►
From YouTube: Network Plumbing Working Group Meeting 2018-01-04
Description
Network Plumbing Working Group Meeting 2018-01-04
A
Yes,
you
are
on
Carell
good
yeah
I've
been
trying
to
address
all
your
comments
as
well,
so
I
think.
If
anybody
sees
something
that
I
hadn't
tried
to
address,
I
mean
again,
the
spec
is
meant
to
be
collaborative
I.
Think
I
only
had
comments
on
here,
but
I'm
happy
to
turn
on
editing.
If
other
people
want
to
be
able
to
edit
the
spec
as
well.
B
B
B
You
may
be
conflating
you
two
issues.
Well,
that's
quite
possible,
so
one
is:
should
they
be
chained
and
the
other
is
what
happens?
What
gets
reflected
back
to
the
runtime
Oh
chaining?
Currently,
the
things
that
are
chainable
are
built
with
the
expectation
that
the
chain
is
all
applying
to
one
network
attachment.
Yes,
here
is
talk
about
multiple
network
attachments,
so
I
think
it
would
be
a
mistake
to
take
chaining
and
make
it
both
well.
B
B
C
You
know
a
critical
part
of
CNI
is
ultimately
we
expect
there
to
be
one
interface
created
inside
the
run
inside
the
container,
which
is
to
say
the
one
that
is
defined
by
CNI
high
F
name,
the
environment
variable
so
Shane
or
not.
It
is
sort
of
all
the
same
right.
You
call
a
chain
of
one
or
more
plugins
than
you
get
one
interface
inside
the
container
and
one
or
more
IP
address
I
would.
A
C
Into
and
really
the
loopback
should
be
done
directly
by
the
runtime,
essentially
right,
because
if
you're
gonna
put
the
loop
back
in
a
chain,
then
like
and
you've
got
a
set
of
three
networks,
any
any
two
of
which
might
be
applied
to
the
Container,
then
you're
would
have
to
put
the
loop
back
and
potentially
more
than
one
and
then
you
know,
we've
explicitly
said
that
plugins
are
non
idempotent,
so
I
think
on
three
interfaces.
There
should
be
three
CNI
and
the
vacations
three
separate
configuration
files.
Three
separate
chains.
B
I
think
the
confusing
thing
is
that
today,
seeing
I
actually
does
tolerate
a
plug-in
making
multiple
network
attachments
as
long
as
the
user
or
administrator
whatever
is
chosen
to
do.
This
is
happy
with
the
fact
that
kubernetes
will
accordingly,
one
IP
address
but
still
wants
multiple
interfaces.
It
all
just
works,
but
I
agree
that,
in
terms
of
what
we're
defining
in
the
expectations,
that's
uncomfortable
saying
that
that's
you
know
not
our
design
center.
We
really
are
designing
for
a
one.
Cni
invocation
makes
one
interface
and.
A
A
Those
comments
was
if
this
is
all
that
actually
gets
sent
to
a
plug-in,
then
do
we
really
need
the
plug-in
option,
we're
going
to
be
sufficient
to
have
the
user
just
kind
of
put
this
boilerplate
type
and
name
stuff
into
the
config,
and
so,
instead
of
just
specifying
a
plug-in,
which
is
only
a
single,
you
know,
string
make
everybody
write
some
stub
config
with
their
plug-in
name,
if
nothing
else
simplify
the
CRD
but
make
a
little
bit
more
work
for
whatever
runtime
or
meta
plug-in
happens
to
implement
this.
Oh
I.
A
That
make
that
yeah
and
I
was
copying
this
over
conceptually
from
Joe
G
stack
originally,
which
I
think
it
also
kind
of
the
plug-in
option
right.
The
difference
there
is
that
there
was
no
config
option,
because
at
that
point
we
had
been
talking
about
not
storing
C&I
config
in
the
object,
and
so
the
plug-in
part
was
necessary
to
handle
some
of
the
cases
where
you
didn't
want
to
write
config
to
disk
for
everything
yeah.
A
C
A
A
A
Third
and
fourth
rules
are
about
filename,
as
opposed
to
actual
network
name,
because
the
CNI
config
Jason
has
a
network
name
in
it.
That
does
not
have
to
correlate
to
the
file
name
and
so
originally
I
think
in
Joji
specification
and
comments
that
Corral
had
made.
He
was
expecting
that,
in
the
absence
of
a
config
or
plug-in
key,
that
the
network
object
name
would
then
be
searched
for
in
all
of
the
config
files
in
@cc,
and
I
netd
and
I
think
that's
what
KC's
talking
about
as
well.
Well,.
A
B
One
thing
that
I'd
wonder
about
now
is:
if
we
make
these
things
namespaced,
we
now
have
a
potential
issue
with.
If
these
things
are
understood
as
references
to
networks
that
exist
in
some
sense,
everything
in
it
is
they
might
not
be
named
spaced,
and
so
now
we
want
homel
case
of
potentially
two
names
that
are
distinguished
in
careers
by
namespace.
A
It
is
a
good
question,
no
and
I.
Think
part
of
the
reason
there
is
that
almost
everything
in
cube
is
named
spaced
and
so
there's
kind
of
the
expectation
that
things
would
be,
but
I
don't
think
that
works
as
well.
In
this
particular
case,
you
know
so
I'm
not
sure
what
the
mechanics
of
that
would
be
at
implementation
time.
If
we
just
leave
the
namespace
blank
and
it
gets
the
cube
defaults
or
if
there's
a
way
to
explicitly
prevent
the
object
from
being
namespace.
D
B
Least,
yeah
I
follow.
They
think
the
idea
right
that
doesn't
bother
me
here,
right,
I'm,
assuming
that
we're
gonna
miss
these
things.
Namespace
and
they'll
follow
the
usual
rules
in
that
these
things.
These
remember,
these
things
are
references
to
networks
that
exist
in
some
other
way
right
right,
so
the
reference
can
be
FET
as
a
namespace
and
can
be
found
or
not
and
used
or
not
according
to
the
usual
rules.
The
fact
that
this
thing
is
a
reference
is
a
semantic
property.
It's
not
you
know
violating
anything.
It
just
happens
to
be
a
property.
C
B
I'm
expecting
that
these
things
are
references
to
networks
that
exist,
at
least
in
some
cases
outside
of
an
independently
kubernetes,
and
they
have
names
outside
of
an
independent
communities
that
are
distinct,
and
we
will
make
the
thing
that
makes
the
references
and
we
haven't
talked
about
the
authorization
and
the
thing
that
makes
the
references
what
I
expected.
In
these
cases,
the
thing
that
makes
the
references
will
give
each
reference
a
name
that
equals
the
network
name.
A
A
F
Have
the
same
thing:
we
even
have
parallel
networks
that
are
related
with
opener
with
VX,
no
matter
the
parts
that
we
separate
of
different
networks
in
our
system
was.
They
came
from
two
different
for
me:
Cole,
well,
pops
with
LD
fabrics
that
someone
yells
run
an
example
into
Vietnam
one,
two,
three,
four
five.
You.
G
Know
can
I
ask
a
question
regarding
one
use
case
that
perhaps
is
a
fairly
common.
You
know
these
networks.
These
are
not
really
references
to
typically
and
three
earlier
to
whatever
networks
their
reference
is
to
plug
in
chains.
So
it
might
be
common
that
you
want
to
have
one
of
these
chains
available
to
all
named
species
by
default
right
and
if
we
names
be
citizens.
What
will
be
the
mechanism
to
provide
these
to
every
user
without
explicitly
creating
these
references.
B
So
things
in
other
new
spaces
can
be
referenced
and
used
by
users.
Remembers.
Users
are
just
different
from
namespaces
right
and
criticized
this
question
of
what
user
can
access
a
given
object
in
a
given
name
space,
and
we
have
a
standard
answer
for
that
are
back.
So
if
you
want
to
make
a
chain
that's
available
or
in
a
network,
object,
that's
accessible
by
everybody.
Just
make
it
accessible
by
everybody.
I.
A
B
A
But
you
have
to
think
about
what
is
the
thing
that
is
actually
reading
the
network,
and
so
you
know
you've
got
a
CNI
plug-in
or
some
some
kind
of
CNI
service
that
is
talking
to
the
QB
API
and
almost
always
that's
going
to
have
some
kind
of
service
account
that
allows
it
to
do
more
things
than
a
normal
user.
Would
so
I
think
at
this
point
at
least
it's
not
so
much
a
question
of
access
control
for
that
privilege
process
that
would
be
running
potentially
on
each
node.
A
But
more
a
question
of
how
do
you
find
the
right
network,
because,
if
you're,
just
given
a
pod
and
that
pod
exists
in
a
namespace
and
then
you're,
given
the
list
of
you
know
Network
annotations
for
that
pod?
How
do
you
actually
resolve
that
reference
from
the
pod
annotation
to
a
given
network
name?
And
so
maybe
that's
a
further
point
that
we
to
specify
in
this
proposal
here
is
what
does
that
annotation?
Actually
look
like
on
a
pod?
A
Does
it
include
a
namespace
reference,
or
is
there
kind
of
a
level
of
lookups
where
you
look
up
the
network
in
the
pods
namespace?
First
and
if
it
doesn't
exist
there,
then
you
look
in
kind
of
a
global
default.
Namespace
I'm,
not
sure
what
the
answer
is
there,
but
maybe
that's
an
answer
to
both
of
your
questions.
Right,
I,.
B
Think
you've
touched
on
a
very
important
issue
right,
which
is
that
there
are
really
two
issues
here.
I
think
one
is
in
some
sense.
What
can
yeah
I'll
try
to
say
is.
There
are
two
points
of
enforcement
that
we
have,
that
we
can
use
to
get.
What
we
want
done.
One
is
what
configurations
of
objects
can
exist
in
the
API
server
and
the
other
is
when
it
comes
time
for
an
an
agent
that
implements
this
stuff
to
read
something
and
do
something.
What
can
that
agent
read
or
what
will
it
enforce
for
us?
B
I
mean
that
agent
could
itself
have
some
logic
that
enforces
some
access
control,
so
we
have
I
think
two
points
to
which
you
can
consider
they,
through
which
we
can
consider
exerting
control
well,
I
think,
first
and
foremost,
we
should
decide
I
mean
it
seems
to
me.
You
know
that
what's
in
the
API,
server
is
really
a
declaration
of
desired
state
right,
and
so
my
natural
inclination
is
to
say,
let's
think
about
how
we
can
arrange
that
the
desired
states
that
arrange
for
the
desired
control
over
the
possible
desired
States.
B
D
That
that
is
one
people
see
I.
You
remember
that
this
one
guy
did
some
viewers
who
work
on
finding
the
network
on
a
specific
network.
Namespace
I
didn't
follow
up
that
link
I
sent
out
that
link
in
the
chat
actually,
so
they
have
modified
the
mulches
in
some
way
like
it
will
specifically
for
the
network
namespace
and
just
now,
I
remember
this
implementation.
Actually
I
didn't
went
through
it
much,
but
this
implementation
is
possible.
What
you
were
talking
about,
I.
C
A
So
what
you're
kind
of
getting
at
is,
you
know
app
level
networks
and
some
of
the
backstory
there
had
been
that
I
think
that
was
something
that
Tim
was
suggesting
a
long
while
back
in
November,
you
know
September
whatever
that
was
most
of
this
specification
for
the
moment
is
about
cluster
admin
type
stuff.
You
know
adding
you
know
more
heavily
managed,
sidecar
networks
on,
but
I'd
like
to
think
that
in
the
future
we
could
do
more
with
kind
of
app
centric
networks.
B
B
Your
use
of
those
words
so
I
would
use
the
distinction
between
provider
networks
and
tenant
networks
more
along
the
lines
from
OpenStack
right.
The
question
is:
who
defines
the
network
I?
Think?
Maybe
by
sidecar,
you
were
talking
versus
app
you're
talking
about
do
these
enter
the
rest
of
the
kubernetes
api
or
not.
A
Physical
ones,
so
you
know
think,
for
example,
about
a
VLAN
on
the
host
or
something
like
that,
or
whether
it's
a
storage
network
or
something
like
that,
whereas
what
I
thought
Casey
was
talking
about,
was
a
little
bit
more
around
I'm,
an
app
developer
and
I
want
to
create
kind
of
like
a
logical
network,
for
these
two
components
of
my
app
and
another
logical
network,
for
these
other
two
components,
the
app
and
then
somehow,
potentially
connect
them
together.
Well,.
C
I'm
talking
about
yes,
yes
and
no
I
was
speaking
a
little
bit
more
tactically,
which
is
you
know.
There
was
a
specific
decision
made
in
network
policy
that
network
policies
can
be
created
by
the
namespace
administrator
as
opposed
to
the
site
administrator,
and
the
question
is
the
same.
Then:
if
networks
are
a
namespace
object,
I
think
it's
the
same
question
right
kind
of
network,
whatever
that
means
like
in
a
list
of
CNI
plugins,
should
that
be
able
to
be
created
by
the
namespace
administrator,
or
should
that
only
be
able
to
okay.
B
Well,
there
is
no
such
thing
as
a
namespace
administrator,
technically
they're,
just
users
right
and
kubernetes
is
typically
installed
with
a
bunch
of
default
authorizations,
but
we
don't
have
to
by
default,
authorize
everybody
in
a
given
namespace
to
make
these
things
in
the
same
namespace.
We
could
say
for
the
reasons
that
Dan
mentioned,
there's
other
stuff
that
goes
along
with
creating
one
of
these,
and
so
we
make
restrict
the
authorization
to
create
these
to
something
that
is,
you
know,
working
with
the
rest
of
the
system.
A
B
C
I
mean
from
the
simpler
case,
you
could
say
that
this
can
only
be
created
in
the
Kuban
system,
namespace
and
cubelet
or
whomever
is
executing
these
ignores
anything,
and
that's
the
end
of
it
right.
That's
the
simple
case.
The
administrator
defines
these,
and
then
you
can
set
up
upon
security
policy
that
allows
which
pods
can
access,
which
networks.
B
C
B
There's
this
bigger
general
problem
in
kubernetes
about
these
agents
that
implement
stuff
and
restricting
their
access
to
only
what
they
need
to
know
and
I'm,
not
up
on
all
the
latest
of
that.
But
it
seems
like
this
is
just
hopefully
more
of
the
same.
But
I
can.
Maybe
I
should
learn
more
about
that
before
I
say
that.
But
it
seems
like
the
first
question
that
I
would
look
at.
A
B
At
which
point,
maybe
we
keep
a
little
of
structure?
Yeah
I,
don't
have
a
strong
objection
to
the
circuit.
It
just
seems
a
little
bit
odd
since
I
guess
might
might
in
my
use
case.
These
things
are
not
created
by
users.
These
are
created
by
some
higher-level
tool,
so
I'm
shortcuts,
there's
no
real
value
to
the
tool.
G
Using
this
is
to
experiment
and
try
out,
we
may
start
with
these
and
then
you
know,
evolve
and
then
get
to
some
other,
some
other
more
sorry.
I
mix
messing
up
and
get
to
some
something
which
is
what
better
structure
that
makes
more
sense
over
time.
I
mean
I.
Think
it's
a
good
start.
Whether
these
this
plug-in
is
obviously
not
strictly
needed.
G
I
think
it
can
be
folded
into
config,
but
if
it's,
if
it
is
a
use
case
where,
where
you
can
simply
configure
in
a
simple
way
something
that's
trivial,
maybe
it
might
make
sense
keeping
it.
But
I
agree
with
you
that
you
know
it's
not
strictly
needed.
It's
like
random
done
information.
If
you
want
right.
A
Another
question
I
had
was:
let's
see
here:
does
anybody
have
thoughts
or
opinions
on
the
requirement
that
run
times
inject
the
object
name
into
the
Jason
configuration
that
they
would
then
use
to
execute
the
plugins
I
think
Corel
had
brought
that
up
and
that
was
kind
of
a.
We
already
have
an
object
name,
that's
the
network
name.
So
why
should
that
be
any
different
from?
What's
in
the
network
configuration
I.
D
A
A
A
So
at
least
the
intent
is
that
for
every
plug-in
in
a
given
chain,
the
chain
has
a
name,
and
that
name
is
then
the
same
between
all
plugins
in
the
chain
and
sent
to
the
plug-in
and
there's
code
in
Lib,
C
and
I.
To
actually
do
that
kind
of
injection
into
the
final
config
that
sent
on
standard
into
the
perfect.
A
Exactly
okay,
so
I
mean
if
people
don't
mind
doing
that,
the
only
objection
I
had
had
to
that
was
that
it
does
add
a
little
bit
more
burden
on
the
run
time
or
the
meta
plugin.
And
you
know
it's
probably
like
10
or
20
lines
of
go
to
actually
do
the
packing
and
unpacking
of
the
Jason
and
substitution
and
stuff
I've
written
that
code
already
for
CNI
I'd
like
to
actually
make
that
a
little
bit
more.
A
Callable
or
you
know,
who
knows,
maybe
it
can
be
a
public
API
or
something
like
that.
We'll
discuss
that
in
the
cni
maintainer
z'
meetings,
but
I
guess
it
shouldn't
be
that
hard
go
I
will
make
that
change
to
the
spec
and
require
runtimes
to
inject
the
network
object
name
into
the
config
or
they
configure
when
they
call
I
will
leave
the
plug-in
option
there
for
the
moment,
and
I
will
also
change
the
plugins
search
order,
sections
below
and
the
specification.
A
Behavior,
when
there
is
no
spec
specified
to
say
that
the
runtime
should
find
the
cni
configuration
with
the
given
name,
not
file
name.
Does
that
make
sense
to
everybody.
I
think
those
outstanding
large
comments
that
people
had
and
just
to
be
clear
on
the
last
point
that
would
bring
that
behavior
back
in
line
with
what
Jo
G's
original
multi
network
specification
had
done.
C
Yeah,
just
an
FYI
I
submitted
a
PR
to
the
cni
spec
to
add
a
IP
range
capability,
so
you
can,
in
other
words,
to
put
this
more
sort
of
like
immediately.
Is
that
what
you
can
do
is
you
can
now
pass
a
range
to
host
local
as
a
config
argh
as
close
to
having
to
like
write
the
config
directly?
So
we
should
merge
that
on
the
CNI
side,
how.
A
C
C
C
A
A
Document
just
kind
of
a
placeholder
for
that
does
anybody
have
thoughts
on
that?
Would
it
basically
just
be
the
name
spaced
annotation
and
then
a
comma
separated
list
of
networks?
I
think,
is
kind
of
how
people
have
done
it
so
far,
or
should
there
be
any
kind
of
name
spacing
or
should
it
be
a
list
yeah.
B
B
It
does
need
to
be
specified
absolutely
and
I
would
recommend
specifying
it
separately.
This
is
comprehensible
and
meaningful
by
itself
and
when
we
get
to
these
other
annotations,
there's
more
issues
so,
for
example,
currently
we
have,
this
is
gateway
business,
which
is
really
confusing
two
issues.
One
is:
does
this
network
have
connectivity
to
the
broader
Internet
and
the
other
is
what
should
be
the
default
path
out
of
the
pod
and
when
there
was
only
one
network
attachment
you
could
conflate
those
two,
but
now
and
we
have
multiple
network
attachments.
You
can't.
F
Yeah
and
then
we're
back
to
them
with
overlapping
address
space.
It's
not
how
to
handle
that
at
all.
So
so,
even
if
yes,
the
route
set
is
on
banks
in
a
network
bit,
that's
the
same.
Atlas
and
I
basically
will
ask
the
outer
space
of
P
custom
network.
Then
you
have
interesting
things
happening.
Oh
well,.
F
F
Which
is,
let's
say,
an
l-3
router
that
serves
so
much
networks.
The
sort
of
you
have
no
clue
so.
The
person
that
creates
this
new
container
is
going
to
route
his
networks,
so
he
can
choose
to
use
whatever
network
name
or
I
was
face
it
once
right.
Then
the
service
provider
here
has
sort
of
taken
a
piece
of
networks
out
of
space
that
is
used
for
this
kubernetes
network
and
there's
no
way
to
distinguish
that
unless
you
put
a
rule
as
there,
you
cannot
use
this.
B
F
B
F
F
B
G
Lost
above
the
bottom
line
of
this
conversation
can
ask
if
this
is
about
the
need
for
kubernetes
operators
to
be
aware
of
the
network
topology
of
whether
this
is
about
the
necessity
of
detailing
not
the
association
between
pod
network,
but
between
the
network
attachment
and
the
network.
Like
you
know,
a
single
father
can
ever
network
attachments
on
these
things,
name:
species
creating
another
level
of
indirection.
If
we
want.
F
F
Is
that
you,
sir,
in
a
what
we
call
border
fabric,
decides
to
create
free
networks
and
it
wants
to
be
read
to
route
in
between
them
and
he
sets
the
networks
that
say:
uses
10,
10,
10
16
177
to
something
/
16
on
another
and
they
expect
it
to
work.
And
then
the
guy
says
own
speed,
the
box
from
us.
Well,
he
has
configured
another
network
to
use
internally
for
the
kubernetes
clusters
and
they
will
be
overlaps.
F
So
when
something
like
this
happens-
and
we
attach
a
network,
an
extra
network
village
that
it
has
the
same
if
the
same
address
space
as
the
internal
kubernetes
networks
and
steps
putting
in
the
folder
out
there
on
there,
then
all
the
sudden,
you
change
the
whole
behavior
of
the
sort
of
kubernetes,
because
you
cannot
separate
the
address
space
or
NIMS.
The
network
main
space
has
used
to
connect
this
control
network
and
from
the
Nets
namespaces,
that's
used
for
these
extra
attachments,
so
it
just
rules
and
surf
and
luck
that
would
make
it
work.
F
F
So
as
soon
as
you
have
made
more
interfaces
and
it's
not
setting
routes
as
far
as
I'm
concerned,
you
need
to
be
able
to
separate
what
happens
within
quality,
given
it
this
cluster
networks
and
the
provision
networks
that
comes
that
are
added
by
someone
else
then
controlled
by
someone
else.
You
need
to
have
a
firewall
between
and
it
cannot
let
packages
just
sweep
in
between,
because
then
you
will
have
jails.
B
F
No,
you
cannot
do
it
in
a
single
space.
That's
incorrect!
You
need
to
have
two,
that's
exactly
the
thing
and
as
soon
as
you
do
not
the
door
to
sort
of
start
officially
support,
multi
networking,
you
start
pooling,
all
sort
of
I
mean
I'm
fine
with
so
he
could
let
this
have
either
or
I
know
sort
of
how
we
can
extend
our
version
that
we
would
run
in
the
system
to
handle
wealth,
but
you
would
have
users
that
start
to
set
through
that
source
set
routes
that
will
affect
everything
once
you
do
this.
F
Will
shooting
around
right
and
all
of
a
sudden
when
did
the
fight
server
that
was
on
the
kubernetes
cluster
network,
can't
be
reached
anymore,
because
the
address
that
was
used
for
that
is
now
rounded
out
through
another
interface,
so
to
be
effective
to
bring
about
the
network.
At
least
we
need
to
be
aware
of
what's
on
the
process
of
our
answer,
if
we
can
discuss
what
the
solutions
are
and
then
we
can
decided.
No,
this
is
too
much
and
we
will
clearly
specify
that
we
do
not
support
this.
F
F
Well,
we
need
to
have
a
way
to
handle
this,
so
that's
so
that
there's
no
roster
surprises
that
come
to
mind,
skip
and
I'm
gonna
believe
so
just
sort
of
multi
network
before
it
has
been
recovered
so
ever
made
something
they
didn't
work.
It
was
the
guy,
don't
you
smother
network
is
for
that,
so
bring
it
in
officially,
then
people
will
say
well.
I
expect
this
to
work,
but
at
least
feel
very
clear
sort
of
what
they
can
do.
What
you
can.
E
F
Something
out
the
night
indeed,
Suresh
is
the
it's
perfect
to
talk
about
this
because
it
deals
with
it
all
all
the
time,
but
he
couldn't
do
it
I'll
bring
it
up
to
discuss
it.
To
me
is
there
is
the
Pandora's
box
of
sort
of
melty
in
the
face
networking
that
degree
in
little
things
that
you
might
not
think.
F
A
D
F
Control
Network,
that
sets,
let's
say,
stem
10/16,
but
any
adverse
stats.
So
let's
say
that
I
stopped
using
conference
ended
to
a
hundred
forty
2/16
on
one
of
these
networks.
If
the
DNS
server
that's
attached,
I
get
two
from
the
default
route
points
to
anything
that
has
the
same
IP
address.
Even
if
it's
basically
hasn't
the
provider
service
from
iris
network,
you
will
not
reach
that.
So,
usually
you
will
go
to
something:
that's
on
the
directly
attached
network.
So
if
I
had
every
network
that
you
add,
it
is
confined
a
bit
about
the
networking.
F
Basically
you're
blacking
out
parts
that
you
will
not
reach
through
the
foreground
and
it
has
network,
is
when
people
are
using
private
networks
and
if
they
have
been
used
or
not.
So
if
you
use
correctly
offices
and
never
use
private
offices,
it's
not
really
proud.
Private
address
space
is
an
overlapping
Aerospace's.
It's
like
once.
You.
F
Cheese
Ukraine
more
more
holes
that
are
not
reaching
they're,
not
usable
in
the
service
providers
Network
and
they
use
so
much
private
networks.
That
is
ridiculous
on
the
inside
of
any
sort
of
datacenter,
and
so
you're
gonna
have
a
long
long
list
for
any
specific
implementation.
That
says,
like
oh
this
network
space
you're
not
allowed
to
attach
to
the
containers
directive,
because
then
certain
services
that
you
expect
the
word
will
not
work
anymore
right,
yeah.
A
I
think
that's
something
we
should
definitely
explore
further
on,
because
obviously
yeah
I
mean,
if
you
have
currently,
if
you
attach
multiple
networks
that
overlap
it's
basically
the
operators
problem
or
the
person
who's,
defining
the
and
I.
Don't
think
that's
a
great
user
experience,
but
you
know
for
the
moment:
I
hope
that
it's
possible
to
just
kind
of
start.
B
They
know
that
overlapping
addresses
overlapping
subnets
in
that
attachment
or
the
most
of
those
attachments
are
not
going
to
work,
because
that's
the
way
the
Internet
has
worked
from
day,
one
if
you
want
multiple
Network
namespaces
you're
talking
about
I,
think
when
you
really
open
a
different
Pandora's
box,
which
is
something
that
kubernetes
has
kind
of
touched
on
right,
because
it
says
a
pod
is
an
assembly
of
containers
that
share
two
of
the
Linux
namespaces
and
not
the
others,
and
that's
kind
of
an
arbitrary
distinction
right.
So
I
think
that's
really.
B
F
We
are,
we
will
start
to
work
on
when
a
month
or
two
of
an
implementation.
So
that's
please
been
taught
in
two
parts.
So
if
they
could
have
this
part
in
another
one,
we
will
make
it
in
a
little
bit.
We
don't
expect
to
see
the
up
screen
is
guess
what
what
we
need.
But
it's,
like
you
say
it's
sort
of
this.
You
would
have
to
quit
being
able
to
manage
the
delaying
spaces,
but
I'll
do
some
slides
on
it.
Okay,.
A
F
Wealthy
because
I
think
it's
I
mean
this,
the
simple
solution
would
be
to
say
to
her
and
while
that's
gonna
use
about
the
network
is
oh,
you
cannot
use
private
address
space
in
the
networks,
you're
attached
to
it
and
then
90%
of
the
user
will
say.
Then
I
don't
know
what
to
do.
Does
everyone
uses
it
everywhere?
Unfortunately,
we
would
sell
the
service
provided
it.
Oh,
you
cannot.
You
have
to
specify
exactly
which
address
space
that
you
can,
but
it
can
use
when
you're
attached,
but
pretty
much
what
the
Amazon
that's
right.
F
A
So
what
I'll
do
for
now
is
for
the
pod,
annotation
I'll
just
add
some
notes
about
any.
You
know
proposal
there
for
network
list
with
first
being
defaults,
and
then,
if
you
have
comments
for
their
comments,
please
add
those
to
the
Google
Doc,
either
in
a
comments
section
or
can
open
up
the
document
to
full
editing
from
other
people.
If
you
want
or
if
anybody
wants
that,
you
know
which
I'll
just
do
that
now
it
seems
useful
and
then
people
can
add.