►
From YouTube: [SIG-Network] Ingress NGINX meeting for 20230105
Description
[SIG-Network] Ingress NGINX meeting for 20230105
A
Hello:
everyone,
it's
January,
5th
2023
is
our
first
meeting
of
the
year
for
Ingress
engine
X.
This
is
a
cncf
provided
project
supported
projects.
That
means
we
are
subjected.
A
Of
conduct,
which
means
essentially
means
the
kind
to
each
other.
If
you
have
any
issues,
please
report
those
to
me
or
Ricardo,
any
of
the
other
maintainers
or
Sig
networking
leads
so
today.
Let's
do
we
have
anybody
new
who
wants
to
introduce
themselves.
C
Hi
there
I'm
new
I'm,
Phil
and
yeah
not
contributed
anything
to
this
project
before.
D
I'll
go
next:
hi
I'm
civil
Thomas,
Matthew,
yeah
I'm,
also
new
2D
project
and
I
haven't
done
any
contributions
yet
I'm
looking
forward
to
yes,
my
skills,
so
I'm,
mainly
adults,
engineer
with
an
overall
experience
of
13
years,
so
looking
forward
to
contribute
to
the
project
using
my
skills
and
learn
something
on
the
golang
side.
So
yeah.
That's
it
thanks.
A
Thanks
for
joining
and
we
look
forward
to
helping
out
the
help,
I
guess
we
can
run
through
the
issue.
Triage
I'll,
just
blame
everything
on
Dylan
and
nginx
and
we'll
we'll
go
from
there.
A
That
was
a
perfect
answer.
No
Ricardo
said
he's
running
late,
so
he'll
be
here
soon.
So
let's
go
ahead
and
well.
We
can
walk
through
the
issue.
Trailers
because
I
know
I,
know
Phil
you're
here
to
talk
about
the
IP
denialist
right.
A
Oh
yeah,
we've
got
open
topics
and
we're
doing
issue.
Triage
is
really
helpful
with
Ricardo
being
here,
so
we
can
talk
about
that.
A
Sorry,
I'm
just
looking
at
the
time,
but
yeah.
Let's
go
ahead
and
let's
work
through
that,
then
what
are
you
coming
into
discuss?
Getting
it
moving
forward
or
what's
your
relation
because
I,
don't
are
you
you're,
Phil,
nickel,
okay,
yeah.
C
Yeah,
that's
me
so
basically
it's
something
that
our
security
people
were
hoping
to
be
able
to
do
here.
C
So
I
thought
I'd
I
have
a
crack
at
it,
as
you
can
probably
tell
it's
pretty
much,
lift
and
shift
of
the
white
list
code
and
then
change
the
word
to
deny
and
and
that's
basically
it
I
wasn't
sure
if
you
wanted,
if
you,
since
the
first
contribution
I,
wasn't
sure
if
you'd
want
it
to
be
sort
of
separate
as
a
separate
annotation
like
the
rest
of
them
are
or
if
you'd
want
to
share
the
logic
and
sort
of
reduce
the
duplication
and
yeah
all
it
does
is
so
yeah
it'll
set
those
denial
rules
above
the
allowance
and
from
what
I
understand
that
will
sort
of
that's
the
desired
Behavior,
because
yeah,
if
you
set
anything
to
allow
it
ends
with
a
denial,
doesn't
it
so
set
a
few
denies
above
it
and
should
be
all
good,
basically
yeah.
C
They
just
wanted
to
be
able
to
block
individual
IP
addresses
on
a
whim,
nice
and
quick
through
yeah
through
their
ingresses.
A
Okay,
yeah,
that
seems
pretty
straightforward,
I
didn't
know.
We
didn't
have
a
deny
list
before.
E
There
was
another
open
PR
for
that,
I,
guess
and
and
Gentile
Market
that,
but
that
PR
is
abundant.
So
if
we
can
just
get
whatever
review,
we
got
into
that
one
and
bring
to
this
one
and
I
can
I.
Can
I
can
take
a
look
on
that?
Probably
this
weekend
but
I
guess
it's
it's
it's
from
from
what
I've
heard
it's
pretty
straightforward,
it's
just
like
another
annotation
and
they
follow
an
order
and
you
add
the
block
list
before
the
yellow
list.
So
I
think
it's
it's!
It's
fine.
A
E
C
E
Way
this
this
one,
apparently
it's
like
a
gentile
posted
that
this
person,
it's
not
answering
anymore,
so.
B
E
C
I
think
so
I
think
I
came
across
this
open
this.
This
PR
after
I
had
raised
my
one
and
I
I
had
a
little
look
through
and
tried
to
address
sort
of
some
of
the
stuff
and
picked
up
some
of
the
sort
of
testing
that
you
had
asked
for
so
hopefully
some
of
it's
addressed
but
yeah
yeah,
just
yeah.
Let
me
know
happy
to
obviously
change
whatever
you
like.
Okay,.
A
E
Yeah
Gentile
is
looking,
but
I
can
I.
I
can
try
to
take
a
look
this
weekend.
I
I
want
to
finish
some
other
stuff
before,
but
I
think
it's
it's
not
a
huge
impact
on
that
usually
I'm
just
afraid
of
those
PRS
because
they
have
a
direct
security
impacts
right.
So
if
we
do
something
wrong,
we
may
allow
someone
to
do
something
they
shouldn't
be
allowed
and
so
on.
So
I
would
just
be
a
little
bit
more
careful
with
that,
but
other
than
that
I
think
it's
it's
fine.
A
A
C
Yeah,
absolutely
okay,
awesome
and
I
wouldn't
say
as
well.
I
it's
my
first
contribution.
It's
like
a
thousand
lines
so
yeah
B
is
B
is
like
yeah,
strict
and
sort
of
comprehensive.
As
you
like,
you
know,
it's
be
risky
one
I
guess
it's.
E
A
We've
been,
we
usually
only
have
like
one
or
two
tests
like
it
tests
the
new
functionality,
but
it
doesn't
test,
maybe
like
a
regression,
because
this
does
have
interactions
with
the
allow
list.
So
we
want
to
just
test
that
scenario,
because
someone
made
a
change
recently
that
broke
stuff
that
we
didn't
know
about
so
I'm
gonna
start
just
suggesting.
We
have
a
little
bit
more
robust
end-to-end
tests.
E
E
And
and
I
review
a
really
fast
one.
The
copyright
here
is
wrong
on
all
of
the
files,
so
just
because
I'm
gonna
add
those
anyway
yeah.
E
C
Yeah
I'm,
guessing
from
when
I
I
copied
it
from
when
I
raised
it,
and
it
must
it's
changed
since
hasn't
it.
Yeah
yeah,
I.
C
F
Are
there
any
checks
for
really
deep
dive?
Inspection
of
specifics,
like
James,
was
seeing
like
if
somebody
by
mistake
includes
an
IP
address
from
allow
and
into
the
deny
from
denial
denialist
into
the
allow,
and
so
on.
So
other
log
messages
going
to
catch
that
and
explain
that
things
like
that,
the
query,
Corner
cases
this
is
just
more
deep
dive
into
what
James
was
saying.
C
A
Awesome,
this
would
also
probably.
D
A
I
mean
yeah,
that's
that's
going
to
be
it's
going
to
be
disabled
by
default,
so
this
is
an
annotation.
Okay,
I
just
want
to
make
sure
we're
being
a
little
bit
more
robust
with
the
change
notes
and.
E
No
no
I'm
asking
because
I
I
I
couldn't
see
the
breaking
change,
so
maybe
I
was
just
missing
something,
but
because
this
is
just
an
annotation
and
it's
gonna
block.
If
you
add
that
so
it's
not
gonna
change
a
behavior
right.
You.
B
E
Done
unless
you
yeah
yeah,
but
it's
not
like
I'm
still
slow.
So
that's
why
I'm
asking
that's
I'm,
not.
A
A
We
ask
the
question
too
yeah.
E
A
Awesome
thanks
for
that
and
if
you
have
any
questions,
just
ask
in
the
slack
Channel
as
you
work
through
this
or
you
can
get
in
in
GitHub.
A
Yeah:
okay,
cool
awesome:
bye,
stop
sharing
wrong
button;
sorry
guys.
A
A
Awesome
I
also
want
to
test
while
we're
here.
These
issues
should
also
be
on
the
project
board.
I
just
want
to
see
what
that
looks
like,
because
the
latest
one
is
94.79
I've
got
it
to
where
it
adds
these,
but
it
doesn't
put
them
in
any
particular
order.
It
looks
like
it
probably
just
puts
it
at
the
bottom
94.79.
A
4.79
yeah,
okay,
I've
also
copied
over
the
tickets
from
the
stabilization
project
as
well,
and
those
are
mostly
the
ones
that
are
in
progress,
but
the
ones
that
have
no
status.
Those
get
automatically
added
as
issues
noticed
that
some
people
did
get
assign
themselves
to
it.
So
I've
just
got
to
pull
those
over
as
in
in
progress.
So
let
me
just
get
an
idea
of
like
the
capacity
of
what
we're
working
on
what
we're
trying
to
accomplish
versus
the
open
issues.
A
A
A
Is
there
any
issues
that
anyone
knows
that
we
should
look
into
before?
We
start
just
going
into
the
generic
ones.
F
If
we
can
look
at
the
issues
already
tagged
as
a
bug,
I
think
it
will
help,
because
some
of
them
seem
to
be
in
relevant
in
current
users.
Use
cases.
D
A
A
Okay,
so
there's
already
a
PR
for
this
one,
so
you,
okay,
yeah
this
one
cool
I,
will
remove
the
trailer
for
them
since
you've
already
got
this
taken
care
of.
D
A
For
that
I've
been
seeing
a
lot
of
questions
around
multiple
ingresses
lately
and
just
multiple
name
and
the
name
spaces
and
everything
wondering
if
that's
just
a
it's
not
really
well
documented.
But
there's
been
a
lot
of
questions
in
slack
lately.
So
I
just
reminded
from
this
one
that
we're
gonna
pop
we're
gonna
dive
into.
D
A
F
Chat
you
just
dropped.
There
is
two
flavors
of
that.
There's
one
one
type
of
use
case
where
people
just
are
happy.
If
they
can
find
a
solution
to
use
multiple
instances,
they
can
install
multiple
instances
and
the
rare
ones
like
this
one
and
there's
I
think
one
more.
That's
open,
I,
don't
know
where
the
number
where
they're
saying
they
have
to
use
namespace
scope.
So
it's
not
even
they're,
not
even
they
need.
The
requirement
is
not
just
multiple
instances
of
the
controller
in
one
cluster.
They
actually
want
to
hard
scope.
D
F
It's
not
documented
in
in
as
in
the
dog's
website,
but
some
people
have
referred
to
it,
those
who
have
asked
for
it.
They
just
come
down
and
done
the
tweaking
in
their
own
manifest
for
the
cluster
rule,
but
I
think
my
thought
is
around
this
fact
that
they're
saying
the
English
class
should
watch
only
in
him
in
a
name
space
because
they
have
some
weird
CI,
CD
github's
process,
so
I
think
either
either
in
this
one
or
in
another.
F
One
I
think
I
may
recommend
that
we
have
this
process
where
you
can
have
multiple
instances,
even
in
the
same
namespace,
but
just
election
ID
and
in
a
class
class
name
and
watch
by
class,
but
I
think
I,
don't
recall
too
many
details,
but
the
what
I
clearly
remember
is
that
they
are
very
particular
about
scoping,
limiting
the
scope
to
a
namespace.
F
Sorry
I
just
just
got
the
I
just
recall
that
information.
So
if
you
open
up
the
code
and
open
the
values,
file,
go
to
the
charts,
go
to
the
code
and
go
to
the
charts
directory
and
go
to
the
values,
file
and
Ricardo
needs
to
comment
on
this.
This
is
actually
a
parameter
in
the
values,
file,
search
for
Google
values,
file
and
search
for
namespace.
F
E
You
need
to
deploy
at
least
the
at
least
across
the
role
saying
that
your
Ingress
controller,
can
you
can
watch
Ingress
class
and
I
was
discussing
that
with
Rob,
and
it
was
like
I
guess
five
months
ago,
but
there
is
no
plan
to
getting
like
the
Ingress
class
yeah
a
name
space
it
object.
E
So
what
we
should
do
is
again
come
back
to
that,
all
of
that
in
Risk
class
mass
and
have
a
way
of
allowing
people
to
not
using
risk
class
at
all
right,
I
guess
we
we
had
already
didn't
we
along
like
if
someone
passes
like
the
controller,
is
saying.
E
E
F
F
Me
if
I'm
wrong,
because
of
the
class,
regardless
of
whether
they
specify
this,
they
use
this
flag
and
the
spec.
E
But
wait
I,
I,
I
I
think
that
in
this
specific
issue,
it's
just
because
we
are
trying
to
install
a
role
and
the
road
binding,
giving
Ingress
class
access,
but
the
user
trying
to
do
that.
The
user
running
the
helm
chart
doesn't
have
that
permission
to
give
another
user.
The
permission
by
the
error
message:
can
you
can
you
go
back
yeah
James
so
go
to
the
her
installation
failed
on
the
the
second
box?
Can
you
yeah
scroll
to
the
no,
the
second
one
you
are
on
the
third
one,
yeah
yeah,
so
this
user?
E
That's
installing,
doesn't
have
these
Ingress
class
and
English
class
status
permission.
So
this
user
cannot
give
the
other
user
Ingress
class
and
Ingress
class
status
permission.
So
probably
there
is
just
an
argument
missing,
saying:
hey,
don't
try
to
give
Ingress
class
and
Ingress
class
status
permission
right
because
you,
as
a
user,
cannot
give
another
user
more
permission
that
you
have.
F
F
E
E
Go
back
to
the
go
back
to
the
helm
charts.
Can
you
scroll
up
a
bit
and
go
to
the
no
on
on
the
files,
James
controller
role,
controller
role
on
the
files
on
the
left.
F
F
E
I
don't
know
so
to
be
honest,
there
is
too
much
time
since
I,
don't
install
an
Ingress
controller
on
the
new
space
scope
it.
So
if
you
or
someone
can
test
that
and
say
what's
working
or
not
so
maybe
we
should
fix
all
of
the
helm
shards,
because
this
is
mostly
so
we
need
to
fix
the
helm
shards
and
after
fixing
the
help
charts,
we
need
to
figure
out
if
Ingress
can
run
without
Ingress
class
and
without
any
any
cluster
scope
with
permission
right,
yeah.
F
D
F
E
It
does
totally
make
sense
in
my
opinion,
in
this
case,
like
sometimes
you
wanna,
we
want
to
say
that
you
have
like
a
platform
as
a
service
and
you
deploy
like
the
router
for
the
people
as
well.
F
F
E
I
I
would
say
James
instead
of
we
go
into
each
of
the
issues
on
that
we
we
know
that
we
have
a
problem
deploying
controller
as
a
namespace
sculpted
right.
So
maybe
we
should
just
raise
like
a
major
issue
and
maybe
Along
Came,
very
care
of
that
saying
establishing
all
of
the
scenarios
trying
to
deploy
in
the
namespace
copied
seeing
what
works,
what
doesn't
work
mapping
so
at
least
we
may
have
a
plan
to
fix
that
right.
E
A
C
A
A
Well,
as
I
figured
getting
through,
any
number
of
these
issues
takes
longer
than
15
minutes.
Unfortunately,
we
want
to
I
wanted
to
discuss
the
153
from
the
open
issues.
I
know,
we've
got
the
goal:
vulnerability
checkered.
This
is
our
gentleman
who
was
working
on
that
is
he
here.
Are
they
here
can't
remember.
A
Don't
see
them
my
only
issue
with
this
one
is
I,
don't
see
why
we're
deploying
I
I,
don't
think
we
should
be
doing
this
creating
a
second
like
scannable,
Ingress
I
say
we
just
create
the
one
with
symbols
and
the
increase
in
size.
You
know
I
think
it's
Justified
from
being
able
to
scan
everything.
That's
in
there
does
anybody
else
think
any
different.
A
A
Yeah,
that's
why
I
wanted
to
keep
it
I
just
wanted
it
to
be
the
same
one
so
that
you
know
when
folks
get
something
that's
already
been
scanned.
It's
not
different!
So
we're
not
doing
it.
This
is
that
same
conversation
we
had
earlier
Ricardo
about.
We
rebuild
the
controller
when
we
do
a
test
release
and
when
we
do
testing,
that's
not
really
testing
the
one
that
we're
actually
going
to
release,
because
we
know
that
things
can
change
between
building
it
and
actually
releasing
it
mm-hmm.
F
No,
that's
right,
we
did
talk
about
it
and
the
thought
process
you
explained
is
right.
We
should
not
be
talking
even
talking
about
releasing
something:
that's
not
been
tested
or
trying
to
test
something.
That's
not
going
to
get
released,
but
we're
to
see
his
perspective
because
he
raised
a
chicken
and
egg
kind
of
question
because
he
can't
do
a
test
if
there
are
no
symbols
and
we
made
him
think
that
the
size
should
be
smart.
So
we
should.
We
can
tell
him
it's
okay
to
have
the
size
at
whatever
size.
A
All
righty
we're
going
to
talk
about
one
five,
two
first
or
the
stabilization
and
stuff
they're.
E
A
Of
similar
since
I'm
working
on
the
release
automation,
so
we
want
to
talk
about
152
or
do
we
want
to
go
through
the
stabilization
work.
E
A
A
So
we
tried
to
get
a
release
for
one
five
two
out
because
of
a
couple
things
right:
152
had
the
Alpine
upgrade
317,
it
had
also
the
go
119
4
upgrade
so
to
get
a
again
reducing
vulnerabilities
that
are
available
in
the
scanners,
and
there
was
a
couple
changes
in
there
that
we
didn't
test
all
of
the
edge
cases.
A
That's
the
best
way
to
put
it
so
that
when
we
did
the
release
using
the
automated
stuff,
which
is
nice
because
now
the
release
is
automated,
but
we
still
need
to
be
more
diligent
about
looking
at
what
is
actually
getting
released
and
making
sure
that
we
know
that
it's
possibly
breaking
changes
or
making
sure
that
we've
got
all
of
the
test
coverage
for
the
edge
cases.
Really
that's
all
it
came
down
to
was.
If
we,
if
we
had
notified
that
it
wasn't,
it
could
have
been
a
breaking
change.
A
E
No,
that's
all
we
forgot
the
character.
Yes,.
A
A
F
E
The
the
yeah,
the
problem,
the
problem
is
just
that
we
we
had
to
add
some
validations
on
on
on
the
path
on
Ingress
path.
Due
to
our
request
and
I
forgot,
a
specific
rejects,
special
character.
That's
that's
all,
and
people
were
using
that
and
I
didn't
had
idea
on
that,
so
it
broke.
But
hopefully
this
is
going
to
be
fixed,
but
I
agree
with
them,
and
maybe
we
should
just
do
a
breaking
change
on
this
one.
James
like
okay,
there
is
a
breaking
change,
even
even
been
a
breaking
change.
E
A
That's
what
it
came
down
to
the
fix
was
it's
a
bug
and
we
didn't
cover
that
again.
We
didn't
have
that
edge
case
covered
in
the
testing.
If
we
had
had
a
test
case
with
the
character
that
was
missing,
it
would
have
broke
and
we
wouldn't
have
accepted
the
pr
it
wouldn't
have
gone
through
wouldn't
and
the
bug
would
have
been
fixed.
So
it's
again
it's
it's
just
development
cycle
development
hygiene
just
working
through
that.
So
that's
why?
A
When
Phil
was
talking
about
that,
that's
why
you
know
being
sensitive
to
our
end-to-end
test,
making
sure
we're
covering
edge
cases.
A
It
happens,
we
rolled
it
back
and
it
was
fixed.
Fortunately,
with
the
rollback,
it
was
just
changing
everything
back
to
151
and
deleting
152
from
the
release
and
deleting
the
release.
The
only
other
issue
that
it
brings
up
too
is
that
making
changes
to
the
helm
chart.
We
don't
have
ownership
of
that
Helm
chart
in
artifact
hub,
so
we
have
to
bump
the
chart
and
make
sure
we're
doing
all
of
that
to
do
a
proper
like
rollback,
I
I,
don't
know
if
anyone
has
any
opinions
on
like.
F
A
Do
you
know
where
that
came
through?
Was
it
I
I
didn't
see
that
or
maybe
I'm
not
think
I,
don't
remember
it
B
drop
that
in
Ingress
Dev
for
us
and
yeah
we
can.
We
can
look
into
that.
I
mean
I.
Also
wanted
to
add
this
artifact
Hub
as
a
yaml,
you
put
an
artifact
artifact
hub.yaml.
It
has
certain
formats
you
put
in
who
who
has
ownership
rights
on
artifact
hub.io
and
then
that
way
it's.
A
Very
similar
to
how
we
set
up
the
the
ksio
ownership
they
Ingress
ownership,
we
put
the
usernames
in
there
and
those
folks
have
access
to
it.
So
I
think
I'll
open
an
issue
for
that
that
solves
one
of
the
issues.
A
Awesome
thanks
long
it
was
a
PR
good
deal,
okay,
but
yeah.
That's
that's
really
what
that's
kind
of
what
happened
with
152
and
I
know.
Ricardo
you've
got
PR
open
for
the
discussion,
because
I
do
want
to
get
160
out
now.
With
that
note
about
it,
being
a
breaking
change,
probably
should
have
been
a
160
anyway.
I
would
think
because
we
did
a
minor
version
upgrade
on
the
language
and
a
minor
version
of
Alpine
as
well.
So
there
were
a
lot
of
changes.
A
F
No
Ricardo,
just
I
I,
still
don't
understand
sorry
for
taking
time,
but
when
you
said
character,
problem
talking
about
the
character
and
the
path
problem
being
the
same
same
issue.
E
F
E
A
So
we
want
to
break
these
out,
because
each
one
of
these
is
individual
things
that
I
think
should
be
done
can
be
done
independently.
Do
you
agree.
B
A
E
E
We
should
be
removing
pod
security
policy
at
all
and
and
removing
all
of
their
things
on
that
and
the
obsolete
directives
on
that
people
keep
slogging.
We
should
probably
work
on
that
as
well.
The
rejects
one
I
can
work
on
that,
instead
of
working
on
the
SSL
pass
through.
E
A
A
That's
all
I
was
thinking
about,
is
just
adding
an
end-to-end
test,
and
then
we
can
World
out
160
with
the
breaking
chain.
Oh
and
put
the
notification
in
there
about
the.
A
D
E
F
So
I'm
of
the
opinion
that,
unlike
earlier
releases,
that
not
many
people
are
currently
waiting
for
a
pending
fix,
that's
been
merged
and
like
they
want
to
use
nothing,
there's
no
urgency.
The
urgency
is
not
as
high
as
earlier
so
I
mean
my
opinion
is
we
should
wait
and
if
there
is
no
real
urgency
to
release
160
next
week,
you
can
wait.
E
So
having
specific
branches
for
releases
and
doing
the
patch
fixes
it's
not
that
easy
today,
but
that's
something
that
I'm
I
am
working
with
Katie
fry
and
James
to
make
it
easier.
But
right
now
my
opinion
is
that
we
need
to
make
that
release
even
been
a
breaking
change,
because
there
is
too
much
time
since
we
don't
do
a
release
and
people
may
be
missing.
Bug
fixes
right
so
and
and
then
we
should
work
on
getting
like
161
just
with
patch
fixes,
but
not
stopping
us
of
merging
stuff
into
main
right.
E
A
It
yeah
we
do
really.
We
do
just
release
from
Maine,
so
it
does
make
cherry
picking
difficult.
A
That's
fair,
okay,
but
yeah.
So
let's,
let's
plan
to
do
160
next
week
or
throughout
the
week
right
and
make
sure
that
we've
documented
that
I've
got
the
one
issue
open.
A
E
A
It
does
it
still
just
yell
at
folks
about
that,
because
I
know
we're
all
throughout
the
152
issues.
I
still
left
the
126th
end-to-end
test,
so
we
didn't
do
a
release
with
151
with
126
testing,
but
the
tests
run
now
and
126.
There's
no
there's
no
issues
so
anything
that
gets
pulled
when
tested
now
is
going
to
run
through
126
to
I,
think
I.
Think
123.
A
D
A
Okay,
all
righty,
that's
really
it
anybody
else.
Have
any
other
questions
about
what
happened
with
the
152
release.
Don't
do
releases
during
Christmas
break
and
just
add
more
end-to-end
tests
to
cover
edge
cases.
A
A
I'll
go
first,
with
my
phone
update,
so
152
I
did
use
Mage
to
do
all
of
the
release,
notes
for
everything
it
generated.
All
the
release
notes
made
all
of
the
changes.
A
It
was
really
nice
because
then
it
was
only
it's
only
two
pull
requests
and
one
command
now
to
do
the
release
instead
of
the
8
billion
steps
that
we
have
from
a
manual
perspective,
but
yeah.
So
that's
my
update
on
the
release
process.
A
There's
one
or
two
more
tweaks.
The
rollback
was
difficult,
but
I
think
that
that
made
one
for
testing
for
during
releases
I
think
is
almost
there
so
this
weekend,
I
want
to
get
that
completed,
so
I
can
get
that
into
in
the
main,
and
we
can
start
using
that
for
releases
going
forward
that
way.
Then
anybody
can
do
that
foreign.
A
How
are
we
doing
with
the
a
control
plane,
split.
E
Cool,
so
it's
it's
working,
I
still
have
some.
Some
flakes
and
I
have
posted
on
my
pull
request,
but
I
need
to
move
to
the
issue.
There
are
two
features
that
doesn't
work
yet,
but
they
are
not
blocking
for
us,
I
guess
at
least
to
release
an
alpha
release,
which
is
the
wait
for
shutdown,
the
degrees
will
shut
down
and
the
the
TLs
the
SSL
pass
through,
which
I
realized
that
it's
made
by
the
controller
and
not
by
engine
X.
E
So
it's
it's
kind
of
a
pre
before
engine
X
supported
SSL,
pass
through
and
SSL
pre-read.
That
was
implemented
on
the
controller
and
we
never
touched
that
piece
of
of
code
anymore.
So
I
have
decided
just
to
skip
those
right
now
as
part
of
the
data
plane
and
and
state
for
people.
Hey,
we
support
95
of
things
you
need,
you
need
you,
people
testing
it
for
us
and
the
five
percent
that
we
don't
support.
Yet
we
know
that
we
don't
support
and
we
have
plans
to
support
that
before
we
reach
GA
on
that
right.
E
There
are
some
Flakes
and
and
some
problems
between
the
communication
of
control,
plane
and
data
plane,
mostly
grpc,
just
sucks,
sometimes
on
on
knowing
data
stream.
Is
it's
over
so
I'm
thinking
on
in
the
future,
on
having
a
different
approach,
having
a
a
really
tiny,
kubernetes
API
server
that
doesn't
expose
pods
that
doesn't
expose
anything
based
on
the
TCP
approach
or
something
like
that,
and
that
there
is
just
the
config
map
or
the
crd
is
that
the
data
plane
keep
watching
and
reconciling
based
on
that.
E
So
if
someone
steals
the
service
account
or
something
like
that,
that's
mounted
inside
the
controller
and
the
data
plane
right.
It's
just
gonna
be
able
to
get
the
config
map
and
that's
all
because
that's
not
a
valid
service
account
for
the
kubernetes
cluster,
but
that's
a
service
account
value
just
for
that
API
server.
So
that's
my
my
thinking
for
the
next
communication
approach.
E
I
want
to
do
that,
because
kubernetes
covers
almost
everything
like
authorization,
load,
balancing
and
all
of
those
things
which
is
a
a
painful
on
grpc
to
implement,
but
other
than
that
grpc
communication
is
working.
The
way
that
it's
done.
It's
easily
migrated
to
another
approach
that
we
decide
to
do
right.
So
this
this
middleware
is,
is
just
working
fine
and
as
soon
as
we
can
solve
the
radius
160,
because
James
James
automated
make
file
just
broke
the
whole
Helm
chart.
E
So
my
rebase
is
something
like
3
000
lines
of
Freebase
removing
space
from
yaml
files.
Thank
you.
James
I
will
just
replace
again
run
the
end-to-end
tests
and
say
hey.
All
of
this
is
working
authentication
as
an
example.
It's
not
working.
So
we
need
to
fix
that
and
and
do
those
things
on
on
follow-ups.
The
other
thing
that
I
want
to
do
is
before
merging
that
thing,
at
least
making
sure
that
we
can
have
the
release
Branch
4160.
E
So
whatever
we
do
on
Main,
it's
not
going
to
reach
a
user's
code
unless
we
shared
the
changes
on
that
right.
So
that's
that's
my
my
goal
on
that
and
this
may
be
a
blocking
for
the
170
or
something
like
that,
but
I
I
I.
As
soon
as
I
get
the
tests
running
I'm
gonna.
Ask
you
folks:
what's
the
next
steps
on
that
right,
so.
A
Yeah,
that's
what
I
just
kind
of
wrote
out,
because
I
think
we
should
to
get
folks
testing
it.
We
need
to
either
do
a
blog
post
or
a
mailing
list
to
to
kubernetes
Dev,
so
I'll
put
up
a
Google
doc,
so
we
can
start
writing
that
that
email
and
share
it
with
folks
like
give
them
the
background
of
why
we've
made
these
changes,
what
those
changes
mean
and
then
give
them
the
test.
The
alpha
controller,
so.
B
E
Want
to
also
establish
with
you
folks
before
releasing
that
Alpha
version,
what
things
we
should
Implement,
even
in
Alpha,
before
releasing
Alpha
so
like
authentication
today,
there
is
no
authentication
between
control,
plane
and
data
plane,
and
even
if
you
just
do
a
a
key
basic
authentication
and
not
like
a
move
to
TLS
authentication,
we
need
to
implement
something
that
doesn't
allow
people
just
to
get
all
of
the
secrets,
certificates
and
so
on
that
are
being
used
by
the
data
plane
right.
So
we
should
probably
make
this
part
of
the
alpha
release
anyway.
A
I
completely
agree,
so
we
can
add
that
just
a
list
of
needed
things
before
we
release
Alpha
and
then
just
I'll
write
up
on
what
the
changes
are
and
what,
if
we
need
folks
to
test
them.
A
E
E
So
you
may
have
an
extension
that
works
for
AG,
proxy
and
nginx,
and
if
someone
wants
to
help
me
on
that,
it's
like
a
cool
collaboration
between
a
bunch
of
projects
and
we
can
turn
in
China's
extensible
based
on
the
same
engine
that
actually
proxy
works.
I
know
that's
kind
of
annoying
for
the
companies
to
like
hey,
but
that's
a
project
that
I'm
working
just
to
let
you
know
so.
B
One
of
the
one
of
the
guys
I
work
with
actually
works
directly
on
the
njs
stuff
for
us
I'm
wondering
if
maybe
I
can
see
if
he
might
be
interested
in
collaborating
on
that.
So
sounds
good.
B
Yeah,
you
should
probably
have
that
on
the
agenda
Carol
so
that
we
can
talk
to
Javier
to
see
if
he
wants
to
join
this
meeting
and
see
if
there's
something
that
he
could.
Oh
you
already
pinged
him
or.
E
Or
just
just
ask
me
just
ask
him
to
reach
me
on
slack
and
I.
Can
I
can
explain
to
him
what
I,
what
I
want
to
do?
Okay,
but
basically
I
wanna,
I,
wanna,
use,
njs
and
and
a
protocol
that
HD
proxy
created
to
make
some
upload
of
decisions
like
what
security?
Today,
it's
working
this
way,
coraza
a
lot
of
other
things.
Yeah.
B
That
that's
actually
great,
because
our
group
specifically
has
really
been
pushing
hard
on.
You
know
bringing
njs
to
a
workable
State
so
that
it's
more
useful
to
the
community
and
Javier
has
been
on
that
project.
So
I
think
he
might
definitely.
He
probably
will
be
interested
in
helping.
However,
he
can
cool.
E
I,
so
in
this
one
specifically
I'm
doing
just
because
we
have
this
smart
security
problem
and
I
want
to
have
a
solution
for
that,
but
I
don't
want
to
arrive
a
model
in
C
or
C,
plus
to
making
Gen
X
speak
with
coraza
laugh,
which
is
written
in,
go
right,
DHL,
proxy
developer,
the
each
proxy
Ingress
developer.
Maintainer
is
a
friend
of
mine,
Jerome
is
a
friend
of
mine
and
and
we
we
talk
a
lot
and
they
have
implemented
the
the
web
application
firewall
on
on
HF
proxy
based
on
this
protocol.
E
This
offload
protocol
that
AJ
proxy
has
right.
So
that's
an
open
protocol
and
so
on.
So
it's
like
a
TCP
Port
that
keeps
listening.
It
receives
the
requests,
it
deals
with
their
requests.
It
receives
the
response
from
the
upstreams
as
well.
If
you
need
to
parse
the
response
and
then
it
says
yeah,
this
is
authorized
or
not
right
and
I'm
right
now.
This
focus
on
njs
site.
E
For
me,
it's
just
for
the
mod
security
but
making
something
more
generic,
that
anyone
can
Implement
any
offload
decision
in
goal
or
any
other
language
that
support
spoe
and
even
in
Gen.
X
can
speak
with
that
right.
So
that's
that's
my
idea,
idea
on
that,
but
I
want
to
start
working
on
the
dynamic
reload
on
the
lower
stuff
in
in
the
near
future
as
soon
as
we
finish,
the
control
plane
and
data
plane.
E
B
E
Cool
yeah
I
have
an
idea
on
how
to
do
that.
The
problem
is
that
today,
I
can
just
write
and
read
from
files
for
the
dynamic
stuff,
and
so
it
may
be
slow
and
I.
Didn't
I,
never
continued
that,
because
we
have
people
that
actually
do
just
the
open,
Rusty
stuff
like
Gentile
and
and
Alvin.
They
are
just
up
and
Rusty
folks.
So
I,
don't
don't
wanna
just
take
everything
and
throw
out
and
replace
everything
for
JavaScript
stuff
right.
So
yeah.
B
A
lot
more
work
needless
work,
rather
than
moving
slow,
methodical
and
making
the
interesting
changes
that
need
to
be
made.