►
Description
[SIG-Network] Ingress NGINX Bi-Weekly Meeting for 20211109
https://github.com/kubernetes/community/blob/master/sig-network/README.md
A
Hello,
everyone:
this
is
the
ingress
nginx
sub
project
manufactured
networking,
and
this
is
a
cncf
project.
As
always,
that
means
that
this
is
guided
by
the
cncf
code
of
conduct,
which
essentially
means
be
kind
to
everyone.
If
you
have
any
issues,
please
report
that
to
the
owners
of
this
meeting,
that's
me
and
ricardo
or
if
you
have
any
issues
with
us,
please
report
that
to
you
sig
networking
and
today
is
oh
wow.
It's
november,
9th
2021.
A
with
that
we're
gonna
go
ahead
and
get
started.
As
always,
you
guys
want
to
fill
out
the
attendees
lists
here.
That'd
be
helpful:
do
we
have
anyone
new
that
wants
to
introduce
themselves
to
the
team.
A
It
doesn't
look
like
it
okay,
so
I
dropped
back
in
there
so
go
ahead
and
you
want
to
start
running
through
the
issue
triaging,
because
I
know
we've
had
some
questions.
No,
I
think
this
was
noah
who
put
in
a
lot
of
questions
in
here
for
us
to
look
through
open
issues
which
is
great,
he's
always
doing
a
good
job
with
that
I
don't
know
where
he's
at
today.
A
A
Yeah,
that's
that's
what
I'm
saying
before
we
start
recording
we
get
everyone
away.
Hopefully
that
doesn't
mean
we
can
get
them
away
from
using
nginx
our
ingredients
hope
so
all
right,
so
we're
gonna
go
ahead
and
start
running
through
these.
It
is
1206.
just
want
to
keep
track
of
time
because
we
always
like
to
run
over
so
this
one.
This
is
the
one
actually
before
we
start
doing
the
triage.
I
wanted
to
talk
about
this
because
I
put
it
in
the
notes,
ricardo.
A
This
is
something
we
should
probably
clear
up
so
we're
at
about
version
49
now
on
the
legacy
branch-
and
I
put
it
in
here.
As
a
note,
this
was
actually
the
one
that
prompted
the
conversation
for
me
to
put
it
in
here
it's
using
44,
and
we
talked
about
this
in
the
release,
doc
that
we
put
out
back
in
august.
A
A
So
I
think
it
might
be
clear,
be
time
to
clarify
what
supports
from
the
folks
on
this
call
means,
and
the
first
question
we
should
ask
folks,
is
to
upgrade
to
a
supported
version.
What
do
you,
what
are
your
thoughts
on
that.
B
B
Yeah
and
that,
for
me,
that's
the
same
thing
as
much
as
as
many
exceptions
we
will
we
open.
We
are
gonna,
have
more
effort
to
support
that
right.
So
that's
not
only
the
api
version,
but
that's
also
like
we've
got
some
fixes
to
canary
code
with
between
44
and
49.
A
B
At
least
like
update
to
like
we
can
try
to
say,
hey,
we
support
one
to
two
versions
behind,
but
more
than
that,
like
I've
seen
some
some
issues
with
22
30
34.
That's
a
that's
back
on
the
time
that
I
was
like
still
learning
go
just
kidding,
but
anyway
that's
a
that's.
B
That's
that's
hard
for
us
to
keep
to
keep
that
base
right.
So
I
think
that's
that's
a
good
practice
to
say:
hey.
We
just
support
past
those
major
those
minor
versions,
not
bug
fixes
like
49
one
to
49
two.
We
can
say
that's
the
same
version,
but.
A
B
A
So
that's
that's
because
I
actually
was.
I
pulled
up
on
a
pull
request
and
I
wanted
to
ask
about
that
because
I
was
going
to
drop.
I
think
it
was
45
from
the
the
table,
so
I
just
want
to
make
sure
that
we
agree
on
that
so
n
minus
3,
as
well
as
n
minus
3,
on
the
kubernetes
versions,
from
a
support
perspective.
So,
okay.
B
A
B
It
would
be
good
for
us
just
to
to
to
define
as
well
like
a
standard
of
cutting
bugfish
bug,
fixes
versus
releases
even
on
legacy
right.
So
when
we
move
to
50,
we
are
automatically
saying
that
we
don't
support
anymore
47
right,
so
we
we
just
need
to
maybe
to
clarify.
When
when
are
we
going
to
cut
like
a
minor
release,
or
when
are
we
going
to
cut
just
a
bug,
fix.
A
I
can
open
up
an
issue
in
a
pull
request,
so
we
can
continue
that
conversation
and
make
sure
that
it's
clear
to
everyone
and
we'll
put
it
in
so
what
my
thoughts
were
is
that
we
put
it
in
the
readme
and
the
top
level
readme,
and
we
also
put
it
in
the
issue
template.
So
when
folks
are
opening
issues,
it's
it's
very
salient.
Sorry,
someone
was
trying
to
speak
and
I
didn't
touch.
Who
was
that
you,
tom
yeah,
that
was.
C
Me
so
so,
when,
like
kubernetes
there's
a
regular
release,
cadence
and
when
you
say
you're
only
gonna
support,
n
minus
three-
I
what
does
that
get
us
normally
like
18
months
or
something
with
these
ingress
engine
x
versions,
the
that
minor
version
is
incremented
whenever
there's
a
new
feature
and
we
feel
like
releasing
it
right,
I
don't
think
there's
a
normal
cadence
and
so
that
n
minus
three
might
be
six
weeks
might
be
six
months.
C
I
so
I
think
it's
hard
to
plan,
if
you
just
say
n
minus
three.
I
understand
from
the
support
side.
It's
it's
easier
to
say
it's
just
n
minus
three,
but
like
that,
that's
I
think,
a
concern
we
should
watch
for
it's
like
if,
if
you're
doing
a
release
each
time
a
small
little
features
introduced,
and
it's
only
been
eight
weeks
for
n
minus
three-
then
that's
not
a
very
long
supported
version.
C
The
other
side
is
that,
like
you
suggest,
okay,
they
need
to
upgrade
before
we're
gonna
help
them
with
their
issue.
There's
a
very
small
diff
between
44
and
49.
So,
for
the
vast
majority
of
issues
you
can
probably
look
at
them
and
go.
None
of
that
stuff
has
been
touched
since
44..
C
A
With
the
with
the
calendar
releases
getting
on
a
better
release
schedule,
that's
something
that
we
don't
do
we
just
as
like
you
said
as
needed.
We
do
that
yeah,
the
the
ingress
version
because
of
the
calendar
because
of
the
releases
like
that
it
does
make
it
a
little
difficult.
A
So
I
think
I
think
we
talk
about
it
in
the
issue
triaging
when
folks
are
helping
like
to
make
sure
we
probably
should
add
that
in
there
like
to
look
at
the
def
and
see
is
the
feature
they're
asking
about
or
the
bug
issue
that
they're
asking
about.
Has
it
been
touched
for
the
releases
so
maybe
be
a
little
bit
more
intelligent
with
the
ask
to
upgrade
nginx
versions,
the
kubernetes
versions?
I
don't
think
that's.
No
one
can
argue
against
that
one,
but
I
do
disagree.
A
C
A
C
B
Yeah,
I
I
I'm
thinking
about
how?
How
much
are
we
still
going
to
support
the
legacy
branch
and
after
that,
we
can
probably
establish
because
the
legacy
branch
doesn't
follow
some
version
and
etc
right?
But
we
can
for
sure,
follow
the
same
version
on
the
new
one
and
maybe
have
these
release
cadence,
even
for
the
for
the
semantic
version
on
on
on
the
new.
The
new
branch,
like
the.
B
C
C
How
many
people
are
going
to
be
using
that
legacy
branch?
My
company
will
be
on
it
for
a
while,
because
we're
not
we're
not
up
to
date
on
our
kubernetes
releases
and
it's
the
team
that
does
that
is
very
slow.
C
Yeah,
I
see
that's
a
hard
problem.
Yeah
yeah,
so
I
mean
I'll,
be
here,
maintaining
what
I
can
on
the
on
the
legacy
branch,
at
least
for
the
bugs
that
we
hit
just
because
of
the.
A
Necessity,
well,
we
appreciate
that
effort.
I
know
a
lot
of
folks
aren't
able
to
do
that.
So
thank
you
for
that
tom
I'll
I'll
open
the
issue,
so
we
can
continue
to
have
the
conversation
see
what
folks
in
the
community
say
since
there's
not
a
lot
on
this
call
right
now,
but
it
does
need
to
be
discussed
and
we
do
need
to
clarify
so
all
right.
D
A
Was
part
of
the
the
blog
post
back
in
august,
where
we
were
saying,
I
think
we
said
six
months
in
the
wording.
I
just
wanna
it's
it's
only
in
the
blog
post,
it's
not
in
the
repo,
it's
not
in
the
issues.
So
when
folks
open
it
up,
they
don't
see
that
it's
not
very,
it's
not
in
their
face,
so
we
just
need
to
make
it
more.
A
We
need
to
make
people
aware
that
we
can't
continue
to
support
the
legacy
versions
forever,
especially
after
after,
if
we're
doing
n
minus
three
once
we
hit,
I
think
it's
24
23
we're
not
supporting
119
anymore,
so
we
shouldn't
be
supporting
the
legacy
if
we're
following
that.
So
just
need
to
make
it
clear
to
folks
that
as
time
progresses,
you
need
to
seriously
think
about
upgrading.
A
Okay,
sorry
for
that
segue,
I
just
the
first
ques
the
first
issue
that
we
wanted
to
look
at
popped
up,
and
that
was
the
one
that
prompted
this
for
me.
So
let's
go
ahead
and
actually
look
at
the
issue
and
run
through
it.
Has
anyone
gotten
a
chance
to
read
through
this
one?
A
A
B
A
B
C
A
Looks
like
he's,
deploying
multiple
ingress
objects
and
he's
trying
to
do
a
canary
release
with
it,
and
it's
not
working.
C
A
C
In
other
cases,
where
multiple
ingress
has
kind
of
had
overlapping
matching
I've
experienced
behavior
where
it
was
indeterminate
which
one
would
get
loaded
first
and
that
could
be.
Why
he's
having
trouble,
reproducing
it
not
sure
if
that
helps
at
all,
but.
A
B
Does
match
controller
class.
C
A
B
Yeah
yeah,
as
far
as
I
remember,
yeah,
but
but
if
they
are
using
an
old
version
of
ingress
in
ginex,
it's
not
gonna,
be
supported
anyway,
right
yeah.
A
B
B
That's
remember:
laszlo
opened
that
issue
about
that
that
he
fixed
it
like
ingress
class
by
name
to
to
roll
back
to
the
to
the
previous
behavior
of
the
legacy
branch
right.
So
if
they
are
trying
to
use
ingress
class
name
in
the
old
version,
it's
gonna
work
in
the
new
version.
You
need
to
specify
that
you
want
to
use
the
name
instead
of
using
the
spec,
the
spec
controller
stuff.
B
A
B
B
A
A
C
I
think
that
means
like
so
that
when
you
describe
the
ingress
resource,
it
lists
like
recent
events,.
B
No,
but
also
indeed,
in
this
case,
that
you
are
selecting
it's
the
it's
the
admission
web
hook.
We
need
to
put
on
every
time
this
drop
annotation.
Something
go
back,
go
back
there
james
to
the
code
yeah.
So
what
we
do
here
is
actually
I
get
and
I
drop-
and
I
add
yeah,
but
I
add
the
information
here:
that's
debugging,
like
info
ingress,
tried
to
use
blah
blah
blah
and
was
disabled.
Maybe
they
weren't
just
to
race,
to
warning.
C
B
I
think
ingress
object
status,
they
only
support
load,
balancers,
the
load
balancer
ip
and
nothing
else.
C
B
Yeah,
the
thing
is
that
I,
I
am
pretty
sure
that
they
are
not
going
to
allow
us
to
extend
the
ingress
object,
as
they
are
already
working
on
gateway
api.
But
I
can
ask
cigna
to
work
and
say:
hey.
We
are
going
to
add
some
status
field,
some
status
message
or
some
conditions
or
something
like
that
into
ingress
objects.
B
What
do
you
think
about
that?
They
are
probably
going
to
ask
us
to
write
a
cap
and
that
cap
is
gonna,
be
alpha
from
123
the
124,
because
when
three
cycle
is
closed
and
then
we
are
going
to
get
this
tape,
this
ga,
probably
just
in
2023,
so
maybe.
C
This
request,
but
an
event
is
more
reasonable
because
it
doesn't
require
an
api
change.
B
Yeah
yeah,
I
I'm
not
sure
we
can
write
events
directly
through
the
through
the
ingress
controller
right
and
say
hey.
This
is
an
event
for
that
ingress
object.
I
guess
yeah
so
yeah.
Maybe
it's
a
good
idea,
we'll.
A
B
From
a
priority
perspective
important
soon,
because
because
as
a
user,
I
I
feel,
like
I
miss
some
feedbacks
when
stuff
they
are
getting
created
right
and
I
don't
know
why
they
didn't
get
created
like
why.
I
have
tried
to
create
my
ingress
object
and
it's
not
working.
Why?
I
have
created
my
network
policy
and
that's
not
working
and
status
fields.
They
are
pretty
annoying
to
get
them
working
because
you
need
like
to
change
api
and
have
some
api
review,
so
maybe
using
events,
it's
going
to
be
a
good
idea.
Yeah.
C
A
C
A
A
B
A
B
B
A
Unless
this
is
yeah,
unless
there's
this
they're
supporting
other
host
names
with
this,
that
would
work.
But
this
one
t.
B
B
I'm
not
sure
I
think
those
are
two
different
problems
in
the
same
issue
right
because
if
you,
if
you
roll
to
the
top
you're,
going
to
see
a
lot
of
messages
for
ingress
class-
and
they
are
trying
then
to
use
that
yeah
on
the
less
common
genes
yeah.
So
they
are
using,
they
try
to
use
104.
And
then
you
get
a
lot
of
errors
for
the
ingress
class
and
then
later.
B
They
try
to
use
to
synchronize
the
certificate,
and
that's
pretty
strange
for
me.
So
maybe
that's
a
that's
a
different
issue.
Those
are
like
two
different
issues:
one
it's
like
initially
trying
to
upgrade
from
zero
dot
x
and
not
relying
on
english
class
and
the
other
one
is
just
maybe
some
syntax
or
on
the
ingress
object.
A
Yeah
I'll
ask
please
to
open
up
a
separate
issue.
I
don't
think
it's
the
same
issue
as
well.
A
A
A
B
They
are
a
map
of
a
string
and
value
as
a
string,
so
this
is
like
why
they
need
to
be
quoted
right
because
you,
you
need
to
pass
the
api,
a
map
of
strings
being
the
name
of
the
annotation,
the
key
and
the
valid
another
string.
So
that's
that's
why?
B
If
you
try
to
put
something
like
true,
it's
gonna
understand
that
that
true,
for
example,
was
a
boolean
and
it's
gonna
fail.
The
the
api
validation
is
gonna
fail.
So
that's
that's
the
reason
of
even
if
that's
an
integer,
you
need
to
pass
a
string
and
then
on
our
side
we
try
to
convert
that
that
integer,
that
string
to
integer
or
that
string
to
boolean
and
fail
if
they
put
something,
that's
not
a
boolean
or
an
integer.
That's
a.
B
B
A
B
Yeah
annotations,
they
are
always
going
to
be
strings
right.
So
what
we
need
to
say
is
that
annotations
and
I
guess,
labels
so
what
I,
what
you
need
to
say
is
that
we
are
adding.
We
are
adding
a
string
that
must
be
followed.
The
integer
annotation
the
number
of
notation,
the
number
format
right,
but
that's
a
that's
a
a
limitation
from
the
api.
B
C
B
C
B
A
Yeah,
you
know
what
this
also
is.
A
good
is
it
first
issue
was
a
good
first
issue.
I
can
never
remember.
A
But
I
don't
disagree
all
right.
That's
the
triage
ones,
there's
some
specific
ones
that
we
should
probably
run
through
real
quick
time
check.
First,
one
that
I
just
pulled
this
up
to
the
top,
because
I
didn't
know
ricardo.
Is
there
anything
specific
on
the
milestone
that
we're
looking
besides
the
the
annotation
snippet.
B
There
is
that
course
that
mutual
course
stuff
that
got
married,
and
I
guess
there
is
some
watch
name
space,
pr
that
got
fixed
and
also
the
web
hook,
the
the
web
hook.
They
know
issue
some
metrics
as
well,
so
we
now
have
prompt
use
metrics
for
the
web
hook
process,
but
this
is
for
the
the
next
release.
I
don't
I'm
not
sure
I
guess
I
put
miley
stones
on
all
of
them,
those,
but
we
need
to
to
take
a
look
into
the
last
merged
prs
and
for.
B
A
B
I'm
muted
again
github
api
is
going
to
be
a
bit
hard.
I
guess
so
I
I
I
still
want
to
discuss
as
well
with
sig
network
and
other
folks.
B
B
So
if
you
want
to
enable
that
you
enable
them,
as
maybe
in
each
containers
that
you
mount
the
models
in
in
a
shared,
you
know
into
a
shared
folder,
and
then
we
can
compile
them
in
a
separate
process
and
et
cetera
and
having
also
a
as
smaller
ingress
in
chinese
container.
Just
that
fits
almost
everybody
eats.
A
That's
definitely
something
that
we
should
look
into
all
right.
So
look,
we've
got
this.
One
might
be
a
question
for
long
since
he's
assigned
to
it.
This
is
a
different
one,
convicted
prometheus
response.
Time
buckets.
I
remember
seeing
this
one,
they
wanted
the
different
time
the
times
they
wanted
a
shorter
time
frame
on
this.
C
B
A
C
B
B
A
I
just
want
to
get
it
off
the
I
think
we
just
look
at.
Is
it
triage
accepted
yeah,
yeah.
B
A
B
Yeah,
but
I
guess
I
have
fixed
this
one-
this
is
the
the
one
that
I
have
probably
fixed.
That
was
that
panic
remember
there
was.
There
was
like
a
new
pointer
on
the
admission
web
hook
on
pest.
Take
a
look
that
there.
There
is
a
log
about
that
as
well.
B
Yeah
yeah,
because
actually
the
the
controller
dies
when,
when
you
try
yeah.
A
So
that's
3
2,
that's
an
older
one,
but
yeah.
This
looks
like
they're
still
having
that
issue
and
the
latest
one
that's
a
huge
skew,
but
that's
not
going
to
cause
this
problem
using
two
ingresses
with
a
single
controller.
Each
one
of
them
have
different
domains
and
sub
domains
are
configured
with
cert
manager
for
ssl.
B
On
june
19th,
but
I
am
not
sure
I
guess
this
was
before
we
released
a
version,
one.
A
B
B
Okay,
okay,
okay
yeah,
so
in
this
case
specifically,
it
seems
to
be.
I
am
saying
to
you
the
the
the
one
that
I
fix
it
and
in
this
case
specifically
so
what
happens?
And
we
have
added
that
ingress
that
that
metrics,
because
we
have
figured
out
that
sometimes
the
admission
web
hook,
it
takes
a
long
time
to
to
to
do
that,
to
do
that,
reconciliation
and
probably
that
they
are
hitting
the
timeout
of
10
seconds.
B
B
This
one
fixed
the
new
pointer
in
that
case,
specifically
on
the
last
case.
That's
as
tom
asked
that's
a
time
out,
because
probably
admission
web
hook
is
taking
too
much
time
to
to
synchronize
everything.
So
just
just
ask
hey
how
many?
How
many
objects
do
you
have
in
your
cluster?
C
B
So
you
are
using,
in
that
case
in
that
case,
cube
proxy
right
so
because
you
are
routing
through
the
service,
so
I
think
that,
depending
on
which
backend
you
use
in
cooperation
like
ipvs
or
iptables,
it
does
close.
It
says
that
hey,
I
don't
have
any
any
back
end
here,
so
I'm
just
going
to
reset
the
connection.
B
It
was
large
amounts,
yeah,
yeah
yeah,
that's
my
bet
because
they
are
using
version,
one
zero,
zero
and
we
have
fixed
that
before
releasing
version.
One
was
even
when
the
branch
was
called
master
and
not
me
yet
so.
C
Yeah,
it
answered
my
question,
although
I
don't
know
they
provided
any
more
context
into
what
might
be
happening
in
their
issue,
because
we
don't
know
like
what
they're
using
specifically
but
yeah.
I
suppose,
if
the
process
exited
we'd
probably
expect
to
see
connection
reset
in
their
logs
as
opposed
to
context,
timeout.
A
I
always
do
that
and
then
I
assigned
so
which
one
did
I
send
to
me:
yeah
it's
in
there.
Okay,
I
don't
think
we're
gonna
be
able
to
get
through
the
rest
of
these
in
the
next
few
minutes.
A
We
can
save
those
for
the
next
time
or
we
can
look
through
those
individually.
This
is
the
one
that
we
just
went
to
do.
We
have
anything
else
that
we
need
to
talk
about
before
we
break
for
this
one.
A
You
want
to
talk
a
little
bit
through
that
control,
plane
and
see,
since
we've
got
damian
and
brian
both
on
here
see
what
their
thoughts
are.
B
A
It's
all
good,
it's
fine!
We
probably
can't
cover
it
in
seven
minutes
anyway.
Eight
minutes
yeah
all
right
folks.
Well,
thank
you
all
for
joining
and
listening
to
ricardo
and
me
talk
for
the
last
hour,
as
always
we're
available
on
slack
channels
and
if
you
need
anything,
please
reach
out
thanks
all
right.
D
Yeah
and
james
and
ricardo,
if
you
want
to
have
some
you
know,
maybe
a
separate
meeting
to
discover
to
discuss
the
that
collaboration.
Work
we'd
be
happy
to
try
to
set
something
up.