►
Description
[SIG-Network] Bi-weekly Ingress NGINX meeting for 20211012
A
Okay,
folks,
good
morning
for
those
that
are
in
the
morning
or
still
waking
up
in
kubecon
good
afternoon
and
good
evening
or
whatever
time
zone
you
are,
this
is
network
ingressing
exo
project
meeting
today
is
october
12th
2021.
This
is
a
kubernetes
community
meeting.
So
we
ask
we
kindly
ask
you
to
comply
with
the
code
of
conduct,
which
is
basically
be
excellent
with
with
each
other.
A
My
name
is
ricardo.
I'm
gonna
be
your
host
today.
If
you
see,
if
you
wanna,
see
some
some
violation,
just
report
that
violation
to
me
or
to
any
of
the
sick
chairs
or
to
the
code
to
the
code
of
conduct
committee
of
kubernetes
of
kubernetes
community
and
let's
get
started
so
I'm
gonna
watch
james
scream
because
he's
sharing.
So
it's
better.
B
A
C
D
F
A
A
B
A
Yeah,
so
I
guess
the
context
that
they
want
is
actually
to,
instead
of
having
a
prometheus
histogram
bucket,
a
hard-coded
promito's
histogram
bucket,
allowing
the
user
to
customize
that
that
that
histogram,
like
instead
of
having
like
0.05
0.,
0.1,
etc.
They
want
to
have
these
packets
customizable
via
via
flex.
G
D
A
D
A
That
one
to
me,
I
can
take
a
look,
but
alex
is
also
looking
into
that.
I
I'm
not
sure
about
that,
because
one
thing
is
calling
with
the
own
update
right.
So
when
you
have
when
you,
you
need
to
update
the
nginx
configuration
the
other
one
is
when
you
are,
when
you
are
doing
the
validation
web
hook
and
you
wanna
and
you
wanna
see
if
that
thing
is
gonna
change.
So
I
agree
that
maybe
this
is
like.
We
have
two
two
boundaries.
A
A
Yeah
this
yeah,
so
I've
seen
this
problem
as
well.
When
I
was
trying
to
debug
that
cordon
stuff,
when
you
put
a
lot
of
when
you
put
a
lot
of
load,
you
put
a
lot
of
ingress
objects,
you
have
a
race
condition
happening
right,
so
you
have
a
lot
of
you
have
a
lot
of.
How
can
I
say
process
run
in
parallel
and
all
of
them
they
try
to
replace
the
template
of
inginx
and,
and
sometimes
it
breaks.
A
A
We
are
just
starting
to
to
in
kiwi
a
lot
of
stuff
right
and
and
another
thing
that
could
be
a
solution
for
this
would
be
that
idea
that
someone
gave
about
splitting
the
configuration
files
per
maybe
their
front-end
or
perfect.
Also
at
least
you
may
have
like,
if
you
have
a
lot
of
ingress
with
a
lot
of
different
v-hosts,
you
at
least
would
and
with
different
files
and
a
chance
of
getting
some
race
condition
would
be
lower.
A
G
C
A
I
can
yeah,
I
remember
that
someone
yeah,
I
remember
that
someone
told
that
wasn't
like
a
good
idea,
maybe-
or
I
can't
remember-
if
the
it
wasn't
like
a
good
idea
or
if
this
was
something
that
could
that
wouldn't
solve
like
memory
usage
or
something
like
that.
Gentile
gentile
told
about
that
about
that.
So
maybe
we
should
bring
that
discussion
again
in
in
slack
and
and
discuss
at
least
like,
if
not
for
like
performance,
at
least
for
organization.
If
this
makes
sense
or
not.
C
Oh
yeah,
I
I
can
say
that
at
least
in
my
job,
where
we
use
engine
x-
let's
say
maybe
forty
fifty
thousand
viewers-
we
do
have
them
as
the
files
and
we
haven't
clearly
seen
the
issues
so
that
like
technically
doesn't
seem
to
be
the
issue.
But
maybe
something
about
how
english
essentially
is
set
up,
makes
it
difficult
or
different.
H
Yeah
using
using
includes
is
a
is
a
common
pattern,
but
usually
it
focuses
on
the
problem
of
I'm
trying
to
manage
the
configuration
in
a
scalable
way
right,
so
you're,
so
you
have
an
upstream
include
you've
got
a
server
block,
include
you've
got
a
location,
include,
you've
got
a
general
include
that!
That's
that's!
H
A
Yeah,
actually,
we
don't
use
the
include
here.
We
have
like
a
whole
file
with
like
40
000
lines
of
of
configuration,
so
my
my
questioning
was,
if
maybe
splitting
using
the
include
on
the
main
one
and
splitting,
for
example,
each
virtual
host
into
a
file
would
at
least
help
us
later.
Solving
some
some
race
condition
like
putting
some
some
lock
into
that
specific
file
and
don't
allow
it
to
reload,
while
some
of
those
files
were
locked.
H
Nginx
is
still
going
to
rectify.
Nginx
is
still
going
to
rectify
them
all
when
you,
when
you
try
to
do
the
reload,
so
it's
it's
still
going
to
it's
still
going
to
search
search
the
path
for
the
include
files.
You,
you
just
have
to
add
an
include
directive
and
have
everything
in
individual
individual
directives.
You
just
have
to
be
careful
in
the
code
that
you
don't
accidentally
create
conflicts.
H
A
A
Each
url
would
get
their
their
own
file
and
from
there
you
are
gonna
like
that,
make
some
derivation
of
like
the
back
end
and
etc,
and
just
change
that
specific
file.
So
if
you
have
someone,
for
example,
some
specific
ingress,
that's
that's
messing
up
like
some
infinite
loop
or
someone
with
some
ci
cd
broken
into
a
specific
ingress
object.
A
So
I
guess
that's,
maybe
an
approach
that
we
can
take
for
the
next
future
release,
not
not
for
the
bit
not
for
the
bug
fix
release,
but
we
can
start
thinking
about
that
and
we
can.
I
I
I
miss.
So
this
is
something
that
I
miss.
Actually,
we
don't
have
like
some
some
metrics
about
how
the
things
they
were
before
we
apply.
Some
vr
some
conformance
tests
right,
so
I
don't
know
how
we
can
do
that,
even
if,
if
we
have
a
cpu
for
doing
that,
but
I
I
kind
of
missed
that,
like
tracking.
A
Yeah
tracking,
which
pr
inserted
some
some
change
into
the
behavior
like
not
not
on
the
canary
stuff
but
at
least
on
performance
systems.
So,
for
example,
we
we've
got
that
we've
got
that
cordon
stuff.
I
know
that's
not
related
to
something,
but
we
could
at
least
say
hey.
This
was
inserted
in
this
pr
or
not
right,
so
we
can
get
some
metrics
some
peso
metrics
from
each
pr
that
gets
merged.
A
Then
I
kind
of
miss
that
so
if
someone
gets
some
idea
of
how
we
can
apply
that,
even
if,
if
we
do
something
like
daily
instead
of
for
each
pr,
we
run
some
conformance
tests,
and
we
know
that
this
day
the
metrics
were
this
way,
and
this
day
the
methods
were
this
way.
So
maybe
it
would
be
helpful
to
check
if
we
apply
a
change
like
this
one.
If
this
is
going
to
be
a
problematic
or
not
by
the
side
of
cpu
and
memory
usage,
for
example,.
G
A
I
I
Oh
go
ahead.
Sorry,
I
will
just
say
we
are
working
on
some
projects
internally
that
are
going
to
be
released
as
open
source.
That
might
actually
be
a
good
solution
for
this
problem.
So
as
as
that
testing
tool
that
we're
working
on
progresses,
we'll
definitely
keep
you
guys
in
the
loop
and
let
everyone
know
when,
when
it
looks
like
it's
going
to
be
publicly
available
cool
amazing.
A
Yeah
one
thing
that
I
was
discussing
with
folks
was
like
if
we
should
try
to
replace,
for
example,
open
rusty,
some
places
or
some
some
parts
of
open
residue
to
the
njs
right,
the
the
javascript
thing
inside,
and
I
have
no
way
to
test
that
right
now
to
say
like
if
this
was
something
if
we
got
some
difference
into
that
or
not
so
I
was
like
yeah.
I
can
do
that.
But
is
this
going
to
be?
I
G
A
A
C
A
C
A
C
So
I
think
I
approved
it
just
before
his
last
commit,
and
maybe
this
that
was
good
from
the
testing
perspective.
His
last
comment
seems
to
have
broken
it,
so
I
haven't
seen
that
last
comment,
but
as
up
till
that,
like
the
last
part,
one
comment
it
looked
good,
it
was
backwards
compatible.
It
didn't
break
anything.
J
C
A
A
C
A
Okay
sounds
like
an
idea:
we
just.
We
just
need
to
be
sure
that
everybody
understands
that
validation
web
hook
is
not
required,
so
you
as
a
user
you
can
deploy
in
english
in
genex,
without
the
validation
webhook
right.
So
we
just
need
to
be
careful
like
assuming
that
we
are
not
adding
any
any
vulnerability
or
something
like
that
saying
hey.
This
is
not
gonna
happen,
because
we
have
validation
webhook,
because
this
may
not
be
true
yeah.
We.
A
G
A
C
A
C
A
C
G
G
G
A
I
can
take
a
look
into
this
one
as
well
and
if
so,
it's
funny,
because
I
I
have
sort
of
implemented
the
certificate
stuff
in
in
english,
in
gynex
the
certificate
authentication.
So
if
someone
want
to
take
a
look
into
that
one
feel
free
to,
and
I
can
help
you
otherwise,
I
can
take
a
look
into
that
certificate.
Key
check
phase
as
well.
G
J
Because
for
everything
on
the
internet,
for
all
searches,
he's
talking
about
the
order
of
the
certificates
and
all
examples
that
are
talking
about
the
common
order
where
the
leaf
comes
first
intermediate
comes
second
and
root,
is
last
and
he's
saying
he
wants
the
root
to
be
on
top,
because
only
the
root
will
have
the
key.
So
do
we
even
want
to
discuss
it
or
do
we
have
to
even
or
do
we
have
to
search
for
standards?
J
J
J
J
C
G
G
J
G
A
G
D
A
A
A
G
I've
been
closing
issues
that
have
older
versions
and
just
being
putting
in
the
politeness
saying
you
haven't,
looked
at
this
no
one's
interacted
with
this
issue
in
a
while
you're
running
older
versions,
please
upgrade,
and
if
you
still
continue
to
have
issues,
let
us
know,
because
you
know
if
we've
got
to
enforce
what
we
say,
we're
going
to
enforce,
to
be
able
to
do
what
we've
been
trying
to
do.
So.
G
G
That's
interesting
that
they're
running
44
or
the
client
versions-
122.,
okay,
so
they're
running
it
on
119..
So,
okay,
this
is
the
the
part
where
we
you
know.
If
this
is
five
days
ago,
they're
running
it
on
119
but
they're
running
at
44..
So,
let's
see
if
anyone
has
asked
them
to
upgrade
and
try
again,
but
I
haven't
read
through
this
one
yet
either.
D
A
D
So
yeah
I
actually
had
to
deal
with
this
just
a
couple
days
ago.
Now
that
I
think
about
it,
someone
was
asking
me
how
to
how
to
set
the
timeouts
for
grpc,
because
it's
it's
different
or
it
it
it.
These
these
annotations
depend
on
the
back-end
protocol.
It's
the
point
he's
making
and
I
so
yes,
it
could
be
documented,
better.
D
A
A
J
A
Yeah,
just
just
just
just
asking
yeah
but
anyway
I
I
would
say
that
at
least
for
me,
I
have
work
for
the
next
one
month
to
take
a
look.
So
if,
if
you
think
that
this
certificate,
one
is
more
like,
is
have
priority,
we
can,
we
can
just
shift
the
priorities
of
those
one.
Otherwise
I
would
say
that
we
can
maybe
live
for
the
offline
scene,
like
first
lag.
J
J
A
A
If
this
is
something
like
the
affinity,
one
is
something
that
you
could
confirm.
So
it's
easy
to
reproduce.
We
know
that's
something
like
generic
right.
This
is
l1.
Maybe
it's
like
something
really
specific
that
we
would
need
more
time.
I
don't
think
we
need
to
just
get
get
rid
of
that,
but
maybe
that's
it
can
wait.
Otherwise
more
people
would
be
complaining
right.
A
I
I
was
talking
with
james
yesterday
about
that
that
maybe
I
really
want
to
have
some
time
to
stop
doing
some
firefighting,
at
least
for
the
next
month
and
think
about
the
features
for
a
bit.
So
I
would
say
that
maybe
we
should
just
try
to
not
insert
any
new
bug
and
say:
hey,
okay,
so
this
we
can
consider
stable,
stable
enough
to
start
thinking
about,
like
gateway
api
on
the
other
features
right.
J
A
A
G
A
A
A
A
G
A
H
G
G
G
A
G
C
J
Actually,
regardless,
you
have
to
make
a
very
important
comment
on
this.
The
guy
is
actually
using
explicit
redirect
with
the
with
the
url
okay
he's
specifying
a
url,
so
he's
sending
a
request
to
domain
a
and
is
very
clearly
using
the
redirect
annotation
that
is
and
specifying
the
domain
as
b.
But
then
then
he
goes
at
a
goes
ahead
and
claims
that
when
he
sends
a
request
to
domain
a
it
should
not
straight
off
redirect
to
domain
b,
it
should
first
upgrade
to
https
on
domain
a
and
then
a
second
step.
G
A
C
A
Okay,
okay,
okay
yeah,
we
we
should
probably
discuss
about.
I
would
I
would
try
to
to
search
the
the
history
of
this.
Why
we
have
changed
it.
I
remember
changing
this.
I
just
can't
remember
why.
But
I
I
remember
that
we
have
changed
this
in
past
because
of
some
issue
with
something
else
like
cloudflare
or
site
manager,
or
something
like
that,
and
I
will
take
a
look
into
that
and
if,
if
you
folks
find,
I
guess
one
thing
that
we
could.
A
A
Yeah,
we
probably
was-
I
remember,
changing
that,
so
I
don't
know
if
it
was
me
or
not,
but
we
can
take
a
look
into
that
template
and
see
hey.
This
was
changed
on
dcpr
and
then
we
at
least
we
will
have
more
context
to
see
if
they
are
right
or
if
we
are
right
or
if
we
may
have
some
mid
solution
like
adding
a
new
annotation
saying.
What
is
the
priority
say:
hey,
do
you
wanna?
A
G
C
C
A
Walkthrough
on
the
code,
okay,
okay,
we
can
yeah
yeah
yeah.
We
can
do
that
sure.
I
I'm
just
like
a
bit
in
a
rush
those
days
and
that
will
be
off
this
weekend.
But
if
that's
okay
to
you,
we
can
make
on
maybe
on
a
weekend.
Otherwise
I
can
try
before
I
start
working
like
eight
a.m.
Here,
which
probably
is
afternoon
in
india
in
the
time
zone,
we
can
do
a
cold
walk
through.
A
J
J
A
Very
quick,
I
was
going
to
say
I
can
I
can
open.
I.
I
have
a
new
feature
on
this
outlook.
Vmware
agenda
that
works
like
calendly,
or
something
like
that.
I
can
try
to
open
like
a
slot
and
say
hey
folks,
vote
whenever
it's
better
for
you
and
we
can
try
to
make
this
cold
walk
through
on
a
time
that
works
for
everybody.
A
Just
just
remember
about
that
and
maybe
maybe
later-
and
I
can
open
that
I
will
forgot
for
sure
right
now,
but
I
will
let
let's
let's
do
this
yeah,
that's
good,
okay,
anything
else,
folks,
so,
for
those
that
are
on
kubecon,
enjoy
hong
kong
for
those
that
are
not
in
kubecon,
we
have
virtual
kubecon.
So
take
a
look.
We
have
keynotes,
you
can
get
the
keynotes,
you
can
go
through
the
booths
and
and
see
the
solutions.
A
I
will
send
the
link
to
you.
We
get
hallway
ongoing
on
on
cncf
slack.
So
if
you
want
to
meet
other
contributors,
other
members,
other
users
just
drop
that
I'm
gonna,
send
everything
on
on
slack
as
well
and
enjoy
the
rest
of
the
week.
Folks
and
take
care
you
are
james,
is
gonna,
be
on
dirty
to
get
some
stickers
and
some
t-shirts
for
us
on
the
physical
boots
and
send
to
all
of
us
during
the
during
the
next
week.
Okay,.