►
From YouTube: [SIG-Network] Ingress NGINX meeting for 20230622
Description
[SIG-Network] Ingress NGINX meeting for 20230622
A
Hello,
everyone,
my
name,
is
James
strong
today
is
June
22nd,
and
this
is
the
Sig
networking
Ingress
nginx
subproject,
which
means
it's
a
cnco
project
and
it
adheres
to
the
COC
the
code
of
conduct.
If
you
have
any
issues
with
anyone
in
the
meeting,
please
report
those
to
myself
or
Ricardo
we'll
go
to
the
cncf
themselves.
So
with
that
we'll
go
ahead
and
get
started,
I've
got
a
lot
more
people
on
the
call
got
a
couple
new
faces.
A
So,
as
always,
we
like
give
the
new
members
an
opportunity
to
present
themselves
what
they're
bringing
what
they
hope
they
get
out
of
attending
the
meeting,
and
you
know
just
a
little
bit
about
themselves
in
the
project.
B
Okay,
nice,
okay,
nice
I'm,
satyam,
I'm,
an
SRE
and
like.
B
Involved
with
kubernetes,
like
as
an
user
as
of
now
but
I
used
to
be
a
part
of
six
storage,
maintaining
one
of
the
entry
plugin
called
as
open
EBS
driver
and,
like
you
know,
six
storage
and
I've
been
involved
with
kubernetes
since
late
2016
and
as
of
now,
like
I'm,
only
an
user
of
kubernetes
and
increase
engineers
and
basically,
from
the
user's
point
of
view,
we
saw
some
like
you
know,
gaps
which
we
tried
to
fill
in
by
opening
a
PR.
B
So
my
main
intention
for
this
call
is
to
basically
getting
know
the
community
and,
like
you
know
how
Sig
Network
actually
works
and
basically
how
best
we
can
work
together
to
basically
get
this
change
merged,
Upstream,
possibly
with
feedback
so
yeah.
That
is
my.
That
is
me,
so
I'm
based
out
of
India.
So
it's
evening
here
so
yeah,
okay,.
A
Awesome
and
that's
what
we
ask
folks,
we
ask
folks
if
they
have
a
PR,
that
they
want
us
to
look
at
that
maybe
has
been
languishing
or
hasn't
had
any
looks
on
it.
So
I
appreciate
you
joining
the
community
call
thanks.
D
Hello:
everyone,
my
name,
is
I
work
alongside
satyam,
so
we
kind
of
valve
are
here
to
represent
that
pull
request.
And,
coincidentally,
we
also
happen
to
define
a
potential
dialogue
service
in
the
in
the
metrics
subsystem
in
the
controller
which
we
recently
reported.
So
maybe
we
could
bring
that
to
your
attention
to.
A
I
I
I
hesitate
to
say
this,
but
those
will
get
added
to
the
queue
because
I
think
we've
got
a
couple
that
we're
still
trying
to
resolve.
But.
D
Yeah
security
issues,
yeah
yeah-
that's
that's
fair
enough.
I
just
wanted
to
make
sure
that
you
know
we
reported
things
in
the
right
way
and
that
they
will
be
handled
like
this
is
not
a
like
a
major
disaster.
It
is
just
you
know,
a
matrix
granularity
explosion,
so
not
great,
but
not
not
the
highest
priority.
D
A
Well,
thank
you
for
joining
and
yeah
again.
Thank
you
for
pointing
that
out.
It's
it's
always
helpful.
Yeah.
We
can't
catch
everything,
so
we
appreciate
that
all
right.
A
Review
the
action
items:
this
is
always
the
part
where
it
says:
I
didn't
do
what.
A
Week
last
two
weeks,
but
I
think
this
one
looks
pretty
good
because
we
did
Cover
I.
Think
most
of
the
open
topics
got
pulled
in
Ricardo
was.
E
A
Reviewed
and
we
still
got
the
hdb
bun
stuff,
the
absolute
warning
stuff
completed:
I,
don't
remember
what
these
two
PRS
were,
but
they
got
merged
when
I
looked
at
them,
Dylan
I,
don't
know
if
you're
still
on
I,
don't
I
can
only
see
the
video,
but
we
did
have
a
request.
I
wanted
you
to
look
at
okay,
or
at
least
maybe
get
someone
from
nginx
to
look
at
it.
B
A
A
Got
two
of
those
to
look
at
all
right,
so
just
things
to
follow
up
on
they're
in
the
deck
and
I
dropped
the
dock
in
there.
Okay,
that
was
a
couple
issues.
I
think
I
went
through
these
already,
but
I'm,
not
gonna
not
going
to
bring
these
back
up.
A
I'll
go
back
for
this
list
myself,
but
the
one
thing
I
did
add
is
I
did
see
someone
asked
in
our
slack
Channel
I,
don't
know
if
there's
a
users
or
Dev
about
the
2o
breaking
changes,
so
I
just
wanted
to
start
tracking
what
we
think
is
going
to
be
in
the
2-0
breaking
changes.
A
So
they
know
one
I'm
trying
to
get
a
181
patch
out
now,
because
there's
a
couple
CDs
for
our
old
friend
openssl,
so
I
want
to
get
181
out
before
we
try
to
do
one
nine
one.
Nine
is
going
to
have
the
the
validation
stuff
from
Ricardo,
so
we're
gonna.
That's.
A
A
To
2o
before
we
do
a
1-9,
so
we
just
need
to
discuss
the
The,
annotation
validation,
stuff
and
then
all
the
other
things
here.
So
probably
when
we've
got.
A
Once
Gentile
and
Ricardo
reviewed
it
as
well
so,
okay,
let's
start
hearing
the
action
items,
always
a
fun
bit.
A
Might
try
to
keep
this
to
the
we
don't
have
a
secretary
or
anything
so
I'm
going
to
try
to
keep
it
to
the
15
minutes.
This
is
always
difficult
to
go
through
just
because
one
of
these
could
take
15
minutes
to
triage.
A
Let's
go
ahead
and
start
looking
at
these
so
looks
like
we've
got
a
bug
open.
It
was
always
fun.
A
Really
don't
oh
did
we
just
looks
like
we
just
missed
one.
E
A
A
E
E
F
E
F
E
But
yeah
I
don't
see
that
annotation.
This
looks
like
it's
for
nginx
yeah,
I'm
gonna,
leave
that
one
alone
and
I'm
gonna
be
mean
and
assign
it
close.
It.
E
E
A
A
H
A
A
H
No,
but
it
wasn't
released
yet:
okay,
I
honestly,
if
this
is
the
same
one
but
Maybe
drop
yeah,
that's
doesn't
seem
the
same.
F
H
H
H
We
state
that
on
the
documentation
so
like
they
are
saying
that,
if
you
have
a
sold
me
here,
then
the
original
request
will
throttle
which
can
happen,
I'm,
not
sure
if
the
vehicle
I
don't
remember
if
the
mirror
model
is
like
a
synchronous
or
a
synchronous,
if
it
just
triggers
a
new
connection
and
and
goes
away
or
not,
I
need
to
take
a
look
at
that,
but
I
wouldn't
expect
anyway,
some
kind
of
SLA
for
mihor
traffic.
To
be
honest,.
A
H
I
mean
this
could
be
so
many
things
like
can
be
some
limit
of
connections
from
you
know
the
Linux
machine,
or
this
can
be
a
some
troutling,
but
we
kind
of
ignore
the
error,
so
I'm
not
sure
if
they
are
asking,
if
they
want
to
see
Diego
from
the
mihor
like
hey,
we
should
have
some
logs
somewhere
saying
that
we
couldn't
send
to
the
mirror,
because
the
miracle
film
or
if
they
want
like,
if
we
cannot
meet
her,
then
we
want
the
traffic
to
be
dropped.
H
The
second
one:
it's
not
what
we
expect
from
a
mirror
right,
well,
I
know,
that's
the
same
thing
when
you
have
a
physical
switch
and
you'll
be
hurry
up.
Your
part,
you
are
just
saying
whatever
happens
on
a
happens
on
B
and
I.
Don't
care
about
the
answer
right?
The
second
one
I
would
need
to
I'm
sorry.
This
is
the
second
one,
the
first
one
which
is
like
I
just
want
to
have
an
error,
saying
that
the
traffic
couldn't
be
me
on
it.
I
need
to
take
a
look.
How
this
is
developed.
H
To
be
honest,
I
I
can't
remember
so
my
answer
for
that.
It's
just
like:
if
we
need
to
give
an
answer
right
now,
it
would
be.
We
need
to
take
a
look,
because
we
heard
shouldn't
be
used
in
production
right.
E
A
He
was,
he
was
not
able
to
replicate
it.
So
there's
lots
of
other
there's
lots
of
other
pieces.
Yeah,
like
you
said,
I
will
leave
that
very
nice
comment.
A
F
F
A
H
C
Probably
using
some
sort
of
like
dumb,
almost
like
there's
plenty
of
tools
out
there
that'll
generate
either.
You
know
bad
traffic
or.
H
Yeah
or
I
mean
you
you
can
you
can
you
can
call
the
transversal
path
just
to
check
it
right
so
doing
slash
to
dots
blah
blah?
My
my
my
my
question
was
more
like.
If
what
how
they
know
when
they
trigger
this
call,
the
detection
only
it's
working
on
unblocking,
no
right.
So
if
they
are
getting
some
some
some
ahor
or
something
like
that
or
not.
C
H
Yeah
this
this
shouldn't
matter
to
be
honest,
I,
so
the
way
that
mod
security
works.
H
It's
it's
kind
of
confusing,
still
still
configuring
that,
because
I
think
that
even
in
your
rules,
you
need
to
set
what
action
you
want
to
fake
right
and
I
can't
remember
if
we
do
that,
based
on
the
OS
Pros,
but
one
of
the
things
that
someone
pointed
in
in
the
bottom
and
I
would
try
that
it's
kind
of
trying
to
split
all
of
these
configurations
as
well.
H
Maybe
it's
taking
too
long
to
parse
and
it's
getting
like
the
site
is
down
because
under
the
detection,
only
you
can
just
say:
I
couldn't
pass
everything
right
like
you
send
me
a
request:
I
couldn't
parse
it
so
do
whatever
you
want,
I'm,
not
gonna
block.
You.
H
So
maybe
it
is
a
performance
issue,
but
in
in
the
case
that,
like
you
know
like
like,
when
we
have
the
web
hooks
in
kubernetes,
you
have
the
feo
policy,
which
is
ignore.
If
you
cannot
reach
the
web
hook,
then
you
have
the
fail
policy,
which
is
fail
when
you
cannot
reach
that.
So
I
think
that
when
you
set
the
detection,
the
dissect
rule
to
the
second
engine
to
own,
you
are
saying:
if
I
cannot
parse
everything
in
this
time,
just
just
drop
it
right.
E
A
To
fail
open
when
I
do
see
that
he
did
ask,
he
did
ask
him
to
split
out
the
objects
so
we'll
see.
H
Yeah,
let's,
let's
wait
but
anyway
it's
it's
kind
of
tricky.
I
need
to
take
a
look,
how
the
configuration
is
generated
and
if
there
is
like
a
timeout
of
of
root
parsing
as
a
configuration
I
can't
remember
on
the
top
of
my
head,
but
maybe.
H
F
H
The
left
you're
pointing
it
to
the
right
direction,
like
turn
left
or
right,
yeah
I
can
let
let
page
me
as
synchronous
I
would
try
to
point
you
at
least
to
the
right
configuration
and
where
they
think
they
happen.
A
E
F
A
All
right
cool
do
one
more.
A
C
Him
doll
is
like
it's
like
a
I,
think
it's
the
I'm,
pretty
sure
it's
a
it's
an
it's
a
tool
that
they
use
to
basically
give
a
user
interface
to
whatever
they
want.
Really,
if
it's
the
same
one
I'm
thinking
is.
E
F
A
H
I
think
the
new
validation
accepts
this
on
The
annotation
is
not
a
valid
blah
blah
blah
yeah.
H
Proxy
pass
blah
blah
blah
yeah,
so
it
should
be
accepted,
blah
blah,
blah
yeah.
It
should
be
accepted.
I
think
this
is
a
bug,
probably
on
the
rejects,
I'm,
not
sure
what
let
me
take
a
look
if
I
can
find
what's
what's
wrong.
It's
it's
saying
on
this
one,
because
I
was
doing
this
whole
validation,
stuff
and
I
figured
out
that
we
we
have
some
problems
on
some
some
of
the
objectives
that
we
use.
F
F
A
H
Are
discussing
they
are
discussing
on
the
on
on
Slack,
but
they're
just
discussing
I,
don't
think
that
they
they
have
added
anything
there.
H
A
A
So
I've
got
a
couple
open
topics
that
I
wanted
to
discuss,
but
I
think
we
should
let
our
friends
who
join
to
discuss
one
sorry
I,
just
looked
at
the
chat,
yeah
Handel
is
the
one
that
opens
the
portals
in
Thor,
so
I
guess
that
makes
sense
what
that
tool
is
supposed
to
be
doing
anyway.
B
F
F
D
Like
to
be
transparent,
yeah.
E
D
Okay,
perfect
yeah,
so,
like
honestly,
there
are
what
we
like
to
do
is
there
are
two
approaches
to
solving
this
problem
right
for
complete
transparency,
and
there
are
two
pull
requests
open
to
add
this
feature:
requests
of
adding
custom
response.
Headers-
and
you
know
it
would
be-
maybe
a
bit
unfair-
to
try
to
push
one
of
the
approaches
without
discussing
the
other.
D
So
what
we'd
like
to
do
really
is
to
start
conversation
about
you
know
what
is
the
best
way
to
to
to
implement
this
feature
and,
of
course,
as
people
opening
this
pull
request
and
kind
of
representing
it.
We
think
that
the
approach
of
using
like
a
sing,
simple
string
annotation,
would
be
the
the
you
know
the
best
and
it
will
be
the
best
for
the
wider
Community
as
well.
D
However,
there
is
some
there
was
some
pushback
from
one
of
the
maintainers
I
believe
who
wanted
to
see
a
different
approach,
but
you
know
those
both
both
of
those
pull
requests
have
been
started
for
quite
a
while,
and
you
know
we'd
like
to
get
things
moving
one
way
or
the
other.
Of
course.
A
Yeah
annotations
are
not
our
favorite
yeah.
H
If
you
allow
me
so,
we've
been
for
the
last
two
years
trying
to
on
on
up
mice
and
Cat
Chase,
try
to
close
CVS
that
are
generated
by
by
bad
validations
on
on
annotations
right.
So
it's
it's!
No
one
fault.
We
we
know
that
there
are
some
parts.
H
We
don't
do
a
good
job
parsing
some
things
we've
been
trying
to
even
to
figure
out
better
ways
of
doing
that
with
inginex
folks
that
they
have
a
library
for
the
trying
to
split
control,
plane
and
data
plane,
which
is
which
is
one
of
the
subjects
that
we
have
next
right.
H
So
the
big
problem
today
and
we
kind
of
explaining
that
in
in
the
past,
is
that
as
an
apology
to
to
let's
say
anything
else
in
kubernetes
right,
the
Ingress
is
one
component
that
you
put
on
the
internet
and
it
does
have
direct
access
to
the
API
server
right
and
it's
not
a
a
regular
access,
but
it
is
an
access
with
Secrets
or
a
clusterscope
with
access,
or
something
like
that.
So
we
started
to
be
really
really
really
really
annoying
with
new
annotations
and
things
that
may
end
up
on
the
internet's
configuration
right.
H
So
when
I,
when
I
saw
that
a
key
value
thing
the
First
pushback
on
that
was
like
okay
annotations,
they
have
a
limit
on
their
size
right.
So
if
you
need
a
bunch
of
headers,
you
are
going
to
have
a
problem
on
that
and
parsing
the
annotations
and
and
doing
that,
maybe
like
I
need
to
change
something.
So
I
will
end
up
needing
to
change
my
Ingress.
H
We
will
need
to
do
some
really
really
really
really
annoying
validations
on
the
annotations
to
see
if
it
accepts
one
value
but
doesn't
accept
the
other
if
we
can
use
variables
of
engine
X
inside
it
or
not,
and
so
on
right.
So
that's,
first
of
all,
that's
that's
why
I
keep
pushing
back
on
that
and
I'm
really
annoying
with
these
annotation
stuff,
I,
I,
agree
and
and
I
think
that,
having
a
specific
annotation
for
things
that
we
miss
today
and
people
use
Snippets
to
implement
it's
the
right
way
right.
H
So,
as
an
example,
I
keep
seeing
that
the
majority
of
people
that
use
knee
pads
configuration
because
of
because
of
our
lack
of
a
feature
to
implement
heaters
response,
heater
request,
heaters
and
so
on
so
I'm
glad
that
someone
picked
this
up,
but
also
I,
I
I
I've,
seen
constantly
inside
our
controller
that
the
way
that
people
they
are
doing
that
even
to
reuse
that
in
different
Ingress
objects
it's
with
the
config
map
on
the
same
in
space.
H
So
let's
say
you
have
on
the
same
namespace
three
ingresses
objects,
one
for
each
behold:
storage
for
each
environment,
but
you
decided
to
go
with
the
same
namespace.
You
can
point
to
the
same
config
map
or
you
can
copy
the
complete
mapper
so
on,
while
the
annotations
they
are
going
to
be
a
bit
more
confusing
right.
H
We
can
do
validation
on
the
config
map.
In
fact,
I
think
that
I
have
pointed
some
code
that
we
do,
that
validation
on
some
of
the
coffee,
Maps
I,
think
that's
on
the
first
CGI
call,
but
we
do
have
on
the
others
and
for
the
for
the
sake
of
cleanliness.
On
on
the
annotations
and
the
other
things.
That's
why
I've
said
I
prefer
that
you
do
that
using
the
config
map,
instead
of
just
overloading
the
object
with
an
annotation
right.
So
that's
that's
why
we
are
trying
to
to
well.
H
We
are
trying
to
keep
that
standard
on
that,
not
relying
on
many
arbitrary
information
on
on
the
annotations
and
that
maybe
we
will
need
maybe
not
I
know
that
we
already
do
have
on
on
on
the
validation
work
that
I
was
doing
on
the
annotations,
and
you
probably
need
to
rely
that
on
the
complete
map
as
well
on
the
headers
as
well
right,
so
cutting
some
utils,
or
something
like
that.
H
That
says
this
can-
or
this
cannot
be
part
of
the
header
that
you
wanna
add
as
a
response
as
a
request
or
something
like
that
right,
I,
I'm,
really
not
feeling
comfortable
with
making
these
annotations
and
instead
using
the
config
okay.
H
But
I
am
also
happy
to
hear
about
that.
I!
Don't
want
to
frustrate
you
folks,
but
I.
Don't
think
that
we
are
going
to
ship
this
on
on
a
shorter,
at
least
like
for
the
next
one
or
two
weeks,
because
we
are
in
the
middle
of
releasing
a
new
version
with
a
bunch
of
validations.
We
are
not
adding
any
new
annotations
right
now
until
we
finish
the
all
of
the
validation
stuff
right.
So
I
don't
think
that
being
really
honest
and
transparent
with
you
folks,
I.
D
You
sorry
yeah,
this
photo
request
hasn't
opened
a
while
ago,
so
you
know,
there's
there's
no
huge
rush
to
get
in
London
right
now,
like
you
raised
some
good
points,
but
I
would
like
to
address
some
of
them
with
regards
to
validation.
So
even
if
you
use
config
maps
to
store
your
header
names
and
values,
you
still
have
to
validate
those
strings,
because
you
know
config,
mark
value
will
still
be
a
string.
D
So
with
regards
to
injecting
malicious
content
into
your
Android
X
config,
the
approach
you
use
to
to
configure
those
things,
it
doesn't
matter
right,
so
whether
you
use
config,
Maps
or
a
row
string.
Your
security
exposure
is
almost
the
same.
I
take
almost
because
in
case
of
a
row
string,
you
have
to
split
by
new
line.
So
if
there
is
some,
you
know
security
problem
with
splitting
using
a
new
line.
You
know
that
could
maybe
lead
to
some
other
knock-on
effects.
I
would
say
very
unlikely,
but
not
impossible.
D
However,
like
in
terms
of
adding
things
to
the
config
and
your
next
config
I
would
say,
the
risk
is
the
same
right.
It's
just.
How
do
you
configure
it
and,
of
course
you
know,
you
saw
some
of
our
arguments
that
having
a
simple
okay,
simple
annotation,
that
does
this
thing
actually
does
make
it
a
lot
better.
D
On
on
the
wider
Community,
like
I
I,
actually
went
through
quite
a
few
Helm
charts
today
to
check
what
they
do
and
like
top
five
I
checked
top
to
top
five
Helm
Sharps
that
allow
you
to
configure
Ingress
as
part
of
the
Helen
charts.
They
support
custom
annotations,
so
anyone
using
those
annotations
would
be
able
to
inject
headers
using
a
stock
charts
without
the
need
to
to
create
any
extra
config.
D
If
we
go
down
the
config
map
route,
now,
that's
not
possible,
so
you
either
have
to
patch
every
Helm
chart
to
allow
people
to
use
custom
annotations
with
nginx,
or
maybe
you
have
to
like
do
things
outside
of
the
health
chart.
So
there
is
like
a
I,
would
say,
significant
impact
on
this
on
the
wider
community
on
the
decision
which,
which
way
you
go.
How
do
you
like?
Which
approach
do
we
use
to
configure
those
annotations
right?
D
There's
also
the
question
of
validation
right
like
it's.
This
is
very
subjective,
but
you
know
the
having
a
simple
string
could
be
easier
to
validate
than
having
to
read
the
config
map
name
from
annotation
and
then
validating
the
the
conflict
map
that
you
point
out
from
The
annotation
so
effectively.
D
If
you
want
to
use
admission
controller
to
come
to
restrict
your
your
headers
that
you
can
enjoy
that
allow
people
to
interact
with
the
config
Mark
conflict
map
approach,
you'll
have
to
verify
two
things
right:
you'd
have
to
I,
guess:
you'd
have
to
look
up
config
map
name
and
then
you
would
have
to
validate
content
of
the
config
map.
D
D
Code
no
I
mean
you
do
that
in
the
code.
However,
you
don't
do
that,
like
in
admission
controllers,
like
caverno
or
open
policy
agent
right
external
tools,
tools
that
live
outside
of
nginx,
those
calls
you
know
can
be
used
to
restrict
what
people
can
do
right
and,
and
they
are
used
by
many
other
projects.
They
even
give
you
like
example,
policies.
What
what
this
lets
you
do
is
basically
lets.
You
prevent
users
from
even
applying
config
that
doesn't
meet
your
specific
standards
right.
A
D
If,
if
your
strings
arbitrary
strings
come
from
a
conflict
map,
they
have
to
be
validated
in
the
same
way
whether
they
come
from
the
content
map
or
directly
from
The
annotation
itself
right,
it's
you're
still
allowing
users
to
inject
well
to
to
provide
input
right
and
that
input
has
to
be
validated.
So
exactly
where
the
string
comes
from.
I.
Think
that
you
know
that's
probably
not
the
biggest
security
issue
here
right
unless,
unless
there
is
like
some
kind
of
concern
you
have
with
you
know,
using
multi-line
strings
right.
A
I've
already
I've
put
two
two
more
comments
in
there
anyway
around
this
I
don't
know
Ricardo
do
you
do
we
feel
strongly
on
pushing
this
to
a
config
map
versus
an
inner
keeping
it
in
an
annotation
either
way
when
we
do
Drop
The,
annotation
validation?
It
could
also
break
this
as
well.
So
foreign.
D
If
you
think
that
more
validation
is
needed,
like
100,
this
should
happen
right.
We're
not
trying
to
say
that
the
pull
request
is
perfect,
ready
to
go
right.
We're
just
like
trying
to
to
agree
which
approach
do
we
take
and
then
could
we
then
work
to
to
make
that
approach
be
as
robust
and
not
secure
and
good
as
possible.
Right.
A
H
My
only
piece
on
that
is
that
inline
EML
validation,
it's
kind
of
hard
right,
so
it's
not
only
about
the
line
breaks,
but
the
space
is
that
may
be
used
to
trig
the
parser
or
anything
else.
I.
To
be
honest,
I
I
I
can't
see
both
of
the
sides,
but
I
I
am
still
waiting
at
least
to
have
this.
The
validation
measured
to
look
to
then
have
this
thing
rebase
and
then
see
how
this
will
look
like
right.
H
Maybe
maybe
because
one
of
the
things
that
we
can
do
as
an
example
we
say:
okay,
we
accept
that
but
I'm
I'm
not
sure
if
folks
already
saw
the
validation
theme,
but
we
are
adding
some
concept
of
risks
and
what
we
can
do
is
say:
okay,
you
can
use
this
annotation,
but
but
this
annotation
is
considered
the
risky
bias,
so
the
admin
should
specifically
say:
I,
allow
annotations
with
high
risk
and
I
think
it's
it's
fine
right.
D
You
know
something
else
that
if
I
may
propose
like
so
that's
on
the
Tactical
side,
of
course
we
can,
we
can
discuss
those
things
should
be
like
separately
considered,
the
I
guess
usability
of
the
community.
Like
maybe
do
you
know
what
users
prepare,
for
example,
is
there
like
a
strong
preference
towards
conflict
of
type
conflict
out
there,
or
is
there
a
strong
preference
towards.
H
H
Is
actually
a
great,
a
great
question
and
and
proposal
that,
as
as
someone
that
has
been
doing
kubernetes
for
some
fine
I,
think
that
this
is
one
of
the
questions
that
we
should
be
making
more
right.
H
Sorry,
Brandon,
I'm,
gonna,
I'm,
probably
I'm
gonna,
pass
that
to
you
after
this
that's
one
of
the
questions
that
we
should
be
doing
more
because
I
think
that
our
user
experience
in
the
end,
it's
just
like
I,
mean
Ingress
API,
was
just
devoted
to
Gateway
API,
because
at
some
time
we
figured
out
that
the
Ingress
API
wasn't
easy
to
deal
with
while
we
needed
some,
some
other
personal
definition
and
other
things.
And
maybe
this
applies
also
to
this
response
heater.
H
So
no
I,
don't
know
what
the
community
wants
to
and
maybe
that's
a
good
question
to
make.
But
again
we
should
probably
put
in
a
balance,
as
James
said,
what's
the
easier
versus
what's
the
safer
and
have
this
kind
of
decision
based
on,
because
we
don't
want
to
announce
like
in
three
months
a
new
cve,
because
because
we
we
kind
of
miss
it
parsing,
some
some
something
on
The
annotation.
That
could
be
a
config
map
on
vice
versa,
because
we
thought
that
it
was
going
to
be
easier
one
or
the
other
way.
H
G
So
I
just
wanted
to
talk
on
the
idea
of
adding
this
as
an
Ingress
annotation.
That
I
mean
this
is
the
whole
reason.
Gateway
API
now
exists
is
that
cramming
the
operational
overhead
on
a
resource
that
does
often
times
in
a
lot
of
cases,
get
used
by
developers
essential
application
developers
to
expose
their
applications,
who
don't
have
as
much
insights
into
what
all
these
annotations
do?
G
Could?
Potentially
you
know
this
is
adding
one
extra
thing
that
could
potentially
be
a
an
issue
and,
in
my
experience,
working
with
a
couple
of
companies,
a
lot
of
the
operational
people
only
add
the
annotations
after
it
leaves
the
like
Engineers
wheelhouse,
but
this
is
kind
of
the
idea
right.
It's
like
adding
this
for
engineers
to
kind
of
play
with
does
also
create
that
I
don't
know
what
this
does,
but
I'm
gonna.
C
C
So,
on
a
more
like
I,
don't
know
grandiose
scale
on
the
question
of
in
asking
the
community
it
it.
Maybe
it's
would
this
be
something
that
might
be
good
to
maybe
put
together
and
I
hate
to
say
the
word,
but
some
sort
of
a
survey
or
a
feedback
loop
that
where
we
can
add
not
just
this,
but
maybe
a
laundry
list
of
other
things
that
we
don't
know.
C
So
if
we
parse
together
a
number
of
ish
or
unknowns
that
the
community
might
have
feedback
on
and
and
let
them
let
them
have
their
their
word,
I
mean
I'd,
be
willing
to
help
with
that.
I.
Don't
know
how
Jazz
the
community
will
be
about
a
survey,
but
maybe
find
a
different
way
to
ask
him.
A
Yeah
we
did,
we
did
it
about
a
year
ago,
maybe
a
year
and
a
half
ago
we
ran
through
one.
So
we
could
definitely
put
that
together.
We
can
have
like
questions
because
normally
we
like
to
ask
like
what
are
they
using
Ingress
for
versions
and
all
of
that,
but
we
can
also
inject
some
questions
like
this.
We
config
maps
versus
annotations.
A
I
I
think
to
to
get
this
PR
through
here's.
What
I
I
propose
I've
got
so
I've
got
two
questions
down
at
the
bottom,
because
I
just
read
this
today,
we
need
to
do
three
things
we
actually.
There
is
a
some
fake
template
to
do
this
globally.
So
what
happens?
If
an
admin
sets
one
Global,
it
sets
I
had
a
response
globally
and
somebody
puts
one
that
it
changes.
A
A
So
if
I
say
you
know,
request
like
you
have
to
force,
I
I,
don't
even
know
what
it
could
be,
but
if
there's
a
conflict
we
need
to
be
able
to
manage
that,
and
it
should
the
global
one
should
override
the
individuals
and
then
add
an
end-to-end
test
for
a
negative
test,
so
giving
them
bad
data,
giving
the
parts
of
bad
data
and
making
sure
that
the
regexes
are
doing
what
we
expect
them
to
do,
because.
E
A
We've
seen
this
time
and
time
again,
where
we'll
put
a
regex
in
and
we'll
miss
something.
So
if
having
a
couple
negative
tests
would
help
and
the
third
one
which
I
haven't
commented
on
I
can
add
that
to
this
PR
is
that
we
need
a
way
to
just
disable
them
from
an
admin's
perspective,
like
we
do
with
configuration
Snippets.
If
an
admin
doesn't
want
to
allow
custom
headers,
we
need
to
be
able
to
disable
it.
A
If
and
when
a
cve
does
come
out
about
custom
headers,
an
admins
option
is
to
disable
them.
So,
let's
add
the
disable
and
fix
those
two
asks
that
I
have
here
and
then
in
that
time
frame
we
should
have
The
annotation
validation
done.
So
you
can
do
the
rebase
and
see
how
that
works
with
the
new
validations
that
we're
doing
for
all
annotations.
That
Ricardo
is
working
on.
A
B
B
Is
good
to
be
honest
like,
and
this
asks
for
negative
ATV
tests
and
also
like
the
good
question
about
the
global
customators
annotation,
so
I
think
we
are
going
to
work
on
these
two
and
also
the
third
one
to
disable.
So
I
think
these
are
the
good
asks
and
we
can
work
on
this,
not
a
problem.
H
Yeah
I
I
promise
I
will
I
will
take
a
look
into
this
PR
or
a
bit
more
foreign
and
provide
you
some
some
feedbacks
ongoing
I
was
super
focused
on
the
other
thing
and
I
couldn't
take
a
look
into
into
PR's
bigger
than
small,
but
I
I
will
try
to
follow
up
with
you,
folks
on
that
and
see
how
this
thing
is
going
as
well.
Okay,.
D
Like
with
regards
to
the
community
like
I
I'd
like
to
you,
could
take
a
look,
what
happened
Charles
did
like
that's,
that's
one
of
the
big
wins.
I
think
we
get
with
this
approach,
which
is
that
you
kind
of
seamlessly
make
this
teacher
available
to
anyone
using
most
Talent
charts
because
they
just
allow
you
to
interact
any
annotations.
You
you
want
into
Ingress
objects.
D
So
that's
very
nice
like
if
we,
if
we
have
to
do
config
maps,
that
will
be
a
little
bit
more
problematic
for
the
community,
still
it's
possible
to
update
those
charts,
but
there
will
be
some
extra
work.
So
would
be
nice
if
it
was
just
like
a
plug-and-play
solution
that
it
just
works
for
everyone.
D
A
Agreed
I
added
it
in
there
I
know
we
got
about
one
minute
left
I.
Think
that
there's
two
things
I
want
to
talk
about.
Real
quick
is-
and
you
probably
already
saw
this
Ricardo
at
all-
is
that
I
just
created
a
dock
where
we
can
start
discussing
what
the
2o
breaking
changes
are
going
to
be,
what
we
want
them
to
be
and
then
to
get
them
and
start
tracking
those
really.
It
was
obviously
the
cpdp
split,
the
strip
validation
path
being
set.
But
true,
that's
the
one
we
just
put
out.
A
We
haven't
discussed
if
we're
actually
going
to
do
the
mod
security
pull
and
then,
of
course,
we
know
that
that
was
the
datadog
discussion
with
the
hotel.
If
we're
actually
going
to
start
removing
the
others
as
well.
So
we
just
need
to
start
brainstorming
what
the
2o
was
going
to
be
and
then
get.
We
can
start
getting
feedback
as
well.
B
F
H
A
Wrist
rust
for
replacing
luo.
C
C
Yeah,
okay,
I,
don't
want
to
play
it's
very,
very
new.
It
is
a
huge
priority
for
us,
so
you're
gonna
see
things
get
worked
on
pretty
regularly,
but
we've
also
made
the
same
level
of
Dev
investment
in
njs
as
well.
I.
H
F
C
C
Up
with
Damien
about
getting
together
and
helping
you
guys
with
that,
instead
of
just
saying
come
back
to
us
with
a
big
giant
list,
I
kind
of
got
into
it
with
him
about
okay.
Well,
we
can't
just
go
to
them
and
say
build
us
a
big
giant
list.
Why?
Don't?
We
just
put
some
skin
in
the
game
and
help
them
with
that,
and
then
we
can,
because
we
do
have
a
vested
interest
in
getting
away
from
Lua
as
quickly
as
we
can
in
in
any
aspects
that
we
yeah
yeah.
G
Everyone
James
just
before
you
go,
do
you
want
them?
Do
you
want
me,
do
you
want
me
to
start
doing
that
list,
because
I
went
quite
deep
into
the
Lewis
stuff
over
the
last
like
couple
of
weeks,
so
yeah.
A
A
H
Yeah
I
know
the
impact
it's
like
for
people
using
Tomcat
wildfly,
Jade
boss,
whatever
right,
but
on
those
case
they
still
have
HTTP
endpoint
I've
I've
been
dealing
with
a
lot
of
times
on
past.
But
to
be
honest,
I
can't
see
a
lot
of
people
using
that
and
it's
one
less
C
model
that
we
should
maintain
in
in
the
code,
so
I'm
I'm
thinking,
I'm
doing
that.
A
H
Yep
I
I
I
can
do
that
and
let
me
finish:
the
validation
thing
merge
that
the
docs
and
the
other
things
and
I
won.
We
can
even
measure
that
and
make
a
release
because
I'm
disabling
the
validations.
It's
feature
flagging
right
now,
but
before
I
imagine
that
I,
probably
wanna
fix
actually
making
releases
based
on
the
branch.
So
maybe
it
could
in
a
branch
based
on
what
we
have
today
and
try
to
make
the
release
based
on
the
branch
so
a
weekend
yeah,
we
can
do
that.
H
Arnold
explaining
me
that
to
the
cloud
build
runs
whatever
we
put
on
cloud
build,
so
maybe
we
can
put
some
pre-comments
on
cloud
build,
saying
fetch
all
of
the
tags
that
we
have
and
run
the
cloud
build
also
against
those
tags.
So
when
we
want
to
do
a
new
release,
what
we
can
do
is
actually
change
the
tag
on
on
the
3DS
and
have
some
way
of
triggering
cloud
build
without
changing
the
tech
file
right.
So
some
some
Trigger
action
that
we
need
on
Pro,
which
is
kind
of
okay.
H
I
mean
we
can
we
can
do
that,
all
of
mean
actually
like
having
the
branch
but
doing
the
trigger
of
the
new
versions
on
Main.
So,
instead
of
having
the
Ted
file,
we
would
have
some
releases.yaml
file
that
we
say
hey
now.
We
have
release
blah
blah
blah
right
and
that
will
trigger
Cloud
build
and
we
can
make
the
promotion
visit
on
that.
The
only
difference
would
be
that
we
pass
back
to
Cloud,
build
or
whatever
saying
hey
you.
You
go
and
build
the
images
of
this
this
this.
H
This
isn't
this
tag
and
open
a
new
promotion
PR
automatically
or
something
like
that,
and
we
can
even
rely
on
like
like
doing
you,
opening
with
your
account
and
I
do
in
the
slash
approved,
with
my
account
all
of
automatically
kind
of
right.
So.
A
Yeah
I'm
I'm,
fine
with
the
release
branches
I
was
I
was
joking.
It
shouldn't
it
shouldn't,
take
too
much
to
add
it
to
add
a
branch
and
then
do
a
release.
Yeah.