►
From YouTube: Kubernetes SIG Network Bi-Weekly Meeting for 20211209
Description
Kubernetes SIG Network Bi-Weekly Meeting for 20211209
A
A
Can
you
see
my
screen?
Yes,
thank
you
all
right,
we'll
just
click
through
some
tim
filed
this
one.
B
So
what
should
we
do
with
that?
This
is
tied
to
another
okay.
So
the
thing
is
this
started
with
right
now,
when
you
create
a
cluster,
usually
you
have
the
dns
as
the
dot
10
the
10th
ip
address.
Okay,
and
we
are
hard
coding
this
in
kubrick,
so
tim's
idea
is
to
not
depend
in
any
convention
on
ap
addresses
to
say.
Well,
I
just
want
this
service
to
be
the
dns
ip,
and
this
is
the
discussion,
because
there
is
a
clip
related
to
this.
B
B
I
think
that
this
is
more
a
philosophical
and
you
know
discussion
issue
to
have
200
comments
and
people.
Okay,
I
think
that
this
would
be
good
or
bad.
I
mean
right
now:
it's
not
idea.
The
solution
is
to
have
called
an
ip
and-
and
I
agree
with
teams
that
we
should
have
something
better,
but
having
something
better
with
you
know,
all
the
dependencies
that
we
have
we
are
occurring
for
five
years
is
complicated.
A
Okay,
should
we
just
leave
it
unassigned
for
now
and
continue
the
discussion
until
some
actual
work
items
come
out
of
it
yeah.
I
think
that's
good.
A
Does
this
look
legitimate?
Should
we
accept
it
and
then
second
question
who
wants
to
take
it.
C
C
A
D
D
F
G
G
G
A
H
B
B
That's
the
thing
that
I'm
trying
to
figure
out,
so
this
is
udp
under
the
hood.
So
the
thing
is:
when
you
have
udp,
how
do
you
load
balance
that
and
it
seems
that
there
are
several
offices?
You
know
trying
to
explain
how
you
should
do
that.
But
I
didn't
I
mean
in
theory
the
backend
should
be
able
to
talk
with
other
backends.
That's
one
one
solution
and
the
other
is
the
user
space
logic
for
the
to
be
able
to
sign
up
the
clarion.
I
don't
have
it
clear
how
how
this
is
going
to
work
honestly.
I
B
B
B
I
really
love
the
idea.
I
mean
it's
just
instead
of
tcp,
you
just
use
the
udp
and
maximize
you
know
the
data
plane
to
forward
ip
packets
and
evp
packets,
but
I
couldn't
investigate
more,
but
it
looks
exciting
to
me.
That's
that's
like
a
great
improvement
to
http.
A
B
H
B
H
B
B
I
I'm
not
able
to
to
make
my
mind
for
me
if
you
reproduce
it,
that's
easy.
You
know
what
you
reproduce
is
a
matter
of
time.
It's
just
start
to
take
logs
and
and
with
paintings,
but
without
reproducing
and
only
reading,
it's
very
complex
to
solve
this
box.
I
I'm
happy
to
help
if
you
are
able
to
reproduce,
but
I
don't
have
time
to
try.
H
Yeah
I'll
take
a
look
to
see
if
this
is
actually
an
existing
thing
or
just
a
bug.
J
A
A
Yeah
from
the
title
of
the
issue
right,
I
think.
K
K
H
H
No,
no,
you
can
assign
me
if
I
can
help
out
on
this
sure.
F
A
B
We
we
have
another
discussion
versus
here,
I
didn't
bring
it
again.
I
will,
with
the
logic
for
sctp.
C
L
Okay,
the
what
we
want
to
propose
and
eventually
see
if
we
can
bring
a
cap
or
if,
if
there's
a
better
place,
to
identify
this,
it's
a
concept
about
network
profiles
and
the
idea
is
that
there's
a
lot
of
constructs
in
kubernetes
already,
and
this
in
particular,
is
for
parts
that
are
affected
by
the
use
of
multiple
networks
in
general,
when
we
have
multiple
networks
like
it
doesn't
matter,
if
it's
from
the
media
or
the
telco
or
even
on
hpc,
those
network
usually
have
some
attributes
or
some
functional
requirements
that
are
quite
strict
in
general,
so
and
the
way
that
we
do
have
networking
today,
there's
nothing
that
can
help
a
part,
for
example,
making
sure
that
that's
been
really
guaranteed.
L
So,
as
in
other
parts
of
kubernetes,
for
example,
what
happened
with
cpu
managers
that
I
can
go
and
say?
I
need
one
core
really
allocated
for
me.
So
the
idea
is
okay.
So
what
if
we
can
bring
functional
requirements
as
part
of
the
network
definitions,
but
it
will
be
an
abstraction
that
you're,
basically
on
everything
that
exists,
have
an
opportunity
to
to
bring
this
concept
so,
and
the
idea
is
that
the
cni
does
not
need
to
explicitly
support
this
it.
L
To
be
part
of
the
definition
of
the
network
that
the
part
can
consume,
and
there
there
will
be
multiple
venues
that
a
platform
can
choose
to
support
this
if
they
choose
to
so,
for
example,
one
can
be
using
platform
specific
cni,
which
will
not
be
different
from
any
plugging
any
cni
plug-in
with
extensions
or
just
using
the
existing
cni.
L
Let's
say
having
multis
and
doing
cni
chaining
to
provide
those
contracts
or
other
mechanisms
under
which
you
can
bring
network
connectivity
to
to
the
part,
and
I
will
okay.
The
other
part
is
that,
since
these
are
for
functional
requirements,
it
is
not
for
for
it
to
be
unlimited
resources
in
in.
On
the
contrary,
we
should
have
the
ability
to
say
okay.
So
let's
say
if
this
is
my
streaming
network.
If
this
is
my
front
hall
in
the
case
of
mobile,
I
don't
want
to
based
on
the
resources.
L
I
know
that
I
can
support-
let's
say
up
to
10
of
this,
so
it
becomes
an
allocable
resources
with
strict
quantities
of
of
those.
Now,
if,
for
some
reason,
any
of
those
functional
requirements-
let's
say
this
type
of
network
can
only
work
if
the
the
packet
loss
is
less
than
this
or
the
the
latency
is
lower
than
this.
If
that
is
no
longer
true,
remove
that
as
a
that,
node
does
not
longer
support
that
type
of
resources,
such
that
no
additional
workload
is
scheduled
into
that
node
that
need
that
type
of
resource.
L
So
basically
two
objects,
one,
the
network
profile
class,
which
is
more
traditional
generic,
which
will
basically
be
something
like
okay.
This
is
the
maximum
latency
and,
and
again
these
are
just
examples,
and
let's
say
that
I
want
to
also
map
the
dhcp
codes
that
are
in
the
network.
So
if
it
maintain
this,
then
let's
say
I
can
say
this
is
an
a
signaling
class
from
the
perspective
of
the
object,
that
is,
a
consumer
move
on
will
be
the
network
profile.
L
In
this
case,
a
network
profile
is
not
just
one
network
anymore,
but
all
the
networks
that,
for
example,
in
this
case,
an
open
front
hole,
an
open
front
hole
is
comprised
of
three
or
four
different
type
of
network
each
one
with
different
functional
requirements.
For
example,
an
s-plane
has
a
very
extreme
low
latency
requirement.
If
that
is
not
there,
there's
no
even
a
reason
why
to
allow
a
workload
to
be
scheduled
there,
an
airplane
has
different
type
of
latency.
L
So
actually
this
is
more
traditional
network
and
and
the
same
happen
with
others,
and
the
idea
is,
for
example,
an
s
plane
will
never
have
a
bunch
of
traffic,
so
it
it
can
go
and
delegate
say,
make
sure
that
there's
a
rate
limit
or
hey
what?
If
now
I
can
consume
network
policies,
so
if
there
are
network
policies
that
are
supported
in
the
system,
I
can
bring
all
those
concepts
together
and
all
of
this
under
oh
it's
an
open
front
hook
and
then
based
on
the
quantity.
Something
like,
for
example,
give
me
the
network
profiles.
L
Okay,
I
have
an
open
front
hole
and
the
capacity
on
this
cluster
is
of
four,
because
that's
the
the
number
of
that
that
I
can
support
and
let's
take
the
the
available
number
of
those
from
the
pod
perspective,
it's
very
similar
to
again
the
annotations,
because
we
don't
have
anything
better
today
and
let's
say
I
want
one
front
hole
here
or
if
this
is
a
part
that
can
consume
two
of
these.
Let's
say
two,
and
only
by
having
these
two
when
it
comes
into.
L
Let
me
just
go
here
real,
quick
inside
the
pot
it
will
have.
For
example,
if
we
do
an
ip
link,
it
will
have
all
those
networks
and
those
network
again
will
be
following
that
functional
requirements,
so
they
are
valid
at
that
creation,
time
and
yeah.
That's
from
that
perspective,
obviously
the
ideal
scenario
will
be
again.
This
is
a
dream
if,
if
we
could
have
something
that
really
go
into
the
pod
section,
but
again,
that's
yeah
sure,
one
of
these
days
when
elephant
flies.
L
So
it
is
really
about
the
the
the
creation
of
the
network
profiles
and
network
profile
class.
L
So,
and
that
is
it,
and
I
would
like
to
understand
if
there's
anything
that
you
guys
are
working
on
that
could
be
related
to
this
or
if
this
is
worth
a
cab
to
start
discussing
it
yeah
that-
and
I
did
this
really
quick
just
because
I
know
there's
a
lot
of
topics
in
the
agenda.
A
All
right
thanks
yeah,
is
anybody
working
on
something
similar.
I
mean
the
usual
route
that
we
go
for.
These
kinds
of
things
is
custom,
resource
definitions,
kind
of
standards
outside
of
kubernetes
for
the
moment,
make
sure
that
it's
something
that
multiple
groups
of
people
want
to
work
on
together.
A
H
A
Before
and
maybe
also
some
of
the
network
service
mesh
stuff,
there
might
be
overlap,
but
that's.
L
D
D
L
Okay,
all.
A
I
I
will
find
the
the
email
and
yeah
it's
the
sig
network,
google
group,
if
you're
not
already
subscribed,
just
join
the
group
and
somebody
will
approve
and
then
you
can
send
out
mail
to
the
group.
L
A
Thank
you
all
right,
thanks
and
also,
if
you're
able,
can
you
put
a
link
to
the
slide
deck
into
the
sig
network
meeting
minutes?
Oh
absolutely!
That
means
helpful
too.
Thank
you.
Yes,
all
right!
Thanks
moving
along
bowie,
you
want
to
talk
about
read-only
archive
of
these
meeting
minutes.
H
Yeah
I
have
to
step
out,
but
that's
exactly
the
topic
is
exactly
as
written
is
that
I
think
at
some
point
a
couple
weeks
ago.
Someone
accidentally
deleted
all
the
notes
and
then
we
had
to
restore
it.
So
I
was
wondering
if
we
just
wanted
to
copy
off
like
the
tail
to
some
read-only
thing,
so
it
just
can't
get
lost
or
corrupted.
A
H
C
A
I
mean
I
can
remove
anybody's
access
that
doesn't
want
edit
access
anymore.
Okay,
all
right
I'll.
Take
a
look
at
that
andrew
next
up,
open
cnp,
kept
questions.
J
Yeah,
so
I
don't
want
to
take
up
too
much
time
here.
It's
just
another
continuous
poke,
we're
getting
to
the
point
internally
within
the
sig
network
policy.
Api
subgroup
that
we
think
this
cap
is
is
again
getting
closer
to
be
ready
to
rumble.
We
have
summarized
some
of
the
main
points
that
we
think
would
be
great
for
people
to
review
and
and
give
their
opinions
on
the
kep
itself.
J
In
the
comment
I've
linked.
We
also
are
just
looking
for
general
review,
we're
happy
to
answer
questions
now.
If
there
are
any
or
we
can
do
another
one,
like
short
q,
a
in
the
next
sig
network
upstream
meeting-
or
we
can
answer
questions
on
our
bi-weekly
monday
meetings
with
the
sig
network
policy,
api
subgroup,
so
yeah,
it's
kind
of
just
a
shout
out
to
give
that
a
look
and
answer
any
questions
now,
sanjeev
and
yang
are
also
here.
They've
been
working
pretty
diligently
on
this
as
well.
A
J
And
feel
free
to
reach
out
on
slack
we're
we're
all
hanging
around
so
yeah
if
you
care
about
cmp-
and
you
want
to
see
how
it's
actually
going
to
be
implemented
in
alpha,
please
please,
please
check
it
out
because
we're
coming
down
to
the
wire
and
we'd
really
like
to
get
at
least
the
first
draft
of
the
kept
merged.
J
D
M
I
would
not,
I
would
not
say
that
there
were
like
a
block
in
things.
It's
just
that
you
know
there
are
design
choices.
Maybe
you
know
one
or
two,
so
you
know
people
in
our
subgroup
are
in
on
some
aspects.
Maybe
have
different
opinions
on
those,
but
we
are
fine
with
either
one.
So
essentially,
we
just
needed
some
community
support
in
terms
of
looking
at
these
and
gather
opinions
on
how
people
think
one
design
trust
over
the
other.
D
J
M
I
A
All
right
next
up,
cap2086
graduation
to
ga
for
promote
service,
internal
traffic
policy.
N
Yes,
this
is
me:
I
work
at
google
with
bowie
tim
and
rob
scott,
and
I
want
to
get
involved
with
sig
networking
and
one
of
the
idea
that
they
had
was
for
me
to
take
this
one
see
what
it
would
take
to
graduate
it
and
make
it
graduate.
N
I
had
a
meeting
with
a
few
of
the
folks
and
I
wasn't
sure
what
is
the
etiquette
for
me
to
take
over
at
this
camp.
It
doesn't
seem
to
be
worked
on
anymore
and
the
person
it's
assigned
to.
I
couldn't
see
any
github
contributions
since
june
of
this
year
and
I
was
not
able
to
reach
them.
So
I
put
a
comment
on
the
kept
saying
I'm
interested
on
working
on
this
and
I'm
just
curious
when
I
can
just
assign
the
issue
and
start
making
progress.
A
Yeah,
it
looks
like
it
was
andrew
sykim
who
originated
it.
Does
anybody
know
if
andrew
is
around
at
this
point?
I
think
it'd
be
good
at
least
to
try
one
more
time
to
contact
andrew
and
see
if
he
was
okay
with
somebody
else
taking
it
over.
O
Yeah
andrew
was
afk
for
a
bit,
but
he
was
in
a
different
sig
meeting
yesterday,
but
he
has
recently
changed
his
role
in
some
ways.
So
it
would
be
great
if
we
poke
him
again
but
yeah.
He
is
responding,
but
he
may
want
somebody
to
take
this
over.
N
Okay,
I'll
try
again.
I
also
tried
to
contact
the
person
it
is
currently
assigned
to
with
no
response
so
I'll,
try
and
draw
again
today
and
see
if
you
can
assign
it
to
me.
A
Yeah
tim
he's
not
able
to
be
here
today
he's
one
of
the
assignees,
and
you
know
I
think,
taking
this
one
over
would
just
involve
looking
at
the
current
comments
and
trying
to
update
the
cap
and
then
doing
a
push
to
either
a
new
cap.
That'll
obsolete
this
one
or
you
know
just
addressing
the
comments
that
exist,
but
I
don't
think
tim
would
have
a
problem
with
you.
Taking
this
cap
over.
N
N
Is
the
person
who
asked
oh
okay,
I
mean
to
take
it
over,
but
it's
it's
assigned
to
a
different
username
mapline.
So
I
wanted
to
make
sure
that
it
was
okay
to
take
it
over.
D
Yeah
they're,
both,
I
think
I
think
not
working
on
I
know
fangyan-
is
moved
on
to
a
different
role.
Also
and
but
yeah
I
mean
if
it's
worth
poking
them
right
seeing,
but
as
far
as
I
know,
they've
both
moved
on
to
different
types
of
roles.
Also.
N
Yeah
I'll
try
to
poke
andrew
again
on
slack,
if
not
I'll,
reach
out,
so
somebody
can
poke
him
by
email
as
well.
I
think
I
have
his
email
here.
O
This
shouldn't
be
a
giant
surprise.
I
think
asynchronously
you've
talked
to
a
lot
of
people
from
different
clouds.
Two
points
that
are
kind
of
obstacles.
O
One
perhaps
interesting
for
max
google,
as
per
tim,
is
not
quite
ready
for
this,
but
it
probably
wouldn't
be
terrible
for
someone,
maybe
max
to
go
in
and
just
get
google
ready
for
this
and
other
providers
that
aren't
implementing
it
right
now
are
just
putting
in
an
error
instead
of
users
getting
undefined,
which
isn't
a
great
you
know
thing
to
get,
and
then
the
other
question
I
had
about
was
cube
proxy.
O
I
think
sig
networker
owns
coop
proxy
right,
so
like
can
we
get,
who
can
tell
me,
is
cube
proxy
ready
for
mixed
protocols,
or
maybe
basically
I'm
just
looking
for
who
should
I
follow
up
with
this
one.
B
O
Okay,
I
will
I
will
follow
up
with
antonio
item
completed.
Thank
you.
F
And
I
I
can
follow
up
inside
google
on
the
other
side,
just
we'll
make
sure
we
update
that
issue.
O
B
I
I'm
going
to
ping
on
durians
like
to
see
if,
because
I
think
that
the
only
thing
missing
was
some
e2e
tests
and
we
added
it,
they
emerged
yesterday,
so
I
I
was
going
to
propose
this.
Anybody
wants
to
contribute
and
and
move
this
forward,
this
kind
of
review.
Well,
I
think
that
everything
is
merged,
also
the
gap
and
and
the
only
thing
missing
is
to
remove
the
feature
gates
and
and
these
kind
of
things
so.
B
B
G
K
B
Okay,
this
is
so
then
green
ship
is
here.
Okay
and
car
car
is
not
here.
So
this
is
about
this
one
is
reported
by
some
people.
Well,
I
don't
remember
the
name,
so
the
issue
that
they
have
is
that
they
have
a
they
deploy
a
dual
stack
cluster
in
a
cloud
provider
environment.
I
don't
remember,
I
think
that
this
openstack,
but
the
thing
is
that
the
crowd,
once
they
reboot
the
nose
the
crowd
provider
takes,
takes
longer
to
assign
the
second
ip.
B
So
the
the
result
is
that
the
the
host
network
pods
only
take
the
first
ip
because
we
never
update.
So
when
the
cloud
provider
assign
the
secondary
ip
address,
cubelet
things
that
is
an
update,
and
it
gives
only
one
ap
address,
so
the
the
car
send
appear
to
update
always
no
matter
what
and
I
suggested
that's
a
breaking
change.
We
should,
if
we
want
to
do
that,
we
should
add
a
feature
gate
and-
and
you
know
so,
we
can
roll
back
in
case
of
problem.
B
But
I
submitted
another
vr
that,
instead
of
updating
or
with
the
the
polar
piece
when
the
node
changes
is
just
update,
only
update
only
at
the
secondary
p
ip
if
it
wasn't
set.
But
the
problem
with
that
is
that
it's
a
breaking
change
with
weird
behavior
that
the
controller
runtimes
have
has
assigned
an
ip.
Q
B
D
O
D
B
D
A
Q
K
B
D
I
have
a
related
question:
we
have
a
we
have
this
external.
Does
anybody
use
external
ip
regularly
and
test
it,
because
we've
got
at
least
in
one
of
these?
D
Do
people
use
it
a
lot,
because
I
don't
see
people
using
it
and
I
don't
think
the
cloud
load
balancers
use
it
right
or
do
they
on
service
degree?
I
think
it's
the
object,
yeah
on
the
service
object.
You
know,
there's
the
external
ip,
but
then
there's
a
struct
and
inside
destruct
it
has
the
actual
ips.
F
C
D
C
Yeah
we
used
that
on
on
on
calico
with
bgp
was
instead
of
publishing
a
load
balancer
having
just
the
external
ip
and
because
you
can
in
that
case,
as
far
as
I
remember
you
can
associate
so
you
have
some
some
cases
of
that
external
ap
in
in
on-premise
data,
centers
that
you
need
to
publish
things,
the
external
ip
between
services
and
then
you
was
like
six
months
ago.
I
can't
remember.
Q
Okay
in
general,
you're
right
clouds
do
not
use
it;
they
use
the
load
balancer
thing,
but
historically
on
openshift
people
used
external
ips
on
bare
metal
clusters.
That's
much
less
true.
Now,
with,
like
you
know,
metal,
lb
and
stuff,
so
metal
lb
doesn't.
D
B
So
the
the
in
the
cab
I
there
is
one-
is
to
open
and
and
and
the
person
that
opened.
The
issue
describes
the
scenario
very
strongly,
but
the
most
the
the
common
issue
and
is
when
you
have
an
installer
and-
and
you
want
to
install
the
dns
service,
you
want
to
reserve
the
dot
10
address,
but
if
your
start
creates
thin
services
with
an
ipa,
the
ips
are
randomly
allocated,
so
they
can
take
the
10
address.
B
D
E
B
So,
just
don't
you
don't
really
create
two
pulls.
I
mean
everybody
can
allocate
an
ip
in
in
in
this
side
in
this
year
and
decide.
The
thing
is
that
the
dynamic
ips
are
going
to
allocate
first
from
the
the
upper
branch
you
know
and
when
you
exhaust
the
times,
then
the
random
ips
are
going
to
locate
from
the
first
right.
So
it's
not
really
doing
a
a
hard
reservation
of
ap.
You
know,
and
it's
just
prioritizing
the
dapper
branch
for
for
dynamics.
B
D
You
is
there,
like:
are
people
trying
to
make
the
api
server's
allocation
of
service
ips
completely
pluggable?
Isn't
that
the
thing
that
you
really
want
like
an
ipam
okay.
B
The
reason
is
that
is
not
easy
way
to
change
that,
and
the
gain
is
too
small.
I
mean
the
allocators
is
something
that
this
is
a
bitmap
that
is
hardcoded.
It's.
B
Api
is
the
only
one
that
takes
this
transaction,
you
know
because
you,
you
request
a
service,
you
need
to
allocate
an
ip
and
the
ap
has
to
be
unique
in
all
the
aps.
Servers
and
that's
the
thing
is,
you
cannot
make
the
location,
and
what
is
the
name.
Consider
is
the
consensus
of
the
ip
I
mean
I
I
I
don't
want
to
hide
that
it's
two
minutes.
I
am
happy
to
talk
with
you
because.
O
O
Oh
definitely
awesome,
okay,
so
that
is
our
agenda
and
we're
just
about
out
of
time.
I
want
to
remind
everyone
that
there's
no
meeting
on
december
23rd,
so
we'll
be
back
here
in
a
month.
You
can
join
us
on
january
6th
for
this
excitement
once
again
and
yes
thank
you,
antonio,
for
putting
a
link
in
the
chat
and
I'll
make
sure
if
that
isn't
in
the
notes
that
it
gets
added.