►
Description
[SIG-Network] Ingress NGINX Bi-Weekly Meeting for 20220216
A
Hello,
everyone-
this
is
the
sixth.
I
almost
said
six
story.
This
is
the
ingress
engine
x,
community
meeting
six,
so
community
meetings
happening
right
now
as
well.
This
is
february
15th.
This
is
a
cncf
community
event,
so
that
means
it
is
guided
by
the
cncf
terms
of
terms
of
service
wow.
I
am
just
not
here
today
guys
I
completely
apologize
code
of
conduct,
so
it
means
just
be
kind
to
each
other.
If
you
have
any
issues,
please
report
those
to
me
or
ricardo
and
with
that
we'll
go
ahead
and
kick
it
off.
A
Do
you
have
any
new
members
today
that
would
like
to
introduce
themselves
and
tell
us
why
you're
here.
B
Yep
hi
everyone
I'm
at
la
fabian.
This
is
the
first
time
I'm
joining
this
meeting,
I'm
from
ibm
cloud
and
today
I
joined
because
I
would
like
to
discuss
a
proposal
with
you.
So
thanks
for
having
me
here
and
it's
nice
to
meet
you
all.
A
Really
appreciate
it,
I
saw
the
note
in
the
ingress
dev
chat,
so
we'll
definitely
make
sure
we
talk
about
that
thanks
for
being
here
thanks.
A
Well,
we
appreciate
your
contributions
and
thank
you
yeah.
This
is
definitely
meeting
for
us
to
figure
out
where
we're
heading,
what
we're
trying
to
accomplish.
So
thank
you
for
joining
with
that.
Do
we
want
to
start
the
run
through
the
triage?
I
know.
Noah
always
does
a
great
job
of
giving
us
things
to
talk
about.
We
can
run
through
the
follow-up
and
the
triage
of
those
or
we
can
run
through
what
we
have.
How
we
feeling
today
folks
want
to
just
jump
right
into
fabian's
request.
D
Yeah
there's
one
thing:
we
maybe
can
quickly
talk
about
and
that's
the
english
class
problems.
Let's
call
it
like
this
ricardo
asked
me
to
to
start
something
around
this.
This
problem
and
yeah.
I
created
this
one
and
would
be
happy
if
we
can
or
if
you
guys
can
contribute
to
that,
so
that
we
yeah
some
somehow
get
this.
This
document
filled
up
and
yeah
can
can
can
work
out
the
solution
for
approaching
this
problem.
E
E
E
I
I
I
don't
know
if
you
got
an
opportunity
to
take
a
look
into
the
recording
of
the
last
meeting
james,
but
and
and
what
we
discussed
on
the
slack
channel
as
well,
but
I
I'm
trying
to
split
our
efforts,
at
least
in
three
major
things
that
are,
that
are
being
painful
for
our
users
right.
So
the
first
one
is
the
ingress
class
one
which
has
been
repeated
over
and
over
and
issues
and
problems,
and-
and
to
be
honest-
I
I
I
as
I
as
I
told
last
meeting.
E
I
think
that
we
and
we
I
can
say
myself.
Actually
we
made
a
mistake
on
on
the
ingress
class
implementation
stuff.
So
I
should
probably,
while
migrating
to
version
one
not
not
keeping
and
sticking.
E
Directly
with
the
specifications
but
other
than
that
trying
to
make
a
soft
transition
and
as
as
I
just
implemented,
the
way
that
was
described
on
the
ingress
class
thing,
it
broke
a
lot
of
users
and
user
experience
and
etc.
So
I
want
to
kind
of
not
roll
back
that,
but
maybe
soft
soft,
the
implementation
in
a
way
that
we
can
say
hey
it
works
on
on
the
old
way
that
you
use
it
to,
and
it
also
works
in
the
new
way
and
the
new
way
is
actually
not
the
required
way.
So
we
don't.
E
E
I
want
to
work
with
disney
way,
because
if
you
take
a
look
into
the
other
ingress
class,
the
ingress
controller
implementations,
even
I'm
not
sure
if
the
google
won,
but
I
know
that,
like
comfort
and
other
ones,
they
are
really
soft
on
their
implementation
right,
so
ingress
class
annotation
still
works
and
still
is
the
way
of
doing
things
and
it
works
within
ingress
class
by
name.
E
So
I
wanted
to
make
a
research
on
that,
but
maybe
we
say
to
users:
hey
we've
made
a
mistake
and
we
are
gonna
sort
of
roll
back
or
at
least
provide
us
some
feedback
on
if
you
all
are
willing
to
to
work
on
the
old
way
right,
so
we
implemented
actually
the
ingress
class,
by
name
as
an
example
by
the
request
of
ibm
cloud
back
in
that
time,
because
it
broke
a
lot
of
things
on
ibm
cloud
as
well.
E
So
probably
we
just
need
to
distance
from
the
community
after
after
that
and
saying
hey.
What
do
you
think
about
that?
I
had
a
discussion
on
on
c
network
ingress
with
cert
manager,
folks
as
well,
and
we
didn't
got
a
like
a
concrete
answer
of
you
should
do
this
or
you
should
do
that
right.
So
the
answer
was
hey.
The
documentation
of
the
api
says
that
the
right
way
of
doing
is
this
way,
but
annotation
should
be
before
the
english
class
and
etc.
E
A
We
we
we,
we
keep
learning
this
lesson
ricardo.
I
think
we
learned
this
with
the
the
last
sember
problem
that
we
had
so
definitely
definitely
learning,
and
I
think
we
talked
about
a
couple
issues
in
slack
where
it
was
just.
We
need
to
enable
users
to
make
the
choices
and
not
force
default
on
them.
A
I
think
one
of
the
ones
was
in
the
we
were
talking
about
it
yesterday,
so
I
I
think,
if
we
just
keep
airing
on
the
side
of
letting
folks
make
the
decisions
themselves,
I
think
that
will
be
helpful.
So
it's
always.
E
Right
there
was
a
pr
of
someone
trying
to
change
something
this
way
and
we
all
agreed
that
that
change
should
be
an
annotation,
that
the
user
should
opt
in
and
not
opt
out
right.
So
I
guess
was
one
that
you
sent
to
me
and
also
jintao
commented
over
that
like
hey,
this
should
be
an
annotation,
so
we
are
learning
the
hardest
way,
but
we
are
learning
yeah
yeah.
A
Exactly
none
of
us
are
professionals-
okay,
yeah.
I
haven't
had
a
chance
to
read
this,
but
I
mean
just
the
plethora
of
issues
definitely
seems
like
something
we
should
look
into.
Is
that
going
to
take
the
priority
over
the
data
plane
split
because
I
know
we
were.
That
was
the
other,
because
you
said
there
was
three
I'm
assuming
ingress
class,
the
data
plane,
splits,
the
other
one.
I
don't
remember
what
the
third
one
was.
E
Let
me
come
on,
I
am
with,
is
let
close
it
here,
so
kubernetes,
let
close
it.
So
let
me
take
a
look,
but
I
remember
that
I
have
actually
I
I
guess
the
other
one
was
docs.
We
have
gateway
api
with
jin
tao
is
taking
a
look
and
we
have
dock.
So
I
asked
it
long
to
take
a
look
into
the
docks,
because
right
now
I
mean
we've
got
some
feedbacks
on
our
docs.
Right,
probably,
we
need
to
our
dogs.
I
think
they
are
fine,
but
we
need
something
better.
E
It's
hard
to
to
figure
out
all
of
the
options
that
we
have
it's
hard
to
have
like
a
quick
start
that
just
works
right.
So
I
I
I
I've,
asked
it
like
long
to
take
a
look
into
that
and
and
with
the
with
the
user
perspective
and
not
with
like
the
the
system,
admin
with
five
years
of
experience
perspective
right,
because
that's
those
are
different
things,
so
we
should
just
think
on
someone,
that's
just
starting
with
kubernetes
and
they
want
to
deploy
an
ingress
and
hey
how
all
of
this
works
right.
E
I
kind
of
miss
that
thing
even
explaining
what
is
it,
what
is
ingress,
what
is
ingress
controller
that
embraces
a
proxy
and
making
some
diagrams
on
that
and
etc?
So
I
think
it
would
be
a
good,
a
good
win
for
us
getting
those
teams
in
our
documentation
getting
a
better
dock.
A
E
No,
it's
going
to
be
coding
and,
and
as
far
as
I
remember,
aditya
step,
it
step
it
forward
on
slack
to
help
us.
So
what?
If,
if
you
want
to
help
us
on
ingress
class
like
helping
no
noah,
is
helping
with
all
of
the
specs
and
mapping
everything,
and
I
guess
that
after
that,
we
are
going
to
need
someone
to
take
a
look
into
the
coding
issues
and
how
to
make
it
how
to
make
it
possible.
So
if,
if
aditya,
when
I
I'm
not,
I'm
not
I'm
not
volunteering,
you
I'm
just
remembering.
F
Yeah,
so
I
volunteered
myself,
I
think
I
do
lack
a
little
bit
of
context,
so
I
will
have
to
maybe
chat
offline
once
we
have
something
concrete
on
where
we
want
to
go.
But
yes,
I
am
definitely
willing.
A
E
Yeah
yeah
yeah,
so
that
this
was
actually
another
discussion
that
we've
had
on
past
meeting
right,
so
we
keep
receiving
a
lot
of
a
lot
of
prs
with
some
features
and
some
of
them.
They
scare
me
like
dealing
with
external
wolf
and
also
some
canary,
mainly
the
ones
that
deal
with
changes
in
in
lua
side.
E
So
I'm
I'm
not
opposed
to
to
approving
those,
but
I
won't
be
like
I.
I
won't
be
on
that
pressure,
like
hey
someone,
taking
a
look
into
that.
Hey
someone
taking
a
look
into
that.
So
I
need
folks
to
help
me
reveal
that
things,
because
otherwise
I
just
don't
want
to
just
like
approve
and
then
get
a
new
cve
over
that
feature
right.
So
that's
all-
and
I've
been
mostly
focusing
on
on
the
data
plane
split.
E
To
be
honest,
I
didn't
I
was
going
to
take
a
look
into
that
over
this
weekend,
but
I
was
really
tired,
but
yeah
something
is
actually
going
on.
Something
is
is
happening.
I
hope
that
in
one
or
two
months
I
I
have
some
more
concrete
proof
of
concept
that
we
can
start
messing
around
with
it
awesome.
Okay,
maybe
we
should
release
that
on
keep
going.
E
A
All
right!
Well,
that's
awesome.
Definitely
thanks
for
catching
me
up
on
that,
I
didn't
get
a
chance
to
re-up
where
we
were
so.
Thank
you
all
with
that.
Definitely
need
to
review
those
okay
with
that
fabian.
Do
you
want
to
take
the
take
the
helm?
Which
issue
was
it?
Was
it
this
one
8113
right,
81,
83,.
B
Yes,
that's
that's
it.
Would
you
mind
if
I
share
my
screen,
I
just
have
a
diagram
that
feel
help
me
yeah
I'll,
give
you
some
details.
B
There
you
go:
okay,
that's
better!
Just
a
second,
and
do
you
see
my
screen?
Yes,
yeah
cool
yeah.
So
thanks
for
having
me
the
problem,
I'd
like
to
talk
about
is
related
to
external
authentication
and
to
custom
snippets
that
are
often
used
with
external
authentication
to
be
more
concrete,
with
o2
proxy
and
with
the
recently
published
cv
around
snippets.
B
So
when,
during
I
mean
as
part
of
the
authentication
process
after
a
successful
authentication,
the
world
2
proxy
sends
back
some
cookies
to
the
client.
I
mean
it
can
be
one
cookie
or
it
can
be
two
cookies
depending
on
the
size
of
the
cookie
it
would.
B
It
would
send
back
to
the
client
after
after
the
authentication
and
the
the
reason
for
this
is
that
well
two
props,
you
don't
want
to
send
a
cookie
that
is
greater
than
four
kilobytes,
because
it
wants
to
be
compatible
with
all
kind
of
browsers
out
there
in
the
world.
So
if
the
cookie
would
be
greater
than
four
kilobytes,
then
they
split
it
into
two
parts
and
they
send
it
back
to
the
nginx.
B
The
problem
comes
in
when
the
nginx
out
request
module
would
forward
these
cookies
to
the
client,
because
the
nginx
out
request
only
forwards.
The
first
set
cookie
from
the
response,
and
for
this
reason,
the
o2
proxy
community
offers
a
custom
snippet
a
custom,
lua
script
that
that
takes
care
of
copying
over
the
second
cookie.
If
it's
present
on
the
response.
B
B
202
responds
to
the
nginx
ingress
and
it
contains
a
bunch
of
headers
and
users
can
choose.
At
the
moment.
There
is
an
annotation
that
allows
users
to
choose
one
or
more
headers
to
be
forwarded
to
the
backend
application,
but,
for
example,
in
the
o2
proxy
case,
the
authorization
header
contains
the
id
token,
and
some
users
want
to
have
the
access
token,
and
in
that
case
they
can
choose
to
use
a
custom
snippet
and
use
that
snippet
to
modify
the
contents
of
the
authorization
header
they
want
to
pass
in.
B
So
these
are
two
wide
use
cases
that
we
see
and
the
problem
comes
in
when
the
recently
published
cv
around
snippets
users
usually
want
to
disable
using
custom
snippets
at
all
or
they
blacklist,
or
they
want
to
blacklist
some
of
the
keywords,
for
example,
by
lua,
or
anything
like
that.
But
in
that
case
these
external
authentications,
the
pets
would
stop
working,
so
they
need
to
choose
whether
they
accept
the
cv
or
or
they
keep
their
external
authentication
working.
B
So
for
that
I
mean
in
order
to
help
these
users,
the
proposal
would
be
to
move
these
slip
ads
into
the
nginx.com
glue,
template
and
drive
their
appearance
in
the
configuration
through
two
new
annotations.
B
One
of
the
annotations
would
be,
for
example,
something
like
a
old
cookie
name.
That
would
specify
the
name
of
the
cookie
and
we
can
check
if
there
are
two
cookies
with
that
name
and
the
other
one
has
a
suffix.
We
could
copy
over
the
second
one
as
well
to
the
client
and
the
other
annotation
could
be
something
like
out.
B
Authorization
header
value
from
that
would
allow
the
customer
to
user
to
choose
a
header
from
the
o2
response,
and
it
would
grab
the
value
of
that
header
and
pass
it
in
the
authorization
header
and,
for
example,
if
the
oo2
proxy
sends
the
access
to
come
back
in
the
x,
I
would
request
access
to
can
header.
We
could
grab
the
value
from
there
and
pass
it
in
the
authorization
header.
B
E
Okay,
I'm
just
I'm
just
taking
a
look
into
our
docs,
but
I
think
I
think
it
it
just
yeah.
If
this
is
like
a
a
common
use
case,
it
just
makes
sense
to
me:
we
stopped
relying
on
custom
snippets
service
snippets
to
have
something
more,
let's
say:
sanitize
it
right
so
annotation
that
doesn't
accept
anything.
E
I
can
see
that
we
we
do
have
the
external
laugh
as
part
of
of
the
actually
of
ingress
from
a
long
time
ago
and
and
yeah.
I
think
that
I
think
that
they're,
probably
if
you
want
you,
can
in
my
opinion,
you
can
send
a
proposal
on
that
thing.
Other
thing
that
I
wanted
to
look
into,
that
is
that
actually,
and
and
if
you
folks
from
from
from
ibm,
can
also
provide
us,
a
feedback
is
other
situations
that
snippets
they
are
used
and
maybe
trying
to
turn
them
into
configurations
right.
E
So
I've
seen
folks
as
you
using
snippets
to
modify
headers,
so
I've
seen
folks
using
that
as
ad
headers
and
other
stuffs,
and
I
would
love
to
start
reducing
the
need
of
the
usage
of
snippets
to
something
that
actually
turns
into
a
configuration
key.
So
I,
in
my
opinion,
I
don't
want
to
buy
as
anyone.
So
if
someone
wants
to
have
an
opposite
opinion,
please
go
ahead,
but
I
think
I
think
it
just
makes
sense
to
me.
I'm
just
again.
E
I
I'm
just
like
stepping
on
my
eggs
when
we
are
speaking
about
security,
because
I'm
I'm
sort
of
like
hey,
okay,
we
are
going
to
add
this,
but
just
try
while
implementing
to
seeing
how
those
new
annotations
they
can
be
used
to
bypass
something
or
to
revert
something
like.
How
can
someone
use
that
on
on
the
wrong
way
to
do
wrong
things
right?
So
this
is
my
my
ask
for
for
all
of
those
new
annotations
that
deal
with
external
authentication
or
custom
headers,
or
something
like
that
right.
E
I
I'm
I'm
one
of
the
persons
that
don't
pass
added
a
feature
before
being
an
english
and
gynex
maintainer
that
actually
added
the
same
thing
like
I
was
bypassing
certificate
authentication
because
of
another
thing,
so
let
let's
just
try
to
stop
and
think.
How
can
we
avoid
that
being
a
a
vulnerability
in
english
and
chinese,
but
other
than
that?
I
think
it
just
makes
sense
to
reduce
the
usage
of
custom
snippets
to
annotations
and
other
things.
B
Yeah,
okay,
thank
you.
Regarding
the
request
of
collecting
the
configurations
that
are
often
used
in
custom
snippets,
I
I
will
look
around
on
what
kind
of
configurations
do
our
end
users
have
and
we
try
to
yeah,
sometimes
mostly.
E
E
Okay,
that
sounds
good
yeah,
just
open
bingos
on
on
slack
like
hey.
This
is
my
proposal.
This
is
a
proof
of
concept
or
not.
This
is
how
it
works
and
we
can
start
discussing
the
security
implications
of
that
thing.
But
for
me
it
looks
just
fine.
I
don't
know
if
james
someone
else
would
want
to
talk
about
this.
A
Yeah,
definitely,
it
makes
sense.
I
think
it's
interesting
because
it
ties
into
the
the
other
issue
that
we
were
talking
about
yesterday
in
in
chat
I'll
drop
it
here
in
the
chat
for
everyone
to
see,
because,
depending
on,
if
the
back
end
returns,
a
a
404
or
not
it
doesn't
ingress
doesn't
always
send
the
the
cookies
back.
So
you
might
want
to
check
into
that
one
as
well
fabian
if
you're
gonna
implement
this
might
be
something
to
look
into
as
well.
The
I
just
dropped
it
in
the
zoom
chat
awesome.
A
Well,
we
appreciate
that
and
go
ahead
and
jump
into
the
issue
triage
unless
anyone
else
has
anything
that
we
that
they
would
like
to
discuss.
A
A
A
Oh,
look:
our
little
ricardo.
D
D
I'm
I'm
not
sure
I
think
he
just
he
just
showed
a
possible
solution,
but
I
don't
know
if
he
wants
to
implement
this
one
or
if
someone
else
should
somehow
take
take
over
it.
D
We
could
mark
it
with
with
the
help
label.
D
E
E
Like
actually
do
it
to
some
other
downstream
that
I
need
to
do,
but
I
will
ask
him
to
reach
one
of
you
just
to
help
him
on
the
image
promotion
for
the
for
the
open
telemetry
model,
because
one
thing
that
we've
put
as
a
show
stopper
was
actually
hey.
We
need
to
split
the
open
telemetry
from
the
main
in
chinax
image,
so
damien
damien
took
a
look
into
that
and
he
just
asked
me
hey:
can
you
help
me
promoting
this?
E
So
if
someone
can
help
him
on
this
one,
I
would
really
appreciate
that
so.
A
E
Yeah
yeah
exactly
so,
the
the
the
model
already
exists,
so
we
need
right
now
to
open
a
pr
on
cast
infra
and
create
that
image
and
promote
that
independently
and
the
next.
The
next
step,
probably
that
we
should
do,
is
again
with
mod
security,
but
right
now
damien
did
that
with
open
telemetry
and
it's
working
fine,
but
it's
not
already
a
part
of
our
repo.
So
he
can't
move
forward
and
I
just
didn't
got
enough
time
to
answer
him.
E
D
Yeah,
I
I
think
it
should
just
write
into
our
slack
channel.
There
are
several
people
who
can
help
them.
Probably.
A
E
A
Oh
no,
it
was
the
external
off
example.
A
I'll
I'll
drop
this
one
in
here
and
then
let
him
know
that
we
can
help
him
out
with
that.
D
Yeah,
that's
that's
why
it's
so
confusing
the
the
pull
request
is
merged
with
the
issues
still
open,
it's
not
really
clear
what
what
the
state
is.
E
Yeah
so
yeah
yeah,
yeah
yeah,
so
so
sorry
folks,
I
was
just
answering
damian
on
slack,
so
the
pull
request
is
merged.
So
now
it
generates
a
new
image
right.
So
we
need
that
new
image
to
be
part
of
the
our
our
build
process.
So
we
have
in
chinex
image.
We
have
the
ingress
controller,
the
grpc
yeah.
So
the
idea
now
is
that
we
need
to
have
like
ingress
in
china
x,
ot
model,
and
this
needs
to
be
part
of
our
build.
A
E
E
D
Yeah,
I
think
part
of
it
is
documented
in
our
release,
released
talks.
A
Okay,
you
can
have
him
reach
out
to
me
I'll
help
him
get
it
set
up
and
we
can
schedule
some
time
with
him.
I've.
A
B
E
A
D
A
D
The
problem
seems
to
be
that
it's
running
another
threat
or
something
and
that's
why
the
the
logs
will
not
go
to
a
cd
out
or
something
like
that.
So
so
the
plan
that
we
had
didn't
work
yeah.
E
A
D
E
But
to
make
that
we
did,
we
already
migrated
whitelist
to
allow
list
in
the
annotation
thing.
I
don't
think
so
right,
that's
a
good
question
yeah!
So
because
I
I
think
today
we
already
call
it
a
white
list
and
not
allow
list.
E
So
the
the
proposal
that
I
made
that
I've
made
on
past
was
that
we
we
can
so
we
can't
deprecate
whitelist
again
because
of
like
we
don't
want
to
break
users
right.
So
one
thing
that
I
was
thinking
was
like
hey.
We
should
probably
support
in
the
same
piece
of
code
that
whitelist
and
allow
these.
They
are
like
the
same
thing
when
we
should
just
check
first,
if
allow
list
exists
other
than
that
we
should
check
if
white
list
exists
and
then
inject
that
into
the
same
structure
in
in
the
go
program.
E
D
E
E
Yeah
but
the
pr's
from
tokyo
is
actually
to
implement
the
block
list
right
and
back
in
time
when
he
he
wrote
about
like
being
blacklist
and-
and
we
asked
him
like
hey,
can
you
use
blacklist
and
someone
said
yeah,
but
then
you
should
change
whitelist
to
allow
list
and
that
discussion
began
and
we
said
yeah.
We
don't
wanna
implement
that
like
we
don't
want
to
migrate
from
whitelist
to
to
allow
this
to
be.
Probably
we
want
both
of
them
working
together
right.
So.
A
E
E
Yeah
ip
white
list
here
so
yeah,
so
the
annotation
here
you
can
take
a
look
into
the
code.
Where
is
this
thing.
E
Yeah,
it's
called
nowadays
it's
called
whitelist,
so
let
me
just
share
with
you
just
just
for
a
moment.
So
if
someone
wanna
take
a
look
into
that,
probably
it's
gonna
be
easier.
Sure
I
think
yeah
can
you?
Can
you
see
my
screen?
Yep?
E
Okay,
so
this
is
this.
Is
the
this
is
the
the
package
that
we
need
to
change
right
if
someone
wanna
take
a
look
and
help
us.
So
we
have
this
parse
function
here
and
it
gets
the
string
annotation
as
white
list
search
range.
E
So
what
I
think
we
should
do
is
probably
we
should
try
to
fetch
first,
something
like
allow
list
search
range
and
then
whitelist
search
range
and
maybe-
and
maybe
we
can-
we
can
do
like
a
prior
prioritization
of
one
over
the
other
or
maybe
just
just
merge,
both
of
them
right
so
saying:
hey.
If
we
have
white
list
and
then
allow
list,
we
are
going
to
just
merge
them
both
and
and
add
them
into
this
structure
search
range,
and
this
is
like
internals.
E
So
I
don't
think
we
need
to
change
right
now,
this
white
list
to
allow
list
and
something
else.
This
is
not
something
that
the
user
sees.
This
is
something
that
the
user
sees.
So
my
proposal
here
is
that
we
should
probably
do
just
just
add
another
line
here
with
allow
list
and
saying
hey
now
we
support
both
allow
list
and
whitelist.
We
are
not
gonna
duplicate,
whitelist
annotation,
but
we
strongly
recommend
if
you
want
to
use
something.
E
That's
more
inclusive,
just
use
allow
list,
because
the
the
opposite
of
that
is
going
to
be
block
list
and
we
are
not
going
to
have
a
black
list
right
and
then
we,
if
we
decide
to
deprecate
that
in
version
two,
we
can
version
two
or
version
t
three
or
whatever
deprecate,
but
right
now
I
would
just
say
that
we
can.
We
can
do
that
and
merge
both
of
the
annotations.
E
A
E
Yeah
and
to
be
honest
this
this
is
like
a
good
first
issue.
So
if
someone
that's
a
good
first
issue
for
people
learning
to
code,
so
if
someone
wanna
take
a
look
into
that
and
maybe
help
us,
it's
just
fine,
and
I
can
I
can
guide
you
I
can.
I
can
try
to
make
like
30
40
minutes
to
implement
that
in
like
pair
programming.
E
E
Yay
so
just
let's
just
assign
that
to
kundan,
and
maybe
maybe
we
should
just
rewrite
the
description
of
the
issue
or
add
like
hey,
we
are
not
gonna,
just
stuck
with
documentation,
we
we
are
gonna,
add
a
new
annotation,
that's
more
inclusive
and
that's
gonna
match
all
of
the
all
of
the
ips
from
whitelist
and
allow
this
sounds
good.
E
A
All
right,
conan,
what's
your
what's
your,
can
you
paste
your
github
name
into
the
chat
for
me,
so
I'm
gonna
sign
this
one
to
you.
A
A
That
assigned
it
to
you,
okay,
awesome,
thanks
and
as
always,
if
you
have
any
questions
or
issues
just
drop,
a
drop,
a
note
in
the
ingress
dev
slack.
A
A
A
A
Running
the
same
clusters
as
I
expect
to
be
able
to
use
a
relative
url
like
this,
you
still
need
a
full
url
for
that
auth
sign,
and
I
would
assume,
because
it's
got
to
know
where
it's
going.
Even
if
it's
running
into
cluster
use
the
cluster
dns
name,
I
don't
understand
how
using
a
relative
url
would
be
helpful
unless
it's
running
on
the
same
ingress
controller.
E
I'm
I'm
just
trying
to
also
deploy
this
far.
What
what
he's
asking
actually
so,
I
can
see
what
he's
doing,
but
what
he
wants
to
do.
Is
there
like?
Okay,
okay,
I
see
I
see
now
so
that's
on
the
end,
so
he
wants.
F
E
Wants
something
that's
that
that
that
actually
doesn't
get
rewritten
to
the
whole?
I
don't
know
how
the
implementation
of
that
thing
is.
I
would
say
that
maybe
if
this
is
possible,
I
wouldn't
use
the
same
annotation.
E
I
would
use
something
else
like
alf,
url,
relative
relative
and
then
okay,
you
can
just
use
the
relative
instead
of
the
absolute
right,
so
something
more
soft.
E
Yeah
I
I
got
I
got
his
point
like
he
does
have
like
another
location
on
the
same
ingress
that
resolves
the
the
authentication
stuff
right.
So
it
does
have
the
user
have
like
another
location,
another
ingress
that
results.
I
think
that
this
thing
actually
makes
sense,
but
I
don't
think
it's
like
hey.
A
A
I
think
long
did
a
very
nice
way
of
asking
him
for
pr.
A
We'll
leave
it
at
that.
Okay,
request
tag:
what
is
the
request
tag
for
controller
5-0?
A
A
E
I
I
agree
with
him.
This
is
this
is
actually
a
legacy
and
there
is
a
reason
that
we
don't
publish
this
on
on
master
main
branch
anymore,
which
is
we
don't
want
to
keep
the
support
on
that,
and
actually
we
have
a
plan
to
deprecate
that
at
all
right,
so
yeah
people.
E
A
A
E
And
they
apply
an
ingress
research
that
helps
expose
the
same
host,
but
for
internal
load.
Balancer.
Is
this
like
a
status
problem
like.
E
Okay,
okay,
I
think
I
got
it
so.
External
dns
works
with
ingress
fetching
the
status
from
the
load
balancer
right,
the
ip.
E
Yeah,
I
would
I
would
need
to.
I
would
probably
need
to
take
a
better
approach
on
that.
D
A
D
I
have
just
one
thing:
a
little
one,
our
supported
versions
table
has
not
been
getting
updated.
It
could
be
that
that
we
may
have
to
remove
one
one
thing:
that's.
D
To
ask
no:
it's
the
the
0
46.