►
From YouTube: Network Policy API Meeting 20210308
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Hi
everybody-
it
is
the
it
is
monday
march,
the
8th
2021..
This
is
the
sig
network
network
policy.
Subproject,
please
be
nice
to
each
other.
This
is
a
recorded
internet.
Cncf
meeting
follow
the
rules.
A
D
A
So
the
thing
one
of
the
things
we
decided
to
start
doing
was
start
by
doing
some
issue
triage
every
week,
just
to
make
sure
we're
not
falling
behind.
So
let
me.
A
So
let's
just
do
a
couple
of
these
and
let's
see
if
anybody
is
interested
in
any
of
these,
so
pod
probes
lead
to
blind
ss
rf
from
the
node.
A
I
think
that
some
folks,
tim,
hawkins
and
others
were
already
dug
in
on
this,
so
I'm
gonna
not
use
helper
functions
to
clean
up
test
cases
specifically,
but
not
really
specific.
A
This
is
like,
I
think,
maybe
taking
our
example
and
applying
it
to
other
tests,
it's
kind
of
cool.
I
don't
think
it's
for
us
to
do,
though
this
is
a
contract
one.
A
A
A
Looks
like
nobody's
working
on
this.
It
looks
like
I
chris
filed
this
a
while
back
we're
missing
crud
api
tests.
According
to
the
credit
api
test,
this
would
be
some
of
the
ingress
e2e
tests
and
I
thought
chris
had
done
this,
but
I
don't
see.
B
B
E
A
D
B
A
Well,
I
I
don't
have
any
other
agenda
items
today,
everybody,
and
so
does
anybody
have
anything
specific.
They
want
to
dig
into
at
all.
F
Yeah,
I
can
suggest
an
agenda.
This
is
govind,
so
we
recently,
I
put
this
on
slack.
We
recently
published
a
a
github
based
open
source
controller
to
do
fqd
and
egress
policies
and
kubernetes
so
effectively.
You
can
write
a
crd
that
is
an
fqdn
policy
and
it
spits
out
a
an
equivalent.
You
know
network
policy
with
the
ipsiders
from
the
dns
service
running
on
the
cluster,
so
it's
definitely
sort
of
a
work
in
progress.
F
I
would
say:
maybe
we
were
80
to
90
of
the
way
there,
but
I
just
figured
there
was
there
were
so
many
comments
on
the
dock,
which,
which
was
great,
I
just
didn't,
know
how
to
compile
them
all
on
a
dock,
and-
and
I
figured
that
you
know
this
was
a
better
way
to
do
this,
so
we
we
bootstrapped
this
effort,
google,
and
we
we
published
this
on
github.
F
So
I
can
put
the
link
here
if
people
are
interested
in
checking
it
out,
I
you
know,
I
know,
there's
a
lot
of
people
who
are
asking
about
it.
So
hopefully
this
is
of
interest
here.
Where
should
I
put
this
in
the
chat
here.
A
What
is
it
code
code?
Wins
all
arguments
right,
gobind,
yeah,
I'm
going
back
to
my
engineering
days
here
I
think
that's.
I
think
this
is
awesome.
I've
been
saying
that,
like
we
should
probably
spend
more
time,
prototyping
and
less
time
arguing
about
designs,
because
I
think
the
prototyping
is
what
keeps
the
group
going.
I
think
that's
the
fun
part
I've
yeah.
I
voted
on
this,
but
this
time
somebody
actually
decided
to
really
get
in
there
and
do
something
without
approval.
So
I
love
it.
This
is
great.
Thank.
F
You
well
I'm
I'm
glad
to
see
the
excitement
and
enthusiasm.
I'm
gonna
assume
that
that's
your
way
of
saying
that
you'll
help
test
and
fix
bugs
yeah.
A
I
will
yeah,
I
mean
you
know
like
absolutely
so
I
I
definitely
I
definitely
I'm
gonna
be
supportive
and
yeah.
I'm
happy
to
come
at
least
to
try
to
test
it
and
run
it
for
sure
yeah,
fantastic.
A
F
F
So
I
was
like
here
like
you
know,
let's,
let's
just
start
here,
so
it's
not
perfect
by
any
means
and
it
has
its
limitations,
given
it's
an
l4
l3
construct-
and
you
know
that
just
goes
without
saying-
I
guess
in
this
case,
but
I
think
my
goal
just
so
everybody
understands
that
you
know
my
goal
I
think
would
or
our
goal
as
a
group
for
this
project
should
be
to
use
this
as
impetus
for
us
to
bring
this
to
kubernetes
in
some
sense
like
whether
it's
part
of
network
policy,
api
or
part
or
a
new
standalone
api.
F
I'm
not
really
sure,
but
I
think
that
would
be
the
best
goal
here
to
be
able
to
sort
of
bring
this
into
the
kubernetes
fold
after
we've
sort
of
iterated
on
this,
this
open
source
controller-
and
hopefully
this
also
sort
of
unlocks
some
people
or
makes
their
life
a
little
bit
easier.
So
that's
the
intent.
I'd
be
more
than
happy
to
go
over
a
demo
of
that's
of
interest
to
people,
but
you
know
I'm
it's
pretty.
A
Do
we
just
do
it
right
now?
We
don't
have
any
other
agenda
items.
Should
we
just
try
to
compile
it
and
run
it,
I'm
happy
to
yeah
you
could
you
could
totally
do
it
or
I
have
a
demo?
Also,
it
worked
good,
let's
see
if
it
works
all
right,
github.
Is
it
under
you?
What
is
it
under
google.
F
Cloud
platform,
I
just
sent
the
link
to
the
chat,
so
if
you
click
on
that,
it'll
show
you.
Let
me
see
if
I
got
a
cluster.
A
A
F
F
I
I
wouldn't
be
the
right
person,
so
we
have
a
team
at
google.
I
worked
with
first
solutions,
so
you
know
they
were
able
to
help
through
write
this
code
and
just
publish
it
as
a
solution.
A
You
said
you
were
looking
for
a
new
project
right.
A
I
remember
there's
a
couple
of
I
think:
there's
a
couple
of
new
people,
so
this
might
be
a
really
cool
project
to
get
involved
in
because
nobody
in
this
group
is
working
on
it.
Yet.
A
Please
did
you
see?
Okay,
I
mean,
I
wasn't
quite
sure
so
yeah
I
think
it
was.
You
mentioned
you're
looking
for
a
potential
new
project
to
get
into
right.
Yes,
yeah!
So
this
this
project,
this
gke
fqdn
network
policies,
it's
for
it's
forked
from
here
from
this.
I
just
found
it
here.
They
go
been
mentioned,
so
the
the
whole
idea
here
is.
A
You
know
like,
for
example,
maybe
some
organization
wants
to
block
maven
central
because
they
don't
want
people
pulling
in
jar
files
from
the
internet
right
really
common,
so
gobind
went
and
he
he
rolled
up
his
sleeves
and
he
looks
like
he.
A
And
so
we're
gonna
see
it
today,
but
he's
looking
for
contributors
and
people
to
help
test
it
and
stuff.
So
if
you
wanted
to
take
take
on
some
of
this,
I'm
sure
I'm
sure
the
folks
over
at
google
would
appreciate
it.
D
I
would
love
to
the
first
thing
I
jumped
to
my
mind:
was:
is
there
a
crd
for
this
or
how
do
you
communicate
these
domains.
A
F
Hey
you
shouldn't
have
to
make
anything
here.
Oh
yeah
yeah
you
shouldn't
have
to
make
anything
like
it
should
just
be
like.
There
are
pre-built
images
that
you
can
just
deploy
to
your
cluster,
using
the
ammo
files.
Okay,
so.
A
A
H
F
F
A
High
pressure,
okay,
well
mike,
let's
make
sure
that
this
thing's
working,
because
I
don't
want
you
to
blame
me-
my
cluster
was
broke.
Okay
here
we
go
here,
they
come
okay.
Can
we
get
calico
to
work
today?
Sometime?
I
you
know.
I
fixed
this
repo
the
other
day
to
because
there's
something
weird
with
the
images
subscribe.
A
C
A
B
A
H
F
It
I'm
very
curious
to
play
with
it.
A
I
Yeah
yeah,
so
I
put
together
a
suite
of
bunch
of
test
cases
and
I've
been
running
them
on
andrea,
calico
psyllium,
just
covering
a
bunch
of
different
things.
You
know,
like
the
selectors
protocols
named
number
chords,
you
know
all
kind
of
different
stuff
and
just
been
like
filing
bugs
on
all
the
whole
cni's
and
stuff,
like
that,
I.
I
I
Kind
of
both
yeah,
like
so
there's
a
piece
where
you
can
take
any
network
policy
and
it
will
calculate
what
you're
supposed
to
see
and
then
when
it
runs
that
on
a
on
a
cluster,
we'll
compare
that
and
tell
you
if
it
passed
or
not,
there's
also
some
stuff
in
there
that
generates
a
whole
bunch
of
network
policies
that
all
you
know
like
test
out
different
facets,
but
I
think
there's
still
a
gap
there
in
terms
of
like
what
would
an
actual,
comprehensive
suite
look
like
that
would
cover
everything
to
to
a
reasonable
degree.
I
A
Or
still
see
the
old
one,
it
just
says
source
and
nothing
else.
G
We're
not
even
in
the
source,
I
don't
think
no.
G
G
G
G
A
So
for
those
that
don't
know
about
cyclonus,
this
is
the
way
it
works,
it
you
run
and
analyze,
and
then
it
gives
you
these
tables,
I
guess,
but
now
we're
doing
csvs
or
something
I
think
right
or
something
but
anyways.
It
tells
you
that
the
cool
thing
is
it
tests.
It
generates
a
whole
bunch
of
policies
and
then
categorizes
the
policies
using
some
high
level
types.
That
way
you
can
say.
Oh
my
cni
fails
on
30
of
all.
You
know,
you
know
udp
tests
or
it
fails
on
whatever
like
a
lot
of
these
tests.
A
So
even
though
it
generates
a
bunch
of
nonsense
network
policies,
it
categorizes
them
for
you
in
a
meaningful
way.
So
you
can
know,
like
generally
at
a
high
level
where
your
cni
falls
down
and
according
to
matt,
it
sounds
like
we
found
bugs
with
every
cni
provider
so
far
right,
which
is
really
cool
and
he's
fixed
yeah.
I
So
that's
really
cool.
We
haven't
tried
it
against
oven
kubernetes.
Yet,
though
cause
I
don't
know
how
to
set
that
up,
so
that
yeah
actually
that'd
be
a
really
cool
thing
like.
If
you
can
show
me
how
to
get
that
set
up,
then
I
can
just
see
how
it
works
against
that
yeah.
A
Oh
awesome
check
that
out.
We
did
it
with
antonio
once
so.
We
ran
the
grandfather
of
these
tests,
which
is
the
the
net
paul
suite
which
matt
my
helped
me
a
lot
with,
and
he
he
wrote
a
large
part
of
the
implementation
there,
and
so
that's.
This
is
like
an
evolution
of
that
and
for
that
we
we
definitely
found
some
bugs
and
oven
there,
and
I
think
we
fixed
them.
The
big
one
was
the
egress
one
right,
yeah.
G
There's
been
a
lot
of,
there's
been
some
major
bugs
for
sure,
and
a
lot
of
them
have
to
do
with
network
policy
and
performance,
specifically
with
network
policy,
which
I
don't
know
how
we
can
test
for
that
really
yet,
but
we'll
see
we'll
see
anything
to
make
it
better.
It's
awesome.
B
A
For
sure,
oh
I
updated.
A
I'm
going
to
recreate
calico
with
the
latest
1.13,
because
I
think
I
had
a
bug
in
my
old
implementation
there.
I
guess,
while
we're
doing
this,
I'm
just
going
to
look
in
the
code
so
that
we
can
actually
start
looking
at
this,
so
we've
got
controllers
and
then
we've
got
so.
Basically,
this
code
base
consists
of
two
controllers.
A
We're
gonna
do
a
watch
on
this
see
if,
once
it
comes
up
okay,
so
we've
got
a.
F
Yep
yeah,
we
just
use
the
onboard
dns
service
to
to
get
the
ip
addresses.
Do
you
refresh
periodically
yep
yep
yep?
We
we
do
that
based
on
the
so
based
on
the
records
we
get
back
from
the
dns
service.
We
picked
the
least
amount
of
time.
That's
going
to
be
the
ttl
on
all
the
entries
that
we
queried,
and
then
we
picked
that
least
amount
of
time
and
use
that
as
a
refresh
we're
all
good
okay,
yeah.
F
Perfect,
but
it's
it's
a
start
and
it
hopefully
like
unblocks
a
few
customers.
I
actually
spoke
to
a
few
customers
and
they
actually
ended
up
writing
something
like
this,
which
was
pretty
similar
to
what
we
just
published
on
github.
So
I
figured
you
know
be
great
for
like
if
peop,
if
it
works
for
some
use,
cases
might
as
well
like
make
people's
lives
easy.
So
that's
why
we
we
started
looking
at
this
and
yeah.
It's
not
it's
not
perfect,
but
we
have.
G
F
Yeah
yeah,
we
we
try
to
keep
that
part
a
little
like
you
know
simple,
because
we,
the
fact
that
we,
like,
I
think,
as
I
said
earlier,
like
my
like
my
goal,
would
be
to
use
this
as
impetus
to
actually
get
this
into
the
mainstream
open
source
and
get
the
implementation
into
cni
providers.
So
it's
actually
just
built
into
the
data
path
rather
than
like
having
this
controller
that's
doing
magic
on
top,
because
then
that
way
you
can
make
very
strong
guarantees
about
performance,
and
you
know
other
other
things.
F
H
He
jay
looks
like
your
calico.
Puns
are
up
okay;
let's
do
it
all
right!
Oh,
what
do
I
do
now?
I'm
gonna
you
install
those
animals.
Yet
no
right!
I
didn't
do
anything.
A
On
where
is
it
yeah
we're
in
the
readme
right?
So
it's
cert
manager
is
the
first
one
right:
okay,
yeah
yeah
get
that.
A
I
A
A
A
Why
don't
you
just
do
one
of
those
things
go
bend
where
it's
like
one?
You
know
those
repos
are
just
one
command
that
you
run.
That
can
be
my
contribution,
yeah
somebody
who
wants
a
dns
policy
controller,
but
they
just
curl
and
install
it
from
the
internet
without
knowing
what
the
hell
it
is.
Okay,
here
we
go.
A
A
F
A
Well,
actually,
no,
because
I
need
to
exact
into
something
yeah
yeah.
Okay,
so
I
need
something
I
can
exact
into
all
right.
Let
me
get
something
I
can
exact
into
hold
on
a
second,
you
know
it's
like
I
googled
ctl
sleep
pod
like
five
times
five
times
a
month
and
I
still
haven't
memorized
it
sleep.
A
G
A
All
right
cool
here
we
go
ls
them
sleep.
You
know
what
I'm
gonna
put
this
in
the
this
repo
matt
me
and
matt
use
this
for
all
of
our
cni
stuff.
If
anybody
wants
to
by
the
way
this
is,
it's
called
kh
prototypes
and
it
has
a
kind
directory
and
it
has
a
thing,
this
kind,
local,
upscript,
spins
up
any
cni
provider,
so
it'd
be
great
to
have
oven
in
here.
You
know,
right
now
we
have
andrea,
calico
and
psyllium
yeah.
G
A
A
G
G
Then
you
don't
know
how
to
exit
out
of
merge
messages
and
get
oh
yeah.
A
I
I
don't
know
if
I
do
so:
okay,
wait
so
hold
on
it's
something's
running
here
go
ben
this
thing's
working
now
so
and
then
I
got
my
sleep
thing
running
so
I
can.
What
do
you
want
me
to
do?
Exec
into
this
thing,
exact,
dash
t
I
server
bin
bash.
Okay,
I
got
a
bash
shell.
So
now,
let's
see,
can
I
curl
www.google.com?
I
A
H
A
F
What
did
you
say?
You'll
have
to
put
a
some
sort
of
a
default
deny
policy
in
place
so
that
it
starts
it
basically
stops
you
from
being
able
to
do
curl,
as
you
did
just
now,.
I
F
Then
you
can
allow
listed
using
the
fqdn
policy,
also
I'd
recommend
using
git
lab
or
something
so
that
it
doesn't
keep
circulating.
You
know
ip
addresses
like
google
is
a
very
hard
one
to
you
know
track
with
with
one
ip,
so
yeah,
so
so
gitlab
is
our
official
test.
Thank
you.
E
See
you
gotta
make
sure
that
you,
you
poke
holes
to
the
to
the
dns
server.
So
I
don't
know.
E
Will
be
denied
that's
right,
so
you
can't
even
do
dns
then.
So
I
would
probably
say
I
think,
there's
online.
There
are
some
sort
of
like
tutorials
where
it
says
you
open
up
this
particular
port,
so
that
dns
can
can
can
always
be
allowed.
Yeah.
B
F
F
Will
deny
everything
and
then
it'll
also
give
you
the
allow
list
for
all
the
dns,
okay,
so
you're,
giving
me
53
on
this?
Okay
cool
all
right,
so
I
will
apply
this
one
once
you
apply
that
you'll
be
able
to
resolve
these
fqdns,
but
you'll
never
be
able
to
go
out.
So
then
you
have
to
do
the
fqdn
part.
A
F
It's
for
actually,
let
me
check
what
that
policy
says
exactly
yeah.
It
looks
like
dns
yeah,
exactly.
A
A
Yeah,
it's
kind
of
weird,
okay,
so
good.
So
we
got
that
so
we're.
E
Wait,
a
second
is
kubernetes
dash,
namespace,
coupe
system,
a
standard
label
or
you
have
to
you,
have
to
label
coupe
system
manually
with
that
label.
I
don't
think
that's
a
something.
That's
come
with
it
right.
E
E
E
Need
to
allow
traffic
to
that
to
that
namespace.
That's
what
I
mean.
E
Not
right,
you
don't
need
to
label
the
default
namespace.
I
think
you
need
to
enable
the
coupe
system
namespaces.
Yes,
yes,
oh,
we
actually
have
to
do
this
on
coupe
system,
okay
right
because
you're
you're
trying
to
allow
egress
to
that
that
guy.
So
you
need
to
put
that
label
on
the
coop
system.
Namespace,
it's
kind
of
hustle
right
now,
yeah
yeah
yeah!
Oh,
it
doesn't
have
it
right!
That's
what
that's
what
I
saw
so
nice
good
gift.
E
A
Oh
wait:
you
can't
do
dots,
I
don't
know
there
but
anyways.
There
is
an
official
name
for
this.
It's
going
to
be
here
soon
right
great.
Here
we
go
so
okay,
so
I've
put
this
label
so
I've,
I've,
added
ingress
and
out
egress
to
that
over
53.
Is
that
what
we
did
here
or
just
egress?
Okay?
So
I
allowed
egress
over
53
so
that
now
my
core
dns
pods
can
resolve
from
the
outside
internet.
That's
the
point
of
this
right:
yes,
okay,
okay!
So
but
then
I
have
to
do
okay.
G
F
No,
no
no
or
it's
preventing
or
you
can
resolve,
but
it's
just
dropping
in
another
policy
for
that
particular
cider,
so
that
you
can't
actually
leave
to
that
ip.
Okay,
okay,.
F
What
is
the
yeah
so
now
you
should
like
if
you
do
the
same
cube,
ctl
exact
and
you
try
to
curl
some
url
like
gitlab.com.
You
should
fail
like
you
should
be
able
to
see
the
ip
address,
but
because
the
resolution
will
work,
but
you
have
to
be
in
in
your
bot.
I
think.
Are
you
there
yeah
I'm
in
here?
Oh
that's!
That's
your
part,
okay
yeah!
So
if
you,
if
you
do
that,
then
you
should
be
able
to
you
might
need
to
do
a
dash.
I
dash
v
or
something
yeah.
F
Okay,
so
that
it
shows
you
what's
going
on.
E
A
Okay,
yeah
where's,
the
policy.
F
Yeah
now
you're
you're
done
okay
good.
Now
you
can
try
the
fqdn
number
policy.
You
can
just
copy
paste
the
sample,
that's
in
the
top
right
corner
like
if
you
just
go
into
that
page,
and
I
just.
A
F
So
if
you
scroll
up
and
in
your
top
right
window
and
go
to
the
instructions,
there's
a
sample,
you
can
just
copy
paste
and
configure
that
and
do
a
cubesat
go
up
up.
F
Sure,
okay,
it's
the
first
thing
you'll
see
like
under.
How
does
it
work?
You'll
see
you
you
you'll
want
to
copy
paste
the
the
yaml
file.
So
I
don't
think
graph
is
going
to
be
your
friend
here.
Oh
yeah,
you're
right
there
yeah,
there's,
there's
the
purple
code
right
there
like
just
copy
paste
that
and
just
change
example.com
to
gitlab.com
or
something.
F
Yeah
and
you
want
to
change
the
pod
selector
to
everything
so
just
remove
the
match,
labels
and
whatever,
so
that
all
the
pods
are
covered
in
your
default
name.
Space.
F
Oh,
it's
not
done
yet.
You
have
to
put
your
curly
braces
after
the
bot
selector,
so
open,
curly,
brace,
close
curly,
brace.
F
E
E
F
If
you
want,
you
can
change
the
name,
but
example
is
fine.
I
guess
so.
This
is
a
no
right
pod
selector's
null
here
right.
No,
it's
everything!
It's
not
null!
Yeah.
B
F
All
right
and
now,
if
you
do
a
cube,
cuddle
get
net
fall.
I
just
want
to
make
sure
that
it
actually
created
the
corresponding.
You
can
do
that.
I
didn't
know
you
could
do
that.
Okay,
yes,
but
if
you
do
describe
on
an
example
just
to
verify
okay,
what
did
it
do
so?
I
picked
which
ip
address.
F
F
E
A
E
G
F
F
Yes,
it
works
but
again
like
if
you're,
if
you're
testing
a
url
that
constantly
changes
ip
identities
like
facebook.com
and
google.com
or
whatever
and
they're
playing
like
tricks
with
cdn.
This
is
not
gonna,
be
your
your
best
friend,
so
I'm
just
glad
to.
A
F
Well,
yeah,
so
there
we
have
it
thanks,
jay
for
for
persevering
through
this.
This
is
pretty
cool,
I'm
glad,
I'm
not
the
only
one
who
could
get
this
to
work.
So
this
is
some
reassurance
yeah,
you
know,
feedback's,
you
know
welcome.
Of
course
you
know
this
is
this
is
very
much
an
open
source
effort
and
I'm
hoping
that
people
will,
you
know,
use
it.
F
You
know
and
create
issues
around
it
and
help
solve
it
as
well,
and
I
think
once
we
have
a
little
bit
of
quorum
and
sort
of
critical
mass
on
this,
then
we
can
take
it
to
sig
network
tim
already
knows
about
this
by
the
way.
So,
like
he's
aware
of
the
separate
so-
and
you
know,
we
can
just
get
a
sick
network
and
see
if
we
can
get
this
into
a
cap.
A
Yeah
absolutely
cool,
and
if
nothing
else
you
know
gobind,
we
could
promote
this
I've.
I've
I've
been
an
advocate
of
us
having
like
a
sig
network
policy
tools.
Repository
or
you
know-
I
mean
that's
like
you
know.
I
mean
like
second
class
stuff
that
we
built
like
you
know
something
like
a
cyclonus
could
go
in
there.
Something
like
this
like
that,
might
be
a
step
step
on
the
way
there
right
I
mean
I
feel
like
if
we
started
building
tools
that
were
useful,
even
if
we
didn't
immediately
graduate
them
to
caps.
A
I
feel
like
that
would
be
a
huge
step
forward.
We
do
that
for
sig
windows.
We
have
sig
windows
tools
and
we
just
have
all
the
stuff
we
need
in
there.
You
know
what
I
mean
so
or
maybe
even
like
a
kubernetes,
kubernetes
sig's.
You
know
dns
controller
repo,
you
know
what
I
mean
so
it's
kind
of
like
you
know,
so
I
there's
a
lot
of
ways.
We
could
go
with
it.
You
know
if
we
can't
reach
consensus,
but.
F
Yeah,
I'm
I'm
really
hoping
that
this.
This
will
help
with
consensus
the
github
project,
so
awesome
cool.
Well,
I'm
glad
we
were
able
to
get
this
demo
working,
so
the
demo
gods
cooperated,
which
is
nice.
A
A
A
Whether
it
actually
lived
in
a
inside
of
kubernetes
core
itself
to
me
is
not
the
end
of
the
world,
I
think
what
winds
up
mattering
is
that
we
are
able
to
promote
it
and
it
sort
of
becomes
like
a
thing,
but
I
I
know
gopal
has
much
a
grander
vision
for
this.
So
like
what
do
you?
What
do
you
think
paul?
F
My
goal
is
not
to
like
get
everything
into
kubernetes
oss
if
it
doesn't
make
sense
or
whatever.
My
goal
is
to
make
sure
that
our
you
know
like
kubernetes,
customers
and
users
have
all
the
tools
that
they
need.
Of
course,
it'll
be
nice.
F
If
it's
all
standardized
because
then
they
don't
have
to
worry
about,
you
know
doing
it
themselves
or
you
know,
being
dependent
on
some
sort
of
cni
provider
or
whatever
and
have
that
sort
of
you
know
the
promise
of
multi-cloud,
which
is
yeah
like
it's
the
kubernetes
api
I
can
pick
and
do
lift
and
shift
whatever
and
that's
kind
of
the
dream
that
kubernetes
wants
to
sort
of
achieve.
So
that's
why
we're
like
no
I'd
like
to
get
this
into
kubernetes
api,
if
it's
possible?
Does
that
make
sense.
F
Yeah,
so
that's
why
I
think,
having
this
sort
of
crd
format,
which
you
know,
custom,
which
all
the
community
sort
of
can
get
behind
like
that'll,
give
us
a
lot
of
sort
of
credibility
when
we
do
put
this
up
for
review.
I
I
figured
that
the
moment
I'll
take
this
up
with
sign
network
like
there
will
be
so
many
questions
around
how
you're
doing
this.
Are
you
doing
that?
Are
you
doing
you
know,
ipv6
records.
Are
you
you
know?
What's
your
exponential
back
off
like
and
I'm
just
like?
F
A
Yeah,
let's
do
it,
let's
see
what
we
can
do:
okay,
cool
all
right.
I
guess
then
the
answer
then
is
the
api
would
live,
hopefully
in
our
network
policy
types,
and
then
we
could
have
this
controller
as
a
reference
example
of
how
you
could
implement
this,
if
you
were
not
a
cni
provider.
Yes,
that's
a
pretty
good.
You
got
a
peanut
butter
and
the
jelly
and
good
network
policy
sandwich
right
there.
F
Yes,
yes
exactly,
so
I
think
that
that
would
be
the
ideal
yeah
like
if
we
have
a
default
implementation.
Well,
we
have
a
sample
implementation.
F
If
the
cnr
provider
doesn't
have
it,
you
can
still
you
know,
drop
this
in
and
it'll
still
work
yeah
by
the
way,
if
you
all
have
feedback
on
the
crd
format
itself,
please
please
do
let
us
know,
because,
ideally
we
would
just
take
this
exact
thing
and
be
like
okay.
You,
you
used
to
use
this
with
a
controller,
but
you
know
the
api
will
still
work.
F
The
crd
will
still
work
just
swap
this
out
with
this
new
version
of
cni
with,
I
don't
know,
whichever
one
entries
psyllium
calico,
what
what
have
you
and
then
you'll
just
have
the
implementation
and
done
a
different
way,
but
the
crd
remains
exactly
the
same.
I
think
that
would
be
ideal.
So
if
there's
any
feedback
on
the
crd
format
itself,
if
there's
stuff,
that's
missing
or
can
be
said
better,
please
please
do
let
us
know
or
even
contribute
to
the
project
like
just
open
up
a
github
issue.
F
No
thanks,
thanks
to
you
for
showing
it
all
off
and
appreciate
the
time.
Yeah
all
right,
see
ya.
Take
care
thanks.