►
From YouTube: Kubernetes SIG Network meeting 2018-10-18
Description
Kubernetes SIG Network meeting, October 18th 2018.
A
A
A
All
right,
let's
move
on
to
the
second
item,
which
is
I,
wanted
to
do
a
quick
spin
through
what
we've
targeted
for
1.13
and
check.
You
know
how
each
of
those
are
going,
and
hopefully
we
have
some
folks
here
who
can
talk
to
what
they're
working
on.
So
let
me
share
my
screen
and
then
I'll
take
a
look
over
here
at
the
sick
planning
spreadsheet.
So
two
or
three
meetings
back,
we
wrote
this
up
and
said
we
would
check
back
in
in
the
middle
of
October.
A
B
B
The
coop
test
part
is
just
got
merged
yesterday,
so
that
that
we're
really
happy
with
that
months
like
finally
there
so
now
that
that's
been
compiled
into
one
of
the
kuvakin
and
the
end
doctor
image,
and
that
seems
to
work
and
now
we're
just
waiting
for
I
have
to
convert
a
Providence,
a
four
to
set
up
the
job.
That's
going
on
periodically
and
so
we'll,
probably
hopefully
a
few
days
away
from
having
something
running.
B
So
in
that
and
the
second
item-
we're
still
looking
for
reviews
and
there's
a
there's,
an
energetic,
headed
to
the
agenda
today
kind
of
gotcha.
That
I
mean
the
main.
The
main
thing
remained
at
main
question
remaining
I.
Think
the
API
stuff
is
pretty
settled,
but
the
main
question
remaining
is
whether
we
want
a
single
service,
IP
versus
dual
stack
server,
side,
piece
and
there's,
there's
an
issue
that
that
I
have
in
the
agenda
and
some
coding
has
begun.
C
A
A
D
So
the
addressing
the
scale
issue,
the
peer
is
right
out
so
I
just
wait.
Someone
is
approving
the
peer
that
Chris
pushed
today
and
then
we
with
that
we
can
verify.
We
address
a
scale
in
5000
of
its
only
way
to
to
verify
on
5,000
notice.
You
have
this
approved
and
this
Pai
is
also
put
in
Korean
else
as
default.
So
if,
if
the
test
is
okay,
cadenas
would
be
default
its
we
need
this
peer
to
be
in.
A
D
E
D
D
G
Mother
called
him
yeah
I
did
a
bunch
of
research
and
to
see
whether
we
wanted
to
do
it
do
anything
snazzier,
because
we
had
use
cases
for
it,
but
really
couldn't
couldn't
justify
anything
more
than
the
simple
case.
So
I
sort
of
revised
and
the
the
existing
cap,
probably
and
and
update
that
for
early
next
week,.
A
E
A
So
next
is
for
audit
of
conformance.
This
is
something
I
put,
my
name
next
to
and
I
have
started
just
by
wrapping
my
head
around
what
we've
got
currently
for
conformance
tests,
hoping
to
get
something
I
can
send
around
to
folks
and
sometime
soon
trying
to
identify
what
we've
got
and
what
we
might
want
to
what
kind
of
gaps
you
may
want
to
close
there.
If
any.
A
A
H
Sure,
thank
you
so
I'm
yeah,
my
name
is
David
I'm
here
from
the
sick,
Windows
community,
where
we're
trying
to
bring
karate
support
to
Windows.
Obviously,
our
main
metric
to
graduate
Windows
from
beta
is
like,
by
announcing
like
cubelet
and
coup
proxy
those
libraries
to
go
ga
through
conformance
tests.
Now
most
of
these
conformance
tests,
they
run
on
Windows
without
any
changes,
thanks
to
like
Linux
Linux
aliases
that
we
have
available
on
windows.
H
Let's
say,
for
example,
if
we
have
a
DNS
suffix
like
in
our
Etsy
resolve,
conferring
similar
on
Windows,
let's
program
that
way
on
Windows
we're
seeing
the
following.
If
we
try
to
resolve
the
DNS
mean
the
same
way
like
the
test
tries
to
do
resolve
like
kubernetes,
for
example,
and
that
should
append.
H
That
we
have
programmed
to
add,
like
you,
know,
the
namespace
and
service
star
cluster
dot,
local,
to
form
the
appropriate
hookup
saying
the
same
way.
We
can
also
look
up
fully
qualified
domain
name.
Let's
say
you
try
to
resolve
an
ADIZ
thought
default
on
service
star
cluster
local,
those
those
behaviors
are
the
same
on
Linux
and
Windows
as
expected.
H
Now
the
difference
comes
in
whenever
we
try
to
look
up
names
that
contain
a
period
so
not
a
trailing
dot,
but
a
period
and
the
actual
string
like
a
like,
for
example,
kubernetes
thought
default
or
at
least
on
default
dot
service.
So
all
those
cases
are
treated
differently
on
Windows,
then
on
Linux.
The
difference
is
that
Windows
is
treating
it
as
an
absolute
or
as
an
authoritative
string
as
if
it's
like
a
fully
qualified
domain
name.
G
H
E
G
Well,
I
can
do
an
opinion.
I
mean
I
think
that
the
expectation
is
that
that
those
partners,
those
partial
names,
work
and
that
that
customers
are
likely
relying
on
that.
So,
if
we're
talking
about
conformance,
then
it
it
would
we
be
best
to
make
a
figure
out
a
way
to
make
it
work.
I
mean
they'd
sort
of
not
conformant
if
it
doesn't
work
so
yeah.
I
I
G
I
E
Right
there
in
support
of
their
configuration
that
they
pass
in
this
up.
It
came
up
in
cig
architecture
this
morning
in
exactly
the
same
context,
but
not
the
exact
same
detail,
and
there
was
an
argument
made
that
I
think
holds
a
lot
of
water,
which
is
sort
of
principle
of
surprise
or
non
surprise.
I,
don't
think
Windows
consumer
would
be
surprised
that
that
doesn't
work.
E
It
is
unfortunate
that
it's
sort
of
part
of
the
API,
at
least
in
the
DNS
extension.
Well,
no
I,
guess
it's
not
the
end.
Docs
isn't
actually
codified
right,
like
the
the
custom
DNS
policy
is,
has
a
search
path
field,
but
it
will
behave
different
than
Windows
and
it
doesn't,
and
in
Docs
isn't
a
schema
field.
That's
in
there
yeah.
E
A
J
The
packet,
the
test
case,
is
passing
three
of
the
names,
so
it's
like
the
test
case
passes
kubernetes
kubernetes
our
default
and
covenant
is
dot
default
or
SVC,
so
that
three
names
are
passed
and
all
three
names
are
checked
against
the
result.
So
for
Windows,
the
Covenant
is
alone
passes,
so
it's
like
we
either.
We
can
split
the
test
case
and
keep
the
kubernetes
as
a
conformance
and
keep
the
other
two
resolving
name
as
a
like.
A
new
test
case
that
only
works
for
Windows
only
works
for
Linux
is
that
an
option
I'm.
Finally,.
E
Splitting
the
test
case
from
a
technical
point
of
view,
it
makes
sense,
and
so
we
can
then
at
least
have
the
conversation
where
we
say
same
name
say
short
names
always
work.
That's
part
of
conformance
and
cross.
Namespace
names
is
up
for
debate
and
was
to
whether
that's
important
I
think
that's
fine.
E
The
question
is
whether
we
actually
want
to
allow
conditional
conformance,
I
mean
I.
Take
that
back
I
think
we
effectively
have
to
allow
conditional
components
we're
in
this
case.
The
only
condition
we
support
is
the
architecture
are
the
the
OS,
but
I.
Don't
know
that
the
conformance
leaves
have
sort
of
formalized
that
yet
so
from
a
tactics
point
you
can
use,
can
somebody
send
a
PR
to
break
that
into
separate
test
cases,
and
then
we
loop
in
the
conformance
people
and
see
what
they
think
about
it.
Yeah
I,
I'm,
okay
with
it
I
think
I.
E
G
E
E
E
D
Okay,
just
one
question:
I'm,
looking
at
the
test,
this
specific
test
right
now
that
which
is
conformance
IT
there
is
already
if
it
is
GC
or
gke,
then
we
added
two
other
name
to
resolve
google.com
and
metadata.
So
do
you
mean
that
we
should
not
have
any
if
provider
in
the
conference,
so
we
need
to
speed
this
part
that
existing
partial,
also
I,
think
that's
probably
true.
D
E
E
A
B
Yes,
this
question
better
suited
for
the
mail
list,
but
Justice
Breyer
described
it
just
for
food
for
thought,
I
guess,
but
in
in
the
current
dual
effect
design
we're
proposing
that
we
just
support
a
single
family
of
service
IDs.
But
things
like
no
important
external
IDs
would
support
dual
static
access
and
having
the
single
family
service.
Ip's
is
going
to
be
able
and
it'll,
simplify
annotation
and
save
some
work
at
least
that'sthat's
the
thought.
B
B
E
B
B
E
B
E
Anyway,
okay,
yeah
I,
think
I
think
you're
right.
There's
one
big
function
that
basically
processes
all
the
different
conditions
in
sequence
and
so
I
would
guess.
The
refactoring
we
want
is
to
take
the
logic
for
generating
the
curse
service
and
per
endpoint
chains
and
breaking
that
out
into
a
separate
function
that
you
can
call
from
the
different
places,
depending
on
whether
you're,
the
primary
family
or
not.
B
D
Yes,
I
think
I'd
call
ESL
release
it
by
my
main
concern
was
the
approval
for
PSO.
Now
it's
assigned
to
Tim
Tim,
just
one
thing
about
scalability:
we
are
the
meeting
with
six
scalability
last
week
to
define
a
how
do
we?
What
does
it
mean
passing
the
test
for
core
DNS,
knowing
that
the
memory
was
that
exactly
countered
the
same
way
coordinate?
So,
to
be
honest,
the
the
point
of
view
of
first
second
on
six
scalability
is
pass
the
test
as
long
as
you
pass
a
test,
you're
good,
so
I
thought.
D
K
K
Okay:
okay,
okay
Tito,
we
are
trying
to
implement
the
host
alert
support
in
coordinated,
it's
C
night
Morrigan,
it's
a
sub-project
of
OpenStack,
it's
a
token
for
using
OpenStack
ports,
Natron
ports.
Maybe
if
you
know
we're
following
the
same
approach
as
in
Charles,
the
host
user
arsenide
or
again
so
we
have
only
in
it
has
the
user.
You
know
the
main
socket,
but
we
don't
have
a
th0
interface
inside
container.
K
K
K
K
M
Lexi,
a
quick
one
for
yeah,
so
I'm,
not
exactly
familiar
with
what
the
particular
limitation
of
CNI
is,
but
I'm
gonna
shoot.
A
link
in
chat
here
is
that
there's
been
a
total
refactor
of
that.
The
host
user
CNI
is
now
a
user
space
CNI,
and
it
supports
a
number
of
quote
unquote:
engines
for
kind
of
user
space,
networking
through
and
I,
so
just
throw
the
link
in
here.
As
that,
might
you
might
find
it
useful
as
a
reference
or
you
know,
as
a
project
to
contribute
your
work
to
otherwise
just
Linda?