►
From YouTube: Network Policy API Bi-Weekly Meeting for 20201214
Description
Network Policy API Bi-Weekly Meeting for 20201214
A
A
A
C
But
yeah
it
looks
like
mondays
from
6
to
6
30
a.m.
Pst.
So
I'm
just
gonna
do
what
you
said,
use
the
same
link
and
we
can
just
schedule
that
put
it
into
the
agenda
doc.
It
should
be
all
good.
A
A
A
Got
accepted
by
sig
network
folks,
I
think
two
weeks
ago,
so
I
have
started
to
implement
this
andrea,
seek
him
and
and
then
winship
they.
They
have
put
some
some
some
changes
there,
some
reviews,
so
I
I
have
started
to
do
this
this
friday
night.
I
think-
and
I
know
that
that
andrew
is
here
so
I
just
I
just
need
some
some
more
reviews
from
him
like
if
the
rest
implementation
is
right.
A
If
so,
I
can
move
forward
with
the
unit
tests
and
also
because
we
put
this
as
an
ai
for
the
pr
and
three
category
redhead
all
of
them.
They
are
aware
of
the
changes,
so
so
thomas
graf
answered
me
in
in
slack
saying
that
saying
that
they
are
following
this:
one
abhishek
is
taking
care
by
the
andreas
side
calico,
I
I've
told
casey
in
in
chemical
slack,
and
they
they
they
said
me
that
they
are
also
following,
so
only
calico.
A
I
have
proposed
myself
to
help
them
implement
this
in
calico
site,
because
I
know
a
little
bit
about
chemical
code,
because
this
is
what
we
we
use
and
red
hat
folks.
They
are
aware
by
by
then
winship
and
and
antonio
also,
so
I
think
that
we
are
good
to
go
here.
I
have
like
a
to
do
about
documentation
and
unit
tests,
but
that's
it
and
also
wait
for
more
reviews
about
that.
So.
A
B
E
I
think
jordan
had
a
comment
today
and
andrew's.
One
comment
is
outstanding.
I
didn't
I
didn't
resolve
that
because
I
wasn't
quite
sure
which
is
the
right
place,
but
I
believe
he's
already
answered
that.
So
maybe
I
don't
know
it
depends
whether
you
or
I
one
of
us
will
get
to
it
today.
B
Yeah,
the
pr
yeah
I'm
talking
about
the
you
know,
I'm
just
I've
got
a
low
bar
over
here
man.
Okay,
look
at
the
kemp
merged,
let
me
see
hold
on,
but
yeah
the
I
mean
me
and
abhishek
abhishek.
I
updated
the
thing
last
night.
The
the
thing
andrew
mentioned
about
changing
the
constant
like
using
that
constant
and
that
so
I
got
that
done
yesterday.
B
A
A
B
They
hugged
it
out,
so
it's
where
we're
set
we're
they're,
just
like
we're
just
going
to
go
ga.
So
I
was
like
thank
god,
because
I
didn't
see
the
point
of
a
feature
gate
I
mean
I
see
the
theoretical
point
and
I
see
that
there's
a
million
arguments
around
it,
but
I
don't
see
from
my
selfish
perspective.
I
see
no
value
in
it.
You
know
which
is
getting
the
future.
A
B
I've
been
super
conservative
and
I
added
a
huge
block
of
you
know
unresolved,
so
that
we
could
merge
it
and
then
iterate,
because
I
I
feel
like
any
one
of
these
comments
is
a
time
bomb
waiting
to
go
off
of
another
four
weeks
of
people
going
back
and
forth
and
without
actually
adding
value.
So
because
I
mean
I
think,
ultimately,
what
needs
to
happen
is
we
just
need
to
make
a
single
pr
to
debate
whatever
the
last
one
or
two
things?
Are
you
know
what
I
mean?
B
That's
like
what
I
was
thinking
like
I
mean
I
just
feel
like
you
know.
Otherwise
this
thing
is
just
gonna
get
dragged
down
and
it's
gonna
be
lumped
in
with
all
the
other
unmerged
cups,
and
I
that's
my
biggest
fear
right.
B
So
I
agree
with
you
that,
ideally
we
would
just
do
it
as
implementable
and
theoretically
we're
at
that
point,
but
because
there's
been
no
feedback
in
a
week
and
the
last
thing
we
heard
was
I'd
like
to
move
forward
with
it
as
provisional
that
you
know
so
he
could
so
he
could
hammer
out
the
details
in
a
follow-on.
I
just
want
to
do
that.
That's
what
I'm
thinking!
B
B
A
Know:
okay,
okay,
yeah!
This
is
something
that
that
I
also
wanted
to
ask
for
for
you
folks,
if
we
want
to
like
take
some
some
time
between
next
week
and
and
the
new
year
or
if
you
want
to
keep
following
with
the
meetings
in
the
next
two
weeks-
but
I
am
I
will
be
in
here,
so
we
can
discuss
this
later,
yeah
so
clusters,
corporate
policies,
abstract,
has
added
added
some
some
notes
here,
but
do
you
wanna?
Do
you
wanna
speak
about
that.
E
E
So
we
wanted
to
check
whether
everyone's
available
on
that
like
there
is
no
there's,
no
one
who
is
taking
a
holiday
as
such
on
that
day,
so
that
we
can,
you
know,
get
a
wider
audience
and
get
a
broader
feedback.
We
are
working
on
a
slide
deck.
We've
shared.
You
know
everyone's
going
to
be
adding
some
content
to
it
and
we
plan
to
we
plan
to
use
our
slide
deck
to
propose
or
bring
forward
the
proposal
next
week.
So
is
everyone?
E
Okay
or
you
know,
is
anyone
on
pto
vacation
plan
for
next
next
monday
meeting.
F
Yeah,
I
think,
if
there's
not
enough
participants
next
week,
then
I
think
we
should
think
about
postponing
it
to
the
first
week
of
january.
E
E
F
Gobind
about
it,
and
we
thought
that
maybe
it
may
be
better,
but
I'm
I'm
gonna
be
available
either
way
on
21st,
even
though
I'm
taking
the
week
off
I'll
still
be.
If
there
is
a
meeting
I'll
happy
to
attend.
G
Yeah-
and
we
don't
have
to
block
on
my
my
account
honestly
like
if
everybody's
here
and
you
know
we
can
make
the
first
pass,
I'm
happy
to
just
sit
this
one
out.
We
can
just
discuss
that
another
time,
so
no
need
to
block
on
me.
B
E
So
so,
if
everyone
on
this
call
plans
to
attend
next
week,
maybe
we
can
sorry
go
with,
but
if,
if
the,
if
we,
if
we
think
that
jan
first
week
or
whenever
the
first
time
we
meet
in
january-
is
that
that's
the
better?
You
know
that
that's
a
better
slot
for
a
quorum.
Maybe
we
can
do
it,
then
so,
but
either
way.
I
think
we
will
at
least
ensure
that
we
have
a
presentation
by
next
monday,
because
I
think
we
plan
to
review
it
internally
on
this
thursday.
B
F
A
I
think
that
andrew
oh
go
ahead,
andrew,
which
day.
A
Okay-
and
I
think
that,
as
we
are
moving
forward
with
the
port
ranger
namespace,
we
can-
we
can
focus
more
those
monday
meetings
in
the
discussion
about
the
cluster
scope
and
and
the
service
selector
one.
So,
as
jay
said,
I
think
that
we
are
going
to
have
like
probably
10
more
meetings
about
that.
So
so
this
this
one
is
going
to.
B
A
F
Yeah
so
for
the
service
collector,
I
think
one
of
my
team
members,
satish
was
gonna.
Sorry
is
that
at
the
top
of
the
service,
but
yeah
satish
is-
and
I
guess
the
first
step
is
to
is-
to
do
a
little
write-up.
I
guess
for
this
right
or
use
cases.
What
did
you
have
in
mind.
A
F
A
So
we
can
like
have
a
a
document,
a
pre-cap,
a
pre.
I
mean
like
a
a
pre-k
from
from
kubernetes,
but
specifying
the
service
selector
and
what
kind
of
problem
we
are
trying
to
solve,
how
we
imagine
this
being
designed
in
the
api
and
how
do
we
imagine
like?
Okay,
we
are
going
to
use
certain
selector,
that's
going
to
point
to
end
points,
or
something
like
that.
So
I
think
this
is.
This
is
like
a
high
start,
so.
F
By
the
way,
so
just
as
nfl,
we
already
have
the
write
up
that
is
needed
for
that
again
just
trying
to
fit.
If
I
guess
what
I
need
to
do
is
I'm
looking
for
maybe
a
template.
If
there's
a
template
that
you
guys
are
using,
I
can
do
that
or,
if,
if
you,
rather
that
we
use
something
like
what
we
did
for
fqdun
cluster
scope
policy
I'll,
do
that
either
way
it's
fine
yeah.
A
F
I
both
of
our
names
on
this.
We
will
get
it
out.
We
we
already
have
the
write
up
I'll,
just
gonna
talk
to
open
internal
circle
and
shake
we'll
sort
it
out.
Okay,.
A
Okay,
this
is
a
great
question,
so
we
have
this.
Is
we?
We
we've
started
to
open
an
issue
in
jay's
repo,
because
we
don't
have
like
an
official
repo
to
follow
the
the
the
the
roadmap
from
from
this
one.
So
we
decided
to
to
open
this
in
in
in
not
j
in
jade's
repo
in
github,
but
we
have
like
we
are.
We
are
doing
this.
A
Probably
it's
better
to
find
here,
ftdnftdm
here
yeah,
so
this
is
the
I'm
gonna
send
to
you
in
in
check
also
in
in
zoom
chat.
So
yeah.
I
think
it's
it's
like
it's
a
it's
a
it's
a
good
template
because
it
covers
the
context.
It
covers
the
proposal.
Probably
we
just
miss
here,
the
user
story,
why
we
are
trying
to
to
do
this?
Okay,
and
as
soon
as
you
have
this
we
can
we
can.
A
We
can
discuss
this
in
in,
like
in
the
next
meeting,
save
something
like
15
minutes,
20
minutes,
okay,
whatever
you
need,
and
then
we
can
send
this
to
sig
network
mailing
list.
So
we
have
like
a
brother,
public
and
and
and
people
is
going
to
start
commenting
here
as
they
did
with
we
go
in
here,
live
okay,
so,
okay.
F
There's
one
more
topic
that
I
wanted
to
bring
up.
In
addition
to
so
there
was
also
talk
about
selecting
pods
using
service
accounts.
F
F
There
is
a
user
story,
it's
just
like
you
know
we're
trying
to
make
it
all
in
open
source,
at
least
from
the
google
perspective,
so
we
would
like
to
lead
it
like.
What's
going
on
in
the
search
I
mean
we
use
service
accounts
for
a
lot
of
gcp
related
features
anyhow,
so
for
us
like
we,
we
are
planning
to
do
that
for
the
parts
also.
So
we
like
to
start
off
by
using
a
getting
comments
from
everyone,
and
I
think
there
are
some
vendors
also
who
might
be
doing
that.
F
I'm
not
sure,
but
I
think
there's
some
vendors
who
might
be
already
supporting
it.
So
it
may
be
useful
to
get
a
like
a
generally
agreed
api
for
this.
So
I
will
what
what
we
can
do
we
can
start
off.
I
would
like
to
I'm
happy
to
work
with
anyone
who's
willing
to
work
with
us.
We
have
some
user
stories
like
you
know,
abhishek
andrew
anyone
interested.
Let
me
know
we
can
get
right
up.
F
I
don't
know
if
I
can
get
the
write-up
done
for
this
thing
by
next
week,
but
next
week
we'll
definitely
get
the
service
selector
done,
but
this
is
an
area
that
we
can.
We
are
interested
in
that
working
in
the
open
source
community.
A
F
I'm
not
on
flat,
so
if
you
can
tell
me,
is
that
a
yeah
send
me
like
a
link
to
the
down
and
I'll
see
you
on
that
yeah.
C
Yeah
there's
also,
we
have
a
google
doc
of
all
the
accepted
user
stories,
so
I
think
the
next
step
would
be
maybe
adding
a
suggestion
in
there
with
the
user
stories
that
you
mentioned,
and
then
we
can
go
through
it.
You
know
like
we
can
iterate
over
it
during
the
calls
and
then
eventually
accept
the
user
story,
which
would
mean
this
one
right
yeah.
So
I
think
just
just
maybe
add
the
user
story
directly
in
here
as
a
suggestion,
and
then
we
can
go
over
it.
Yeah.
F
Actually,
if
you
go
down
further
andrew,
like
this,
is
something
I
was
talking
to
him
about
tim
hawkin
and
he
put
a
comment
there
to
like
if
you
go
all
the
way
down
at
the
bottom.
So
if
yeah,
so
you
know
so,
he
was
said
like
a
select
web
service
account,
like
you
know
this.
This
topic
he
was
suggesting,
like
you
know,
we
should
so
it
does.
Tim
was
involved
in
this
decision
too.
So
yeah.
C
Yeah,
I
I
think
I
think
it
makes
sense
but
yeah
like
I
think
we
should
just
get
it
added
to
this
doc.
So
we
can
okay.
A
Yeah
I
this
has
a
different
user
story,
so
we
can
like
separate
them
from
the
the
idea
of
services
and,
like
I
want
to
select
everything.
That's
behind
the
service
like
I
want
to
select
from
my
ingredients.
I
want
to
my
impress
controller
I
wanna
I
wanna
use
like
I
want
to.
I
want
to
select
for
specific
endpoints
that
are
selected
by
the
by
the
service
by
a
service
object.
Instead,
instead
of
a
selector
and.
B
A
A
F
Just
put
like
a
webinar
gmail.com
or
you
know,
and
give
me
edit
access,
I
can,
I
can
see
you
know
v
as
in
vector
v
a
and
then.
G
I
can
provide
a
quick
update
on
fqdn.
We
got
some,
you
know
so
andrew
and
I
have
been
working
on
that
as
well.
You
know
and
we're
we
have
a.
We
had
a
proposal
that
was
looking
pretty
good
actually
and
it
addressed
a
lot
of
the
comments
that
were
originally
left
by
the
way.
G
Thank
you
to
the
community
for
that
and
we
thought
it
was
a
pretty
good
proposal,
but
I
think
when
we
spoke
to
a
customer,
so
I
I
met
some
customers
about
this
and
it
sounded
like
it
wasn't
going
to
be
enough
to
just
you
know:
do
it
on
the
dns
layer
and
they
actually
wanted.
You
know
implemented
at
the
the
data
plan
they
wanted
and
you
know
completely
enforced,
but
it's
not
just
that.
You
know
the
dns
said:
okay,
I'm
not
going
to
give
you
the
answer
to
this.
G
You
know
query,
then
you
know
it's
good
enough,
it's
it's
just
it's
not
so
they
want
stricter
guarantees
around
it
and
that's
why
I
think
the
solution
will
have
to
be
thought
about
a
little
more
because
it
is
tricky.
It's
not.
You
know
straightforward
to
do
this.
So
that's
what
I
think
we'll
have
to
take
another
look
at
it,
so
andrew
I'll
I'll
reach
out
to
you
with
more
details
on
this,
and
whoever
else
wants
to
you
know
help
out
with
this.
G
C
I
think
it'd
be
helpful
to
I
don't
know
how
much
you're
allowed
to
share
around
like
the
customer
requirements
there,
but
I
think
it'd
be
great.
If,
if
we
can
outline
yeah
the
yeah
like
why
it
has
to
be
enforced
on
the
data
plane
and
what
requirements
they
have,
that
that
would
yeah.
G
Right
so
I
think
the
requirement
so
I'm
happy
to
share
all
the
information
that
we
got,
but
I
think
the
the
primary
like
you
know
requirement
was
that
you
know
they
wanted
eliminated
eliminated
like
they
want
the
possibility
eliminated
of
you
being
able
to
get
out
of
that
ip.
G
Whether
you
got
the
answer
from
dns
or
not,
is
it's
kind
of
irrelevant
so
they're
calling
it
an
ftd
policy,
but
they
don't
really
care
if
dns
as
a
component
was
involved
with
it
as
long
as
those
ips
are
restricted
in
in
the
data
plane
that
anybody
cannot,
just
you
know,
go
out
to
those
ips
and
they're
guaranteed
about
that
behavior
then
they'll
be
happy
with
it,
so
that
that
was
kind
of
the
the
context
behind
that.
I
don't
know
if
I
explained
it
very
well.
C
G
G
Yeah,
I
know
it's
not
very
like
it
doesn't
feel
very
satisfying,
but
but
I
think
that'll
probably
be
the
best
way
to
think
about
anyway.
You
know
I'll
take
it
offline
with
you
and
then
we
can
figure
out
how
to
push
this
forward
in
terms
of
api
and
implementation.
A
Do
they
do
they
expect
something
like
a
real
time
change
like
every
single
request
with
the
dns?
It
changes,
also
the
the
rule
based
on
the
id
or
like
they
are
okay,
with
having
some
sort
of
of
delay
like
if
I
change
my
service,
my
service
id,
and
then
I
change
this
in
dns,
respecting
the
the
ttl
or
something
like
that.
You
know
about
that.
G
So
I
think
the
sensitivity
to
time
is
it
can
go
either
way
depending
on
what
kind
of
a
customer
you're
talking
to
some
customers
are
saying,
you
know
very,
very
sort
of
cloud
native
about
this
and
they
say
yeah,
it's
okay.
I
understand
you
know
like
a
minute
or
two
is
fine.
You
know,
but
in
some
cases
like
a
financial
institution
would
be
like
yeah
hell.
No
right
like
there
cannot
be
any
delay.
So
I
think,
because
it's
a
security
thing
we
have
to
be
the
serve
the
tightest
guarantee.
G
C
I
I
feel
like
just
by
nature
of
the
protocol
like
it
has
to
be
one
or
the
other,
like.
I
can't
think
of
a
way
we
would
enforce
policy
like
at
the
data
plane
level
like
at
the
close
to
the
like
the
network
interface
without
being
out
of
sync
with
dns,
just
based
on
like
ttls
and
then
whatever
right,
but
yeah.
Maybe
we're
just
solutioning
at
this
point.
So.
G
Yeah
yeah
yeah.
I
I
just
wanted
to
provide
that
update
that
you
know
we
did
actually
get
some
feedback
from
customers
and
I
think
our
original
the
proposal
that
andrew
and
I
have
been
sort
of
working
on,
I
don't
think
it'll
it'll-
satisfy
that
requirement.
So
we'll
have
to
sort
of
do
some
re-engineering.
B
G
But
this
particular
case
it
was
one
customer
that
I
spoke
to
and
you
know
there
are
some
other
customers
who
have
requested
something
similar.
C
C
G
I
think
it's
certainly
worth
taking
a
look.
You
know
I
I
think
it'll
probably
just
take
some
time,
but
one
way
or
the
other.
I
think
we
have
to
come
up
with
an
alternative
solution.
So
yeah
I
mean.
Certainly
we
can.
You
know,
get
some
more
information
around
this,
but
I
think
we'll,
like
even
some
of
the
instincts
that
I've
heard
from
you
know
people
who've
been
in
the
security
industry.
I
you
know
it
felt
like
the
right
way
to
do.
G
This
was
in
the
data
plane
because
they
don't
want
any
any
sort
of
loophole
where
you
don't
go
through
fqdn,
but
I
don't
know
you
you
figure
out
through
curl
or
something
and
I
don't
know
you
can
resolve
it
or
go
into
some
other
ip
address,
get
those
ips
and
then
you
can
exit
out
to
to
those
ips.
So
I
think
that
was
really
the
the
essence
of
this
comment
and
once
I
understood
where
they
were
coming
from,
I
figured
every
customer
would
probably
say
the
exact
same
thing.
B
You
do
some
kind
of
a
controller
callback
thing
right
like
like,
like
it
seems
like
the
core
functionality
of
the
v0
that
you
all
proposed.
I
mean
I
didn't
see
the
proposal,
but
if
it's
what
I
remember
it,
it
seems
like
that.
Even
if
it's
not
like
100
secure
you
get
to
you,
get
the
api
earned
out.
That
way
for
the
most
part,
right
and-
and
you
can
totally
have
redundant.
I
mean
security
is
all
about
having
redundant
layers
of
protection
right.
G
Fair
point,
I
think
the
api
by
itself
is
is
sort
of
independent
of
this,
so
we
we're
still,
you
know
the
api
by
itself.
I
think
we're
relatively
sort
of
confident
I
think,
of
what
we
want
to
propose.
We
want,
I
think,
the
implementation
of
it,
which
were
which
was
what
was
the
ask
in
the
proposal
by
many
folks,
was
like
you
know
how
we
actually
are
going
to
implement
it
and
what
guarantees
we
provide.
G
I
think
that's
really
been
the
key
question
of
this
proposal
and
that's
what
we
want
to
address
and
given
the
fact
that
it's
a
security
feature,
you
know
it
just
seemed
like
we
have
to
do
the
right
thing
from
day
one
you
know
like
it's
just
not
something
we
can
iterate
on.
I
guess
because
people
are
kind
of
running
this
and
production
software
and
we
want
to
make
sure
that
they
have
the
guarantees
that
they
expect.
B
G
Sure
yeah,
certainly
something
to
consider.
I
think
what
we'll
do
is
like
from
here
we'll
take
this
feedback
and
you
know
any
other
feedback,
and
then
you
know
iterate
on
this
figure
out
how
we
can
sort
of
split
this
into
different
phases.
If
we
have
to
or
if
it
makes
sense,
you
know
we
and
we
can
get
there
fast
enough.
Equally,
then,
might
as
well
go.
The
whole
whole
thing
do
the
whole
thing
together:
yeah.
B
Because
I
bet
the
cni
providers
would
be
real
excited
about
that
right,
like
they'd,
be
like
oh,
okay,
cool.
You
all
got
like
an
api
created.
Well
guess
what
we
can
make.
We
can
do
one
better.
We
can
not
only
enforce
this
api,
but
we
can
also
have
an
upsell
thing
and
then
everybody
wins
right.
The
business
is
when
the
vendors
win,
the
customer
wins.
Everybody
wins.
G
Yeah,
so
I
think
maybe
that's
the
right
way
to
do
this.
Where,
like
you
know
the
proposal
just
says,
here's
the
api
and
here's
the
sort
of
exact
interpretation
and
semantics
of
this,
and
then
we
just
sort
of
get
that
approved,
and
then
people
can
just
go
implement
it.
However,
they
want
right
in
their
own
cnn,
yeah.
B
B
So
we
give
them
a
full-blown
upstream
solution
to
their
problem
right,
even
though
the
downstream
bits
may
not
have
been
fully
worked
out
yet.
G
Yeah
yeah,
I
think
that's
that's
fair.
I
think
we
can
andrew
and
I
can
just
figure
out
what
the
api
should
be
and
then
we'll
we'll
just
specify
as
much
of
it
as
possible
in
terms
of
how
it
should
be
implemented
and
then
we'll
just
let
the
providers
take
it
from
there
with
our
end
to
end
test.
B
Yeah
yeah
yeah.
Definitely
once
it's
time
to
write
those
tests.
Let
me
know
like
loop
me
in
on
it
and
I'll
I'll
help.
I
mean
I'll,
build
the
tests
for
sure
that's
cool
yeah.
A
Okay,
so
one
last
comment:
abhishek,
I
I've
added
an
ai
for
you
to
send
an
email
to
network
inviting
folks
for
the
next
meeting
on
monday,
saying
that
we
are
probably
going
to
discuss
about
the
cluster
scoped
policies.
I
don't
know
if
this
is
the
idea,
but
we
can
gather
some
good
feedbacks
about
this.
One
like
we
can
dedicate
the
next
meeting
for
only
this
discussion,
I'm
okay
with
that.