►
From YouTube: Network Policy API Meeting for 20230829
Description
Network Policy API Meeting for 20230829
B
Cool
okay,
so
hello,
everyone
today
is
Tuesday
August
29th.
This
is
a
meeting
of
the
Sig
Network
Paul
API
subgroup
to
Sig
Network.
This
is
a
cncf
certified
meeting.
So
that's
why
I
have
to
give
this
Spiel.
Please
be
nice
to
everybody
and
follow
their
code
of
conduct
rules
not
too
much
on
the
agenda
today.
B
I
just
shared
the
agenda
in
chat
for
folks
who
want
to
follow
along
I,
had
some
quick
notes
that
we'll
start
with
first
Is
We
I
think
we
were
pretty
fortunate
in
this
group.
It
looks
like
we
are,
are
confirmed.
Gna
have
a
cucon
talk
for
the
network
policy,
API
subgroup
as
a
maintainer
track
talk.
So
that's
really
exciting
over
the
next
couple
months,
we'll
be
prepping.
B
It
like
I,
highly
recommend
that,
if
folks
have
ideas
of
things
they
want
to
be
highlighted
there
like
please
let
us
know
we'd
be
happy
to
highlight
stuff
that
anyone
in
this
tro
in
this
group
feels
is
important.
I
know,
suria
and
I
will
be
there
and
hopefully
Yang
as
well.
So
yeah
that's,
really
exciting
and
then
also
suria
got
one
accepted
on
admin.
B
Network
policy,
specifically
so
we'll
have
two
talks
representing
this
group
that
I
know
of
so
far,
and
that's
really
exciting
so
congrats
to
everyone,
okay
and
then
the
next
one
is
literally
just
a
shout
out
for
a
review.
We
have
three
n
peps.
The
erress
one
is
almost
there.
Tency
has
been
updated
by
Nadia
she's
on
PTO
I
had
some
questions
for
her
and
then
fqdn
is
pretty
small,
like
I'd
like
to
get
that
moving
along.
So
please
try
to
give
those
some
review.
B
All
three
I
would
like
to
kind
of
get
moving
forward.
They're
listed
in
order
of
Readiness
in
my
opinion,
but
please
take
a
look
at
whatever
one
interests
you
or
open
new
ones.
If
you
want
cool,
so
that's
all
I
have
I'm
gonna
toss
it
over
to
Hunter
looks
like
you
did
some
work
with.
C
Cyclonus
yeah,
hey
everybody,
so
I'm
gonna
share
my
screen.
I.
B
I,
give
you
I'll,
give
you
permission
to
do
so
here,
just
a
minute:
okay,
make
co-host!
Okay,
it's
all
you.
C
So
thanks
Andrew,
so
current
status
of
cyclus
in
our
in
the
Sig
is
that
we've
imported
it
into
the
API
repo.
But
it
seems
like
we
haven't
quite
done
anything
with
it.
Yet
so,
in
a
previous
meeting,
we
talked
about
documenting
how
it
works
and
what
we
can
do
with
it
for&.
C
So
in
this
document,
I
just
kind
of
give
an
overview
of
what
it
is
and
kind
of
a
deep
dive
into
the
commands
it
has
and
what
all
the
output
means,
how
you
can
interpret
it
and
then
I
also
started
writing
a
section
on
how
we
can
extend
it,
to&
and
and
bamp,
and
so
anyone
can
edit
this
document.
If
you
want,
but
just
to
quickly,
go
through
it
like
it.
C
It
describes
all
the
outputs
and
functionality
and
then
shows
you
what
the
the
test
case
Suite
looks
like
and
how
it's
architecture
is
and
then
down
here.
Probably
the
most
relevant
is
what
we'd
like
to
do:
withm
and
and
bamp.
So
I
just
took
a
stab
at
this,
but
obviously
wanted
to
get
y
guys
thoughts.
B
C
B
Yeah
I
mean
we've
reported
over
Maine
at
the
time.
I
don't
know
if
that
fork
has
had
much
development
at
all.
If
at
all,
I
don't
even
know
if
Matt
has
deprecated
it
I
think
we
had
talked
about
that.
But
let's
see
the
last
commit
was
on
April
7th.
That
was
a
long
time
ago.
So
I
don't
think
it's
really
changed
too
much
from
what's
in.
A
B
Cool
this
is
awesome,
and
so
I
I
have
to
look
through
all
this
again,
because
my
cyclonus
knowledge
is
dated
and
I
haven't
looked
at
it
in
a
long
time.
In
your
personal
opinion
like
does
it
make
a
lot
of
sense
for
us
to
keep
maintaining
this
here,
that's
question
one
and
then
question
two:
do
you
think
it's
like
logical
and
not
impossible
to
expand
to&
I
know
you
have
you
have
a
couple
project
stages
here
like
do
you
have
any
idea
of
how
hard
that's
going
to.
C
C
D
C
But
yeah
you
there
would
be
like
logic
changes.
Some
UI
changes
that
hopefully
aren't
the
worst,
but
not
fully
sure.
D
So
if
I
remember,
the
real
clonus
at
at
at
the
bottom
is
right.
You
create
set
of
U
I
call
them.
I
mean
label
sets
right,
I
mean
you
have
the
label
set
that
is
created
by
by
pods
in
the
system,
and
you
have
what
the
rule
says
and
then
you
look
for
substrings.
If
I
remember
it
correctly
in
the
current
implementation
that
if
you
find
a
sub
I
mean
a
subset
of
labels,
that
is
in
that
you
have
in
the
room
and
it
also
exists
in
the
Pod.
D
C
Yeah
I
think
the
the
main
two
additions
would
probably
be
priority
and
obviously
the
the
versus
Network
policy
and
then
the
same
labels
versus
not
same
labels
should
be
fairly.
B
Cool
well,
this
is
really
awesome.
I'm
gonna
take
some
time
and
try
to
give
this
dock
review.
Put
any
ideas
there,
but
really,
at
the
end
of
the
day,
like
there's
two
separate
blocks
of
need:
right,
there's
cyclonus,
possibly
for
com,
helping
or
assisting
or
expanding
our
conformance
testing.
That
sua
and
yang
have
already
been
working
a
lot
on
or
there
cyclonus
to
use
it
as
a
as
some
piece
of
tooling
like
like
a
visualization
tooling
or
something
along
those
lines.
B
A
a
testing
piece
of
test,
tooling,
Etc
I,
don't
think
we
have
to
cover
both
cases.
If
we
don't
want
what
I
want
to
do
is
is
make
sure
we
decide
on
one
both
or
neither
right-
and
that's
not
just
me-
that
comes
that's
going
to
come
with
input
from
suria
and
yang
as
well,
who
have
been
working
on
conformance
and
also
like
finding
an
owner
like.
B
Do
you
want
to
keep
kind
of
owning
this
Hunter
I
know
I
I,
didn't
you
didn't
sign
up
to
own
everything,
but
you
signed
up
to
kind
of
give
this
overview,
and
this
looks
awesome.
But
if
you
want
to
kind
of
stay
along
with
it,
that'd
be
great.
B
A
Yeah
sure
I'll
do
that
the
the
link
is
already
in
the
agenda.
Do
right,
yep.
B
Cool
this
is
awesome,
I'm
really
excited
I.
This
is
like
filling
a
huge
gap,
Hunter
so
again
Kudos.
We
really
appreciate
it
and
kind
of
linking
back
into
cubec
con
right
if
we
decide
to
go
away
with
this
like
this
could
be
a
cool
thing
to
highlight
in
cucon
if
we
come
up
with
some
really
nice
tooling.
Well,
it's
already
nice
tooling.
If
we
can
come
up
for
some
nice
tooling,
with
some
of
our
apis
right,
it'd
be
awesome,
yeah
cool,
any
other
questions
for
Hunter.
B
It's
it's
I,
don't
know
yet
to
be
honest
with
you,
I
think
I,
don't
think,
there's
harm
in
having
both
like
if
we
can
use
cyclonus
or
whatever
we
want
to
rename
it
to,
for
you
know,
enhanced
tooling,
enhanced,
visualization
and
enhanced
conformance
testing
I
see
no
problem
with
that
right.
We
just
have
to
weigh
the
maintenance
burden
for
this
group
right
because
we're
still
a
small
group
and
hopefully
that
changes,
but
it
might
not.
G
G
B
Cool
so
then
I
guess:
let's
keep
that
in
mind
right
even
for
you
Hunter,
like
you,
can
kind
of
I'm,
not
saying
you
have
to
make
the
choice
right
of
what
we're
going
to
do,
but
you're
you're
in
deeper,
so
like
I'd
love
to
hear
kind
of
your
take
on
it,
whether
it's
in
this
doc
or
in
another
meeting
about
what
you
think
we
should
do
so.
F
F
I
also
want
to
just
thank
hter.
Sorry,
no
I
just
wanted
to
thank
Hunter
overall,
because
I
I
did
the
porting
of
cyclonis,
but
then
I
really
didn't
know
anything
about
cyclonis,
and
then
we
were
just
like
sitting
on
it
with
the
lot
of
potential
that
it
has.
So
it's
really
great
to
see
some
movement
here.
Thank
you.
So
much.
C
Yeah,
of
course,
I
guess
just
the
the
one
extra
thought
I
had
was
so
cyclonus
has
broken
into
like
kind
of
the
analysis
engine
and
like
probing
verification
of
connectivity
tool,
and
then
the
test
case
is
built
off
of
that,
and
it
seems
like
if
you
build
like
the
analysis
engine
which
would
help
you
like
visualize
your
policies.
Then
you
kind
of
get
the
probing
and
test
case
for
free.
B
Yeah,
that's
cool
and
I
know
like
I,
don't
know
how
we
would
use
it
yet.
I,
don't
know
the
integration,
but
I
know
we
Sera.
When
we
first
merge
our
current
version
of
conformance
test.
We
talked
about
like
making
the
probing
tooling
better
than
it
is
so
maybe
there's
some
takeaways.
We
can
get
from
cyclonus
yeah
cool,
that's
good!
To
know
that
architecture
sounds
like
a
nice
architecture.
I
mean
we
had
Doven
into
a
little
bit
when
we
first
decided
to
bring
it
into
the
fold.
B
But
then,
like
sir
said,
it's
just
been
dropped,
so
everyone's
busy
but
I
think
there's
a
real
Gap
Upstream
for
all
of
this,
like
any
tooling
related
to
any
kubernetes
policy
apis.
If
there's
a
place
for
it
to
live
upstream
and
it's
cool
and
usable,
like
people
will
use
it
because
today
the
only
thing
you
have
is
Downstream
specific,
tooling,
like
cams
Network
policy.
Editor
is
kind
of
the
state-ofthe-art
and
other
things,
so
it
could
fill
a
big.
E
B
Cool
awesome
shout
out
to
Hunter
I
need
to
give
I
need
like
a
somewhere
to
give
a
Kudos.
Oh
there's
the
Kudos
in
there's
the
Kudos
Channel
and
kubernetes
slack
I've
never
used
that
I
have
to
go
check
it
out.
Okay,
next.
G
Just
a
general
reminder
to
people
in
this
group
that
sua,
myself
and
Matia
lavaka
have
been
involved
in
kind
of
a
collaboration
on
the
conformance
profiles,
which
is
a
test
we
we
started
in
Gateway
API
is
now
being
used
in
in
in
Network
policy
and
at
some
point
here
we
are
going
to
probably
want
to
generalize
it
and
make
it
kind
of
a
test
Suite
that
anybody
in
Sig
Network
can
use
for
conformance
for
their
API.
G
So
just
if
you're
interested
in
that
reach
out
to
one
of
us
at
some
point
cuz
at
some
point,
the
wheels
are
going
to
start
really
spinning
on
that
one
I
think
right
now,
I,
don't
think
we're
in
a
terrible
hurry
but
like
after
cucon
I
think
we'll
probably
start
looking
at
getting
a
repo
up
for
that.
So
if
that
interests
you,
if,
if
building
out
a
T
Test
Suite
so
far
interests
you,
let
us
know.
B
That's
awesome,
you're
going
to
do
a
contributors,
you
think
you're
going
to
try
and
do
a
contributor
Summit
talk
on
this.
F
Yeah,
we
are
actually
planning
to
do
one
with
Mata
Shen.
We
plan
to
have
a
contributor
Summit
talk
where
they
outline
what
they
did
for
confirmance
profiles,
and
then
we
can
do
our
bit
by
saying
what
network
policy
API
project
benefited,
how
our
project
benefited
from
that
right
and
how
we
can
go
further,
even
beyond
that,
so
I'm
really
hoping
to
contribute
by
seeing
like
so.
G
F
What
actually
happened
is
Gateway.
Api
came
up
with
this
way
of
doing
conformance
tests
and
conformance
profiles
just
for
the
wider
audience
here
in
a
way
that
sh
like
in
a
way
such
that
the
burden
of
conformance
test
is
actually
shared
between
the
API
and
the
implementations
like
it's,
not
just
the
API
owners
or
the
repository
or
the
project
maintainers
are
taking
the
burden
of
testing
the
API.
This
is
what
happened
with
network
policies,
at
least
in
the
core.
We
have
endtoend
tests,
that's
not
implementation
specific!
Yet
it's
implementation
specific!
F
Ap
really
helped
us
here,
so
we
basically
I
would
even
use
the
word
copy
without
any
issues
right.
We
copied
their
conformance
test
framework
entirely.
We
are
now
adopting
their
conformance
profiles,
reporting
system
and
that's
what
I've
linked
on
the
on
the
agenda.
The
issue
137
and
I've,
even
linked
to
the
original
Gap.
To
that
that's
the
original
design
and
I
think
this
is
pretty
cool
if
we
can
get
it
merged
in
the
network
project
Network,
polic,
C
project.
F
Also
so
that
it's
two
projects
within
Sig,
that's
using
this
and
I
think
Shane
also
had
a
lot
of
enthusiasm
from
the
sigar
I'm,
not
sure
if
you
can
speak.
G
That
but
yeah,
no,
you
covered
all
the
points.
So
thank
you
s,
but
the
the
big
thing
for
people
who
are
listening
that
might
not
have
heard
of
this
before
is
previous
conformance
tests
were
kind
of
really
on
the
the
the
API
on
kubernetes
Sig
to
kind
of
keep
things
going,
and
there
was
like
no
reporting
for
Ingress
anyway,
and
no
reporting
meant.
We
really
didn't
know
how
people
were
using
the
API
or
anything
like
that
or
who
was
implementing
what
conformance
profiles
she
covered
it.
G
But
I
just
wanted
to
reiterate
it
g
conformance
profiles.
Lets
you
subscribe
to
something
like
HTTP
or
in
this
case
A&P,
or
something
like
that
and
for
the
implementations.
They
actually
have
to
tell
you
exactly
what
features
they
support.
They
don't
support,
they
run
the
test,
they
get
a
result
and
then
they
give
you
a
report
telling
you
the
result,
plus
what
they
do
and
don't
support.
So
you
have
basically
Telemetry
from
there
on
for
your
implementations.
G
They
want
to
be
conformant
because
they
and
the
report
gives
them
a
badge,
because
that
looks
good
on
them
and
in
return
you
get
data.
So
you
can
actually
know
how
people
are
implementing
your
API,
that's
the
that's!
The
key
and
yeah
Sig
Arch
has
been
pretty
pretty
cool
on
it.
So
far,
I
think
we'll
probably
go
back
to
them
like
one
more
time
and
just
kind
of
let
them
know,
hey
I,
think
we're
gonna
make
a
repository
and
then
I
imagine
there
won't
be
any
problem
with
that.
So.
B
G
B
E
G
B
G
G
All
right,
I
was
just
gonna.
Can
you
hear
me?
I
was
just
gonna
say
anybody
who's
on
the
call
or
like
watches
the
video
afterwards,
just
if
you're
interested
in
building
this
kind
of
thing,
we
could
use
help.
So
please
do
reach
out
but
go
ahead
s.
F
Yeah
and
then
I
was
just
going
to
tie
it
back
to
what
you
were
saying.
Basically
so,
as
I
started,
implementing
their
conformance
report
crd
in
our
project,
we,
we
realized
that
it's
almost
the
same
like
there's,
not
many
things
that
needs
to
change
for
Network
policy,
project,
API
and
network
policy,
API
project
and
Gateway
API
project.
A
So
yeah,
that's
that's
pretty
cool
idea,
I'm,
definitely
interested
and
I'm.
Also,
you
know
trying
to
understand
this
a
little
bit
more
because
you're
saying
that
you
know
the
Gateway
API
have
other
things
like
that.
Doesn't
really
apply
to
NK
policy
API
like
know
specific
implementation,
things
which
I
I
haven't
catched
entirely
so
U.
To
be
honest,
I
already
submitted
a
PR,
I
I,
don't
know
if
surria
has
seen
it
it's
about.
A
You
know
there
are
actually
right
now,
optional
features
that
implementers
can
or
may
or
may
not
have
implemented
like.
Obviously,
we
are
still
in
the
discussion
of
the
same
labels,
but
there
is
also
a:
u
features
that
called
name
import
right.
So
for
me,
policy,
maybe
other
kuet
is
haven't,
submit
supported
yet,
but
I
think
we
have
already
tested
that
trans
supported
now.
This
is
this:
comes
as
a
like,
optional
feature
flag,
where
when
people
actually
run
the
conformance
test,
they
can
actually
specify
I
wanted
to
run.
A
You
know
the
basic
features
or
the
extended
setup
features
or
everything
right
and
I'm
wondering
that
you
know
how
does
the
reporting
back
mechanism
work
in
that
case
right?
So
when
people
choose
to
just
do
a
specific
set
of
test
cases,
what
do
we
report
as
status
back
to
to
to
you
know
Upstream
about
these
test
cases
that
specific
implementations
that
doesn't
even
run.
G
Yeah
in
Gateway
API
and
in
the
conformance
profiles
enabled
test
Suite.
We
have
this
concept
of
support
levels,
which
is
core
extended
and
implementation
specific.
What
you're
referring
to
would
be
considered
extended
that.
C
E
G
Every
implementation
has
to
do
it
and
the
conformance
profiles
test
suite
and
the
reporting
tool
basically
has
a
list
and
it'll
kind
of.
Let
you
little.
The
report
will
include
what
what
features
you
opted
into.
So
you
just
do
what
you
said
you
flag.
The
extra
features
that
you
support
features
are
literally
just
a
list
of
like
constant
strings
that
you
can
add
and
say,
also
run
these
tests,
and
then
the
report
will
say
that
you
opted
into
them,
so
people
can
see
that
you
use
those
features.
F
G
E
F
Exactly
what
Shan
said,
except
we
like
named
ports,
like
you
said,
is
under
extended
features,
so
yeah,
like
you,
said,
obnk
does
not
implement
it
today,
but
we
do
plan
to
add
support
for
it.
So
in
the
conformance
report,
we'll
have
two
things
like
the
core
and
extended
and
core
is
that
you
need
to
pass
all
the
tests
that
are
tagged
as
the
support
core
feature,
standard
core
feature
and
then
you'll
get
the
yeah.
F
It's
passing
everything
kind
of
a
thing
and
then
extended
is,
since
you
are
explicitly
passing
these
as
the
extra
features
that
I'm
running
on
my
tests.
As
long
as
you
pass
all
the
test,
all
the
features
that
you're
passing
in
the
extended
it's
a
pass
right,
so
it
doesn't
mean
all
the
extended
features
have
to
be
implemented
like
same
labels
and
not
same
labels.
I,
don't
think
any
of
us
have
implemented
it,
but
we
still
stay
conformant.
A
Yeah
makes
makes
complete
sense,
yeah,
I,
I'm,
also
100%,
for
you
know
putting
this
out
as
a
as
a
separate
project,
because
you
know
I
was
implementing
it
and
I
was
like
for
the
name.
Port
I
wanted
to
this
to
be
extended
feature
right,
so
in
the
current
test
frame.
How
do
I
declare
it
as
a
as
an
extended
feature
and
what
I
did
was
I
actually
went
to
the
Gateway
API
repo
and
find
out.
You
know
what
they
did
for
the
extended
features
as
so
just
you
know
copy
what
you
know.
A
Some
of
the
tests
in
the
G
gway
API
did
right.
So
that's
how
I
you
know,
wrote
that
PR.
Actually
so
I
think
you
know
it.
It
definitely
will
benefit.
You
know,
maybe
more
API
implementations.
If
we
have
it
this
in
a
separate
report
and
we
have
the
documentations
or
examples
on
how
we
do,
let's
say
basic
features,
extended
features
or
implementation,
specific
it
might
for
for
future
API
in
the
network
polic
in
the
network,
S
I
guess
it
might
still
come
other
apis.
F
Yeah
and
I
linked
the
enhancement
and
pep
for
the
conf
performance
profiles.
For
our
part,
where
I
try
to
explain
the
basics,
but
you
know
what
you
have
more
knowledge
on
the
extended
tests.
Now
that
I
see
your
PR
up,
so
we
could
be
able
to
co
this
together
and
work
on
it
together,
because
I
might
need
your
help
on
how
you
run
the
CLI.
The
go
test
command
with
the
extended
because
obnk
has
not
does
not
support
extended,
so
I'll
reach
out
to
you
and
meanwhile
see.
If
you
can
give
it.
B
G
Right
now,
I
think
it's
all
actually
just
strings
that
we
have
in
a
list.
So
it's
been
a
few.
It's
been
a
couple
months
since
I
started
work
on
the
conformance
profile,
so
it's
not
all
clear
in
my
head
at
the
moment,
but
I'm
pretty
sure
every
feature
is
just
a
string
in
a
list.
So
one
of
the
things
we'll
have
to
do
to
make
this
more
generic
is
make.
Those
loadable
features
need
to
be
loadable.
B
Right:
okay,
cool;
no!
It's
just
something
to
think
about
I
I.
After
exploring
like
your
different
support
levels-
and
you
know,
API
guarantees
for
for
things
yeah
for
yeah
features.
The
feature
name
could
be
kind
of.
B
Sweet
sweet-
that's
all
I
got
for
today.
Does
anyone
have
anything
else?
Any
other
questions
comments.
B
Concerns,
oh
I,
see
rul,
you
hopped
on
just
quick
note.
If
you
want
to
just
give
your
and
pep
a
pass,
we'll
keep
moving
it.
Forward
I
I
had
left
some
comments,
but
it
was
a
lot
of
little
stuff
and
I
feel
like
it's
a
pretty
small
end
pep.
So
we
shouldn't
be
hung
up
on
it
for
too
too
long
sound,
good.
E
Yeah
that
sounds
good
I
got
distracted
and
didn't
really
work
on
that
for
the
past
couple
weeks,
but
yeah
I'll
take
a
look.