►
From YouTube: Network Policy API Bi-Weekly Meeting 20210329
Description
Network Policy API Bi-Weekly Meeting 20210329
A
Great
so
hello,
everyone,
this
is
sig
network
api
network
policy.
Sub
project
today
is
march
29th
2021..
I
just
want
to
remind
everyone
that
this
is
an
official
community
meeting
and
we're
recording
here
so
don't
say
anything
inappropriate.
Please
we
have
a
code
of
conduct
which
is
basically
just
be
nice
to
each
other.
So
let's
follow
that
and
have
a
good
day,
so
we
can
go
ahead
and
dive
in
there's
not
much
on
the
agenda.
For
today.
I
don't
see
any
new
faces
and
it's
pretty
slim
pickings
today.
A
So
the
one
thing
for
issue
triage
was,
it
seems,
like
ricardo
and
jay
already
went
over
and
triaged
everything
for
this
week.
So
nothing
really
new.
To
note
there.
We
were
discussing
briefly
the
possibility
of
adding
a
network
policy
label.
So
that's
something
I
can
look
into
doing
this
week.
I
don't
know
how
to
do
it
but
can
figure
it
out.
I
think
that'd
be
good
and
easier
for
us
to
look
up
relevant
issues
in
the
kubernetes
setup
there.
A
Next
on
the
list
is
the
network
policy.
I
o
event
tomorrow.
Ricardo
just
told
me
about
that
looks
pretty
cool,
just
a
place
for
it's,
basically,
a
new
resource
for
the
kubernetes
community
to
talk
about
network
policy
so
pretty
relevant
to
what's
going
on
with
us,
and
I
assume
if
we
want
to
bring
up
some
stirrings
about
v2,
that
might
be
a
good
place
to
do
it
and
get
some
more
voices
heard
there.
A
So
I
know
I'm
going
to
try
to
make
it
give
that
a
look
and
then
basically,
if
no
one
else
says
anything
they
want
to
talk
about
before.
I
think
we
can
just
continue.
The
discussion
on
v2.
Maybe
talk
a
little
bit
about
next
steps
and
what
we
want
to
do
there.
B
Right
so
I
think
last
week
I
think
satish
and
I
we
decided,
we
said
we're
gonna,
get
it
back
to
you
guys
this
week
about
like
an
outcome,
commitment
and
I
think
we
had
like.
Unfortunately,
we
had
like
a
day
off
on
friday
last
week,
global
day
off
at
google,
so
we
we,
we
usually
have
our
open
source
meeting
on
those
days,
and
I
was
just
trying
to
sync
up
with
tim
and
others
to
like.
You
know,
see
what
so
I
so.
B
I
manage
the
group
in
google,
which
is
responsible
for
network
security
and
policy,
not
only
for
kubernetes
level,
but
also
for
the
gc
firewall
levels,
gta
5,
volt
rules,
and
things
like
that.
So
with
that
said,
we
have
a
lot
of
interest
and
we
have
we
are
we.
We
will
also
be
working
with
the
vmware
team,
also
in
coming
up
with
the
cluster
network
policy
that
that
happened
in
the
past.
B
So
we're
happy
to
work
on
it,
but
just
I
just
need
to
check
with
my
peers
to
see
that
there
is
an
interest
working
from.
I
just
need
to
coordinate
my
other
case.
That's
also.
If
you
can
give
me
one
more
week,
I
should
have
a
more
definitive
answer,
but
you
can
put
satish
and
me
as
that
people
who
will
try
to
coordinate
the
v2
proposal
and
I'm
looking
for
anybody
else
who
wants
to
join
with
us.
A
C
B
So
that
that's
okay
in
that
case,
that
will
save
us
one
more
meeting
in
the
week.
So,
let's
maybe
what
we
can
do-
that
we
can
spend
the
first
30
minutes
or
the
last
30
minutes
of
this
weekly
meeting
just
to
discuss
about
me
to
proposal
and
then
use
the
other
30
minutes
for,
like
you
know,
doing
the
regular
business
stuff
like
you're,
taking
care
of
triaging
issues
and
bugs,
and
things
like
that.
Does
that
make
sense.
A
Definitely,
I
think,
that's
a
good
idea.
Okay
and
there's
definitely
some
interest
on
red,
hat's
side
of
things.
I
I
will
definitely
be
able
to
help
out
a
bit
so
feel
free
to
include
me
well.
B
I
mean
now
I'm
assuming
it
is
going
to
be
collaborative
with
all
the
folks
and
who
are
involved
in
the
network
policy.
It's
just
like
an
as
I
think,
jay
was
saying.
Last
meeting
you
need
somebody
to
like,
you
know,
play
the
quarterback
like
you
know,
we
need
somebody
to
you,
know,
organize
meetings
and
have
their
proposals
so
satish
and
I
are
gonna
most
likely
will
take
up
that
role
and
so
just
need
one
more
week
to
let
you
know
confirm.
A
Yeah,
that's
fine
with
me.
This
sounds
great.
Does
anyone
have
any
questions
so
far?
I
think
everyone
that
yeah
everyone
was
here
last
week.
So
brief
recap:
we've
kind
of
hit
a
stop
point
in
the
evolution
of
network
policy
with
the
api,
as
is
so
we've
been
talking
about
doing
a
network
policy
v2,
and
that
is
what
this
is
all
in
relation
to.
A
So
I
think
then,
for
today
I
mean
last
week
we
discussed
a
little
bit
about
the
possible.
You
know
scope
of
v2,
but
it
seems
like
everyone's
still
kind
of
in
like
a
holding
pattern.
We
could
go
over
some
more
questions
with
v2
or
start
discussing
or
even
start
a
document
on
it.
If
that
would
help
you
veneer,
I
don't
know
if
you
want
to
sure
yeah.
I.
B
Think
we
can
we
can.
That
is
not
a
big
deal.
We
can
start
the
document.
I
think
what
would
be
useful
is
to
like
you
know,
get
some
guiding
principles
agreed
upon
right.
You
know,
so
I
think
we
all
have
some
idea
on
what
this
v2
proposal
is
going
to
look
like
or
what
it's
supposed
to
achieve.
So
I
was
thinking.
Maybe
we
can
use
since
everybody's
here.
B
Maybe
we
can
use
this
to
like
not
come
up
with,
like
a
three
page,
long
guiding
principle
like
just
like
a
half
a
page
of
one
page
guiding
principles
like
things
like
you
shall
not
break
the
previous
version
right.
You
know
if
you
use
v2
if
somebody
uses
like
you
know,
the
interoperability
should
just
kind
of
think
that
you
can
just
lay
down.
You
know
like
it's
like
a
guiding
principles
for
v2.
Then
we
can
use
that
as
a
framework
for
what
our
proposal
will
come
up.
C
C
A
A
A
So
obviously
we
don't
want
there
to
be
a
breaking
change
we
want
to
be.
I
think
we
want
to
be
a
little
more
explicit
in
the
behavior
another.
You
know
good
route,
I
think
I
was
talking
to.
I
was
actually
talking
to
dan
winship
last
week
and
and
he
his
opinion
from
someone
I
guess,
who's
pretty
experienced
with
network
policy
is
like
network
policy.
If
you
want
is
broken
like
there's
a
lot
of
weird
corner
cases,
there's
behavior,
that's
not
explicit
and
he
thinks
network
fault.
This
is
kind
of
a
different
view.
A
He
thinks
network
policy
should
be
able
to
be
applied.
You
know
at
an
application
level
and
then
an
infrastructure
level.
So
you
almost
have.
This
is
totally
different,
obviously
from
the
current
spec,
but
you
have
policy
that
can
be
applied
like
by
administrators
and
then
policy
that
can
be
applied
by
developers,
and
you
know
that
would
involve
he's
his
argument.
Is
it
wouldn't
be
a
breaking
change
because
it
would
be
a
totally
new
thing,
so
I
guess
that's
just
something
else
we
could
throw
in
there.
B
A
B
A
A
D
B
B
If
you
use
a
crd,
which
is
defined
with
v2
constructs
but
you're
using
a
d1
controller,
can
we
also
capture
that
the
guiding
principle?
Second,
for
example
the
exact
opposite
of
this
right?
So
you
know
yeah,
maybe
add
it
as
like.
A
higher
level
bullet
item
right
and
this
is
this-
is
taking
care
backward.
But
what
we're
saying
is
that
if
I'm
using
a
v1
controller
but
the
the
user
has
accidentally,
the
user
is
using
a
v2
construct.
In
that
case,
do
we
want
to
like
fail
smoothly
or
like
what
right.
A
I
mean,
I
think,
obviously
I
think
we
would
want
to
fail
smoothly,
but
there
might
want
to
be
some
sort
of
message
that
just
says:
okay,
v2
controller,
being
com,
existing
feature
set
being
converted
or
something
saying
that,
like
right,
yeah.
B
I
mean
we
had
the
discussion
and
I
think
last
week
we
talked
about
like
if
you
use
fail
open.
Are
we,
like
you
know,
potentially,
like
you
know,
making
the
cluster
a
little
less
secure?
Because
if
you
fail,
let's
say
I
have
a
v1
controller
and
I
use
a
v2
crv.
B
B
It
is
for
us
to
say
if
that
happens,
if
the
v1
controller
sees
a
v2
just
barf
straight
away
and
fellow
fail
fast
quickly
instead
of
like
you
know,
try
to
do
some
fail,
open
thing
and
then
open
some
security
host.
So
that
was
the
thing
I
think
we,
I
remember,
we
discussed
a
little
bit
at
length
in
last
meeting,
so
maybe
we
should
try
to,
like
you
know,
get
consensus.
B
I'm
again,
I'm
I'm
okay
with
either
approach,
but
I
think
maybe
if
we
just
fail
fast,
if
you
have
a
v1
controller
and
csv
just
here,
he
says
I
don't
know,
I'm
going
to
mess
it
up,
so
I'm
going
to
fail
fast.
So
it
just
give
the
signal
to
the
user
right
away
instead
of
like
try
to
do
something
clever
on
the
on
the
back
end
and
then
end
up,
like
you
know,
opening
up
holes
so
that
so
these
are
the
two
viewpoints
I
lean
more
towards
like
failing
fast,
but
again,
I'm
open
to
discussion.
A
Yeah,
you
know
it's
it's
it's
a
really.
It's
a
tough
part
right,
because,
if
you're
failing,
if
you're
failing
close
and
we've
kind
of
changed
the
api
enough,
that
people
are
having
to
relearn
network
policy
that
might
hiss
people
off.
But
if
we're
failing
open,
it's
going
to
be
way
more
complicated
on
the
implementation
side
of
things
and
there's
definitely
room
for
you
know
more
room
for
security
holes.
I
I
think
in
general,
we
need
to
lean
with
network
policy
towards
being
more
explicit.
A
B
Anybody
have
any
suggestions,
so
this
you
have
any
comments
on
this.
D
So
I
think
the
second
case
right
v2,
crd
working
with
v1.
I
think
it's
it's
more
or
less
a
very
common
scenario.
Right
I
mean
because
we
introduce
the
crd,
like
let's
say
in
122,
but
the
implementers
are
not
ready
or
are
not
supporting
v2
yet
so
I
think
it's
a
very
common
use
case,
so
we
need
to
figure
out
whether
we
want
to
do
fail
closed.
Like
I
mean
we
need
to
figure
out.
B
D
B
So
we
are
asking
you
to
vote,
I
mean,
like
you
know.
Basically,
like
you
know
what
is
your
so
we
know
that
like
two
that
feel
open
or
I
cannot
fail
first,
I
think
so
so
yeah,
so
both
I'm
thinking
and
like
the
host
is
also
thinking
that
you
should
kill
close.
So
what
is
your
opinion
feel
open
or
pretty
close?
I
think
it
should
be
yeah
very
close,
yeah,
okay,.
A
D
Oh
sorry
yeah,
so
just
to
add
like
when
we
say
fail
close,
I
think
when
they,
when
the
customer
phb
to
crd,
we're
gonna,
say
we're
gonna
we're
gonna
block
them
from
creating
such
is
sources.
What's
that.
A
D
A
What
I
would
think-
and
you
know
they
at
the
end
of
the
day
they,
if
they're
using
a
v1
controller,
they
should
only
be
using
v1
crds,
I
mean,
and
if,
if
we're
failing
close
and
and
they
try
to
use
a
v
crd
on
a
view
on
controller,
it
will
explicitly
say
like
you're
doing
something
wrong.
I
mean
it's
not,
and
I
think
that
is
safer,
but
that's
a
really
important.
You
know
that's
something
that
we
all
need
to
agree
on.
I
think
right.
B
No,
I
I
think
so
normally
if
it
were
like
anything
other
than
security,
then
we
would
have
been
more
relaxed,
not
break
the
thing
and
have
a
fail
open
model.
But
I
think,
since
this
is
this
concerns
security
of
the
cluster
and
the
parts,
I
think
we
want
to
be
more
conservative
and
say:
okay,
if
something
happens,
that
controller
doesn't
know
what
this
constructs
are.
I'm
going
to
fail
because
I'm
going
to
mess
it
up,
so
I
think,
should
we
all
agree
on
that.
A
Yes,
okay,
I
think
so,
and
then
I
mean
so
with
v2
crd
on
a
v1
controller.
We
agree,
fail,
close
and
then
v1
crd
with
a
v2
controller.
We
should
definitely
not
fail.
It
should
work
cool,
so
some
other
guiding
principles.
I
I
would
like
to
see
that
any
behave,
new
behavior
we
define
is,
like
I
said
before
explicit
so
like
we
lose
the.
If
you
have
a
policy,
that's
when
there's
this
hidden
deny
rule
shown.
I
don't
know
what
other
people
think
about
that.
C
Be
something
configurable
by
the
cluster
admin
right.
This
can
be
something
okay,
you
can
fail
open,
but
you
are
susceptible
to
cve
is
due
to
execute
autism
but
to
a
security
issue.
So
that's
our
call.
B
Now
I
think
if
I
understand
ricardo
like
he,
what
he's
asking
is
for
the
change
of
the
currently
default
behavior
that
we
have
right.
If
you
have,
if
your
network
policy
enabled,
but
you
don't
define
the
network
policy,
then
everything
is
shut
down.
We
are
in
isolated
market,
whereas,
if
you
don't
have
network
policy
defined
defined
or
like
you
know,
you
don't
have
anything
set
up,
then
everything
is
allowed.
C
A
B
C
C
B
B
B
Why
give
if
you
put
too
many
configuration
options
like
as
it
is
they're
very
hard
to
manage
that'd,
be
like
150
options
that
that
users
have
to
know
about
it
instead,
here,
if
you
have
a
mode
that
you're
trying
to
run
your
cni
doesn't
support
it,
it
fails
and
you'll
see
that
it's
not
working,
and
then
you
either
export
metrics
or
look
at
the
mark
and
say
what.
B
And
then
that
will
force
them
to,
like
you
know,
not
use
that
stanza
and
the
crd,
which
is
triggering
this
failure
in
cnn
I
mean
I
would
I
prefer
that
be
explicit
and
open
now
what
happened
now,
if
you
give
a
knob,
I
think
again,
I'm
perhaps
showing
my
bias,
like
you
know,
dealing
with
like
a
huge
number
of
customer
issues,
and
I
think
you
know
if
I
give
you.
C
C
C
A
A
A
Point
with
this
was
that
basic
thing
it's
like.
It
seems
really
weird
to
me
that
the
basic
rule
of
policy
today
is
you
know:
pods
are
unisolated
totally
isolated
until
a
network
policy
just
points
at
them.
At
that
point
they
become
isolated
like
that,
should
be
something
that
that
you
know,
people
or
users
need
to
explicitly
define.
So
that's
all
I
kind
of
meant.
B
A
Yeah
I
mean
is
that
something
that
should
be
picked
up
by.
I
guess
this
is
a
different
conversation
too
by
cluster
network
policy.
You
know
because
at
some
point
are
you
guys
the
developers
touching?
You
know
people
creating
pot
who
are
creating
pods
touching
cluster
scope,
network
policies,
probably
not
so.
B
Well
again,
right
so
trusted
network
policy
is
optional
right.
We're
not
you're
not
requiring
that
all
all
that,
just
because
you're
using
network
policy
does
that
mean
you
have
to
use
trusted
network
policy
that
decoupled
at
that
level?
So
having
said
that,
maybe
what
we
should
say
what
I
I
like
the
fact
that
having
the
cluster
admin
to
specify
would
be
great.
Now,
if
we
specify
that
in
the
cluster
admin
and
then
let's
say
the
cluster
admin
cluster
network
policy,
then
we
need
to
agree
on
what
the
default
behavior
should
be.
B
A
E
A
With
all
other
pods,
I
don't
think
a
default
behavior
of
network
policy
should
break
that
default.
You
know
you
have
like
two
layers
of
defaults
right.
Why
not?
Why
not?
You
know
have
have
in
the
network
policy,
the
user
or
whoever's
making
the
network
policy
has
to
explicitly
say.
I
do
not
want
to
allow
traffic
here,
but,
except
for
these
things,
okay,
so.
B
So
yeah
yang
is
also
on
the
culture
yeah
and
feel
free
to
step
in
any
time.
So
again
to
me,
like
you
know,
if
we
wanna
change
the
behavior
saying
that
I'm
gonna
like
make
it
configurable
how
the
cluster
admin
be
able
to
set
the
default
behavior.
If
no
policy
is
specified,
it's
like
an
isolate,
then
then
we
again,
we
need
to
figure
out
where
we're
going
to
store
that
option.
G
One
thing
I
want
to
say
is
that
I
agree
that
you
know
the
default
behavior
for
pauses
shouldn't
be
changed.
Anyways
like
it
should
allow
every
part
to
talk
to
each
other
by
default
when
the
cluster
is
brought
up.
That's
that's
the
one
thing
I
I
would
say
it's
not
open
for
discussion.
Otherwise,
it's
we'll
create
time.
G
No,
I
think
yeah,
but
but
for
for
the
network
policy
defaults,
it
really
depends
on
how
we
sort
of
like
want
to
design
the
crd
for
for
the
v2,
because
how
you
frame
that
will
sort
of
like
lead
to
what
the
what
the
semantics
is.
I
actually
wanted
to
sort
of
like
do
some
a
little
bit
of
like
experiment
on
my
own
on
the
cluster
network
policy
proposal.
G
I
actually
wanted
to
see
if
we
should
for
the
default
network
policies,
which
is
like
underlying
layer
for
the
network
policy
that
creates
the
cluster
admin
creates
for
for
the
like
the
the
cluster
defaults
in
that
resource.
I
actually
wanted
to
see
if
we
can
change
ingress,
egress
rules
from
the
front
and
two
keywords
to
only
two
and
only
from
keywords,
so
that
only
thing
makes
people
think.
Okay,
I'm
only
allowing
this,
but
the
everything
else
was
denied.
So.
A
G
The
like
isolation
becomes
more
explicit.
I
was
trying
to
propose
this
and
I
I
received
a
comment
from
I
don't
remember
it's
from
andrew
or
or
or
something
someone
else
saying
you
shouldn't
do
this
right,
because
there
are
two
or
three
network
policies
which
can
be
applied
to
the
same
parts
and
if
you
say
only
to,
and
only
from
that's
a
lie,
because
other
network
policies
can
actually
add
to
this
role.
Addictively
and
you're
not
only
allowing
this,
because
some
other
network
policies
could
potentially
add
new
things
to
to
the
allow
list.
G
So
so
only
to
an
order
from
is
a
lie.
Basically
and
there's
no
easy
way
in
the
current
network
policy.
Sort
of
like
semantics,
where
you
can
you
can
hint
user
about
the
default
isolation
behavior
very
easily
and
that's,
I
think,
definitely
a
problem
that
we
need
to
solve.
If
we
wanted
to
do
a
v2.
A
G
A
B
So
but
at
the
end
of
the
day
we
still
we
own
some
amount
of
responsibility
of
making
it
easier
to
adopt
right.
Like
so
again,
that's
the
reason.
I'm
like
I'm,
not
a
big
fan
of
making
our
features
so
complex
that
you
need
to,
like
you
know,
lead
up
to
like
tons
of
documentation
before
you
can
have
your
first
network
policy
established.
B
So
that's
the
reason,
I'm
thinking
so
again,
there's
no
clear
answer
for
this
thing,
but
so
we
are
saying
that
are
we
going
to
have
this
or
not
like
the
trusts
are
admin?
So
where
do
we
stand.
A
C
C
Yeah
yeah,
so
I
was
just
thinking
like
I'm,
I'm
thinking
my
experience
as
a
user,
so
when,
when
you,
when
you
decide
to
to
enable
something
in
google
cloud
or
in
amazon
that
changes
the
behavior,
you
got
a
warning
about
that.
So
probably
it's
it's!
It's
it's
up
to
the
cni
providers
to
say:
okay,
do
you
want
your
cni
provider
to
be
compliant
to
v1
or
complying
to
v2?
So
if
you
change
to
v2,
you
are
going
to
have
default
deny
between
the
pods.
C
F
A
C
C
B
B
If
it
is
sitting
in
a
different
policy,
then
what
happens
is
that
from
a
troubleshooting
and
debugging
perspective
or
like
you
know,
it
also
becomes
a
little
harder
right
like
now.
You
define
all
your
network
policies
here,
but
nothing
is.
Nothing
is
like
you
know,
you
feel,
like
you
know,
hey.
You
have
expectation
that
it
should
be.
B
Traffic
should
work
because
I
haven't
defined
any
policies,
then,
but
the
way
it
was
defined
in
the
cluster
network
policy
by
cluster
admin.
Everything
is
like
in
the
not
working
so
now
it
becomes
a
friction
point
for
the
user.
To
like
understand
that,
oh
I
need
to
go
look
at
it
and
this
becomes
a
little
so
so
I
would
rather
have
everything
that
controls
the
behavior
of
a
crd
all
within
the
same
cr,
without
necessarily
having
to
have
one
bit
outside
somewhere
else,
which
tells
what
the
default
behavior
should
be.
B
A
Yeah-
and
you
know
the
more
we-
I
don't
know
where
the
right
answer
is
here,
but
the
the
more
you
go
back
to
it.
It
it
makes
making
a
new
resource
and
saying
leave
v1
where
it
is,
don't
make
a
v2
instead
yeah,
I
don't
know
instead
make
an
application
network
policy
and
a
cluster
scope
network
policy,
but
for
for
now
I
think
we
have
some
good
points
here
in
terms
of
guiding
principles.
Can.
C
Getting
getting
the
hook
that
of
what
you
said
andrew
and
about
your
conversation
with
them
windshield,
I
guess
it's,
it's
a
pretty
important
that
we
define
the
in
the
in
the
constraints.
B
B
C
Yeah,
if
you
ask
my
opinion,
I
guess
dealing
with
network
policy
is
hard
enough
for
us,
and
actually
this
keep
this.
This
will
make
harder
to
the
cni
providers
like
to
to
implement
this,
but
I
guess
we
can
like
we
can
think
of.
If
someone
wants
to
own
the
traffic
policy
thing,
the
application
policy
thing
has
then
propose
it,
then
that
I
know.
B
B
So
so
why
don't
we
do
this?
Why
don't
we
just
list
it
out
saying
that
you
know
it's
like
this
is
where
I
think
you
can
go
investigate,
spend
more
time
trying
to
get
feedback
from
folks
like
the
question
is
whether
it's
only
l3
l4
or
we
also
want
to
introduce,
is
also
l7
in
scope.
Just
if
you
can
write
that
thing
down
in
the
notes,
because
you
can
follow
up
on
that
now.
So
one
of
one
other
suggestion
that
I
was
thinking
was,
do
you
think
it
makes
sense
to.
B
B
C
I
guess
you
can
do
that.
I
will
just
be
careful
about
about
the
amount
of
feedback
that
we
get
versus
what
we
can
actually
do,
because
we
tried
to
do
that
on
the
beginning
of
this
group
and
we
got
a
lot
of
a
lot
of
user
stories.
But
the
end,
but
by
the
end
of
the
day,
like
some
user
stories
were
just
for
one
or
two
users
and
were
too
hard
to
implement.
C
But
I
guess
we
can.
We
can
make
a
survey
we
can.
We
can
take
the
evidence
from
tomorrow
and
ask
like
some
some
some
marketing
from
israelites
and
thomas
graf,
but
asking
folks
to
be
like
how
can
I
say,
not
transparent
but
not
not
related
to
what
celium
does
or
or
what
kaliko
does,
but
what
they
expect
the
community
to
do
right
right.
Otherwise,
we
are
going
to
be,
as
do
be
as
it
to
just
to,
and
it's
going
to
be
hard
for
folks
like
andrea
or
kaliku
to
implement
that
as
an
example
right.
A
B
A
Think
the
next
thing,
too,
is
like
taking
some
of
these
gliding
principles,
putting
them
in
a
document
and
also
taking
the
initial
features
we
want
to
see
and
putting
them
in
a
document
together
and
starting
to
think
like.
Can
we
apply
these
principles
to
these
features?
You
know
as
we
develop
like.
A
Is
it
possible
and
then
I
think,
that'll
answer
all
the
questions
for
us
there
at
the
end
of
the
day,
you
know
my
goal
with
all
this
is
for
a
customer
or
a
user
to
be
able
to
write
a
network
policy
without
with
very
little
kubernetes
experience.
They
should
be
able
to
read
the
gamel
and
get
it
it
should.
It
should
be
explicit
and
it
should
also
encompass
the
new
features
we
want
to
see
right.
So
can
we
do
that
with
a
v2.
D
So
so
one
of
the
other
things
I
would
consider
is,
I
think,
j
j
shared
a
dog,
I
think
they've
actually
historically,
the
last
yeah,
so
they
have
actually
gone
through
a
lot
of
bugs
and
list
down
some
interesting
things
from
users.
A
Yeah
and
here's
a
reference
to
l7,
we
should.
Oh
sorry,
we,
oh
glitching.
We
should
look
at
l7
as
a
coordinate
case
which
likely
cannot
be
solved
by
this
api.
I
totally
agree,
I
think,
on
the
implementation
side
of
things.
Cni
providers
are
just
not
going
to
do
it.
I
mean
it's
a
pain
in
the
pain
in
the
butt.
Here's
some
good
things
to
think
about
for
sure.
B
A
A
B
B
A
But
I
guess
that's
more
part
of
the
feature
set,
so
that's
almost
a
totally
different
conversation.
It's
like
what.
B
Okay,
so
okay,
I'm
perfectly
fine
with
that,
so
we
can
maybe
have
a
line
in
the
sand.
Saying
that
you
will
not
look
at
l7
will
just
say
three
or
four
for
the
time
being
yeah.
I
can
then
the
ip
addresses
imports
and
we
use
various
kinds
of
selectors
to
pick
using
either
using
services
or
service
accounts
and
hard
labels
to
pick
those
pods.
But
I
think
we
can
just
keep
it
healthy,
we'll
be
okay
with
that.
A
A
A
lot
of
us
were
here,
and
it
always
comes
back
down
to
the
end
of
the
day
like
this
is
going
to
be
really
difficult
to
get
everyone
on
board,
but
I
think
before
we
even
bring
it
to
anyone
vinay,
I
think
you
know
you
go
back
to
your
your
group
and
start
talking
with
them
about
what
they
think
and
then
we're
writing
a
document.
That's
like
not
too
long,
not
too
short
that
just
cuts
a
line
in
the
sand
like
this
is
what
we're
trying
to
do.
B
So
what
I
can
do
is
like,
if
you
can
so
you
have,
you
have
you're
taking
all
these
minutes.
So
what
will
do
that?
You
know
satish
and
I
will
take
that
and
then
I'll
put
it
into
like
a.
Would
you
prefer
prefer
it
over
like
a
github
or
like
a
doc
discussion.
B
So,
let's,
let's
so,
let's
do
this
so
we'll!
If
you
want
to
start
the
document,
that's
fine,
you
know,
or
you
can
start
the
dock
and
just
put
the
salient
point
in
the
like
you
clean
it
up.
So
we'll
use
the
dock
to
the
point.
Where
that
you
know
initial
comments
are
going
to
be
fast
and
furious,
so
once
you
start
dying
down
that
we
can
migrate
it
to
get
help.
B
A
A
I
have
another
light
super
light
day,
so
maybe
we'll
think
about
canceling
next
monday
for
ricardo,
but
we
can
have
that
discussion
on
slack,
it's
it's
it's
holiday
on
year,
roll
and
you're
in
europe
yeah.
I
guess
we
don't
really
have
any
european
we're,
not
a
good
at
a
good
european
time.
Here
I
didn't
even
think
about
that.
Yeah
we
tried
yeah.
I
know
I
tried
nobody
wanted.
Nobody
came
cool
well,
if
no
one
has
anything
else
to
add,
we
can
go
ahead
and
return
10
minutes
vinay.
A
If,
if
you
want
to
just
make
that
document
and
then
throw
it
in
the
channel
in
our
slack
channel,
I
think
that'd
be
the
easiest
thing
and
hopefully,
by
next
time
we
meet.
We
have
a
little
bit
tighter
thing
and
jay
will
be
here
and
we
can
have
a
conversation
on
what's
already
on
the
on
the
paper
you
know,
but
I
think
this
is
a
really
good
start
and
I'm
looking
forward
to
it,
but
anyway
I'll
go
ahead
and
stop
sharing
great
cool.
A
Well,
I
hope
everyone
has
a
good
rest
of
the
week
good
to
talk
about
the
day
and,
talking
to
you
again.