►
From YouTube: Network Policy API Meeting 20200125
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
C
Okay
yeah,
so
we've
got
ricardo
where's
your
stuff.
A
Okay,
so
my
my
stuff
yeah,
so
my
stuff,
we
have
a
a
cap
for
folks
that
are
new
to
these
community
things,
so
any
any
evolution
in
kubernetes.
We
need
to
write
a
enhancement
proposal
and
we
we
we
call
it
a
cat,
that's
a
kubernetes
enhancement
proposal.
So
we
have
a
cap
to
allow
a
network
policy
to
contemplate
a
set
of
part.
This
is
the
issue
that
jay
is
showing
us
in
the
in
his
screen
and
that's
the
2009
dj
that
it's
merged.
A
Yeah
go:
go,
go
go
to
the
bottom,
two
up
to
the
bottom,
okay
yeah,
and
we
have
like
another
cab,
another
modification
to
the
cap
that
was
asked
by
the
folks
from
the
performance
review
just
to
add
some
performance
things-
and
I
am
probably
going
to
spend
my
day
today
doing
this.
But
mostly
what
jay
is
showing
to
us
is
the
proposal
of
the
port
range.
A
So
we
have
a
lot
of
feedback
from
the
community
that
folks
wants
to
specify,
instead
of
specifying
a
network
policy
contemplated
in
a
single
part,
to
specify
a
network
policies
contemplating
a
port
range
because
of
like
egress
policies
going
to
unload
for
to
to
note
parts
from
other
clusters
and
and
passive
ftp
and
so
on.
So
this
is
the
the
pr
that's
that's
implemented
this
and
folks,
please
be
feel
free
and
free,
welcome
to
review
I'll
review
the
cap
and
review
also
the
vr
yeah.
So.
C
C
It's
important
to
keep
in
mind
here
is
that
with
network
policies
and
ports,
you
have
this
situation
where
you
create
a
network
policy
and
then
a
port
is
a
separate
data
structure
and
the
port,
if
you
define
it,
determines
which
ports
that
network
policy
is
is
acting
on
right
and
so
ricardo's
finished
the
implementation
of
this
kept
to
make
it
so
that
we
support
an
edge
port.
So
you
can
have
like
a
port
range
now,
as
opposed
to
just
having
one
port.
So
that
looks
like
it's
coming
along
nicely.
A
C
A
C
So
there
it
is
so,
if
anybody's
interested
in
seeing
how
these
things
are
implemented
under
the
hood
ricardo
gone
ahead
and
implemented
it
in
lib
calico
go,
it
looks
like
which
is
cool,
so
liv
calico
go
is
the
is
a
library
that
gets
bundled
into
the
calico
note
agent
when
it
runs.
I
bet
you
didn't
think.
I
knew
that
report
all
right
and
so.
C
Felix
gets
bundled
into
the
note
agent
right
and
then
lip
calico
go,
gets
bundled
into
phoenix
felix
right,
so,
okay,
so
cool
so
like
this
is
how
it's,
ultimately,
all
all
the
implementation,
I
guess
lives.
Where
is
it
here?
Is
this.
C
It's
just
this
yeah,
so
that's
it!
That's
all.
It
took
to
add
portraits
to
the
network
policy
api,
great
okay,
so
port
ranges
on
the
way
coming
soon.
We
have
my
thing,
which
is:
where
does
my
thing
live.
C
So
basically,
we've
got
three
policy.
Api
changes
going
in
soon
or
two
one
is
namespaces
as
names,
so
in
other
words,
you'll
be
able
to
write
a
network
policy
against
a
name
and
the
way
you're
going
to
do.
That
is
we're
adding
a
default
labeler
to
the
api
server
and
that's
one
two
which
is
merged,
and
I
have
actually
ricardo
a
follow-up
on
that
which-
which
I
did
I
finished
yesterday.
C
So
this
is
merged.
It's
provisional
and
I
have
a
follow-up
on
that
to
make
it
implementable.
So
if
you
could
help
me
to
get
some
eyes
on
this.
C
The
other
person
needs
2k
right,
so
we'll
get
see
if
we
can
get
these
guys.
Take
a
look
at
this
cool
so
that
chain
for
cardinal
all,
I
did
was
just
add
the
mostly
just
boilerplate,
and
I
just
added
the
design
details
of
how
we've
implemented
it,
which
is
in
the
defaults.go,
we're
just.
A
We're
literally,
have
you
added
the
the
performance
review,
yeah
yeah,
I
added
the
performance
review
thing
to
you
know
this,
but
there
is
a
yeah
great
okay,.
C
So
literally
so
this
for
folks
that
aren't
familiar
with
it
literally
we're
just
putting
something
into
the
api
server
that
always,
as
it
adds
a
metadata.name
label
to
a
namespace
right.
So
when
a
namespace
is
created
normally
it
has,
it
has
no
labels
on
it
by
default.
So
this
add
one
new
label
to
it.
It
will
always
be
there
that
will
always
be
unique
and
selectable
right.
C
So
that
way
anybody
can
write
a
network
policy
against
the
namespace,
even
if
they
don't
know
about
any
of
the
labels,
it
has
because
every
namespace
is
going
to
be
guaranteed
to
have
this
label
in
the
future,
so
that
is
hopefully
going
to
be
on
its
way
soon,
and
then
I
had
to
do
a
couple
of
minor
changes
to
the
pr
for
it
yesterday
and
I
think
those
are
all
set.
C
I
don't
even
know
where
that
thing
is
it's
here,
so
I
think
this
is
all
ready
now
yeah
here,
oh
it
looks
like
it's
failing
the
big
basil
tests.
Don't
know
why
so,
but
other
than
failing
this
basil
test.
I
think
this
is
all
ready
to
go,
so
I
just
need
to
look
and
see
why
this
is
failing
here.
C
Oh,
I
know
I
think
I
know
what
it
is.
I
think
I
may
have
well
that
actually
looks
complete
to
me
right.
D
C
A
B
B
I
I
work
with
him:
yeah.
C
A
I
signed
him
yeah,
so,
okay,
I've
posted
to
you
folks
also
two
links
in
the
chat,
so
those
are
those
are
like
the
we
have
a
a
bigger
proposal.
That's
going
on
about
the
cluster
scope
of
network
policy.
It's
the
first
link
that
we
have
like
a
sub
sub
group
working
inside
the
sub
project.
That
is
designing
the
cluster
scope
and
network
policy.
So
we
have
folks
from
google,
I
guess
from
vmware-
and
I
guess
that
there
are.
A
There
are
some
folks
from
ibm
redhead
and
this
presentation
is
nice,
this
one
from
cluster
scope,
network
policy,
because
it's
it's
really
short,
but
it
brings
like
a
nice
light
about
how
those
folks
they
are
designing
the
the
object
of
the
cluster
scope
and
network
policy.
So
I
I
guess
it's
if
you
can
take
a
look
into
that
and
if
you
have
some
interest
about
that,
also
you
can
bring
abhishek
in
isla
he's
he's
not
here
right
now
because
of
the
time
zone,
but
you
can
bring
him
on
the
signature
policy.
C
So
so
yeah
that
net
cluster
scope,
stuff,
obviously
is
doing
that
and
it's
a
totally
separate
group
and
they
definitely
are
proposing
some
pretty
interesting,
valuable
stuff.
Like
you
know,
policies
that
span
the
entire
cluster
as
opposed
to
just
one
namespace,
and
the
interesting
thing
is
calico
and
andrea,
both
kind
of
have
those.
So
it's
kind
of
interesting,
because
it's
going
to
be
like
some
kind
of
weird
venn
diagram
with
that
right,
like
it's
going
to
be.
D
D
A
Yeah
and-
and
we
are
looking-
we
are
looking
into
actually
doing
some
other
smaller
evolutions
into
the
the
network
policy.
Api
v1
also
like
we
have
those
part
range
select
namespace
by
name
cluster
scope
with
network
policy,
but
we
have
some
folks
asking
for
the
node
policy,
like
the
note
selector,
the
ftd
and
policy
that
was
being
dealt
by
folks
from
google
also,
and
we
have
a
new
one.
That's
about
network
policy
using
service
accounts,
so
the
part.
C
Is
this
is
the
main
part
right
so
so
since
for
folks
that
are
here,
if
you're
interested
like
so,
basically
what
they
were
proposing?
Was
you
create
this
network
clustered
network
policy
spec
and
then
that
spec
would
have
ingress
rules,
egress
rules
and
then
those
ingress
rules
would
have
ports
and
they
would
have
peers.
So
you
could
see
that
basically,
this
is
starting
to
become
a
regular
network
policy
for
anybody
that
looks
at
the
existing
network
policy.
Api
you'll
see
that
some
of
these
things
are
actually
data
structures.
C
C
Yeah
so,
and
then
somebody,
the
other
thing
is
the
idea
of
priorities
right
of
numeric
policy
priorities,
because
you
know
what,
if
you
have
a
cluster
network
policy
that
collides
with
the
namespace
scope
policy,
which
one
wins
or
if
you
have
two
cluster
scope
policies
once
you
have
a
concept
of
deny,
you
now
have
a
concept
of
competing
priorities.
C
B
Yeah,
I
don't
think
so
either
a
lot
of
it's
in
the
slides.
I
mean
you.
They
basically
need
to
run
through
the
slides
to
understand
at
all.
What's
happening,
you.
C
Yeah
and
I
think
yeah
so,
okay,
all
right
what
else
anything
else:
ricardo.
A
C
So
we've
got
when
we've
got
this
test
here
that
a
meme
put
in
that
should
be
done
and
that
merged
yesterday
so
we're
moving
the
network
policy
test
all
in
over
into
the
new
there's,
a
new
network
policy
kind
of
dsl
that
we
have,
and
this
moves
some
of
them
over
so
that
merged
yesterday
and
matt
has
his
thing.
That's
called
a
feather
that
we're
not
supposed
to
call
a
buzzer,
and
that
is
generating
like
hundreds
of
network
policies
and
he's
got
a
bunch
of
results
around
that.
C
A
No,
I
just
migrated
the
network
policy
to
the
produce
things
and
it
seems
to
be
working
it's
failing
because
of
the
iperf
test
from
net,
but
not
because
of
the
bottle
juice,
and
I
am
waiting
for
the
signal
from
from
antonio
to
start
migrating,
the
other
night
sig
network
and
signaled
jobs
to
pot
butchers.
But
this
is
going
to
take
a
while.
A
So
it's
we
are
just
waiting.
A
E
Yeah
sorry
I
was
just
kind
of
I
was
just
kind
of
lurking
yeah.
I
work
over
at
kong
and
I've
been
kind
of
lurking
the
sig
network
stuff
for
a
while.
I
was
working
at
d2iq
for
three
years
and
there's
a
lot
of
network-related
stuff
that
I'm
just
getting
involved
with
because
of
work-related
necessity.
E
A
Let
us
know
in
slack
also
I
am
thinking
about
asking
for
casey
davenport,
to
change
this
to
a
bi-weekly
bi-weekly
meeting,
because
it's
we
don't
have
the
end
of
quorum
here
in
this
this
one
on
the
morning,
that's
actually
morning
here
in
brazil
and
in
the
us,
but
thank
you
thank
you
for
coming
coming.
Shane.
E
Yeah,
I'm
east
coast,
so
this
time's
perfect
for
me,
it's
it's
9
30
a.m,
and
I
could
do
earlier,
I'm
usually
up
by
like
seven.
You
should.
E
A
C
Well,
shane,
if
you
want
to
dig
into
anything-
and
you
have
a
few
cycles
reach
out
to
me
on
slack
and
let's
just
hang
out
and
or
ricardo
or
whatever
and
let's
hang
out
and
see
where
we
can
help
you
get
involved.