►
From YouTube: Kubernetes SIG network meeting 2020--02-06
Description
Kubernetes SIG network meeting, Feb. 06 2020.
A
D
E
D
C
E
D
E
D
E
A
A
D
Mean
so
the
reason
this
discussion
came
up
before
is
it
turned
out
that
someone
had
broken
the
e
to
eat
Network
policy
tests,
and
then
they
stayed
broken
for
like
five
months,
and
we
never
noticed,
and
and
so
we
decided
that
yeah,
it
probably
would
make
sense
to
run
them
on
GCP,
even
though
it's
not
testing
everybody,
because
then
at
least
we're
making
sure
that
the
tests
work,
but
anyway,
okay.
So
it
sounds
like
this
does
not
need
I
mean
this
is
just.
H
D
F
E
H
I
J
E
C
D
D
E
A
E
Like
if
it
comes
sorry,
am
I
sending
up
Revathy
I'm
a
two
pots
in
the
same
node,
one
of
which
is
the
DNS
server
and
one
of
which
is
the
DNS
client
yeah
and
the
client
issues
a
UDP
packet
which
goes
to
the
root
namespace
translate
the
service
IP
to
the
pot
I.
He
writes
a
connection
tracking
record
response
set
forwards
it
to
the
DNS
server.
The
DNS
server
will
respond
to
the
pods
IP
from
the
DNS
server
pods,
like
connection
tracking,
should
reverse
that
look
up.
E
K
E
F
F
D
C
E
G
Yeah
well,
most
Lisa,
a
heads
up
with
the
Clayton
presented
a
in
the
during
the
past
signal
will
meeting
the
his
put
request
for
the
IP
family.
I
see
it
on
that,
you
were
probably
need
Tim
Priebe
with
it
and
Rob
Scott
premier
with
but
I'm
afraid
that
the
discuss
have
more
replication
in
you
know
in
another
services,
I,
don't
know,
maybe
Bobby
with
the
service
API
I'm,
really
confused
about
these
new
feel
and
and
I
will
not
believe.
More
of
you
put
your
your
item
on
the
proto
quest.
G
What
I
did
is
because
the
product
course
is
to
confuse
him.
I
created
two
different
put
request
to
the
cap
to
address
some
is
more
things.
One
is
the
heavenly
service
headless
service
with
selectors
an
IP
family
to
see
we
need
to
modify
10
points,
controller
to
return
with
the
person,
multiple
samples
per
pod
and
the
other
is
with
some
some
to
rest.
It
a
dualistic
validation,
because
I
know
that
the
goal
was
to
have
multiple
service
riders
with
a
comma-separated
list,
but
the
defeat
is
to
confuse
them
and
I.
E
I
wasn't
sure
why
there's
200
replies
to
that
issue
or
whatever
in
that
order
when
it
really
felt
like
what
was
missing
was
the
ability
to
clear
their
IP
family
flag
on
external
name
when
you
were
just
setting
externally
that
was
on
a
Tuesday
or
so
they're,
not
gonna,
go
back
to
it
and
understand
it
like
is
there
more
enlightenment
that
you
can
share
with
me?
Do
you
understand
it
dad.
D
This
I'm
gonna,
say
I,
don't
understand
everything
either,
but
so
one
issue
is
that
yeah,
you
kind
of
want
to
clear,
IP
family
in
some
cases,
except
that
it's
documented
as
being
immutable.
So,
theoretically
we
can't-
and
so
that
was
one
thing
the
other
one
is.
It
was
unclear
if
we
had
intended
for
headless
services
to
be
able
to
be
dual-stack.
E
Or
not
so
my
read
was
we
had
intended
for
them
not
to
be
dual-stack.
Rather
headless
service
was
subject
to
the
IP
family,
so
a
single
stack,
even
if
it
was
headless
I,
don't
know
if
that's
a
right
decision
or
a
wrong
decision.
We
can
go
back
and
revisit
that,
but
the
IP
family
mutability,
perhaps
should
be
the
same
as
cluster
IV,
which
is
you
can
mutate
it,
but
only
when
you're
changing
type
to
or
from
a
type
that
does
or
doesn't
use
cluster
IV
right.
E
E
E
You
know
I
will
take
it
back
to
the
issue,
but
mostly
I.
Don't
understand
why
it's
such
a
huge
deal,
except
that
I,
Jordan
and
Clayton
said
something
about
the
difficulty
of
taking
the
value
from
the
server
config
when
you're
in
the
middle
of
an
update
of
AJ
masters,
where
you
might
get
different
values
and
I
didn't
quite
catch.
What
was
broken.
G
There
are
different
things:
they
are
there,
I'm
in
deep
waters
with
Jordan
comments
and
all
the
AP
I
think
he
meant
you
something
about
the
queue
masters
and
what
should
he
and
Clayton
were
back
and
forth
I.
Think
then
Dan
has
better
insights
on
that.
But
the
other
is
the
the
the
problem
with
the
meaning
of
what
IP
farming
is.
G
When
you
go
to
the
careless
services
that
is
about
DNS,
so
you
can't
have
an
inconsistency,
for
example,
a
service
that
has
a
big
family
ipv6,
and
you
have
all
the
points
that
before
then,
when
you
go
to
external
med,
you
can't
have
the
IP
v
may
be
family
to
whatever
IP
family
and
I
mean
I.
Think
that
the
for
me,
the
main
issues
is
that
as
a
user
of
that
field,
I
don't
have
clear.
What's
the
meaning
sure.
E
So
we
can,
we
can
fix
that
clearing
it.
Clearing
IP
family
for
external
name
seems
completely
reasonable,
like
commit
that
that
seems
like
a
very
reasonable
thing
to
do,
making
a
clearer
documentation,
stain
statement
that
IP
family
defines
the
selection
of
which
end
points
to
use
in
even
in
a
headless
service,
also
seemingly
reasonable.
D
G
Ones
that
I
said
are
minor
things.
You
know
it's
to
fix
the
validation
and
to
clarify
all
these
thing
with
the
what
we
want
to
do
with
the
health
services.
Yes,
small
things
to
do
not,
but
the
big
chant
is
this
crate
on
Jordan
thing
that
I
I
don't
know
all
these
default
in
this
search?
Is
you
know,
services
on
the
ski
I?
Don't
know
sati
what
they
what
they
want
to
do.
Okay,.
A
F
Our
week,
or
so
back
as
a
first
step
for
the
whole
local
cider
changes,
I
what
I
did
was
refactored
the
whole
code
to
allow
us
to
introduce
newer
models
without
actually
changing
anything
in
the
existing
right.
So
for
during
actor,
where,
if
you
run
concurrent
actions
the
same
behavior
is
there
but
it's
going
through
and
then
tomorrow
you
can.
We
can
add
other.
E
G
D
D
D
D
J
E
D
G
A
E
E
E
E
The
only
the
only
time
I've
ever
seen
this
happen
is
when
the
queue
proxy
on
my
local
machine
is
dead
and
I'm
trying
to
send
requests
to
a
pod
that
doesn't
exist
anymore,
so
the
packet
actually
makes
it
all
the
way
to
the
destination.
Node
the
destination
node
and
says
sorry,
no
route
to
host
and
ICMP
is
a
back.
D
E
E
B
J
G
D
D
J
G
G
L
L
Was
dealing
this
one
but
I
couldn't
figure
out
what
was
happening
because
he
said
that
he
walked
me.
He
got
a
pretty
small
node
and
just
didn't
work.
It
I
couldn't
reproduce
that
so
I
had
just
an
assignment
me
and
if
someone
wants
to
pick
it
up
and
see
what
about
these
small
nodes
I
think
that's
a
performance
issue
of
see
of
his
environment.
But
if
anyone
who
got
another
idea.
D
C
G
L
F
D
D
F
E
It's
just
rain
yeah,
it's
not
Indonesia.
Okay,
what
happens?
Is
it
basically
everything's
asynchronous
right
here,
so
somebody
says:
go
delete
this
pod
cubelet
says:
oh,
this
pods
being
deleted
about
30
seconds,
but
it
sends
a
signal
now
coupon
says:
oh
I'm
gonna
receive
Sigma
and
either
exit
or
close.
My
socket
right
right.
Meanwhile,
that
pods
not
gone
so
the
new
pod
might
not
be
up
yet
because
everything's
happening
asynchronously
right,
so
the
scheduler
is
busy
thinking
about
which
node
am
I.
D
E
Well,
this
I
mean
no
matter
what
there's
a
race
right,
that
pod
will
go
unready
and
that
has
to
propagate
up
to
the
API
server,
which
cubelet
does
not
do
instantaneously
right
and
then
that
has
to
probably
get
back
down
to
other
acute
proxies
to
remove
it
from
points
there's
still
a
race
where,
if
you
immediately
on
the
sea
term
close
your
socket,
you
will
be.
You
will
get
some.
F
C
E
E
E
E
Yeah,
so
I
got
an
even
quick
one.
Quick
update,
I
was
talking
to
Jordan
through
this,
it
sounds
like
the
real
issue
is
around
for
ipv6
is
around
clients
who
don't
preserve
fields,
they
don't
understand.
So,
if
I
have
a
backrub
client
with
IP
family
who
tries
to
change
something
to
external
name,
it
will
fail
because
it
detects
IP
family
of
being
unset
when
you're
not
allowed
to
unset
it,
but
it
shouldn't
need
to
be
said
in
the
first
place.
Cuz.