►
From YouTube: Kubernetes SIG Network meeting for 20230216 (Part 2)
Description
Kubernetes SIG Network meeting for 20230216 (Part 2)
B
C
B
B
E
E
F
B
B
A
B
We
have
I
I,
never
used
to
have
much
contact
with
those
balances.
Recently,
I
have
a
lot
of
questions
so
and
we
don't
have
any
way
of
testing
those
balancers
locally.
So
you
are,
we
are
developing
and-
and
we
are
practically
blindly
of
if
we
have
lucky
and
have
a
car
provided
we
can
test
against
that.
But
it
takes
a
lot
of
time
and-
and
it's
very
for
me-
it's
very
it's
slow.
So
what
I
did
is
I
created
a
cloud
provider
for
kind?
B
B
There
is
no
post
here,
you
can
run
this
club
provider
binary
that
they
created
okay,
the
crowd
provider
is
going
to
connect
to
the
cluster
and
is
going
to
handle
all
the
services
the
load
balances.
The
instances
is
important
because
it's
going
to
be
useful
for
Vanquish
it
he
has
attacked,
modify
the
node
IP.
So
with
this
you
can
you
can
I
want
to
see
with
this.
You
can
test,
they
know
they
beat
him,
but
the
important
thing
for
us
here
is
the
loved
ones.
Okay.
B
B
B
B
Apk
local,
we
are
going
to
have
another
service.
Now
is
the
eight
seats
and
we
can
see
so
this
is
a
nature
proxy.
So
it's
a
growth,
balancer
deep
mode
proxy,
so
the
source
it
is
the
sourcet
field,
the
low
balance,
okay,
I'm
working
on
having
a
direct
proxy,
but
but
this
is
going
to
be
the
next
person.
Okay.
B
B
Terminated
terminating
employees,
this
deploys
a
staple
set
with
two
parts.
B
We
are
restarting
so
you
can
see
the
Apache
one
is
terminating,
it
has.
The
deployment
has
at
least
period
and
and
the
the
application
has
a
it's
catching
the
sixth
term,
and
it's
still
serving
so
there's
no
time,
and
you
can
see
that
now
that
is
terminating.
This
is
forwarding
only
for
the
Apache
0..
B
You
see
this
should
go
away
soon
and
the
rose
balancer
is
used
in
external
traffic
policy.
Local
is
able
to
catch
the
health
check
and
and
identify
the
node
without
any
distraction.
Okay
and
now
the
zero
has
to
run
out-
and
we
see
that
now
the
health
check
is
failing.
The
load
balancer
move
Apache
zero,
but
this
is
still
a
volume
out,
but
all
the
traffic
is
is
being
forwarded
to
the
healthy
part
enough.
B
We
have
the
rollout
with
zero
disruption
tested
in
less
than
five
minutes.
Okay,
and
since
I
mentioned
it,
this
can
be
used
for
run
E3
test.
So
you
can
write
your
E2
test,
the
ones
that
we
have
in
in
I
created
one
for
this
demo,
because
languages
has
a
nice
thing
to
talk
about
that
later
and
but
you
can
run
an
E3
test
and
you
can
see
that
is
going
to
pass
too.
B
So
you
need
to
check
the
this,
create,
get
the
load,
balancer
tested
or
balancer
check
that
it
works,
and
now
it's
going
to
wait
to
for
the
service
to
disappear.
Okay,
so
it
can
take
some
time
and
and
that's
it,
so
there
are
no
excuses
to
test
the
loved
ones.
If
it
is
now
cool
man
and
and
I,
don't
know
this.
This
is
going
to
improve
a
lot.
The
this.
E
B
E
Yeah
but
you're
wallpapering
your
house
with
these
Community
Awards.
So
this
is
this
is
awesome.
Antonio
does
this
now
become
the
default
CI
integration,
so
the
ede
CI
runs
no
longer
take
45
minutes
waiting
for
load,
balancers.
B
No,
no
they're
used
to
be
speaking
so
soon.
I,
don't
know
who
is
putting
the
buttons,
because
I
clicked
the
one
that
picked
me
up
so
yes,
the
idea
is,
is
to
have
I
mean
we,
we
neglected
a
lot
a
lot
of
balances
and
the
idea
is
to
have
everybody
that
wants
to
do
something
to
have
something
and
I
plan
to
do
to
us
and
those
to
the
CI
and
I'm
happy
to
have
I,
don't
know
one
hour
or
a
meeting.
If
people
need
more
interesting
how
to
debug
the
test,
how
to
understand,
but.
E
Yeah
I
mean
the
truth
is
I,
remember,
going
through
all
of
the
load,
balancer
ede
test
cases
and
massively
adulterating
the
tests
and
bringing
them
all
into
one
big
test
case,
because
it
just
took
too
damn
long
to
actually
test
them
in
a
clean
in
a
clean
way.
Where
the
test
cases
did
one
thing,
it
would
be
wonderful
to
undo
that.
B
And
that
that's
the
point,
that's
in
this
point
from
from
language
I
mean
current
state
is
and,
and
with
this
I-
think
that
at
least
we
can
have
you
know
General
test
for
load
balancers,
that
every
every
everybody
should
be
able
to
support.
Okay,
that's
my
point
and
my
I:
don't
have
anything
else
so.
B
C
So
I
think
this
test
showed
up
in
Cube
126,
and
so
we
rebased
openshift
and
started
running
CI
and
AWS,
and
it
turns
out
that
this
test
fails
because
the
default
load
balancer
implementation
for
AWS
is
elvs.
They
don't
support
UDP.
C
There
needs
to
be
an
annotation
placed
on
the
service
to
make
it
an
NLB
which
does
support
that,
but
the
e2e
tests
obviously
don't
put
that
custom
annotation
on,
because
it's
AWS
specific
and
the
cloud
provider
for
AWS
itself
doesn't
automatically
set
that
annotation
either,
and
so
the
guidance
that
I
got
from
some
people
was
that
the
user
needs
to
put
that
annotation
on
when
they
know
that
they
want
elb
and
it
seems
kind
of
gross
to
make
an
end-to-end
test
do
that
when
I
think
they
should
be
fairly
generic.
C
So
the
question
is
really
about,
like
what
kind
of
guidance
do
we
have
here
for
things
like
this,
you
know:
do
we
just
skip
that
ede
test
on
AWS,
or
do
we
try
to
push
back
and
say
AWS
cloud
provider
should
automatically
figure
out
that
the
service
is
a
UDP
and
therefore
make
it
an
NLB
instead
of
an
elb,
as
anybody
else
found
problems
like
this
in
the
n10
tests
before
and
what
do
we
do
to
solve
them?.
A
C
B
B
So
this
is
my
fourth
and
the
when
I
took
it
with
Benjamin
and
around
and
other
people
into
testing
in
theory
day,
three
tests
should
not
have
anything
hardcore.
I
mean
this
is
AWS.
This
is
everything
this
behaves
this
way,
so
everybody
every
test
should
be
agnostic,
but
the
reality
is
that
it's
not
so.
B
C
B
But
that's
the
thing
in
Singapore
and
and
when
we
went
with
the
Captain
G
and
and
the
thing
we
have
this
guy
I
mean
conformance,
is
very
wide.
It's
basically
different
everything
and
if,
if
it
has
an
AP
service,
it's
basically
and
but
in
SIM
network
we
have
these,
things
is,
and
languages
wrote
this
document.
What
is
a
standard,
proxy
and
I
think
we
should
start
moving
to
this
conformance
and
Network
him.
I
have
our
test
and
and
back
then,
and
tell
people
well,
do
you
want
to
be
signature?
Conformers,
that's
another
performance!
A
B
C
C
Aws
cloud
provider
to
do
that:
yeah
I
think
there
are
some
like
cost
differences
between
NLB
and
elbs,
and
so
maybe
that's
why
they
don't
do
it
automatically.
E
But
we
had
I
remember
the
discussion
around
multi-protocol
load
balancers
right
like
if
the
user
is
asking
for
it,
they're
asking
for
it
and
I
I
used
to
think.
Oh
no,
we
shouldn't
spend
money,
spend
the
user's
money
if
they
asked
for
something
and
maybe
didn't
realize
what
they're
asking
for,
but
I
think
it
was
Bridget
who
made
arguments
that
convinced
me
like
they're
asking
for
it.
It's
not
that
they
don't
know
what
they're
asking
for
they're,
specifically
asking
for
something:
ede
I
mean
the
test
is
an
interesting
situation.
E
C
Yeah
I
mean,
as
far
as
I
know,
like
I
I,
don't
know
if
it
actually
does
work
with
nlbs,
because
we
didn't
get
as
far
as
as
hacking
things
up
to
set
that
annotation.
But.
D
C
A
Okay,
Dan,
are
you?
Are
you,
okay,
with
the
idea
of
just
like
following
up
a
cloud
provider
on
this
one.
C
Yeah
yeah
I
can
ask
the
I
think
there
have
been
some
conversations
already
with
people
who
are
involved
in
cloud
provider
and
that's
where,
like
the
current
AWS
guidance
thing
came
from
because
you
know
somebody
at
Red,
Hat
had
asked
about
it,
but
I'll
Circle
back
with
those
people
and
give
them
the
our
thoughts
here
and
follow
up.
Sounds.
A
I
didn't
mean
for
them.
I'm
sorry
I
meant
an
issue
for
potentially
trying
to
make
these
tasks
like
trying
to
pull
away
from
having
tests
that
are
doing
something.
This
specific
getting
into
more
generic
tests.
Is
that
something
that
we're
tracking
seemed
like
a
few
people
mentioned
an
interest
in
that.
E
I
mean
now
that
we
have
an
ability
to
do
load,
balancers
that
isn't
linked
to
a
cloud
provider.
It
seems
like
a
I
wouldn't
want
to
get
rid
of
the
tests,
but,
knowing
maybe
they
don't
run
I,
don't
know,
I
feel
I
feel
like
it
would
be
retrograde
motion
to
not
test
this
I
I
wasn't
even
aware
that
the
AWS
doesn't
support
it
out
of
the
box
like
that
is
surprising
to
me.
B
What
I'm
saying
is
moving
forward
this
tester?
We
have
right
now
we
can.
This
test
needs
to
be
all
of
them
need
to
refactor,
but
moving
forward.
We
want
to
have
more
agnostic
steps,
and
one
of
these
tests
is
going
to
be
I
want
to
create
a
service,
low
balance
it
and
expose
a
new
decision,
and
they
said
it's
going
to
fail
in
AWS
right.
A
Oh
I
was
typing
live
there.
Wasn't
it
I'm
happy
to
take
on
an
action
item
of
following
up
with
Antonio
asynchronously,
and
we
can
talk
about
whether
or
not
we're
tracking
this
desire
to
make
the
test
more
agnostic?
How
does
this
sound
and
maybe
create
an
issue
for
it
after
talking
with
Antonio
about
it?
Does
it
sound
good.
B
B
A
Gotcha,
so
just
there's
an
open
question
so
so
was
I.
Maybe
thinking
I
I
was
wrong,
but
I
was
right
about
what
I
was
thinking
originally,
that
we
should
just
follow
up
asynchronously
on
this
one
and
and
kind
of
think
come
up
with
a
plan
for
next
time
about
what
we're
going
to
do,
because
we
are
kind
of
running
short,
a
little
short
on
time
and
somebody
else
wants
to
go.
A
Okay,
msk
Rocky.
G
Yeah-
and
this
is
just
a
follow-up
on
I-
think
from
two
two
meetings
before
about
the
naming
I
did
create
a
poll
survey
for
our
multi-network
object.
If
you
want
to
use,
please
just
follow
up,
and
if
you
can
just
select
your
your
your
preferences
on
the
description,
the
topic
has
some
links
to
the
requirements
PR
of
what
the
object
has
to
be,
what
we
plan
to
do
with
it.
So
please
go
ahead
and
and
fill
it
up.
G
A
A
But
this
one
was
I
think
the
main
reason
I
picked.
It
was
just
because
it
seemed
old.
So
basically,
the
idea
is
here
that
there's
a
potential
bug
at
some
point
where
we
thought
upgrading
into
a
cluster
with
IPv6
would
cause
things
to
break
with
endpoint
slices
because
they're
not
keeping
track
of
all
the
references
to
service
or
the
kubernetes
service,
API
server
service.
A
It
left
off
with
Dan,
saying
we'll
end
up
fixing
this
so
I
just
thought.
We'd
check
in
on
this
one
and
see
like
is:
is
this
actually
moving
or
is
it
kind
of
stuck
in
the
position
that
it's
in?
Is
there
anything
to
say
about
this?
One.
F
So
as
far
as
I
know,
this
does
not
affect
any
existing
clusters.
This
is
just
a
bug
that
would
pop
up
if
we
added
dual
stack
support
without
fixing
it
first
Roger
that
and
the
whole
dual
stack,
API
server
thing
is
is
kind
of
stalled
because
I
keep
working
on
other
things
and
I
actually
have
two
pending
PR's
right
now,
reorganizing
the
API
servers,
endpoint
slice
reconciler,
but
nobody
ever
reviews
them
so
I
need
to
like
yeah
poke
people
on
API
server
team,
to
review
my
PRS,
but.
A
D
Are
issues
sorry,
yes,
I,
clicked
that
one,
because
it
was
the
life
cycle
Frozen,
one
I
thought
it
might
be
nice
since
Tim
brought
that
up
for
us
to
oh
and
it
already
went
down
from
35
or
so
to
28,
which
means
Tim
has
been
clicking
ferociously
in
the
background,
but
yeah
I
figured,
maybe
just
for
the
next
couple
of
times
we
do
the
screaming,
having
this
link
handy
to
be
like
these
are
the
ones
that
are
sitting
there
saying
Frozen
for
sure
this
five-year-old
thing
is
something
we
want
to
freeze
forever
question
mark
so
yeah.
D
F
F
E
F
E
F
Right
I
guess:
yeah
I
meant
a.
We
do
a
larger
scale.
Rework
like
openshift
has
this
old
thing
that
you
can
have
it
automatically
assign
external
IPS
for
you,
and
then
it
makes
sure
that
it's
doing
it.
You
know
in
a
way
that
the
administrator
configured
and
is
happy
with
so
like
in
theory.
We
could
do
that,
but
we
don't
want
to
do
that.
E
A
F
A
E
About
that
close
bugs
yay,
it
is
gone
jump
all
the
way
to
the
end.
Let's
look
at
the
oldest
ones:
let's
do
it
I,
just
unfroze,
a
few
of
them
on
the
expectation
that
they
would
reappear
in
the
triage
queue
eventually.
F
Okay,
so
and
this
so
this
gets
into
cubelet
dash
dash
node
IP
Behavior,
which
is
theoretically
Sig
node,
but
really
we
end
up
always
dealing
with
it
and
I
actually
I'm
working
on
that
right
now,
because
we
need
Cloud,
dual
stack
IPS,
basically,
every
now
and
then
people
propose
oh
hey.
We
should
be
able
to
do
this,
but
also
nobody
knows
what
having
multiple
external
IPS
is
even
for
like
nothing.
Actually,
nothing
in
kubernetes
actually
cares
about
external
IPS
other
than
some
of
the
ede
tests.
F
F
A
Does
anybody
have
any
opinions
on
the
matter?
We
still
have
a
few
minutes
left.
A
A
About
hey:
let's
come
to
some
kind
of
alignment
here
on
whether
or
not
we're
actually
going
to
do
this.
C
D
The
issue
list,
if
you
click
back
to
the
list
of
the
life
cycle,
Frozen
issues,
it's
like
how
big
should
kubernetes
scale
I
feel
like
this.
Almost
a
philosophical
discussion
infinite
like,
but
it's
it's
an
interesting
question:
do
we
plan
to
reevaluate
setting
some
sort
of
constraints
and
or
affordances
to
allow
us
kubernetes
to
scale
and,
if
so,
to
a
different
amount,
Than
People
envisioned
in
July
2017
and
go.
A
E
So
the
the
problem
with
retroactively
applying
limits
is
there's
certainly
somebody
out
there
who
is
one
above
that
limit
and
if
we
start
enforcing,
you
know
only
like
pick
on
something
real,
only
a
thousand
endpoints
in
an
endpoints
resource,
and
we
don't
have
an
alternate
answer-
that's
already
implemented
like
endpoint
slice,
then
somebody
somewhere
is
going
to
come
and
beat
us
up
and
we
will
deserve
to
be
beaten,
so
I,
don't
think
we
can
put
in
place
hard
limits
unless
we
think
those
hard
limits
are
so
big
that
nobody
anywhere
is
possibly
hitting
them.
E
E
A
D
B
B
B
E
Okay,
what
do
we
do
with
this
one?
It's
a
it's
a
good
question
and
for
context.
The
person
who
filed
it
shyam
was
on
the
scalability
effort
back
then.
So
it
was
really
Sig
scalability
asking
Sig
Network.
What
do
we
think
is
the
right
number.
A
Right
yeah
sure
I'll
talk
to
Bowie
about
it
too
he's
on
there
all
right.
So
we
are
at
time
if
you
have
anything
that
you
that
you
wanted
to
bring
up,
make
sure
you
put
it
on
the
next
two-week
out
agenda.
Thank
you.
All
very
much
have
a
good
one.