►
From YouTube: [SIG-Network] Ingress NGINX meeting for 20230608
Description
[SIG-Network] Ingress NGINX meeting for 20230608
A
B
Everyone
it
is
June,
8th
2023.
This
is
this:
is
the
networking
Ingress
engineering
sub
project,
which
means
it
is
a
cncf
project
and
it
adhes
to
the
cncf
code
of
conduct.
If
you
have
any
issues
with
anyone
in
the
meeting,
please
report
those
to
myself
or
Ricardo
or
to
the
cncf
and
or
the
Sig
networking
team
leads
and
with
that
we'll
go
ahead
and
get
started.
B
Usually
we'll
jump
in
we've
got
the
three
of
us
but
Brendan.
This
is
your
first
meeting.
Isn't
it
first
community
meeting
yep?
Would
you
like
to
introduce.
C
Yourself,
yeah
sure,
hi,
I'm,
Brendan,
I'm,
I,
don't
know
a
contributor
now
I
suppose
but
yeah
just
looking
for
ways
to
play
around
with
some
nginx
in
Lua,
I
suppose.
B
Yeah
awesome,
yeah
I
met
Brandon
at
keepcon
EU
when
it
did
a
presentation
on
cves
and
the
release
management
of
Ingress
nginx.
So
yeah
we've
got
an
awesome
contributor
out
of
it,
so
it
makes
them.
It
makes
the
the
stress
of
writing
a
prod
writing
a
presentation
worth
it.
C
It
was
your
Nirvana
karaoke
that
actually
got
me
here.
It
wasn't
the
presentation,
sorry
to
say,
I.
B
Know
that's
fine
to
do
I
will
definitely
continue
doing
karaoke.
That's
always
a
lot
of
fun.
It
is
a
it.
It's
almost
a
religion
here
at
shangard
long
and
for
anybody
else.
Listening
we
at
kubecon
EU.
There
was
a
karaoke
event
and
I
decided
to
bust
out
some
Nirvana
anyway,
but
thank
you.
Brandon
you've
already
made
several
really
great
contributions,
so
we
really
appreciate
that
and
I
know.
We
know
we
need
more
Lua
folks,
so
again
appreciate
you
diving
into
those
as
well.
So
that's
just
huge
difference.
B
B
So
unfortunately,
we
haven't
had
a
meeting
in
a
while.
We
were
talking
about
that
before
the
recording.
So
there's
probably
a
lot
of
action
items
that
just
need
reviewed
and
looked
at
I
know
there
was
some
open,
Telemetry
stuff,
there's
still
issues,
there's
always
issues
with
openssl
I
know
we
need
to
get
a
patch
release
out
for
the
I
think
go
125
is
coming
out
soon,
but
there's
also
124.
I
need
to
open
up
an
issue.
B
We
need
to
find
a
way
to
make
our
go
building
easier,
just
again,
making
things
easier
because
it
takes
about
three
three
PR's
to
upgrade,
go
and
then
two
more
to
upgrade
the
image
so
again
just
try
and
continue
to
reduce
that
so
I'm
going
to
add
that
as
an
action
item.
C
Have
we
I
was
having
a
look
at
K
promo,
the
cncf
project,
to
those
supposed
to
make
it
easier
to
like
promote
your
images
and
things.
B
I
I
looked
at
it
for
the
release
stuff,
but
we
might
need
to
re-look
at
K.
Promote
I.
Think
only
does
the
pr
for
you
and
to
the
promotion
to
the
staging
PR.
So
if
they
could
do
that,
that'd
be
great.
But
it's
still
we
can
walk
through
the
ghost
stuff
because
we
build
everything
inside
of
our
engine
inside
of
a
test.
Runner
that
has
go
installed
and
then
we
build
are
the
Ingress
binaries
in
that
test.
Runner,
and
then
we
build
the
image
on
top
of
that.
B
B
So
I'm
going
to
add
that
as
an
action
item
to
open
up
that
issue
so
that
we
can
reduce
that
and
just
as
a
go
patch
release
comes,
we
could
rapidly
get
that
out,
because
a
patch
release
always
comes
with
fixes.
I
know:
there's
vulnerabilities
right
now
that
124
fixes
it's
the
same
reason
for
us
fixing
and
getting
the
either
getting
curl
out
or
getting
open.
Ssl,
making
it
just
making
it
easier
to
patch
our
images.
This
is
just
it's.
B
B
C
C
Yeah
yeah,
so
I've
got
the
long,
spin,
I
think
long
ping
Ricardo
on
it,
but
I've
got
an
open
issue
on
the
obsolete
nginx
directives,
warnings
being
logged
out
and
then
also
the
HTTP
bun
like
trying
to
refactor
the
end-to-end
test
framework
and
try
and
reduce
that,
because
that's
also
quite
a
lot
of
duplication
and
a
lot
of
code
everywhere.
C
So
those
two
things:
I'm
waiting
on
the
end-to-end
testing
PR
moving
the
HTTP
band
deployment
into
the
framework
is
a
blocker
to
remove
Echo
because
a
lot
of
our
into
NCS
use
Echo.
Some
of
them
use
HTTP
ban
so
just
kind
of
moving
it.
To
one
thing.
It
will
reduce
the
complexity
of
the
code
base.
Quite
well,
then,
to
end
test
quite
a
lot.
B
Okay,
if
you
can
paste
the
the
PRS
into
that
doc,
I
just
dropped
them
into
the
web
chat
yeah.
B
B
B
D
I'm
waiting
for
you
to
go
through
what
you
have
in
what
you
have
planned,
but
basically
I,
think
the
priority
is
that
without
Ricardo
being
here,
there
are
some
PRS
that
are
short,
quick
and
probably
you
could
approve
them
and
they
are
kind
of
not
super
important
but
quite
like
they.
They
are
relevant
for
even
current
state
current
releases.
So
once
that
is
done,
I
think
we
will
talk
about
issues.
B
You
yeah
I'm
just
trying
to
see
if
there
was
any
open,
Action
items
that
we
haven't
looked
at
in
a
while.
I
just
wanted
to
make
sure
that,
what's
in
the
talk
we've
actually
gone
through
because
it
has
been
a
while,
since
we've
had
a
community
meeting
and
since
I've
looked
at
the
stock
so
and
the
first
one
popped
up
was
the
open,
Telemetry
module,
one
which
I
know
we.
We
should
be
able
to
close
this
because
we
were
able
to
we've
added
the
documentation.
B
D
We're
basically,
basically
waiting
for
Ricardo
to
test
it.
So
the
thing
is
this:
there
is
one
Zoom,
Ricardo
and
ehsan
talked
about
things,
and
so
there
are
prcs
put
in
so
as
soon
as
Ricardo
gets
time
to
look
at
those
PRS
and
approve
them.
A
B
B
B
Just
the
the
original
open
Telemetry
module
that
Assan
opened
up
back
in
September,
we've
completed
it
and
so
I'm
going
to
close
this
and
I'm
going
to
ask
anyone
who
has
issues
on
this.
Please
open
up
separate
issues.
B
B
So
the
defaults
are
just
too
too
low.
That's
fine,
that's
I,
honestly
think
that's
an
easy
fix,
but,
okay,
let
me
open
up
this
one
as
a
separate
issue.
C
B
D
C
D
C
Good
I
think
I
I
think
that
Canary
thing
that
the
one
that
I
was
responding
to
yesterday,
I
honestly
think
that
he's
just
using
a
version
of
the
controller,
that's
extremely
out
of
date
and
that's
potentially
causing
his
issues
because
he's
having
like
syncing
issues
with
his
ingresses
and
he's
using
like
1.0.4
on
a
1.24
cluster.
D
A
A
D
D
Broken
at
least
since
one
context
released
so.
C
But
even
the
even
but
he's
not
using
1.8
he's
using
one
1.0.
D
C
D
B
A
D
D
So
Brendan,
what
I
was
saying
was
in
one
single
post,
I
haven't
I,
have
not
seen
him
present,
like
the
request,
the
canary
English
described
and
the
related
log
message
from
the
controller
part.
C
So
yeah
he's
split
it
up.
So
if
you
scroll
down
to
the
bottom,
he's
done
like
the
full,
the
full
Ingress
for
the
canary
and
the
thing,
but
it's
also
like
yeah.
D
D
Type
is
implementation
specific,
but
in
that
one
single
post
there
is
no
description
of
the
event
from
the
controller
log.
There
is
no
description
of
the
request
that
was
sent
to
this
host,
so
he's
got
test
test.io.
So
if
I
create
a
Ingress
now
can
it
can
increase
same
test
dot
IO?
It
will
work
perfectly
for
me.
So.
D
B
C
B
On
the
on
the
newest
versions,.
B
Okay,
we'll
see
what
he
says
and
if
everything's
all
good
people
are
really
bad
at
closing
issues,
even
when,
even
if
something
is
fixed
or
not
so
just
If.
He
if,
if
it
hits
life
cycle,
Frozen
close
it
because
you
were
able
to
prove
that
everything
works
on
the
on
those
ones.
That's
just
which
again
try
to
keep
the
issues
down
and
close
them
as
needed.
B
So
we
got
that
one
all
the
open
I
need
to
follow
up
on
that
one
I
need
to
follow
up
with
Dylan
on
these
core
is
one
still.
Let
me
just
I'm.
Just
add
these
absolutely
okay!
Let
me
put
these
in
the
discussion
stuff.
Sorry,
we
haven't
gotten
those
yet.
B
C
I
think
it's
good
to
be
organized
right.
A
Yeah-
and
we
just
haven't
been
lately
so
I
need
to
go
through
that
one
as
the
the
path
type
stuff.
B
A
C
A
B
B
A
A
B
Discuss
those,
so
let
me
just
go
through
the
list
and
the
order
that
we
have
them
in
so
the
HTTP
run
stuff.
You
said:
that's
just
that!
That's
the
one!
That's
being
black
right
now,.
C
So
it's
blocking
removing
Echo
from
the
test,
I
think
the
I
think
I
think
everything's
fine,
it's
literally
just
moving
the
HTTP
Bund
as
part
of
the
framework
and
then
having
it
enablement
Flags.
So
you
can
enable
it.
C
Okay,
I
think
we
had
a
conversation
with
Ricardo
around
deploying
it
once
as
part
of
the
bootstrapping
of
the
cluster.
But
then
they
came
in
some
problems
with
like
routing
across
namespaces,
because
every
test
is
run
in
its
own
namespace.
So
now
it's
just
deployed
in
the
test
name:
space
based
on
a
flag
and.
C
No,
no,
no,
that's
not
what
we
were
doing
we're
just
doing
the
because,
and
so
the
idea
would
be.
We
try
and
do
this
for
the
external
external
external
Services
yeah
yeah,
which
I
can
do
that
work
as
well,
but
I
think
other
tests
will
need
their
own
instance
of
HTTP
button,
because
it's
testing
like
namespace
routine
right
and
not
cross
yeah.
B
C
Yeah,
that's
what
this
PR
does
so
there's
a
flag
that
just
you
pass
through
to
a
new
default
framework
with
HTTP
done
deployments
and
then
it'll
deploy
the
http
deployments.
B
Okay,
I'm
fine
with
that,
because
again
it
gets
rid
of
it
gets
rid
of
Bin.
Every
test
can
run
their
own
and
then
we
can
consolidate
as
needed.
We
could
have
a
default
one
and
if
they
don't
Define
one
the
default
one
just
uses
it,
but
we
can
iterate
on
that.
So,
but
if
this
does
one
right
now
for
heat.
B
It
yeah
yeah,
that's
what
it
does.
Yeah
yeah
I
think
that's
fine,
and
if
the
tests
and
again
I
put
a
lot
of
stock
in
our
end-to-end
test.
So
if
the
tests
are
passing,
I
think
that's
fine,
but
I'll
go
ahead
and
I'll
add
it
to
my
list
of
things
to
look
at
because
I
want
to
get
that
one
out
the
door.
B
A
bunch
of
people
have
looked
at
it,
okay
or
assigned
to
it.
That's
fine
cool.
What
was
the
last
discussion
point
on
the
absolute
warnings.
B
C
Them
essentially,
if
they're
specifically
specifying
then
then
those
warnings
will
appear
if
they're,
not
it
won't.
We
won't
add
them
to
the
nginx
conf,
because
we
already
use
the
directors
that
we
that.
D
C
Yeah,
the
I
think
it's
large
clients
headers.
We
already
have
defaults
for
those
and
they're
ready
deployed,
so
this
will
essentially
only
it'll
only
set
them
if
people
are
sending
them
in
the
config
and
that
one
headers
is
my
understanding.
B
C
C
D
And
they
were
also
using
a
annotation
or
a
config
map
value
that
was
related
to
this
directive.
C
No,
no,
no
so,
essentially,
essentially,
all
the
all
the
issues
related
to
these
directives.
They
were
saying
that
they
don't
want
it's
set
at
all,
because
it's
deprecated.
D
I'm,
what
I'm
talking
about
accepting
this?
What
I
was
coming
into
asking
was
I
thought.
My
understanding
from
your
explanation
now
is:
if
somebody
uses
an
annotation
or
a
config,
mapped
value
yeah
that
relates
to
these
two
obseridatives,
then
they
get
configured
and
start
spewing
obsolete
messages
in
the
controller
law
right,
so
I
was
trying
to
understand.
D
I
forgot
because
I
forgot
the
details
of
issues
where
people
reported
this
message
in
the
controller
logs
and
I
forgot,
specifically
if
they
had
configured
an
annotation
or
a
conflict
map
value
which
would
put
this
in
Engineers
come
so
I
was
wondering
if
you
check
that,
or
is
it
okay
to
just
go
ahead
and
remove
this
any
which
way?
Because
it's
a
delete.
C
So
I
think
the
reason
we
went
this
way
is
Ricardo
is
worried
about
people
that
use
these
already
and
they
haven't
because
I
mean
if,
for
instance,
you've
present
the
HTTP
Max
field.
Size
is
a
security
thing
right,
it's
essentially
you're
blocking
two
big
payloads
or
whatever
so
I
think
Ricardo's
and
I
mean
if
he
does
watch
this.
You
can
correct
me
if
I'm
wrong,
I
think
the
idea
is
people
have
who
do
use
this.
We
don't
want
to
break
their
deployments.
We
just
want
them
to.
A
B
B
C
It
would
but,
but
so
so
the
idea
is
is
the
assumption
is,
is
that
you
want
to
use
the
large
client
headers
buffers
which
already
has
a
default
set
right,
so
I
wouldn't
say
it's
a
breaking
change,
it's
just
a
because
that's
default
set
and
that
has
the
exact
same
implications
as
these
headers
right
I
mean
as
these
directors.
C
A
A
B
C
B
This
one's
just
the
community
update
I,
wanted
to
make
folks
aware
that,
with
our
180
release,
there
is
a
new
configuration
option
to
disable
reg
x's
on
anything
other
than
implementation
types.
So
it
is,
what's
the
configuration
options,
strict
validation,
path,
type,
yeah,
strict
validation
path
type.
So,
if
you
enable
strict
validation
path,
type,
the
only
path
that
can
have
reg
X's
is
an
implementation
type
specific
again.
That
would
require
some
changes.
We
set
it
to
false.
B
B
So
when
we
move
to
a
2-0
we're
going
to
set
this
to
true
so
get
folks
used
to
using
it
now,
we
are
not
at
ready
to
do
the
too
low
release,
yet
I
think
we
want
to
do
The,
annotation
validations,
possibly
the
cpdp
splits,
so
we're
not
ready
to
do
a
two
hour
release
just
yet.
We
probably
need
to
do
more
planning
and
discussion
discussion
around
what
a
2-0
release
is
going
to
look
like,
but
that
this
will
be
one
of
the
breaking
changes
in
there.
A
C
B
C
Also,
maybe,
with
a
discussion
around
the
two
ode
releases,
Maybe,
some
of
the
2-0
stuff
or
between
two
and
three
we
should
start
looking
at
I
know
it's
a
swear
word
here,
but
Gateway
here.
B
B
Okay,
because
we'll
have
everything
already
defined
and
then
we'll
just
push
it
to
the
engine.
X
control,
the
nginx,
because
really
it's
just
us
defining
the
control.
B
Gateway
that
taking
all
of
the
data
that
the
Gateway
API
is
asking
for,
configure
it
and
then
push
it
to
the
nginx
config.
So
if
we've
got
the
control
plane,
data
plane
split
that
helps
us
with
that,
because
we've
already
got
the
interface
defined.
So
that
was
the
idea
and
also
the
cpdp
split,
helps
with
a
couple
other
security
concerns.
So
we
do
need
to
probably
pick
that
up.
B
I
I,
don't
want
to
say
this
the
end
of
this
year,
but
it
definitely
should
be
like
a
2024
thing
that
we
should
focus
on
okay
and
then
yeah
removing
Jaeger.
We
still
don't
know
about.
We
still
haven't
made
a
decision
about
the
mod
security.
We
need
to
get
more
information
about
that
because
it's
supposed
to
be
moved
to
Community
Support,
so
the
company,
that's
supporting
mod
security.
Now
is
moving
into
community
support
and
the
conversation
is
well.
B
Do
we
need
to
remove
mod
security,
so
that
still
needs
to
be
a
topic
for
discussion.
B
Anyway,
so
that's
the
ideas
around
the
2-0
breaking
changes
anyway:
okay,
cool!
Well
thanks
for
indulging
me
on
that
one
and
then
now
we
can
I
knew
we'd
fill
up
the
hour.
We
didn't
even
get
to
do
any
issue
challenging,
but
let's
go
ahead
and
look
at
these
two
that
long
that
you've
posted
about
I
was
just
reading
this
one.
Before
we
came,
is
this
the
one
you
you
posted,
1062,
162.
B
What's
up
so
this
one's
just
changing
the
documentation,
because
I
guess
there's
a
change
in
how
AWS
that
all
the
clouds
do
it
differently?
Really,
my
thought
here
on
this
one
is
that
I,
don't
know
why
and
I'll
read
me
we're
just
doing
the
AWS
specific
one,
because
I
think
in
the
issue
they
talked
about.
B
A
D
If
you
open
the
values
file,
you'll
see
that
one
is
our
one,
annotation
is
out
of
out
of
the
controller.
The
other
one
is
depends
on
the
cloud
provider.
So
we're
not
setting
we're
just
documenting
here
that
if
somebody
needs
the
internal
one,
then
they
first
have
to
enable
the
controller
to
provision
an
internal
one
and
then
to
get
the
right
internal
facing
lb
from
the
provider.
They
have
to
put
that
specific
string
as
the
value
for
the
key
of
the
yeah.
B
D
B
A
B
Oh
did
I
I,
broken
links.
Sorry
I,
we've
got
some
broken
links.
I
thought
we
had
a
there's
a
CI
job.
That's
supposed
to
check
these
I
thought.
A
B
And
I
bet
we
get
through
one,
so
this
was
an
interesting
one
that
I
saw
yesterday.
We
probably
should
also
start
looking
at
looking
at
them
from
oldest
yeah
there's
a
lot
that
are
well
triage,
accepted.
A
B
These
are
needs
triage.
Let's
start
at
the
top,
then
okay,
one
one
exposed
to
traffic
here.
Let
me
post
it
for
you
all
too.
You
can
see
it.
B
A
B
C
B
Yeah,
that's
there.
There
is
one
for
triage.
B
B
Okay,
hey
we
got
the
one,
I
didn't
think
we'd
get
through
it.
Normally
we
when
we
were
triaging,
because
if
we
only
get
through
like
maybe
three
oh
good,
another
alua
and
a
mod
security
one
you
got
a
twofer
China
Lee
is
the
Lewis
script.
In
modern
security
there
was
an
error
doing
lower
support
not
enabled
in
mod
security,
so
something
we're
probably
doing
wrong
or
something
that's
now
out
of
date,
come
on
security
rules,
directive,
error,
reference
missing
or
not
not
informed.
Lewis
support
not
enabled.
B
I
know
we
do
a
bunch
of
hackery
with
setting
the
Lua
paths.
I
think
I
looked
at
this
issue
a
little
while
ago,
because
I
know
we
set
if
we
scroll
all
the
way
up.
We
do
a
lot
of
setting
of
like
lure
environment
variables,
to
point
it
to
the
lower
jet
that
we
install
for
reference
to
mod
security,
config
local,
on
build
AMD.
B
D
It
seems
like
a
very
dangerous
idea
for
anyone
to
exact
anything.
They
want.
B
B
They
let
users
do
it,
there's
nothing.
We
can
do
to
stop
them.
We
allow
them
to
run
Lewis
code
foreign,
but
this
does
smell
like
an
issue.
A
C
B
Yeah,
that's
that's
Lua.
We
use
the
Lewis
Jets
I
I,
honestly
again,
don't
know
how
it
works
is
we
installed
the
2-1
version
of
Luigi
and
we
do
a
bunch
of
hacking
with
the
pointing
it
to
specific
versions,
but
I
thought
I
saw
an
update.
That
was
an
update
six
months
ago
to
the
live
version
and
see
the
mod
security
version.
So
maybe
that
was
fit.
The
issue
that
we
have
that
fix
in
for
was
was
fixed.
B
B
Hi
folks,
thank
you
for
joining
cool
and,
as
always,
we'll
we'll
catch
up
on
on
Slack.