
track
of
what
happened
in
which
releases.
So
maybe
we
should
crowdsource
this
like
as
you're
suggesting
anybody
who's
done.
Anything
notable
in
this
release,
please
think
about
whether
your
release
notes
are
sufficient.
F
You
guys
are
you're
sourcing
from
the
the
release
note
blocks
in
the
pull
requests
right.
O
P
Endpoint
slicer
seems
like
a
good
one.
What
else
yeah.
D
Yeah
there's
some
big
changes
to
endpoint
slice
that
are
not
well
covered
right
now,
as
well
as
ingress
did
go.
Ga.
So
that's
there's
not
huge
changes,
but
it
is
a
ga
release
so
probably
worth
covering
in
some
detail.
O
F
I
I
understand
how
difficult
it
is
to
try
and
wrangle
information
out
of
people.
So
thanks
for
for
pursuing
it.
A
All
right,
bridget
looks
like
you
want
to
highlight:
cal's
dual
stack
pr.
B
Yes,
I
want
to
tell
everyone
about
all
the
adventure
and
excitement
that
could
be
theirs
if
they
review
that
pr,
because
think
of
the
glory
of
that
enormous
diff,
look
at
the
numbers
there
and
think
you
could
make
that
even
more
terrifying
kel.
You
want
to
tell
us
a
little
bit
more
about
what
people
specifically
could
look
at.
I
I
F
Cal
I
have
it
open.
I
just
haven't,
had
a
block
big
enough
to
actually
get
through
more
than
a
little
tiny
bit
at
a
time.
I
I
I
am
the
person
who
built
this
and
I
don't
think
you
will
ever
right.
So
just
a
block
for
one
comment
at
the
time.
That's
what
that's
literally
what
I
do
all
right.
I
blog
for
one
thing
I
don't
know.
A
I
It's
touching
on
the
location
right
touching
on
the
the
release
of
the
ips
and
ports,
which
is
the
topic
we
just
discussed
now.
That's
how
we
have
them,
and
I
have
a
background
story
on
some
finicky
behavior
over
there
all
right.
I
think
antonio
and
the
tests-
and
it
looks
like
we're
flying
again
like
green,
except
on
two
c
tests,
which
I'm
trying
to
figure
out.
Why
again
around
conversion
to
external
name,
because
my
life
is
gonna,
revolve
around
headless
and
extremely
for
the
rest
of
my
life
other
than
that
there
is.
I
M
A
A
All
right
thanks!
Yes,
please
look
at
that
pr.
I
have
that
on
my
list
as
well.
So
next
up
antonio
test
grid.
C
C
A
All
right
great
to
see
we
got
a
couple
of
minutes
left
laura
if
your
mic
is
working
now,
do
you
want
to
say
a
couple
quick
words?
I
think
at
this
point
we
should
probably
put
the
presentation
to
next
week,
but
if
you
just
want
to
take
a
couple
minutes
to
talk
about
what
cuban
ftlb
is,
that
would
probably
be.
B
A
Yep
well
before
we
do
that,
does
anybody
have
anything
else
that
they
want
to
talk
about
or
bring
up
in
the
last
couple
minutes.
D
I'll
just
give
a
shameless
shout
out
to
service
apis
we're
hoping
to
get
an
alpha
release
out
for
sometime
in
august,
so
we're
getting
the
final
bits
together
for
that.
If
you're
interested
in
this
next
generation
of
service
apis
now
is
a
great
time
to
get
involved
before
we
commit
to
even
our
first
alpha
release,
so
we
meet
every
week
on
thursdays,
you
can
come
meet
with
us
next
week.
If
you're
interested
all
the
information
should
be
in
slack
or
on
github.
A
A
I
was
gonna
say
I
thought
it
was
an
issue
with
cubelet
not
being
able
to
provide
its
service
or
not
the
cubelet
service.
On
that
node
not
being
accessible.
J
Yeah,
I
think
the
cluster
was
just
not
set
up
properly
here,
but
I
don't
think
he
ever
responded.
I
mean,
I
think
we
could
probably
close
it
next
week.
If
we
don't
hear
anything
back,
I
I
think
I
briefly
looked
at
it
and
looked
like
there
might
have
been
a
collision
in
the
way
that
ips
were
set
up,
but
in
a
cni
but
either
way.
I
don't
think
it's
a
bug
in
any
way
for
a
cig
network
bug.
F
Things
so
the
question
I
I
mean
it
feels
like
a
very
broad
question
right,
like
we
respect
a
lot
of
things
as
11
23.
If,
in
fact,
we
want
to
go
with
the
broader
definition
of
dns
names,
then
I
feel
like
there's
a
well.
I
mean
we
could
do
it
just
for
dns
searches
right,
but
that
feels
like
a
half
of
a
measure
right
like
why.
Why
would
we
not
also
try
to
tackle,
say,
service
names.