►
From YouTube: Network Policy API Meeting 20210315
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Okay
folks,
so
this
is
sig
networks
with
project
network
policy.
Api
meeting
today
is
march
16
2021,
my
name
is
ricardo.
I
am
conducting
this
this
meeting
today.
I
kindly
remind
you
that
this
meeting
is
is
covered
by
cncf
code
of
conduct.
So
please
be
nice
with
each
other,
don't
don't
be
a
jerk
and
let's
get
started
so
I
will
share
my
screen
with
you
folks
and
we
have
for
today.
B
A
So,
for
today
we
have
mostly
two
items
in
the
agenda
both
of
them.
They
are
about
issue
triage,
the
first
one
meth
is
conducting.
I
don't
know
if
you
wanna
say
something
about
that
math
or
if
this
is
something
that
we
can
like
bypass.
C
C
But
then,
if
you
just
do
a
coupe
control
git
afterwards,
you
know
it'll
only
have
the
first
ip
block
there.
So
somehow
that's
you
know,
that's
getting
accepted
but
like
silently
dropping
something,
probably
you
know
kind
of
feels
like
a
bug
but
yeah,
but
the
the
decider
it
accepts
it's
it's
an
array,
it
doesn't
say
no,
it's
a
string
yeah!
It's
like
a
string.
A
C
A
A
C
C
D
It
super
press
if
it's
not
super
super
pressing,
I
can
take
it.
I
won't
get
to
it
this
week,
though.
Okay.
B
Speak,
I
raised
my
hand
because
you
said
it's
a
good
first
issue.
I
I
joined
these
meetings
too,
to
be
able
to
learn
more
and
hopefully
get
support,
so
I
don't
mind
working
on
it,
but
I
just
would
like
to
know
I
can
reach
out
to
for
help.
If
I
try.
A
Okay,
so
let's,
let's
do
this
way?
Folks,
let's?
What
do
you
think
about
coming
coming
here
coming
here
into
this
issue
and
discussing
here
about
about
the
correction,
sounds
good
yeah,
so
you
can
align?
Who?
Who
is
going
to
to
tackle
this
one.
E
C
And
you
can
see
at
the
bottom
like
I
actually
reported
a
coupe
val
bug
for
this
too,
so
that
there's
actually
like,
maybe
two
things
that
could
be
done
here
or,
like
I
don't
know
anything
about
kubevale.
I
don't
know
if
that's
built
out
of
kubernetes
or
what
but
like
it,
also
says
that
the
policy
is
okay
and
it
should
probably.
I
would
think
it
should
report
a
failure
too.
So
that's
another
thing.
If
somebody's
interested
in
that,
in
case
you
haven't
used
kubell
before
it's
just
something
to
like
validate
yaml
objects,.
A
D
To
upstream
yeah,
but
I've
been
doing
a
bunch
of
a
bunch
of
stuff
like
this
and
downstream
and
open
okay.
So
I'm
not
scared
by
it.
A
A
B
A
The
other
issue
that
I've
seen
about
network
policies,
this
one
ib
block
slider,
does
does
not
block
connection
on
the
node
where
the
pod
is
running.
So
this
is
a
question
I
just
opened.
So
I
didn't
read
this
one,
but
it's
related
to
okay,
one
master
to
two
workers:
mechanical
vxlan,
deploy
it
blah
blah
blah
tainted
master
added
from
okay,
who
are
those.
A
F
D
Yeah
yeah
he's
just
trying
to
allow
like
us.
I
I've
seen
this
hack
before
it's
literally
like
he's,
trying
to
allow
an
explicit
host.
That's
not
part
of
the
net,
and
it's
like
really
hacky
and
shouldn't
really
be
done
in
practice.
I
don't
think
it's
like
trying
to
allow
one
ip.
A
A
D
A
Because
my
effect
on
the
connection
is
made
in
the
same
node:
okay
got
it
so
he's
trying
to
block
the
node
to
connect
into
the
service.
A
D
A
C
Kind
of
reminds
me
of
that
psyllium
issue
or
not
issue,
but
like
behavior,
we
found
where,
like
some
things,
don't
some
traffic
doesn't
even
go
through
the
cni,
like
I
think,
for
like
loopback
or
something
so
network
policies
wouldn't
be
applied
like
this.
I
wonder
if
this
almost
seems
a
little
bit
similar.
E
D
It
could
be,
I
mean,
there's
certain
cases
where
there's
certain
flows
that
is
under
the
the
overlay
right,
especially
with
like
host
network
pods
and
stuff,
so
I'll
check
it
out,
but
if
you're
blocking.
Basically
the
point
is,
if
you're
blocking
traffic
from
a
node
to
a
pod
on
that
node.
Then
then
something's
wrong,
because
that's
a
weird
case
where
your
source,
ip
is
the
that
of
the
node
and
your
destination.
Ip
is
that
of
a
pot
on
the
node.
A
A
A
The
namespace
by
name,
is
entering
in
a
better
status
and
port
ranges
isn't
he's
entering
on
alpha
status
and
cni's.
I
know
that
kaliko
already
supports
port
ranges,
because
I
did
the
pr,
but
I
guess
it
would
be
good
to
check
with
the
folks
from
from
syria
and
and
three
and
three.
I
know
that
that
supports
already
right
yen.
I
guess
I
saw
something
from
from.
A
And
also
the
name
space
by
name
being
something
so
I
guess
we
can
start
bringing
to
the
next
meetings.
What
else
we
can
do
as
minor
changes
and
also
I
I
would
like
to
see
like
the
cap
that
satish
wrote
the
services
selector
thing
and
and
the
evolution
of
the
network
policy
api
being
evolved.
So
I
guess
we
can
maybe
have
like
a
rest
today,
because
I
don't
think
anyone
is
prepared
for
discussing
this
one,
but
I
will
I
will
talk
with
jay
and
andrew
seeking
and
other
folks.
How
can
how?
A
F
Yeah
sure
I
I
just
want,
I,
I
also
wanted
to
provide
any
some
update
on
that
regard.
Actually,
appjack
is
still
involving
the
upstream
activities,
so
we
have
a
regular
thursday
weekly
meeting
between
me
golden
app
check
and
satish.
F
So
we
will
have
essentially
we'll
have
a
cap
ready
for
signal
people
to
review
by
the
thursday,
and
I
think
we
already
did
a
sort
of
like
a
dry
run
in
the
in
the
sig
network
meeting
and
we
received
some
feedback
from
tim
and
other
other
guys
from
from
google.
So
we
already
sort
of
like
steered
our
proposal
towards
a
direction
that
they
kind
of
like
hinted.
F
So
I
would
also
appreciate
if
people
on
the
call
can
can
have
a
take
a
look
at
this
this
cap
and
put
any
comments
on
there
and
yeah
and
and
there's
also
something
that
I
wanted
to
bring
up
with
with
matthew.
Is
that
we
we're
we're
talking
about.
You
know
the
potential
risks
or
and
mitigation
for
the
cluster
network
policy
and
a
a
thing
that
we
mentioned
is
that
for
cluster
network
policy,
because
it
has
all
these
precedences
in
in
the
rules
right.
F
So
in
the
in
the
current
kubernetes
now
policies
you
will
have
implicit,
deny
and
allowables
now
the
cluster
now
policy
will
make
it
even
more
complicated
because,
as
you
know,
cluster
network
policies
will
have
the
main
rules
which
are,
like
god,
rail
rules,
and
they
are
even
more
powerful
than
kubernetes
network
policy.
So
when,
when
you
have
a
pod
now
right
and
if
you
have
multiple
policies
applied
on
top
of
it
now
it's
become
even
harder
for
people
to
gather.
You
know
what's
actually
affecting
the
traffic
to
and
from
this
pod.
F
So
I
think
in
that
sense
you
know
your
side
currents
project
can
be.
You
know
great
in
terms
of
building
on
top
of
this
and
help
people
understand
that
you
know
with
all
the
policies
what's
actually
going
on
with
my
pop
right.
So
that's
something
that
I'm
also
very
interested
in
willing
to.
You
know
talk
to
you
about,
I
guess
the
the
entire
cluster
network
policy
team
to
to
kind
of
like
figure
out
or
work
throughout.
F
If
we
can,
you
know
access
support
in
the
future,
and
we
also
probably
wanted
to
mention
that
in
the
cab
in
the
sense
of
you
know,
this
is
not
what
we're
trying
to
solve
in
the
cap,
but
we
wanted
to
have
a
vertical
effort.
Orthogonal
effort
to
this,
so
that
you
know
we
can
have
better
user
experience
or
on
debuggability
for
the
cluster
network
policy.
F
Yeah
that
will
that
will
actually
be
great.
I
can
I
can
do
this
sometime
this
week.
We
can
offline
schedule
a
quick
call
to
discuss
those
kind
of
things
also.
I
I'm
also
waiting
to
help
on
on.
You
know
your
current
project
in
terms
of
network
policies.
If
you
have
any,
you
know,
work
items
and
stuff
like
that,
I'm
I'm
actually
on
the
same
team
as
and
how
so
oh
awesome,
yeah
yeah,
so
yeah
we're
we're,
definitely
willing
to
help
you
on
any
other
improvements.
You're
thinking
on
this
project,
cool.
C
F
Yeah,
I'm
all
right,
I'm
on
I'm
about
to
china.
Let
me
also
let
me
also
put
that
cap
link
into
into
this
document.
In
case
people,
don't
I
I
found
it
how
you
found
it
cool.
A
A
F
Yep
yeah
this
is
it
yeah,
so
so
I
think
in
content
wise,
I
think
everything
is
essentially
in
there.
We
just
need
to
do
a
little
bit
of
you
know
partition
in
terms
of
where
to
put
those
those
paragraph
and
stuff
like
that,
but
I
think
essentially
we
are
we're.
We
have
already
made
this
ready
so
appreciate
the
people
on
this
call.
If
you
have
time
to
take
a
look
at
it
and
and
just
put
some
comments
in
there,
so
we
can
start
a
discussion
over
there.
A
A
D
C
Yeah
gotcha,
hey,
I
got,
I
got
a
quick
question
for
you.
Would
we
be
able
to
run
a
kind
cluster
with
7
in
a
github
action.
D
Yep,
that's
what
we
do
on
our
up
on
enough
stream.
1K!
Oh
sweet!
Could
you
point
me
to
that?
Maybe
I'll
just
steal
that
yeah
for
sure.
Basically,
you
can
literally
go
to
any
pr
in
oven,
kubernetes
and
you
should
be
able
to
see
like
everything,
that's
how
I
set
up
ci
on
my
local
awesome,
all
right,
cool.