►
From YouTube: Kubernetes SIG network 2019-07-25
Description
Kubernetes SIG network meeting from Thursday July 25th, 2019.
A
B
B
C
I
know
there's
another
issue
around
IP
V
s,
note
ports,
help
for
4lb
health
checks,
not
working
because
of
the
way
the
IP
vs
frost
year,
we'll
add
the
LD
IP
and
so
like
on
the
route
back
to
the
lb
it
it
kind
of
black
holes
it
because
it's
because
it's
a
local
route
but
yeah
I,
think
probably
pointing
this
to
AWS
or
the
AWS.
Sub-Project
is
probably
better.
B
H
D
F
Yeah
I
have
seen
something
related
to
this,
so,
like
probably
worth
a
discussion
in
the
sake,
is
that
is
it
reasonable
to
add,
like
a
low
balance
or
specific,
no
taint,
so
that,
let's
say
all
the
no
bouncers
will
react
to
that
particular
taint
effect,
because
the
current
no
taint
has
basically
two
or
three
types.
One
is
no
schedule,
basically
marker
known
as
non
scheduled
and
then
no
execute
basically
effectively
just
kick
out
all
the
parts
on
the
node
and
then
like
right
now.
F
E
E
There
is
the
situation
where
the
cluster
spans,
multiple
resource
groups
or
multiple
deployment
you
and
it's
specifically,
agile
or
others
where
most
of
the
clouds
will
will
try
to
bind
the
node
in
a
specific
network
or
a
specific
resource
group
and
users
may
want
to
have
other
other
with
other
nodes
in
other
research
group
for
security
for
and
other
stuff.
So
the
we
have
also
used
the
same
label
so
we've
been
facing.
This
requirement
have
been
dealing
with
it,
giving
custom
labels.
So
what
I'm
trying
to
say
is
I.
Second,
that
request
so.
F
D
B
A
M
M
K
N
E
B
K
B
I
E
B
I
E
J
E
G
G
K
D
M
A
K
E
M
K
K
P
K
K
A
E
Or
do
you
want
to
like
I?
Can
I
can
talk,
so
we
can.
We
can
drive
the
discussion
from
the
use
case
or
we
can
drive
discussion
from
certain
limitation
ISO
and
select
away
Cooper
lattices
I
like
these
two
services,
both
will
get
get
us
to
the.
Why
it's
done
like
max
of
two.
So
I
don't
mind
converting
max
of
two
into
a
max
of
two
entries
in
a
single
like
left,
comma
separated
kind
of
story.
E
E
Even
if
you
do
stuff
like
what
we
just
talked
about
BGP,
it's
always
around
an
IP
pointing
to
to
APOD
what
users
will
worry
about
is
really
that
the
IP
of
the
pot
that
the
service
is
selecting
right,
whether
the
family
or
as
we
break
out
into
multiple,
like
n
number
of
papaya
trees.
I
want
to
listen
on
the
on
the
third
or
the
IP
labeled.
E
There
is
a
thing:
that's
in
the
registry
that
assigns
IP
Zen
snapshots,
the
entire
set
of
IP
used,
and
all
of
that,
if
we
started
using
multiple
sets,
then
this
natural
process
is
gonna,
hang
add
a
lot
of
latency
to
the
way
services,
work
and
so
on
and
I.
Am
it
me
a
bit
of
time
to
change
the
code?
Not
because
of
anything
is
because
of
being
afraid
of
adding
latency?
That's
not
needed
right
late
doing.
E
Does
it's
it
so
the
way
it
works?
Is
it
snapshotting
every
every
every
so
often
all
right
and
it's
not
the
way
my
snapshots
so
far
is
there
is
a
registry
there
is
a
sub-sub
key
or
subtree
inside
they
to
be
full
service
IDs,
and
now
there
is
two
of
them.
If
we
make
it
end,
then
we're
basically
looking
at
serious
effort
and
snapshotting
and
maintaining
these
sets,
but
that's
not
shot
per
IP,
IP
side
or
side
by
side.
I
can
point
you
to
the
code.
If
you
want
no.
K
E
P
P
G
J
J
That
Dan
and
I
were
talking
about
the
stay,
which,
I
think
is
why
it
ended
up
in
agenda.
Is
there
is
a
use
case
for
having
multiple
sliders
of
the
same
type,
which
is
that
we
keep
having
users
who
say:
oh
I,
realize
that
I
need
to
make
my
service
site
or
bigger.
How
can
I
do
that
because
I
started
with
like
just
a
slash,
eight
or
something,
so
how
can
I
do
that
without
taking
my
cluster
down
and
right
now?
The
answer
is:
there's
absolutely
no
way
to
do
that.
G
K
So
we
have
customers
who
have
these
same
problems,
although
less
on
the
cluster
side,
the
service
side,
our
side
and
much
more
on
the
cluster
cider
side,
we
have
started
to
investigate
what
would
it
take
to
allow
multiple
disjoint
ciders
at
the
cluster
level
and
at
the
node
level
we
haven't
really
thought
about
it.
At
the
service
cider.
K
Would
think
you
say
for
now
we're
not
tackling
that
at
the
same
time,
not
in
the
same
breath
anyway.
Right
now,
the
limit
is
one
cider
per
family,
and
if
we
want
to
consider
multiple
ciders
of
the
same
family,
we
will
have
to
retool
the
way
the
snapshot
is
done
either
to
carry
multiple
dips
or
some
other
data
structure.
That
is
more
amenable
to
that
and
that's
a
totally
different
camp
I.
E
J
E
E
Right
we're
gonna
yell
at
me
because
of
the
field
names
please
at
least
give
me
the
field
names.
What
like
agreement
on
field,
name,
field,
names
and
values
for
the
service
type
spec,
like
IP
family,
feel
alright
and
right
now
it's
not
the
best
and
I
would
like
to
because
this
will
require
like
a
refactoring,
the
changing
the
field
name,
but
it's
a
compiler
something
I
can
catch
all
the
compiler
I'm
not
worried
about
it,
but
I
just
wanted
like
an
agreement
on
the
field.
Name
and
field
values
is.
E
L
E
To
get
through
it,
honest
just
then,
because
I
know
it's
not
the
best
field,
name
right
and
I.
Looked
at
the
API
spec
look
trying
to
get
an
inspiration,
and
that's
it,
but
it's
not
there
like.
Should
it
be
ipv4
service
or
ipv6
service
and
cluster
default
becomes
cluster
default
service?
What's
the
value
is.
E
C
G
E
A
B
I'm
not
on
vacation,
so
I
can
definitely
review
the
like
main
portion,
however
I'm
starting
to
stress
a
bit
about
getting
the
proxy
or
stuff
done,
because
that
feels
like
it's
at
the
very
tail
end.
But
we
saw
with
phase
one
like
there's
a
very
huge,
almost
done
stretch
that
happens
and
then
review
can
take
a
long
time.
E
E
E
So
then,
then,
technically
speaking,
he
gave
a
pseudo
pseudo
ng
TM,
aside
from
that's
a
lie,
which
is
to
me,
is
a
good
good
indication
that
were
actually
in
a
better
state
then
like
after
the
first
part
of
the
phase,
one
was
a
bit
harder
than
this
one.
The
fact
that
we
have
like
a
pseudo
led
I'm
early
enough
in
the
phase,
means
that
at
least
the
code
review
is
gonna,
be
easier.
K
E
Want
a
heads
up,
I
wanna,
probably
there
in
two
weeks
or
so
we
go
I'm
just
gonna,
ask
people
to
think
about
the
English
IP
story
and
have
some
basic
ideas
on
how
we
approached
that
lost.
Last
week
this
week,
I
had
a
meeting
with
some
of
the
people
who
speak,
whose
customers
as
a
daily
job
and
the
number
one
of
the
number
one
priority
is.
We
need
control
over
type
is
used
by
a
by
a
pause
as
they
come
to
our
network.
E
N
E
E
E
Way,
I
the
way
I
that
I
talked
about
it.
It's
a
selector
sort
of
look
at
the
ingress
controller.
I
know
it's
notorious,
but
it's
similar
concept
like
egress
with
a
selector
sort
of
like
I,
have
absolutely
no
ideas
on
how
this
will
work
yet,
but
think
of
a
concept
called
the
English
controller,
and
then
it
has
selected
and
then
select
bounce
with
certain
labels.
That
way
codes
can
belong
to
different
services,
different
apps
different
deployments,
and
then
they
go
out
with
the
third.
E
G
N
G
K
Introducing
the
topic
you
have
it
advertently
decided
to
have
sation
I
think
we
should,
if
we're
gonna
start
it
somewhere,
I'd
like
to
start,
if
I
could,
with
a
background
doc
of
what
you
think,
the
requirements
that
you're
hearing
are.
Certainly
there
are
many
I
in
fact,
didn't
somebody
just
assign
me
a
static,
IP,
odd
one,
so
I
think
there's
lots
of
issues
here
that
we
should
accumulate.
E
K
E
K
F
M
K
F
F
So
it's
sort
of
hypothetical
at
this
point,
but
I
think
the
API
can
fully
support
it
and
if
there's
no
more
ask
I
think
the
Alpha
API
is
good
to
go
and
then
we
can
implement
in
and
see
how
it
comes
and
then
actually
test
it
out
in
scale
test
and
try
to
get
it
in
in
1.16
timeframe.
So
yeah.
If
there's
no
objections,
we
can
get
the
kepp
merged
and
then
alpha
implementation
get
it
going.
I'll.
A
G
K
G
And
Reed
already
did
that
should.
K
D
K
K
M
B
K
K
K
K
B
J
Q
R
For
finalizar
protection
on
so
it's
Billabong,
sir
yeah,
but
attaching
the
final
object
to
the
service
object
and
they
have
been
assured
all
the
little
dinosaur
results
are
cleaned
up
before
the
object.
Actually,
then
team,
one
of
some
problem
that
oh,
we
do
delete
the
service
and
then
you've
edited
to
some
other
type
or
maybe
change
the
port,
and
they
may.
You
may
have
impact
on
how
the
results
are
cleaned
up
and
it
could
be
problematic
so
and
that's
what
we
have
the
usual
I.
P
R
K
R
K
I
think
I
think
the
root
of
the
problem
is
that
we
don't
do
a
great
job,
reconciling
against
cloud
providers
for
load
balancers,
mostly
because
the
naming
and
API
rate
limits
made
it
so
we
should
have.
Maybe
we
can
generalize
this
into
the?
How
do
we
close
the
race
around
deletion
of
an
service
when
it
has
announced
resources.