►
Description
Kubernetes Network Special Interest Group Biweekly Meeting for 20220106
A
B
The
danger
of
too
many
windows
to
github
open
at
any
given
moment,
okay,
so
looks
like
the
very
first
one
is
one
that
I
might
need
to
chase
down.
It
looks
like
this
person
unless
we
think
this
is
a
non-aks
specific
thing.
What
do
we
think
is
happening
here?
Not
saving
endpoint
for
unknown
health
check.
D
It
wasn't
clear
that
this
was
aks
specific
just
that
they
were
using
aks.
I
I
flagged
this
one
for
can
we
get
a
volunteer
to
see
if
they
can
make
heads
or
tails
of
what
the
error
really
means
and
what
might
lead
to
this?
Like,
I
don't
know
off
the
top
of
my
head.
What
would
lead
to
this
error
message?
I
have
a
vague
recollection
of
writing
that
log
line
or
reading
that
log
line,
but
I
don't
remember
what
it
was
for.
D
B
Anyone
I
mean
I
can
at
least
try
to
reproduce
it
so
okay
and
find
out
if
it,
if
I
can
get
it
to
happen.
D
B
Yeah,
so
let's
and
then
should
I
triage
accepted,
probably.
E
B
B
D
I
was
just
responding
at
the
end.
I
looked
at
this
one
a
few
minutes
ago.
It's
a
it's
a
feature
request.
So
there's
a
proposed
work
workaround
here
in
the
bug.
Already,
it's
not
exactly
what
the
user
was
asking
for.
I
don't
think
what
they're
asking
for
is
crazy,
but
it
would
require
a
cap
and
some
api
changes
and
either
loosening
of
validation
or
some
new
fields
and
it
doesn't
yeah.
It's
not
immediately
obvious
to
me
that
it's
worth
that
amount
of
effort
yeah
so
we'll
see.
D
A
So
this
one
looks
legit,
but
it
would
need
somebody
who
has
expertise
in
the
wind
kernel
proxy
or
to
figure
out
what
to
do
here
and
how
to
like
jump
to
the
area
that
needs
to
be
jumped
to
okay.
D
B
B
D
B
D
Is
this
is
basically
a
one
of
the
family
of
bugs
that
are
related
to
node
ports
on
localhost
I
followed
up,
and
then
I
wanted
to
ask
here.
If
anybody
has
contacts,
because
because
I
ran
out
of
time
to
search,
do
we
have
a
general
like
an
issue
open
or
somebody
paying
attention
to
the
general
problem
of
like
moving
in
this
direction?
D
We
have
a
compatibility
problem,
but
it's
also
a
security
problem,
so
it
may
actually
be
worth
the
effort
to
try
to
drag
people
towards
the
light,
and
I
didn't
know
if
we
had
an
open
issue.
These
are
all
closed,
related
issues,
but
there's
another
nine,
two,
nine
three
there
you
go,
which
is,
is
really
the
the
real
issue
right,
don't
set
that
that
cisco
anyway,
the
question
is:
do
we
have
an
issue
for
this?
Should
we
open
it
issue?
Should
we
just
re-title
this
issue
and
call
it
eventually?
D
H
D
The
use
case
that
I
remembered
was
people
running
a
a
non-https
container
registry
and
they
created
a
node
port,
because
docker
would
only
allow
non-https
on
localhost,
so
they
ran
it
on
port
5000
on
there
on
a
node
port
on
you
know
whatever,
and
then
they
set
all
their
images
to
local
host
colon
node
port.
D
This
is
a
great
read.
It's
a
first
of
all.
It's
a
great
bug
report
like
if
every
user
filed
bug
reports,
this
complete
we'd
be
rocking
and
rolling,
but
I
can't
fathom
what
the
hell's
going
on.
D
B
B
D
They're
looking
at
the
dns
side,
but
I
can't
imagine
how
dns
is
the
the
thing
yeah
I
mean
the
only
way
you
could
coordinate
this
across
nodes
would
be
through
something
like
cube
proxy
right
or
or
this
cilium
equivalent.
So
my
question
for
the
call
is
anyone
from
my
surveillance
here.
Anyone
who
knows
psyllium
really
well
wants
to
like
pontificate
about
whether
this
is
even
possible.
D
Nobody
all
right,
let
me
think
about,
if
there's
anybody
on
this
on
the
psyllium
side,
that
I
know
who
I
could
ping
for
a
consult
on
this
leave
this
one
or
I'll
self-assign.
It.
G
D
No
go
ahead,
and
I
mean
okay:
we
can.
We
can
leave
it
on
a
sign.
Do
you
want
a
ping?
Let's
see
I'll
ping
andre
right
now,
while
we're
doing
this?
Okay,.
B
Perfect,
I'm
gonna
pop
to
the
next
one.
Let's
see,
what
do
we
think
if
you've
got
some
here.
G
Yes
sent
to
me,
I
am.
B
B
F
B
I
B
I
E
J
J
A
G
D
B
B
D
B
I
will
wait
and
see
what
bowie
and
ricardo
come
up
with
there.
Okay
and
maybe
one
more
oh
udp,
excellent
lots
of
excitement
there
we
have.
B
A
D
K
Hello,
can
you
hear
me?
Yes,
yes,
cool,
so
hi,
my
name
is
james.
I'm
the
release
lead
for
kubernetes
124..
I
just
wanted
to
come
by
and
introduce
myself
and
say
hello
and
answer
any
questions.
Anyone
has
about
the
upcoming
release.
K
I
also
have
some
upcoming
dates
for
you
I'll
put
a
link
to
the
full
schedule
which
you
just
finalized
in
the
chat
a
moment,
but
upcoming.
Soon
the
release
starts
on
monday,
this
upcoming
monday
10th
of
january.
The
production
readiness
review
soft
series
is
on
thursday,
the
27th
of
january
towards
the
end
of
the
month
and
enhancements.
Freeze
is
a
week
later
at
2am,
utc
friday,
the
4th
of
february,
which
is
6
p.m.
K
Pst
thursday,
the
3rd
of
february
I'll,
pull
out
the
schedule
link
and
find
the
chat
there,
which
gives
you
everything
you
need
to
know
so,
yeah
hello,
any
questions.
D
Do
we
have
dates
for
code
freeze,
nominated.
K
K
Code
freeze
30th
of
march
utc,
which
is
20
29th
march
pdt,.
D
So
we
as
a
sig
have
not
yet
had
a
discussion
about
which
caps
we
want
to
queue
up.
I
didn't
put
on
the
agenda
for
today
because
I
didn't
do
my
homework,
but
we
should
go
through
the
kep
board
and
make
sure
that
everything
that
we
want
to
be
making
progress
is
making
progress
and
decide
which
ones
we
want
to
let
in
the
gate
this
cycle
we've
been
pretty
good.
The
last
couple
cycles
about
keeping
the
gate
closed.
D
A
K
Not
really
we
as
a
release
team,
don't
pick
themes
of
the
logo
and
those
are
generally
informed
by
what
the
sigs
put
in.
Obviously,
the
big
one
we
know
about
so
far
is
docker
shim
everyone's
talking
about
docker
shimmer,
all
the
time,
but
other
than
that.
No,
not
not.
In
particular,
it's
not
like
a
maintenance
release
or
a
feature
release
or
anything.
We
have
no
such
concept.
D
K
B
A
Yeah
any
of
the
mistakes
they
remind
so
please
update.
If
you
can
thanks
and
I
preempted
ricardo-
really
quick
tim
did
you
want
to
go
through
kep
board
review?
I
didn't.
I
Okay,
this,
I
hope
this
one
is
quick,
but
that's
probably
a
hard
discussion,
so
I
was
talking
with
team
before
new
year.
I
don't-
I
don't
know
if
you
remember
about
that
team,
because
we
are
trying
to
promote
and
part
to
ga
right
and
we
have
a
situation.
I
was
talking
with
jay
as
well
that
we've
got
we've
reached
the
the
bar
to
promote,
but
cedium
is
not
able
to
right
now
to
implement
imports
on
their
cni,
so
we
have
red
hat.
I
We
have
entria,
we
have
calico,
we
have
cube
router
and
I
guess
we
have
one
but
but
syrian
got
some
some
some
hard
time
to
promote
that.
So
my
thing
is
that
I
really
want
to
remove
that
thing
from
my
kiwi
and
maybe
get
that
that
cat
promoted,
but
on
the
other
hand,
I
understand
the
the
problem
that
this
might
be
a
problem
to
the
ecosystem,
because
sodium
is
getting
more
and
more.
I
I
It's
gonna
pro
we
are
gonna,
probably
have
the
same
problem
that
we
we've
got
with
sctp
for
a
long
time.
So,
like
like
people
jumping
into
kubernetes
issues
and
saying
hey,
fctp
doesn't
work
on
my
cni.
I
don't
want.
I
don't
know
what
to
do
so,
I'm
just
bringing
here
to
discussion
because
I
actually
I
don't
know
what
to
do.
I
don't
know
team
if
you
got
some
return
from
sydium
folks
as
well
or
if
we
just
should
like
okay,
whatever,
let's
wait,
one
more
cycle.
D
I
I
did
spend
a
little
time
talking
with
folks
over
at
psyllium
and
the
short
answer.
Was
it's
difficult
to
implement
efficiently,
not
impossible,
but
they'd
have
to
spend
person
time
on
it,
which
they
don't
have
a
whole
lot
of
reason
to
do
at
the
moment,
because
it's
not
been
super
important
and
what
what
we
are
missing
as
a
community
is
a
norm
for,
do
they
have
to
do
it?
Do
we
have
a
stick?
Is
there
a
carrot
like?
Can
we
encourage?
D
How
do
we
encourage
implementations
to
stay
up
to
the
current
and
to
do
things
which
you
know?
Maybe
they
have
other
priorities,
I'm
sure
they
do
and
and
if
the
carrot
doesn't
work
then
do
we
have
a
stick,
and
I
don't
know
that's
an
english
phrase.
I
don't
know
if
everybody
gets
it,
but
the
so
I
don't
have.
I
don't
have
a
real
good
answer
here.
We
talked
sort
of
a
little
bit
about.
Do
we
need
network
policy
conformance?
D
Do
we
need
to
actually
create
a
program
that
says
this
is
what
it
means
to
be
conformant
and
here's
the
dashboard
and
the
stick
is
a
red
line
in
the
row
that
says
psyllium
non-conformant
as
of
124
right
or
something
like
that,
I
mean
that's
a
pretty
big
stick.
Is
that
what
we
need
to
do?
J
So
in
this
specific
case,
as
opposed
to
the
general
case,
where
yeah
we
maybe
do
need
some
solution,
but
this
was
a
very
poorly
motivated
new
feature
and
and
so
we
can't
have
any
stick
that
involves.
But
people
actually
want
this,
because
we
don't
actually
have
a
lot
of
evidence
that
people
actually
want
this
and
and
so
they're
choosing
to
not
implement.
It
might
be
the
correct
decision.
D
I
I
You've
shown
that
to
me
and
made
my
day
happy
so
yeah
I
agree
with
you,
then
I
just,
but
I
think
that,
like
team
team
points
is
fair
like
for
me,
it's
this
in
the
same
scenario
as
sctp
right
we've
been:
we've
been
spending
a
lot
of
time,
trying
to
figure
out
actually
who
uses
a
ctp
and
why
that
that
thing
got
promoted
to
ga,
and
then
we've
got
like
a
lot
of
issues
from
I
guess
telecom,
or
something
like
that.
I
Folks,
using
that
and
saying
hey,
okay,
this
is
ga,
so
we
now
need
to
support
that,
and
some
cni
supports
us,
I'm
not,
and
maybe
we
need
to
have
some
conformance
like
meth.
That
has
been
doing
that
with
cyclones
on
past
he's
shown
that
to
us,
but
even
that
it's
a
big,
I
got
the
the
the
word
team
about
the
stick
and
the
carrot.
I
can
understand
that.
So
that's
a
that's!
That's
a
big
stick,
saying
hey!
You
are
not
conformed
with
kubernetes
anymore,
because
you
don't
implement
this
feature
right.
So.
D
And
honestly,
if
we
go
that
route,
we
probably
need
to
like
talk
to
cncf
folks
about
what
does
it
mean,
because
I
don't
think
we
as
a
sig,
like
we
can't
revoke
somebody's
permission
to
use
the
name
kubernetes
unless
we
put
it
in
the
real
conformance
suite.
But
network
policy
has
always
been
an
optional
feature,
so
we
can't
really
put
it
in
the
conformance
suite,
so
we're
on
sort
of
untrodden
territory.
So
far,.
J
Maybe
we
need
some
standardized
way
of
describing
what
network
features
a
plug-in
implements,
because
it
was
never
intended
that
everybody
was
going
to
be
or
never
assumed
that
everybody
would
implement
sctp.
It
was
just
if
a
plug-in
implements
sctp.
This
is
how
it
should
work
so
that
they're
compatible.
D
So
there's
another
cap:
there's
the
network
policy
network
policy
status
kept,
which
suggests
maybe
we
should
add
a
status
field
that
can
say
hey.
I
can't
implement
this
policy
because
you,
you
know,
feature
x,
isn't
you're
trying
to
use
feature
x,
but
I
don't
support
feature
x,
which
isn't
super
helpful
for
legacy,
clients
or
legacy
implementations
who
don't
know
about
the
status
or
who
don't
know
about
the
feature
to
indicate
that
they
don't
support
it.
They
just
don't
see
it
right.
So.
I
L
Well,
I
mean
there's
ways
around
it
right
if
you,
if
they
don't
know
status,
they
just
don't
report
it,
and
you
know
it's
it's
unknown
or
it's
unresolved
or
you
have
to
default
to
the
cni's
documentation.
L
I
I
think
it's
a
it's
a
major
problem
like
with
cmp
with
cluster
network
policy,
we're
thinking
how
can
we
build
it
so
that
we
can
expand
to
new
types
of
selectors
in
the
future
and
it's
the
same
sort
of
problem
like
we
don't
know
if
we
should
be
doing
that
with
the
status
or
should
we
have
some
sort
of
like
sig
network
object?
That
states
like
this
is
what's
supported,
kind
of
what
dan
was
alluding
to
earlier,
like
there
might
be
a
better
way
to
do
this.
Besides,
just
focusing
on
network
policy.
D
J
I
D
Yeah
calling
it
conformance
may
be
too
heavy
right
if
it
was
just
simply
an
advisory
table
that
users
could
consult.
Then
you
know
we
then
have
a
different
problem
of
maintaining
it
over
time
and
removing
stale
entries.
But
you
know
at
least
we
can
say
that,
like
it's
written
down
somewhere.
J
D
Yes,
I
mean
to
carry
that
to
its
conclusion.
We
could
implement
in
mission
control
that
is
always
kept
up
to
date,
because
it's
in
tree
and
says
oh
you're,
trying
to
create
a
policy
that
uses
the
fubar
and
fubar
is
not
in
the
supported
list
from
your
implementation.
Reject.
D
So,
that's
not
shouldn't,
say
it's
off
the
table.
It's
it's
a
little
weird.
I
think
we're
the
only
subsystem
that
has
this
problem,
but
we
have
it
in
spades
right.
We
have
ingress
and
gateway
and
network
policy
which
are
all
gonna
fall
in
the
same
category.
Do
storage
providers
not
have
this
problem?
I
I
don't
know
a
lot.
D
No,
I
think
you're
you're,
probably
right
they
do,
but
they
have
csi
sitting
between
their
implementations
and
kubernetes.
So
I
don't
even
know
what
csi
does
at
this
point
in
in
this
regard.
D
Yeah,
maybe
it's
worth
a
joint
infrastructural
sigs.
It's
wrong
term
often
implemented
out
of
tree
sigs.
That
can
talk
about
this
idea.
That's
actually
not
not
bad.
I
kind
of
like
the
idea.
A
D
All
right
I'll
tell
you
what
I'll
take
an
action
to
start
a
a
small
thread
with
some
of
the
folks
from
sig
storage
and
see
if
they
want
a
if
they
have
solutions
to
this
and
b,
if
they
are
suffering
the
same
problem,
should
we
solve
it
in
a
common
way.
C
L
L
D
At
time,
okay,
let
me
find
my
window.
H
H
Got
it
and
I'll
share
a
chrome
tab,
wait
which
chrome
tab?
How
about
this
one
come
on?
Can
you
choose
this
one?
It's
just
not
giving
me
any.
D
Too
many
tabs
here,
I'm
just
going
to
share
the
window
that
one's
easy
tell
me
if
you
can
see.
D
All
right
so
we'll
start,
I
guess
from
the
right
to
the
left.
So
are
there
anything
that
we
have
gade
that
has
been
had
the
gates
removed?
I
don't
think
there's.
B
No
gate
on
563
anymore
that
could
probably
get
moved
over.
D
B
As
I
understand
it,
people
can't
feature
flag,
dual
stack
off
anymore,
but
maybe
I
misunderstand
that.
D
H
D
Okay,
so
that's
on
you
yeah
all
right,
then!
Oh,
you
can
see
it
in
the
releases
too.
So
twenty
two
two
yeah
two
releases
later
it's
removed,
then
probably
the
same
on
this
one.
I
don't
suppose
hobbies
here,
but
we'll
look
at
this
okay.
What
did
we
do
anything
to
move
from
beta
to
ga
this
cycle?
D
M
M
Yes,
no
sorry
service
in
the
table.
You
know
you're
you're,
right,
you're,
right,
it's
gm
updated,
but
the
table
yeah
you're
right
it
is
it.
M
D
M
That
moved
alpha
to
beta
just
one
more
thing:
the
ingress
class
namespace
scope,
thing
that
is
ga
in
123.
M
D
Dan's
got
some
pr's
open
right,
yes,
yeah!
So
it's
it's
untangling
slowly,
but
it
took
me
some
brain
power
to
reason
through
your
pr
man.
J
D
D
Okay,
sorry,
alpha
to
beta
did
anything
go,
did
graceful
termination.
You
know.
M
To
beta
23.
topology
went
across,
which
one
is
that
this
one,
the
last
one
yeah.
D
I
O
L
Yeah
dan
winship
gave
a
really
really
great
comment.
It's
our
review
like
a
good
while
ago,
we're
still
working
on
finishing
up,
responding
to
it
and
changing
it.
There
was
quite
a
considerable
amount
of
great
I'd.
L
B
F
D
O
D
D
If
you
have
it
go
through
and
mark
which
ones
you
want
to
shoot
for
24
by
we'll
just
decentralize
this
anybody
who's
got
caps
that
they
would
like
to
target
for
24.
Please
try
to
hit
it
with
the
milestone,
24
or
ping
me.
If
you
can't.
I
think
you
can
do
that
through
a
comment
and
that'll
help
us
when
we
look
at
this
next
to
prioritize.
M
One
note
on
that
gateway,
pi1
and
pre-alpha.
I
think
that
can
just
be
moved
off
the
board.
It
wasn't.
It
didn't
really
go
through
the
it's
at
the
very
top
of
the
list.
It
didn't
really
go
through
the
full
process.
It's
just
kind
of
a
separate
thing.
D
Oh
okay,
so
you
can
go,
and
so
these
are
all
issues.
If
you
close
the
issue,
then
it
will
be
removed.
No,
no,
it
is
closed.
What
is
it's
still
on
the
porch
yeah?
I
don't
know.
H
D
All
right
so
cluster
network
policy
load,
balancer
behavior
I
started
looking
at.
I
don't
know
if
I'll
have
the
time
to
really
get
it
in,
but
the
cap's
already
here.
So
maybe
the
code
isn't
that
complicated.
But
I
don't
have
time.
G
For
that
one,
we
need
to
the
to
merge
the
the
coupling
of
the
road
balancer
ingress
status.
Yes,
yeah.
D
G
D
D
G
Good
cap
yeah,
but
it's
I.
D
G
D
Okay,
all
right
multi-siter
is
already
flagged
for
24.
Dual
stack
api
server
support.
That's
a
dan
one,
24.
D
Okay,
host
ip's
status,
this
one
seems
like
it
should
be
able
to
go.
D
I
think
yeah
implementation.
H
Without
moving
along
sorry
milestone
before.
F
F
D
G
F
D
H
D
We'll
have
to
go
through
these
again
see
which
ones
of
these
we
just
want
to
call.
D
Okay,
there
enhancements
3070.,
got
it
okay
and
probably
should
just
get
rid
of
this
prs
column
because
we're
not
really
tracking
it
all
right.
D
Please
let
me
know-
or
you
know
somehow
get
them
onto
the
the
project
designation,
if
you
don't
mark
them
as
sig
network
caps,
and
they
won't
show
up
on
this
board
and
now
is
the
time
to
look
at
all
the
caps
and
figure
out,
which
ones
do
we
think,
are
most
impactful
and
want
to
push
forward,
especially
if
you're
willing
to
sign
up
for
it.