►
From YouTube: Gateway API Office Hours for 20200923
Description
Service APIs Office Hours for 20200923
A
All
right
welcome
to
service
api's
office
hours
for
september
23..
This
could
maybe
be
a
short
meeting.
I'm
not
sure
we
have
a
dwindling
release
checklist,
which
is
always
great
news.
I
I
want
to
focus
today
on
the
few
prs.
I
think
there
are
four
pr's
I've
identified
that
are
super
close
to
being
mergeable.
Maybe
are
you
know
all
feedback
is
resolved
and
there's
some
form
of
lgtm,
but
not
official
lgtm
on
it
kind
of
thing.
So
that
includes
the
tls
on
route
listed
here.
A
That
includes
potentially
gateway
selection.
This
one
we're
gonna
talk
about
more
today.
The
gateway
class
authorization.
Well,
we'll
probably
talk
about
all
of
them,
but
there
was
an
interesting
alternative
proposed
for
this,
but
I
think
the
pr
itself
is
mostly
good
as
it
stands
and
then
finally
backend
policy
also,
I
think
we've
mostly
reached
a
consensus
on
and
then
today,
james
pr
for
gateway
status
got
in
as
so
that
leaves,
I
believe,
gateway
class
as
the
remaining
primary
resource
that
needs
conditions
added
to
it.
A
I
I
started
it
and
then
I
I
wanted
to
prioritize
getting
my
other
prs
in
first
just
so
that
I
wouldn't
constantly
be
rebasing
against
myself,
which
I
started
doing,
and
so
I'm
hopeful
that
we
can
get
a
bunch
of
prs
in
today
or
next
24
hours
and
and
then
really
make
progress
on
that
api
cleanup,
because
I
think
it's
it's
fundamentally
close
as
well.
It
just
it
just
needs
to
be
split
up
a
bit
and
made
easier
to
review.
A
A
A
This
includes
a
lot
of
things
that
are
already
in
underworks
underway.
Some
of
these
are
covered
by
my
api
cleanup.
Pr
and
the
reason
I
did
just
one
massive
pr
is:
it
felt
like
anything
like
admin
items
to
all
fields
is
going
to
just
conflict
with
anything
that
you
know
admin
length,
you
know
you're
going
to
be
changing
the
same
thing.
You
know
very
similar
fields
and
very
similar
files,
so
it
felt
maybe
less
bad
just
to
try
and
chunk
that
up
into
a
larger
pr
anyway.
A
A
Back-End
policy
was
or
is
an
an
interesting
concept.
There
has
been
some
hesitation
around
the
concept
of
a
resource
at
all
and
then
there's
been
separate
hesitation
around
how
generic
the
backend
policy
name
is,
and
I
thought
oh
well,
you
know
I
can.
I
can
solve
this
with
one
of
those
cool
slack
polls
and
we'll
have
a
really
clear
consensus
on
what
to
do
and
unfortunately
it
there
wasn't
quite
the
same
consensus
that
appeared
before
I'd
say.
A
There
was
a
very
slight
preference
for
keeping
the
name
as
back
in
policy
and
because
that
is
the
path
of
least
resistance.
That's
what
I'm
tempted
to
do,
but
I
I
I
don't
know
of
anyone
that
feels
very
strongly
on
name
here.
I
think
the
two,
the
two
favorites
were
back
in
policy
and
back
in
connection
policy
here.
A
A
A
Maybe
we
should
allow
some
kind
of
superset
pattern
here,
because
so
gke
we
already
have
some
kind
of
crd
that
is
similar
in
nature
to
back-end
policy,
but
it
includes
a
lot
of
implementation,
specific
things,
and
we
know
we
can't
you
know
we.
You
know
it
doesn't
really
make
sense
for
those
implementation,
specific
bits
of
config
to
all
live
in
open
source
and
there
are
limitations
as
far
as
what
can
be
done
with
extension
refs,
you
don't
necessarily
want
an
extension
ref
for
each
little.
You
know
policy,
you
know
annotation
whatever
it
might
be.
A
So
an
idea
that
I
had-
which
I
think
may
be
a
reasonable
compromise-
is
to
require
all
implementations
to
support.
Back-End
policy
and
back-end
policy
is
where
core
configuration
lives,
but
implementations
may
choose
to
provide
their
own
version
of
back-end
policy
that
includes
all
the
same
fields,
all
the
same
config
as
back-end
policy,
plus
implementation,
specific
config.
A
On
top
of
that,
this
is
a
pretty
different
idea
and
I
wanted
to
throw
this
out
there
and
see
if
it
sounded
like
a
terrible
idea
or
if
it
would
be
useful
to
any
other
potential
implementations
and
to
clarify
I'm
not
saying
I
am
still
saying
everyone
should
still
support
back-end
policy,
I'm
just
also
saying,
if
you
want,
you
could
also
do
this.
One
other
thing.
B
So
that
sounds
like
a
promising
idea.
What,
if
you
support
back-end
policy,
and
you
have
another
crd
to
support
implementation,
specific
things
right
like
like
things
like
tls,
have
like.
We
have
tls
right
now
in
back-end
policy,
if
you
want,
let's
say
health
checking
or
you
have
another
policy
that
is
implementation
specific.
If
you
don't
settle
on
an
api
in
the
core
or
extended
part
that.
C
C
A
Yeah
that
that's,
that
is
exactly
the
problem
we've
been
trying
to
deal
with,
because
we
already
have
that
you
know
that
kind
of
custom,
implementation,
specific
config
and
we're
trying
to
grapple
with
this
idea
of
okay.
So
previously
users
would
have
to
configure
ingress,
and
this
you
know
crp
right
and
now
we're
saying:
okay,
you
have
to
consid,
you
know,
configure
gateway,
class
gateway
route
and
backend
policy.
A
Plus
you
know
our
implementation.
Specific
stuff,
so
like,
like
you
say,
cr
crd
explosion
is,
is
a
good
term.
Here
I
don't
know,
there's
definitely
potential
messiness
with
the
kind
of
superset
pattern
I'm
describing
here.
It's
just
it's
all
trying
to
find
the
right
balance
between
you
know
complete
isolation
and
somewhat
reasonable
user
experience.
You
know
one
of
one
of
my
concerns
with
two
completely
separate
crds
here
is
that
as
an
example,
some
users
may
yeah
it.
It
feels
it
feels
not
obvious
to
a
user.
A
A
B
A
A
A
A
C
A
C
Right,
okay,
yeah.
I
think
I
had
that
backwards
right.
These
are
the
name
spaces
where
a
gateway
can
use
a
particular
class,
and
that's
that's
a
specific
api
field
and
it's
kind
of
the
intention.
There
is
kind
of
access
control
right
and
it
feels
like
kind
of
an
odd
api
to
have
in
there
like
a
field,
that's
related
to
access
control
when
we
have
a
whole
rbac
system,
where
you
can
define
cluster
roles
and
role
bindings
to
configure
our
back.
C
You
specify
cluster
roles
to
say
this
role
allows
you
to
create
a
gateway,
the
gateway
class,
with
this
name
or
gateways
of
this
gateway
class.
So
you
would
define
roles,
you
might
have
one
role
that
just
allows
you
to
create
any
kind
of
gateway
of
any
class
or
you
might
have
more.
This
role
can
create
these
fancy
load,
balancer
gateway,
class
gateways,
and
this
other
role
can
only
create
more
basic,
maybe
less
expensive
gateways
of
a
simpler,
more
basic
gateway
class
and
then
right
as
the
yeah.
This.
This
is
a
good
illustration.
C
So
the
suggestion
is,
you
would
have,
you
would
use
our
back
to
say
this
role
can
use
this
gateway
class
by
gateway
class,
the
gateway
classes,
resource
name,
and
then
you
would
bind
that
role
to
a
service
account.
My
suggestion
was
the
default
service
account
and
a
namespace
to
allow
to
allow
whoever
has
control
of
that
namespace
to
use
gateways
of
the
gateway
class
in
question
associated
with
that
role
and
the
default
policy
could
be
allow
any
authenticated
user
to
create
any
kind
of
gateway
class.
A
A
Is
that
that's
my
understanding?
It's
hard
it's
hard
to
find
something
that
would
enable
us
to
actually
bind
this
to
a
user
or
a
group,
and
and
that's
what
I
would
absolutely
love
to
have
work
here,
because
you
know
if
this
could
work
like
vanilla,
our
back
I,
this
would
be
the
dream.
In
my
opinion,.
B
C
A
Yeah
I
get
that
yeah.
It
doesn't.
I
guess
to
me
it
doesn't
matter
so
much
whether
it's
a
user
service
account
group,
whatever
the
problem
is
the
actual
thing
that
is
creating
a
gateway
like
the
the
way
that
the
way
that
you've
defined
this,
as
I
understand
it
is
you-
are
granting
this
access
to
a
namespace
you're,
not
you're,
not
granting
this
access
to
a
service
account
you're,
granting
it
to
the
namespace
in
a
kind
of
indirect
way
right,
and
so
this
can
happen
within
that
namespace.
Not
ex-user
can
do
this.
C
A
C
C
A
Yeah,
no,
that
that's
really
interesting,
I
yeah
that's
that's
where
I
was
getting
hung
up,
was
finding
the
place
inside
kubernetes,
where
we
could
actually
implement
this
kind
of
custom
authorization
where
you
like,
as
I
understood
so
like
a
validating
web
hook.
As
I
understand
it,
you
just
have
access
to
the
resource.
You
you
don't
have
any
concept
of
who
who's
trying
to
create.
It
is
that
correct.
C
B
A
I
can't
imagine
anyone
is
going
to
be
upset
if
we
change
that
to
use
our
back
in
the
next.
You
know
we
re,
we
deprecate
this
concept
and
instead
suggest
using
our
back.
I
I
don't
know
I'd
be
interested
in
just
understanding
in
the
next.
You
know
I
don't
know
a
couple
days
if
it's
possible
to
use
our
back
for
what
we
want
to
do.
A
A
Yeah
yeah,
that's
this.
This
feels
like
a
a
lot
of
work
to
get
right
and
you
know
it
would
it.
I
think
it
would
require
having
some
kind
of
controller
to
even
really
be
able
to
to
implement
it,
some
kind
of
shared
controller.
So
I
yeah
my
my
personal
preference
is
to
push
this
to
v1
alpha
2,
but
that
does
not
mean
to
slow
down
looking
into
it
because
I
think
it
I
I'm
I'm
really
interested
in
this
approach.
A
I've
been
struggling
as
we've
all
seen
for
a
long
time
with
finding
the
ideal
approach
here
you
know,
I
think
a
namespace
selector
is
at
least
there's
some
prior
art
and
the
term.
You
know
network
policy
or
something
like
that,
but
it
it
is
never
particularly
loved.
It's
a
thing
that
works,
but
it
you
know
if
we
can
use
our
back
all
the
better
because,
unlike
mike
I,
like,
I
think
many
have
said,
this
is
primarily
an
authorization
problem.
E
E
C
A
E
A
A
Okay,
and
with
that,
I
think
we're
good
to
move
on
to
pr
triage
I'll
say
you
know
this.
This
may
be
far
too
optimistic,
but
in
my
ideal
world
I'd
love
to
get.
You
know.
I
think
there
are
four
pr's
that
are
just
super
close.
I
would
love
to
get
those
in
in
the
next
24
hours
and
then
you
know,
ideally
again
perfect
world
I'd
love
to
spend
part
of
tomorrow's
meeting
going
through
the
cleanup
pr.
A
I
think,
there's
a
few
more
things
I'd
like
to
discuss
as
a
whole
there,
but
I've
already
gotten
some
great
feedback.
Thank
you
to
everyone,
who's
already
reviewed
it,
and
once
we
get
these
kind
of
impending
prs
in,
I
can
do
a
rebase
clean
everything
up
and
there
won't
be
quite
as
many
conflicts,
so
that
is
that
is
my
goal
here.
A
B
B
A
C
A
A
This
one
also
has
some
form
of
unofficial
lgtm
here,
and
this
you
know,
was
actually
just
harry
deferring
to
danian
in
this
case,
since
I
know,
you've
left
some
comments
as
well,
so
not
not
to
put
you
on
the
spot
or
anything
damian.
But
if,
if
there's
anything,
that's
left
over
on
here,
let
me
know
otherwise.
I
think
this
may
be.
E
A
Yeah
you
can,
you
can
absolutely
do
that.
I
need
to
ping
bowie
to
make
sure
he
approves
the
maintainers
pr,
but
yeah
you
can.
You
can
so
slash.
Lgtm
is
any
member
of
the
kubernetes
sigs
org,
which
I
think
you
are
and
so
yeah
feel
free,
yeah,
cool
and
then
there's
just
a
couple.
Tiny
ones
left
the
downstream
tls
one
I
added
harry
has
resolved
all
feedback.
A
I'm
pretty
happy
with
how
this
looks
now.
So
I
added
an
approve
but
wanted
to.
You
know
defer
to
someone
else,
doesn't
matter
who
to
add
a
final
lgtm
on
this
one.
But
to
me
this
pr
looks
good.
I
think
you
know
harry
added.
I
think
three
different
examples
now
and
otherwise
I
think
it's
it's
it's
in
a
good
place.
In
my
opinion,.
A
A
Maybe
as
soon
as
maikaya
creates
a
follow-up
issue
on
this,
we
should
go
ahead
and
get
this
one,
and
I
I
think
this
is
probably
also
good
to
go,
and
I
I
mean
really.
You
know
I
hate
to
rush
these
in,
but
I
would
just
love
to
get
these
in
so
that
you
know
follow-up
prs,
don't
have
to
rebase
a
bunch
as
one
each
of
these
move.
A
You
know
go
in
one
at
a
time
and
the
very
last
one
is
this
one,
and
maybe
we
should
talk
a
little
bit
more
about
naming,
because
naming
is
always
fun,
it's
funny,
because,
yes,
this
is
a
the
allowed
gateway.
Namespace
selector
was
a
painfully
long
name.
Your
suggestion
was
gateway,
namespace
selector,
I
elsewhere.
I
am
suggesting
allowed
gateway
namespaces
and
both
of
these
kind
of
come
from
the
world
where
gateway
class
had
fields
that
related
to
both
route
and
gateway,
and
we
got
rid
of
the
route
field.
A
A
E
A
E
A
Yeah,
I
don't
feel
too
strongly
on
this
one.
I
I
as
long
as
you
know,
I
feel
like
gateway
name.
Space
selector
allowed
gateway,
name
spaces
are
both
equally
easy
to
understand.
I
don't
mind
you
know
selector,
you
know
I.
There
are
a
ton
of
fields
that
have
selector
as
a
suffix,
and
that
is
clear
how
that
field
should
be
used.
So
I
I
get
that
idea
and
then
you
know
again
between
name
space,
selector
and
gateway,
name,
space,
selector,
yeah,.
E
A
Yeah
yeah,
not
necessarily,
but
I
I
think
the
more
I
thought
about
this.
The
selector
suffix
probably
does
make
sense,
and
the
reason
I
say
that
is:
we
have
a
concept
of
route
name
spaces
on
gateways,
and
that
is
not
a
selector
directly.
It's
route,
namespaces
namespaces.selector
like
there's
a
selector
field
inside
of
it.
So
if
we
had
a
gateway
named
faces
field
that
was
a
selector
and
a
route
namespaces
field
that
wasn't.
I
think
that
would
be
confusing.
A
So,
given
that
I
do
think
a
selector
suffix
probably
does
make
sense.
It
also
allows
us
in
the
future
if
we
want
to
support
it,
to
expand
this,
to
have
say
a
list
instead
of
a
selector.
I
don't
know
if
we
ever
will,
but
it
does
make
it
clear
that
this
is
purely
a
selector,
not
a
list,
not
anything
else.
E
A
Perfect,
I
appreciate
it.
I
think
I
think
we're
getting
awfully
close
here
and
yeah.
Hopefully
we
can
get
a
few
of
these
in
in
the
next
24
hours
or
so
and
I'll
be
shifting
my
focus
over
to
this
cleanup
pr,
and
I
think
we've
got
lots
and
lots
of
work
to
do
on
documentation
if
anyone
has
some
some
time
to
contribute.
E
D
E
E
E
A
E
Yeah,
it's
funny.
You
mentioned
the
ingress
stocks
because
that's
what
I
had
pulled
up
to
just
trying
to
use
that
as
a
reference,
and
so
you
know
my
mind
is
basically
saying:
okay,
you
know
our
docs
should
be
pretty
similar
to
what
I
posted
in
the
in
the
chat
window
and
it's
not
necessarily
like
the
way.
E
The
current
doc
site
is
organized
yeah,
but
you
know
I
think,
using
this
as
a
reference
model
and
and
then
obviously
we're
dealing
with
more
than
just
a
a
single
resource
like
ingress
but
yeah.
In
my
mind
I
was
saying:
okay,
let
you
know,
let's
use
this
as
kind
of
the
starting
point
yeah,
which
kind
of
covers
all
the
different
things
from
like
how
you
know.
Example,
installation-
and
you
know
background
of
what
each
of
the
resources
would
be.
A
A
A
E
E
A
Absolutely
agreed
yeah.
Thank
you
for,
for
that
idea.
That's
that'll
be
great
to
have
a
plan
before
we
really
dig
into
it
and
I'd
also
yeah.
I
think
any
comparison
to
the
ingress
api
is
going
to
be
remarkably
helpful
because
that's
where
at
least
initially
a
lot
of
potential
users
are
going
to
be
coming
from.
A
A
You
know
I
I
hate
to
as
an
example,
one
of
one
of
the
prs.
I
have
right
now,
flattens
all
http
route,
I'd
hate
to
have
someone
go
to
a
lot
of
work
to
create
all
these.
You
know
examples
between
ingress
and
http
route
and
then
everything
gets
flattened
and
you
have
to
redo
all
the
examples,
as
you
know,
but
hopefully
we
can
get
that
in
really
quick,
well,
relatively
quick
and
just
purely
focus
on
documentation
soon,
yeah,
okay!
E
E
A
Yeah,
I
was,
I
thought
I
heard
someone
talking
like
well.
This
is
weird:
why
would
someone
be
talking
when
I'm
talking
yeah
anyway?
Here
we
are
yeah?
We
have
every
intention
of
of
making
that
part
of
the
core
open
source,
not
an
implementation,
but
shared
code
base.
If
we
want
to
call
it
that
so
certainly
a
validating
web
hook,
you
know,
just
if
you
think
of
validation
as
something
that
is
handled
by
open
source
like
by
this
repository,
then
bundling
a
validating
web
hook.
A
Maybe
it
makes
more
sense,
for
you
know,
implementations
and
their
installation
instructions
to
I'm,
I'm
not
sure
there.
I
don't
think
we've
answered
that
yet,
but
I
know
I
know
pretty.
Certainly,
it
does
does
not
make
sense
for
every
implementation
to
try
and
implement
the
same
validation
logic
and
and
as
a
kind
of
separate
point
james
had
in
one
of
one
of
the
conditions
that
that
went
into
gateway
yesterday
today,
whenever
it
was,
as
proposed
by
james,
was
a
no
such
gateway
class.
A
I
think
that
might
be
a
reason,
not
a
condition.
I
forget,
but
the
idea
that
there
is
something
on
gateway
that
indicates
that
there
is
no
such
gateway
class
and
I
think
there
are
a
couple
other
examples
of
conditions
or
potential
conditions
we
might
want
to
add
that
are
going
to
get
messy
if
we
require
implementations
to
write
them.