►
From YouTube: Kubernetes SIG Network meeting 20210708
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
And
we
are
indeed
stop
okay,
great.
Let's,
let's
get
going
then
I'll
start
today
with
issue
triage.
Let
me
get
my
correct
window.
A
How's
that
all
right,
so
I
made
a
pass
through
before
the
meeting
as
usual,
I
was
able
to
ping
a
few
close,
a
few
except
a
few,
and
we
have
seven
worth
talking
about
today.
So
should
update
endpoints
when
delete
service
selector.
This
was
yesterday.
The
bug
basically
boils
down
to.
I
took
the
selector
out
of
my
service
and
the
end
points
stuck
around
now.
A
The
argument
is
yes,
that's
what
happens
when
they're
no
longer
managed,
though
I
it
seems
to
me,
like
it's
a
reasonable
assumption
that
when
I
remove
that
selector
the
endpoints
would
go
away
once
I
left
it
open
to
see.
If
anybody
wanted
to
argue
about
that,
otherwise
we
can
accept
it.
B
It
should
be
accepted.
We
also
mark
the
endpoints
created
from
the
controller
right.
C
Endpoints,
so
we
would
yeah.
That
is
a
problem
this.
This
is
one
that
we've
known
about
and
have
been
scared
to
change
due
to
the
potential
breaking
it.
When
does
a
bug
become
a
feature
we,
we
never
explicitly
said
what
should
happen
either
way.
C
A
Given
given
that,
perhaps
the
right
answer
here
is
just
to
say,
we
can't
change
this
at
this
point,
even
if
we
think
it's
a
bug
and
close
it
and
maybe
document
it
in
the
api
docs
in
the
comments
somewhere.
C
A
Great
next
ingress
class
name
through
some
complicated
multi-client
editing,
there
was
an
ingress
that
didn't
have
a
class
name
or
that
had
a
class
name
that
was
assigned
automatically
through
some
editing.
It
became
user
owned
and
then
a
different
client
came
in
and
didn't
have
it
in
its
managed
fields
set
and
cleared
it.
And
so
the
question
is
what
the
heck
should
we
do
with
that.
C
I
saw
you
can
assign
me,
but
I
believe
the
answer
here
is
what
jordan
said
there,
that
this
is
intentional
for
backwards.
Compat
well,.
A
What
jordan
said
is
we
shouldn't
automatically
add
the
the
current
default
class
on
an
update,
the
question
that
I'm
asking
as
a
follow-up
is:
if
we're
on
an
update
and
the
old
object,
has
a
class
set?
Should
we
copy
that
into
the
new
object.
A
A
Yes,
I
believe
so
is
that
is
that
an
accident
or
a
meaningful
thing.
C
A
E
But
on
creation,
doesn't
the
ingress
class
name
get
set
on
the
final
object
like
when
you
store
it
actually
has
it
versus
on
update?
If
you
remove
it,
it'll
still
be
empty.
It's
not
exactly
the
same.
A
Well,
it
I
mean
oncreate,
sorry,
ingress
class
name
is
a
is
a
pointer
because
it's
an
optional
field
right,
so
on
initial
create.
If
it's
nil,
then
we
assign
it
the
default
right.
If
it's
an
empty
string,
do
we
leave
it?
C
A
C
A
Allow
pods
to
enter
the
host
c
group
name,
space
c
group
namespace,
so
that
is
a
which
c
groups
your
process
can
see,
which
is
new
in
c
group
2.
I
think
so.
The
question
here
is
some
cni
is
like
psyllium
and
apparently
calico.
Also
somewhere
was
said.
Calico
here,
yep
want
to
access
the
root
c
groups,
but
from
their
container
they
can't
because
they're
their
names
face
off,
and
so
the
request
here
is
something
like
host
c
groups.
A
True,
like
we
have
host
network
and
hostpit
and
host
ipc,
which
you
know
I
wrote
my
comment
here.
You
can
see
it.
It
feels
different
to
me.
I'm
not
sure
it
is
different,
but
it
feels
different.
B
A
B
Anyway,
right
exactly
but
for
hold
like
that,
okay,
let's
let
me
repeat
that
there
are
two
components
to
your
question
right:
networking
namespaces
are
something
you
have
to
enter.
Somebody
has
to
let
you
in
or
you
have
to
enter
it
yourself
right.
The
thing
about
the
c
groups
is
a
file
system,
so
it
should
be
able
you
should
be
able
to
mount
it
inside
your
bottom.
A
We
have
a
bug
report
with
the
bounded
frequency
runner
that
could
go
infinite.
I
will
assign
myself
unless
dan
is
here
and
wants
to
take
a
look
at
it
too.
A
All
right
I
mean,
unless
anybody
else
wants
to
take
this
one
health
check,
node
port
on
a
specific
ip
address,
so
we've
already
added
somewhere,
node
port
addresses
as
a
as
a
flag
they're
asking
that
this
or
something
equivalent
applies
to
health
check,
node
port,
which
seems
reasonable
to
me.
A
All
right
here
we
have
this.
This
person
reported
losing
ip
addresses
from
the
service
allocator
during
their
conformance
tests,
and
they
say
that
they
can
run
it.
They
can
recreate
it
on
every
conformance
test.
So
I
asked
for
logs
and
we'll
see
what
happens
if
anybody
feels
like
digging
into
you
want
to
see.
If
you
can
dig
in
yeah.
A
A
Okay
and
then
the
last
one
is
a
gke
reported
issue,
although
I
don't
really
believe
it's
just
gke,
because
there's
nothing
that
is
special
there,
but
this
issue
was
closed
and
then
reopened
when
they
said
that
it
was
happening
again.
C
Yeah,
I
just
saw
this
one
feel
free
to
I
may
already
be
assigned
on
this.
This
seems
familiar
you.
C
C
A
F
A
A
All
right
so
today
is
the
last
day
of
code
freeze
or
the
last
day
before
code
for
israeli
a
lot
of
pr's
have
gone
in.
In
the
last
few
days.
I've
tried
to
keep
them
moving
forward
on
the
board,
but
it's
not
guaranteed
that
I
caught
them
all
so
maybe
quickly
run
through
them
and
see.
If
anybody
knows
something
about
them
that
I
don't
q
proxy
package,
the
staging
this
is
ricardo's
work.
I
don't
think
this
has
moved
forward
right.
A
F
Yeah,
I
think
we
just
decided
to
remove
the
ip
block
use
case
from
the
cluster
network
policy.
So
we
made
the
change
accordingly
and
I
was
hoping
that
maybe
maybe
we
can
have
a
you
know.
All
the
interested
folks
can
can
perhaps
meet
at
a
later
time
to
resolve
some
of
the
outstanding
issues,
and
I
can
prepare
the
agenda
for
that.
But
if,
if
the
monday
network
policy
api
meeting
works
for
all,
maybe
I
can
send
an
invite
and
probably
a
mail.
So.
A
Sure
that
sounds
reasonable.
Okay,
this
one
I
brought
back
from
the
dead.
Apparently
it
got
closed.
This
is
one
that
got
merged
and
then
reverted
last
cycle
and
then
somehow
the
enhancement
issue
got
closed.
H
I
mean
so
I
wasn't
involved
in
the
in
the
implementation
like
first
time
around,
but
I
do
have
like
a
lot
of
context
on
on
that.
So
if
no
one
wants
to
take
it,
I'm
happy
to
reassign
it
or
take
it
myself.
A
H
A
All
right,
let's
do
that
this
is
cooproxy
next
generation.
This
is
not
going
forward
right
now,
no
multi-cider!
I
don't
know
if
rahul
is
here.
A
A
A
Okay,
all
ports
is
not
ready
to
move
forward.
Yet
that's
a
hostile
piece
was
this.
I
don't
even
remember
what
this
one
was.
A
A
Okay,
all
right,
this
is
where
you
tell
me
if
I
missed
moving
it
forward
now.
These
things,
I
think,
are
still
alpha,
which
is
to
say,
they're
merged,
but
the
gate
is
still
says
alpha,
so
there's
graceful
termination
for
local
endpoint.
H
Yeah
yeah
so
that
yeah
that
one
merged
this
release,
that
was
the
one
with
the
fallback
terminating
q
proxy.
H
H
Yes,
but
I
I
think
there
there
is
a
case
to
be
made
for
promoting
just
the
terminating
condition
and
endpoint
slice
to
beta
ahead
of
the
q
proxy
logic,
to
fall
back
to
terminating
and
like
I
guess
and
as
I
could
use
today
but,
like
I
don't
think,
it'd
be
too
hard
to
like
bump
that
to
beta
today.
If
we
felt
like
just
promoting
the
or
enabling
the
terminating
condition
by
default
is
worthwhile
in
this
release,
because
that
was
added.
H
A
A
Mixed
protocol
load-
balancers,
antonio
and-
and
I
talked
about
this
a
while
back.
This
can't
really
go
past
alpha
until
we
know
that
multiple
cloud
providers
are
implementing
this
and
as
far
as
I
know,
nobody
is
yet
is
anybody?
Am
I
wrong.
C
It
took
me
a
second
done
mute,
but
still
alpha
did
not
get
as
much
progress
as
I
hoped
for
this
cycle,
but
hoping
to
get
debate
in
the
next
one.
D
Of
things
go
ahead
yeah
I
pasted
a
link
in
the
chat
to
a
cap
that
is
actually
merged
and
in
I
believe
it's
an
alpha,
but
has
been
so
since
2018,
because
it
wasn't
moved
to
a
new.
D
D
No
it's
no!
I
I
just
took
it
from
the
old
place
and
and
made
the
full
request.
I
didn't
even
know
how
to
get
this
tracking
number.
D
A
D
A
Okay,
I
didn't
get
a
chance
to
look
at
this
since
you
opened
it.
Let's,
since
there's
no
gates,
it's
not
actually
like
kubernetes
code,
that's
fine!
We
don't
need
to
hit
it
for
the
code
freeze
once
you
open.
A
The
issue
then
assign
the
issue
to
the
sig
network
caps
project
right
in
the
oh
you're,
not
looking
at
this
well,
whatever
under
you
know
on
the
right
side,
there's
the
projects
and
you
can
choose,
you-
should
be
able
to
choose
sig
network
caps
and
if
not
just
ping
me
and
I'll,
do
it
and
then
it'll
appear
on
this
board
in
the
new
column
and
then
we
can
sort
it
out
next
time.
A
A
A
As
far
as
I
know,
those
are
correct,
yep
and
then,
in
the
ga
column
we
have.
These
are
just
waiting
for
their
expiry
periods
before
we
can
get
rid
of
them
close
the
issues
and
call
them
complete.
So
we've
got
fully
qualified
domain
names.
We've
got
endpoint
slice.
A
Now
we
have
metadata
labels
and
clarified
node
roll
labels,
all
of
which
I
think
within
two
releases
will
be
done,
except
for
the
new
one,
that'll
be
three
and
then
we've
got
a
cube
proxy,
which
has
no
gates,
which
we
have
to
figure
out
all
right
questions
on
the
kep
board.
A
G
A
Okay,
I
can
give
people
their
half
hour
back.
If
you
are
going
to
send
me
these
last
second
prs,
please
send
them
to
me
and
ping
me
on
slack
so
that
I
don't
lose
track
of
them
over
the
next
couple
of
hours
last
chance.
If
anybody
wants
to
bring
any
topics
up.