►
From YouTube: Kubernetes SIG Network 20170601
Description
Kubernetes SIG Network meeting 2017-06-01
B
C
C
Are
relatively
easy,
although
I
think
we've
had
enough
new
people
who
popped
up
to
say
I'd
like
to
take
bugs
that,
maybe
these
ones
are
all
taken.
There
are
a
few
in
there
that
are
going
from
small
engines
for
sure
all,
but
I
don't
want
to
discourage
anybody.
Try
to
take
those
on
just
a
little
bit
more
application,
fresher
and
honestly
like.
If
you
are
one
of
those
people
who
wants
to
contribute,
but
all
of
the
obvious
bugs
are
taken.
C
B
C
D
B
A
A
Still
not
entirely
sure
why
it's
happening
that
way,
but
I'll
get
to
the
bottom
of
it.
I
guess
one
question
I
had
with
that
was:
why
does
pod
status
get
skipped
or
not
updated?
If
the
network
plug-in
returns
an
error
for
the
sandbox,
we
shouldn't
an
error
for
networking,
cause
the
pod
to
be
torn
down
and
restarted,
or
something
like
that
I
mean
it
seems
like.
We
have
ways
to
report.
Network
errors,
no,
but
they're
not
actually
respected,
and
nothing
is
done
with
them
really.
C
Sorry
then
we
we
cut
out
or
you
cut
out
for
the
majority
of
what
you
designed
sorry.
A
I
was
wondering
if
it
seems
like
we
have
ways
to
report
Network
errors
now,
at
least
through
the
you
know,
get
pod
network
status
should
that
be
respected,
because
I
think
right
now,
cubelet
doesn't
do
anything
with
those
it
basically
just
logs
them,
and
then
he
like
doesn't
update
the
pod
state
at
all.
So
they
basically
get
logged
and
lost
and
nothing
gets
done
because
it
comes.
E
I
feel
like
on
there.
The
implicit
requirement
for
the
sea
is
fact
that
the
get
hot
Samba
Paris
she
basically
in
return
error
where
the
limit
has
followed
on.
So
that's
why
Mike
Kidman
right
now,
it's
pretty
like,
like
it,
has
a
dumb
book
just
to
go
through
all
the
parts
and
then
get
to
each
one
of
those
seven
dog
status
and
then,
if
any
error
occur
for
that
particular
part
and
that
hostiles
will
not
be
updated
and
then
you
will
get
stale
in
the
API
server.
So
that's
sort
of
the
wider.
E
The
I
effective
and
then
like
I,
get
the
problem
but
yeah,
but
I'm
not
sure
like
how
we
need
to
attack
this
because
I
think
the
ultimate
problem
on
install
is
that
like
during,
like
hard
start
up
and
tear
down
pod
status
should
still
be
valid
right
and
it
should
not
meet
any
useless
error
right.
That's
the
the
problem.
We
wanted
to
get
rid
of.
A
A
A
Well,
I
mean
in
this
case
there
is
no
network
namespace
for
the
pod,
because
key
book
got
restarted
and
for
whatever
reason,
doctor
is
not
giving
us
a
network
namespace
and
so
clearly
that
pod
is
not
going
to
work
and
the
error
was
getting
reported.
But
then
that
causes
the
status
updates
to
not
happen.
E
Yeah
I
mean
yeah,
you
can
you
can
say
that
from
the
other
angle,
where
your
your
icon,
cubelets
should
probably
like
act
on
those
errors,
but
it's
it's
hard
to
formula
to
tell
like.
Is
it
an
intrinsic
error
or
is
it
like
a
real
problem
or
basically
it's
very
hard
for
two
with
the
decide?
What
is
this
error
section.
E
Again,
we
are
singing
like
you're
saying
that,
basically,
if
okay,
the
status,
guess
that
is
called
returns,
an
error
and
then
as
Cuba
should
cut
back
on
it
and
they
should
basically
tear
down
and
restart
it.
And
things
like
that.
But
it's
hard
for
people
to
tell
lies
a
specific
area
of
return
and
then
based
on
that
to
to
to
like
to
act.
Should.
C
A
C
A
Apparently,
in
this
case,
the
only
way
we
have
to
figure
out
that
something's
not
working
is
that
we
don't
have
a
network
name
space,
then
the
plug-in
can
use,
but
so
well
I'll
try
to
go
figure
that
out
information
now
I'll
try
to
see
what
I
can
do
about
errors
too.
Turning
from
get
pod
network
status,
I
mean
the
core
of
that
original
PR
was
just
to
try
to
make
sure
that
we
didn't
log
superfluous
log
messages
due
to
the
race
with
the
pod
lifecycle
generation.
A
E
C
B
C
C
C
C
C
Let
you
pass
the
edge
map
if
you're
not
coming
from
a
VM,
so
we
have
to
masquerade
if
you're
trying
to
go
out
to
the
world,
but
you
own
one
at
mass
great,
if
you're
going
out
to
the
world,
so
we
had
a
flag
in
cubelet.
That
said,
don't
masquerade
for
this
particular
cider
and
we
wanted
to
expand
that
to
all
of
like
all
of
RFC
1918
space,
but
also
to
make
it
more
user
configurable
and
rather
than
add,
more
Network
flags
to
keep
what
we
thought.
C
We
would
instead
make
it
a
demon
set,
so
they
were
Daniel
and
Mike
tough
and
wrote
this
little
IP
mask
agent,
which
takes
some
configuration
from
a
config
map
and
writes
up
the
egg
potatoes
rules
to
turn
on
or
off
masquerade.
As
me
in
and
the
nice
part
now
is,
we
can
remove
one
more
flag
from
cubelet
in
every
search,
so
so
there's
that
it's
new
we're
trying
it
out
on
GCE.
We
expect
that
it
will
be
a
good
thing
and
that
we
will
recommend
it
for
everybody
who
needs
this
sort
of
use
case.
C
C
B
C
Last
chance
all
right,
it's
KC's,
cubelet
iptables
performance
issue
with
cubelet
in
19,
April
stuff.
Now,
there's
two
issues
here:
there's
one
cubelet
is
doing
more
I
see
table
belts
than
it
really
needs
to.
They
could
be
doing
it
through
a
saver
store
and
two
at
least
on
some
machines
like
looking
cables,
is
10x
slower
than
it
is
on
other
machines.
G
G
C
C
E
The
badges
look
I'm
not
sure,
particularly
what
I
don't
know
like
that's.
The
specific
goal
is
probably
the
the
patch
did
not
come
rather
I'm,
not
sure,
okay,
but
it
does
look
like
exactly
like
the
Cobo.
It
sounds.
C
C
So
this
bug
is
nobody
as
far
as
I
can
tell
nobody's
working
on
the
fix
to
move
it
to
IP
tables
spades
and
restore
new
non.
Can
you
take
this
issue,
but
try
to
get
this
guy?
Is
this
our
theist
guy
to
drive
the
patch
sure
the
hills
new
contributor
out
of
this
okay?
Okay,
I?
Would
love
to
see
this
fix,
but
I
wouldn't
call
this
p0
like
I,
wouldn't
stop
the
release
for
this
one,
because
it's
not
a
change
in
one
fix.
So
this
is
probably
not
a
blocker
objections
to
that
that.
C
C
Clothes
weight
issues
all
the
Masters
that
were
stuck
with
all
their
sockets
and
clothes
weight,
and
so
it
couldn't
answer
any
it
couldn't
take
any
more
connections,
so
all
the
cubelets
timed
out,
so
it
removed
them
all
from
the
load
balancing
pool,
even
though
the
cubelets
were
actually
there
and
surveying
they
just
couldn't
check
in
yes,
yeah
so
like
in
board.
We
have
a
system
that
that
recognizes
too
much
correlation
and
puts
the
brakes
on
pair
actions
like
this.
We
do
not.
We
don't
have
that
income
and
yet.
G
C
Like
if
you
have
a
three
node
cluster
and
all
screening
of
are
believed
to
check
out
at
the
same
time,
like
that's
one
thing
but
like
if
you
have
a
to
node
cluster
and
like,
is
it
impossible
that
you
could
check
out?
At
the
same
time,
no
back
off
is
going
to
help
you
there
yeah,
okay,
anybody
has
bandwidth
to
look
into
this.
So
just
even
ID
a
a
on
a
heuristic
here,
I
know
the
controller
logic
is
probably
new
to
a
lot
of
people.
C
Well,
yeah,
maybe
we
could.
We
hardly
have
to
make
an
argument
that
this
is
a
bug
fix
and
it
is
actually
sort
of
a
stretch,
because
this
is
not
a
new.
This
is
not
a
new
in
one
seven
ish
ooh
I'll
assign
it
to
you
pontificate
on
whether
we
can
possibly
spin
this
I'm,
not
sure
that
we
can.
At
this
point.
C
A
C
C
I'm
not
sure
if
it's
Audrey,
specific
or
if
it
was
applied
to
all
Club
writers,
I
have
not
audited
the
GCE
code,
but
basically,
if
you
create
and
destroy
a
service
with
the
same
name
too
quickly,
you
can
overwriting
your
state
and
lose
track
of
the
fact
that
you
didn't
complete
the
deletion
of
an
IP
address.
It's.
B
F
C
H
C
C
B
B
D
B
C
C
A
C
D
D
D
C
Checkpoints
that
diminish
the
person
recording
you
guess
we
just
need
to
come
up
with
an
answer
best
practices,
but
it
doesn't
matter
because
this
think
the
traffic
shaping
not
going
to
be
in
one
seven.
There's
no
aspiration
to
that.
So
this
bug
is
currently
a
certain
time
to
been
Chris
and
then
do
we
want
to
just
update
it
with
the
fact
that
the
course
port
stuff
is
merged,
and
we
can
remember
the
plot
that
my
area
so
that
somebody
law,
so
you
did
in
a
custom,
CNI
a
config,
yeah
and
so.
F
C
E
E
E
It
starts
to
sink
those
static
bars,
so
these
two
things
happen
in
parallel
and
then
does
some
static
power
like
cue
proxy,
is
like
something
needs
some
information
from
the
nose
back
where,
depending
on
the
note
getting
itself
registered
so
I
guess
so
after
we
move
the
cube
proxy
to
the
you
said,
this
will
be
a
problem
anymore,
but
at
this
was
still
a
problem.
Is.
C
A
C
E
C
C
A
A
C
That's
true,
yeah
yeah
I
would
say
if
we
have
to
get
the
node
IP
and
it
doesn't
exist
that
we
should
just
either
exit
or
like
sleep
for
ten
seconds
and
try
again
and
put
that
into
a
back
of
me.
Yeah.
A
C
C
I
C
So
I
think
glide
was
a
cool
tool,
but
it
didn't
work
for
the
kubernetes
repo
because
it
was
too
big
and
it
had
to
neared
interdependencies.
I'd
already,
remember
exactly
why,
but
it
fell
over.
We
tried
to
run
glide
against
today,
so
right
now,
the
only
tool
that
we
found
that
works
at
the
size
of
our
repo
is
go
down
and
go
deficit
turn.
I
Yeah
I
heard
someone
else
tell
me
on
one
of
the
current
slot
accounts
a
couple
days
ago.
All
four
new
projects:
okay,
yeah
yeah,.
C
A
I
A
C
Because
notice,
Mike
you're
not
marked
as
an
ordered
member
or
external
collaborators,
I
can't
assign
you
the
issue
so
I
just
tagged,
you
I
think
I
spelled
your
name
right
and
I
will
take
a
note
for
myself
to
go
and
add
you
as
an
external
collaborator,
so
you
can
actually
get
assigned
issues
and
PRS.
This
is
true
for
anybody
here
who,
if
you're,
participating,
you're
working
on
issues,
and
you
want
to
be
able
to
be
assigned
an
issue
or
a
PR
drop
me.
A
note
and
I
will
add
you,
as
an
external
collaborator,
remind.
C
C
C
E
C
C
Any
regrets
here
we
can
revisit
this
one
and
if
there's
no
progress
by
this
time
next
cycle
next
meeting,
then
we
will
assign
it
to
somebody.
Hopefully
this
is
not
a
hard
one.
A
lot
of
these
are
little
validation.
Issues,
expand
docs
on
DNS
policy,
so
a
change
went
in
last
cycle.
I
think
was
it
this
cycle
to
add
a
DNS
policy
of
cluster
first
with
host
network,
which
is
quite
a
mouthful,
but
that's
what
compatibility
gets
you?
It
feels
like
looking
at
this
understanding
it
and
runs
and
docks
very
volatile
tone.
C
So,
oh
great,
that's
right,
he
did
cool
cubelet
flag.
Cluster
9
doesn't
work,
it
was
all
calm.
This
is
another
one.
I
looked
at
this
week
think
this
is
a
non-issue
I'm,
I,
guess
I'm
on
this
one,
because
I
haven't
assigned
myself
any
okay,
that's
it!
That's
it
hey
guys!
That's
it
is
it
did
anybody
here
feel
left
out
like
they
wanted
to
work
on
some
things
that
didn't
have
an
opportunity
to
cuz.
We
can
go
find
more.
C
It
gives
us
about
200,
open-sink
Network,
bugs
which
honestly,
like
out
of
4,500,
is
not
too
bad
and
4500
is
down
from
5,000.
Just
a
week
ago,
there's
been
a
concerted
effort
to
find
and
close
stale
bugs
which
to
all
those
people.
If
your
presence
thank
you
when
you've
destroyed
my
inbox,
but
it's
been
great
to
get
those
bugs
clothes.
C
So
I
just
want
to
say
again
thanks
for
everybody,
for
sticking
with
us
as
we
sort
of
retool
and
figure
out
what
this
thing
is
and
how
it's
going
to
work
so
far,
I
think
the
response
has
been
great.
I've
had
a
bunch
of
people
contact
me
asking
how
they
could
help
a
bunch
of
people
going
through
and
doing
bug.
Scrubs
we've
got
more
volunteers
coming
on
here.
It's
fantastic.
B
D
H
This
is
Daniel
that
we
have
other
folks
here
as
well.
I
guess
the
only
question
I
really
have
is
Tim
yes
to
create
what
I
call
the
manifesto
and
I
posted
that
to
the
group
got
some
feedback,
but
I
was
just
wondering
where
we
go
from
here.
Do
we
continue
putting
leading
in
on
the
Google
group
for
feedback?
Well.
C
Great
question
we,
so
they
governance
group
hasn't
formalized
where
we're
going
to
put
charters,
but
this
is
sort
of
the
proto
chair.
I,
owe
you
an
apology
that
I
haven't
actually
reviewed
the
dock,
yet
I've
got
a
whole
bunch
of
musics,
related
PRS,
but
I
haven't
had
a
chance
to
get
to
and
because
I,
mostly
because
I,
don't
know
how
they
work.
So
I
have
to
go.
C
A
A
C
C
C
C
The
tests
themselves
shouldn't
be
that
complicated
building
up
a
new
suite
is
a
little
bit
more
complicated,
but
we
can
certainly
when
we
get
to
that
point.
We
can
put
you
in
touch
with
the
right
people
here
and
get
a
sweet
set
up
so
that
we
can
actually
run
these
six
tests.
We
probably
won't
run
them
on
an
every
APR,
at
least
initially,
but
we
can
get
them
so
they
run
every
day
or
something.
Let
me
just
no.
H
H
C
I'll
I'll
take
that
back
to
our
country
backs
folks.
I'll,
ask
me
it's
supposed
to
work
through
PRC
little
ISM
is
area
/
area
space
I've
even
put.
C
C
All
right
thanks
cool
all
right,
so
I
have
a
bug
in
a
couple
of
action
items,
and
we
also
got
some
bugs
and
stuff
to
work
on
this
the
today
of
the
code
free.
So
if
there's
any
other
PRS
that
people
wanted
me
to
look
at
that
need
to
go
in
before
the
code.
Freeze
today
is
the
day.
I
will
be
available
on
hangouts
from
now
until
about
6:00
California
time
and
then
again
later
an
evening.
So
if
anybody
needs
anything
from
these,
please
hit
me
on
hangouts
or
slack.