►
From YouTube: Kubernetes SIG Network meeting for 20230608
Description
Kubernetes SIG Network meeting for 20230608
A
A
Hello,
everybody
Welcome
to
the
Thursday
June
8th,
kubernetes,
Sig
Network
meeting.
As
usual,
we
are
governed
by
the
kubernetes
code
of
conduct,
which
basically
boils
down
to
don't
be
a
jerk,
so
please
don't
be
a
jerk,
not
that
we
have
a
problem
with
that
here.
I'm
gonna
start
with
triage.
We
have
a
fairly
light
agenda
today,
which
is
great.
A
A
A
B
A
Seems
like
it's
probably
not
going
to
be
us
and
we'll
close
it
I'll
keep
an
eye
on
it.
Next
I
opened
these
two.
These
are
actually
being
worked
on
already.
These
are
just
adding
warnings
to
API
operations.
We
did
some
Antoine
and
Joe
and
I
have
been
looking
at
some
of
the
issues
around
server-side
apply
and
incorrect
map
keys,
and
we
turns
out
we're
really
bad
at
this
across
the
project
and
we
have
a
whole
bunch
of
places
and
I
didn't
realize
that
server
side
apply
completely
barfs.
A
If
you
have
an
invalid,
something
that
is
allowed
through
validation
but
not
allowed
through
the
map,
keys
and
server
side
apply.
Just
does,
unlike
client-side
apply,
which
just
corrupts
your
data
server
side
apply
just
gives
up,
even
if
you're
not
manipulating
that
field,
it
will
give
up
so
we're
looking
at
how
to
address
it.
B
A
B
Yeah,
that's
the
we're,
having
kind
one
example
of
doing
to
install
Ingress
and
doing
a
patch
and
the
patch
has
this
problem.
So
it
doesn't
work
because,
because
of
the
duplicates
of
server-side
apply
but
I
I
thought
that
you
we
have
the
the
way
in
in
the
into
in
The
Crying
To
indicate.
If
you
want
to
do
server
side
or
try
inside
that
Prime.
You
know
if
they
removed
that
we.
A
The
so
the
problem
is
that
in
some
of
these
cases
the
Strategic
merge
patch,
which
is
client
side,
will
corrupt
your
data.
It
will
find
duplicate
keys
and
it
will
just
pick
one
and
throw
the
rest
away.
Oh,
is
this
thing
too?
Okay,
and
if
you
do
it
server
side,
server
side
apply,
looks
at
it
and
says:
oh,
these
are
not
unique,
Keys
barf
and
it
just
returns.
A
generic
500.
B
A
So
we're
looking
at
adding
a
better
error
code,
possibly
making
it
so
that
it
only
barfs
if
you're
actually
like,
manipulating
those
specific
Fields,
adding
better
warnings
when
you
actually
do
these
things
and
possibly
converting
some
of
the
lists
that
aren't
really
Maps
into
Atomic
lists.
Instead
of
pretending
that
they're
mapped.
A
A
Right
you
can't
co-own
it:
okay,
okay,
yeah,
it's
unfortunate,
but
things
like
environment
variables
is
one
of
these.
Where
the
map
says
you
can
only
have
one
value
for
each
name,
but
actually
they.
It
is
not
a
map,
it's
an
ordered
list,
because
each
name
can
reference
names
that
came
before
it,
and
so
you
can't
just
reorder
it.
A
B
A
B
A
C
Yeah
we've
been
talking,
I
mean
this
is
very
relevant
to
Gateway
API,
because,
honestly,
the
the
people
that
are
reading
and
consuming
app
Protocols
are
largely
the
same
implementations
that
our
implementing
Gateway
API
app
protocols
has
always
just
been
more
of
a
hint
than
a
requirement,
and
the
the
problem
is:
if
you
have
implementation,
specific
hints,
there's
not
a
way
to
describe
that,
because
you
can
pick
one,
but
then
you
can't
have
interoperability
across.
You
know,
implementations
a
list.
C
C
A
C
Yeah
I
would
love
to
avoid
this
I.
Have
we
have
discussed
you
know?
Potentially,
maybe
this
just
becomes
something
like
we
describe
in
Gateway
API
this
it
that's
even
worse,
though,
because
then
you
have
to
define
the
intersection
between
like
if
somebody
sets
app
protocol
and
then
they
set
this
other
thing,
that's
similar
on
Gateway
API,
and
how
do
you
interrupt
between
those
I
don't
know,
I
discussion.
Ideas
are
very
welcome
on
this
one
yeah.
D
So
so
the
issue
is
that
if
you
create
a
service
with
a
selector
and
then
remove
the
selector,
you
are
left
with
an
orphaned,
endpoints
and
endpoint
slice,
which
is
intentional.
But
if
you
then
modify
the
endpoints
object,
you
get
a
second
endpoint
slice
for
the
same
service,
because
now
you
have
one
endpoint
slice
that
was
orphaned
by
the
endpoint
slice
controller
and
one
that
was
created
by
the
end
point
slice
mirroring
controller,
and
this
seems
like
an
edge
case
that
we
just
didn't
think
about
and
probably
didn't
intend.
D
C
C
C
D
C
C
C
C
D
C
Well,
so
right
now
the
way
the
controllers
work
is.
They
are
informers
that
only
watch
the
endpoint
slices
they
own
so
like
they're,
so
they
only
know
of
their
own
little
world.
They
don't
know
and
changing
that
could
actually
be
more
complicated.
At
least
that's
how
I
remember
the
controller
working
we
should
verify,
but.
C
C
B
Let
me
ask
different
things:
there
is
this
problem
that
they
added
this
logic
and
because,
when
this
logic
fails
because
of
this
problem,
the
post
that
was
collector
starts
to
fail.
The
root
cause
is
the
the
silver
solid
pricing,
but
what
I'm
asking
is?
Are
we
going
to
leave
this
control
in
this
state
of
the
week,
come
up
with
a
different
solution,
or
do
we
want
to
fix
quickly
this
controller
and
yeah.
B
C
A
B
B
A
A
B
A
Let's,
let's
take
this
one
offline
and
do
the
rest
of
the
agenda
and
then,
if
we
have
time
we
can
come
back
to
it
because
we
do
have
at
least
a
couple
of
other
things.
Antonio
I,
I
jumped
I
put
my
name
in
ahead
of
you,
but
I.
Don't
know
how
long
your
topic
is.
You
just
wrote
a
lot.
Do
you
want
to
go
first?
Yes,.
B
It's
quick,
okay,
so
I've
been
attending
the
cni
meetings
for
because
one
of
the
recurring
problems,
mainly
with
cni
plugins
that
can
install
as
demon
said,
is
that
they
don't
handle.
Well,
they
know
the
life
cycle,
and
may
you
don't
do
a
lot
of
trickery
with
paints
or
or
everything
is
super
Congress
to
get
this
right.
B
So
one
of
the
the
way
that
that
the
network
really
word
for
kubernetes
is
just
as
the
container
runtime
the
container
runtime
implementation
is
very
basically
just
checked
that
this
has
cni
copy
five,
and
that
is
ready
and
one
possible
solution
is
to
implement
a
verb
in
the
cni
spec.
So
the
container
Valentines
can
have
a
better
information
about
the
CNA
status
and
use
this
to
provide
the
no
node
printers
node
network
will
read
this
to
the
key.
A
I
I
have
thought
down
this
path
myself
for
a
while
and,
like
you
said,
it's
a
big
project
and
I
haven't
had
the
activation
energy
but
I
I
think
I,
agree.
People
I
can't
I'm
getting
tired
of
correcting
people
when
they
talk
about
Network
policy
as
part
of
their
cni
and
I.
Just
you
know
what
the
vernacular
wins.
Sometimes
it's
it's
the
kleenex
of
network
plugins,
but
I
agree
that
these
things
are
not
uncoordinated
components.
They
need
to
be
together
and
there
probably
should
be
one
holistic
API.
A
D
A
Okay,
well,
look
I'm,
I'm,
broadly
supportive
of
the
initiative,
I'd
love
to
see
if
somebody
wants
to
start
putting
together
thoughts
on
what
would
all
be
included
in
such
an
API
like
starting,
very
vague
and
refining
it
I'd
love
to
discuss
and
look
at
that
I'm
not
going
to
have
time
to
drive
it
myself
in
the
near-term
future.
But
I
do
think
it's
important.
B
D
A
A
The
cap
prr
freezes
nominally
today
and
we
are
short
on
prr
reviewers
more
than
ever,
so
anybody
who's
looking
for
a
way
to
contribute
shadowing
prr
is
a
great
way
to
have
some
outsized
impact,
but
I
wanted
to
run
through
the
Caps
that
we've
got
open
and
make
sure
that
I'm
doing
the
right
thing
with
them.
So
let
me
share
screen
one
more
time
share
this
one.
A
Everybody
see
this.
Yes,
all
right.
The
columns
sort
of
reflect
the
code
base
of
the
features,
not
the
code
base
of
the
Caps,
so
a
few
of
them
have
like
already
moved
towards
GA,
but,
looking
at
anything,
that's
tagged,
128
I
think
we're
still
going
where
we
did
GA
already.
We
we've
merged
that
for
pte
iptables,
restore
minimization
was
I,
think
it
was,
it
must
have
been
checked
in
if
I
already
moved
it
to
across
columns
and
DNS
expansion.
That's
fine
I
talked
with
Rob
and
Antonio
this
morning.
A
A
A
A
A
That
that
was
my-
that
was
my
read
too.
So
no
no
rush
we've
got
over
a
month
to
do
it.
We
just
need
the
pr
okay,
multiple
service
citers
is
paused.
While
we
figure
out
the
overlapping
issues,
Antonio's
got
some
docs
there
that
we
need
to
revisit
so
not
going
to
make
the
cut
for
this
week.
Admin
Network
policy
is
async:
dual
stack,
node
IP,
stuff
Dan.
D
B
A
A
A
C
D
A
Okay,
great
as
long
as
they
like
it,
doesn't
need
prr
or
anything,
then
we're
good
for
this
week's
deadline
are
there.
These
ones
are
all
in
some
form
of
stasis.
I
think
I,
don't
know
anything
about
the
host
Network
Port
host
Network
support
for
Windows.
Does
anybody
here
know
what's
going
on
with
this.
B
A
C
A
A
D
A
B
D
Then
well,
okay,
so
so
actually
the
the
the
incremental
changes
stuff
in
in
the
service
chain,
tracker
and
endpoint
change
tracker
is,
is
sort
of
broken
right
now,
and
so
we
do
need
to
fix
that
before
NF
tables
can
be
fully
working
but
and
and
the
refactoring
is
sort
of
leading
towards
that.
But
no
in
general
the
refactoring
is
just
to
make
everything
nicer.
It's
it's
not
actually
like
a
hard
requirement
for
NF
table
support.
A
B
A
B
A
A
A
D
I
mean
their
their
own
well,
I,
don't
know
how
we're
tracking
Gateway
stuff
in
terms
of
caps
but
like
we're,
not
there's
no
Gateway
on
here.
Okay,
yeah
there's
been
talk
about
adding
in
a
network
policy
equivalent
of
gaps
except
that,
except
that
nobody
can
agree
on
what
acronym
to
use
so
that
that's
holding
it
up,
but.
A
Right
now
this
this
dashboard-
this
is
the
old
GitHub
project
format
and
it's
not
very
extensible.
The
new
project
format
is
much
more
extensible,
so
I
mentioned
I'm
I'm
working
on
a
new
dashboard
for
myself
that
that
I'm
going
to
bring
back
into
this
and
hopefully
convert
this
into
that
and
then
it'll
be
easier
to
manage,
and
then
we
can
consider
by
then
it'll
probably
be
too
late
for
Gateway.
But
we
can
consider
adding
more
caps
for
more
fine-grained
stuff,
because
I
think
life
cycle
will
be
easier
to
manage.