►
From YouTube: Network Policy API Meeting for 20230912
Description
Network Policy API Meeting for 20230912
A
A
A
A
I
took
a
stab
at
starting
to
update
our
project
board
for
the
road
to
Beta.
This
kind
of
came
out
of
a
suggestion
from
Antonio
and
our
last
meeting.
It
was
like
you
need
to
have
a
road
map
and
you
need
to
like
set
explicit
dates,
or
else
stuff's
never
going
to
get
done.
So
the
first
step
for
me
was
trying
to
clean
up
our
roadmap,
and
this
is,
is
the
roadmap
right.
A
Our
project
board
I,
tried
to
add
all
the
n-pep
issues
and
PRS
that
we're
working
on
that
I
think
are
kind
of
blocking
us
towards
beta
and
then
also
a
bunch
of
other
issues
that
I
think
are
also
blocking
us
towards
beta.
So
just
as
you're
making
any
new
issues
please
and
you
feel
like
they
need
to
be
done
before
we
do
a
Beta
release.
A
Please
add
them
here
and
next
step
I,
don't
not
necessarily
we
have
to
do
today,
but
we
probably
want
to
set
some
like
General
dates.
Like
say,
we
want
to
make
to
make
it
to
Beta
by
December
and
then
work
towards
that,
rather
than
us,
just
kind
of
like
reviewing
PR's
ad
hoc
right
I.
Think
some
deadlines
will
be
good,
so
yeah,
you
can
go
see
this
board
pretty
easily
under
our
projects.
It's
again
kind
of
inspired
from
Gateway
API,
so
shout
out
to
them
and.
A
C
C
A
C
A
A
Sweet
you
might
have
to
the
people
I
just
invited
you
might
have
to
accept
something-
maybe
not,
but
now
you
should
be
able
to
and
as
good
time
goes
on,
if
people
want
to
make
edits
to
the
sport
just
paying
us
in
slack,
we
can
add
you
so
yeah,
Step
One
is
kind
of
getting
this
kind
of
cleaned
up,
which
I
think
it's
almost
there
step.
Two
is
gonna,
be
let's
put
some
some
dates
and
deadlines
on
this,
so
we
can
start
thinking
about
that.
Obviously
we're
Upstream.
A
Everyone
has,
you
know
a
million
other
responsibilities,
but
I
think
it
really
would
be
good
for
us
to
give
some
deadlines,
especially
for
when
I
go
to
Sig,
Network
and
say
like
look
we're
trying
to
get
to
Beta
by
X.
So
like
we'd,
really
like
some
of
wider
Sig
network
works,
reviews
on
certain
things,
Etc
et
cetera,
so
yeah.
That
was
one
small
thing.
Any
questions
about
that,
and
this
is
just
for
admin,
Network
policy,
so
obviously
there's
a
bunch
of
other
stuff
to
think
about,
but.
D
A
And
if
there's
an
enhancement,
we're
missing
that
customers
are
asking
for,
users
are
going
to
want
that
we
want
to
get
early
like
now.
Is
the
time
to
add
it
because,
as
we
are
gonna
have
to
like
kind
of
lock
this
down
right
at
some
point,
we
should
say
like
okay,
we're
not
going
to
accept
any
more
hat
enhancements
for
beta
like
this
is
what
we're
gonna
do
and
that's
it
right.
So
I
think
we
have
a
pretty
good
queue.
A
A
It's
a
good
question:
I'm,
not
against
it,
I
guess
that
kind
of
comes
with.
If
how
we
want
to
think
about
dates,
Shane
I
know,
you
said
you
have
kind
of
this
project,
but
do
you
like
publicly
announce
like
your
intended
dates
to
get
to
a
certain
goal
somewhere
else,
or
do
you
build
it
into
the
sport?
Somehow.
F
A
F
Flexible
because
everything's,
based
on
volunteering
time,
so
there's
never
any
guarantees
right,
but
I
wouldn't
say
we
don't
have
after
the
ga.
We
are
intending
to
have
a
road
map
where,
like
the
minor
releases,
are
kind
of
planned
out
as
to
what
might
go
in
them
and
when
they
might
go
out
a
little
bit
further
out.
But
currently
we
don't
do
that.
It's
more
ad
hoc,
but
after
GA
we'll
we'll
be
doing
that.
A
Cool
I'll
try
to
look
into
that.
I
think
that'll
work
good,
because
then
we
can
have.
You
know
different
milestones
for
different
issues,
obviously
like.
If
there's
a
we
could
have
an
issue
that
says
you
know
lock
this
board
and
that
could
have
a
milestone
set
of
you
know
right
after
kubecon,
but
yeah
I
I
think
that's
a
good
point.
We
might
get
some
user
stories,
we
never
even
thought
about
at
kubecon
so
and
it's
coming
up
pretty
quick,
so
I'm
not
against
leaving
it
open.
A
D
A
F
So
I
I
do
the
project
management
stuff,
it's
I'm
I'm
the
because
it
was
needed
and
nobody
else
wanted
to
do
it.
However,
recently,
as
in
the
last
few
weeks,
we
did
I
I
started
I
kind
of
pushed
the
issue
of
us
having
a
maintainers
meeting
separate
from
the
community
meeting,
because
the
community
meeting
I
would
I
I
would
recommend
having
a
separate
maintainers
meeting
when
you're
trying
to
hit
some
timelines
at
some
kind
of
regularity,
because
we
a
lot
of
stuff
sorry
I,
won't
swear
a.
F
Usually
shakes
out
in
a
smaller
setting
like
maintainers,
and
maybe
people
who
are
like
approvers
and
reviewers
are
good
for
that.
That
meeting,
okay
and
focus
it
not
on,
like
you
know,
the
ongoing
Issues
new
things,
only
focus
it
on
the
board,
like
look
at
the
board,
go
over
things
what's
getting
out
of
band
what's
in
progress,
but
that
person
disappeared
a
month
ago,
like
keeping
on
track
of
that.
If
you
want.
Basically,
if
you
want
velocity,
I'd
recommend
doing
a
maintainers
meeting.
F
A
B
Thanks
Andrew
yeah
I,
like
that
shuttling
towards
completion
trees.
Let's
hope
we
can
get
it
merged
soon-ish.
But
firstly,
let
me
start
by
saying
thank
you.
Everyone
who
has
reviewed
the
enhancement-
and
we
are
almost
there
I-
feel
right.
Some
of
the
comments
that
are
left
out
from
Dan
and
Rahul
and
I
agree
to
what
both
of
them
are
seeing
and
which
is
why
I'm
bringing
these
points
up
to
the
wider
team
meeting.
So
we
have.
B
The
first
question
is
around
pass
action
right,
it's
just
to
shed
some
context
there
we
have
the
the
deny
and
the
allow,
which
is
the
same
as
Central
policies,
but
we
have
this
new
new
pass
action
in
admin,
Network
policies
which
is
not
there
in
our
Network
policies
we
run
API
right
and
what
that
does
is
basically
delegates
traffic
that
matches
the
admin
Network
policy
rolled
over
to
the
network
policy.
So
it's
a
way
of
I
I,
want
to
say
it's
a
way
of
communication
between
ANP
and
NP.
B
But
really
this
exists
in
the
East-West
traffic.
But
question
is:
do
we
really
want
it
or
is
there
valid
use
cases
for
this
to
also
exist
on
the
egress
traffic?
I
actually
didn't
even
think
too
much
about
it
and
I
added
it.
Just
as
you
know,
oh,
we
have
it
free
stressed
and
it's
going
to
be
a
part
of
the
same
API.
So
why
not
add
it
for
egress
kind
of
a
thing,
but
Dan
rightly
points
out
that
we
do
not
have
a
valid
use
case.
B
So
this
is
where
I
want
to
bring
it
up
to
the
wider
Forum
to
see.
If
anybody
has
a
valid
use
case,
that
I
then
can
add
to
the
end
pep
and
if
we
do
not
have
a
valid
use
case.
My
plan
is
to
keep
it,
but
it
will
be
experimental
or
extended
feature
for
the
egress
traffic
use
case,
so
that
implementations
are
not
first
to
implement
it,
because
there
is
no
valid
use
case
right.
B
So
I
don't
want
to
be
I,
don't
want
people
to
just
implement
it
if
there
is
a
no
if
there
is
no
use
for
it
Downstream,
but
at
the
same
time,
if
people
do
have
use
cases
and
they
want
to-
they
can
opt
into
using
this.
So
that's
where
I
am,
which
is
a
sweet
spot
or
compromise
on
both
ways,
but
I'm
open
to
suggestions
and
opinions.
E
E
A
I
I
think
yeah
I
think
in
the
original
cap.
That
was
a
little
murky,
but
in
like-
and
that
was
just
because
the
cap
went
on
so
many
cycles
like
we
had
to
justify
everything
we
did
in
the
API
design
by
pointing
back
to
the
user
stories.
In
this
case
the
justification
is
not
necessarily
an
explicit
user
story
for
that
you've
added
here
in
your
egress
mpep,
it's
more
that
like
for
API
consistency.
A
C
So
I
think
my
take
on
this
is
that
you
know
unless
a
implementing
pass
for
egress
Bears
implementation
burdens
on
some
implementations,
so
we
we
don't
want
to
do
that
or
having
passing
makes
it
really
confusing
for
people
using
this
feature.
Those
are
the
two
kind
of
reasons
we
might
want
to
have
this
dropped,
but
otherwise
we
we
might
not
even
have
to
have
a
user
story
for
this,
and
people
just
get
it
for
free
right.
C
B
F
C
F
E
So
so,
as
a
contrast
in
the
tenancy
API
Nadia
mentioned
that
she
didn't
have
a
user
story
for
tenant
definitions
that
involve
courts
and
sure
we
already
have
ports
in
the
the
admin
Network
policy
API.
But
you
know
it
seems
pretty
obvious,
or
at
least
to
me
that
yeah,
you
really
don't
want
ports
in
in
the
tenant
definition
right.
So
so,
in
that
case,
the
lack
of
a
user
story
does
suggest
that,
maybe
we
don't
want
that
feature
there,
but
I
think
in
this
case
you
know
pass
is
already
there.
C
B
Awesome
yeah
I'm
glad
we
got
a
consensus
and
that
I'm
actually
happy
to
then
go
back
to
the
n-pep
and
then
I'll.
Just
really
just
call
out
that
we
do
not
have
a
user
story
for
pass
as
a
note,
but
we
are
going
to
get
it
for
I
won't
use
the
words
free,
but
you
know
I'll
say
that
we
will
still
support
it
and
I
guess
we
don't
have
to
make
it
Extended
conformance
right.
We
make
it
core
in
that
case,.
B
B
B
So
that
leaves-
and
that
was
the
only
user
story
I
had
under
host
Network
part.
So
this
is
cni
part
to
host
network
card
policy
case.
So
now
we
are
left
with
no
user
story
for
the
host
Central
cards
as
well.
So
that's
two
options:
either
I
completely
removed
this
goal
for
my
impact
or
we
keep
it
when
we
do
a
host
selector,
but
we
make
it
extended.
Performance
like
we
had
decided,
because
not
every
implementation
can
differentiate
between
a
node
and
a
host
selector
anyways,
any
dicks,
or
anybody
opposing
that
position.
B
B
Think
that
I
had
was
trying
to
get
a
k,
API
server,
that
is
a
host
network
card
implemented.
But
since
that's
covered
within
the
kpi
server
user
story,
I
am
I.
Don't
have
any
other
use
cases
for
host
Network
per
se,
so
I'm.
Okay,
with
that
suggestion
of
just
dropping
that
all
together
from
the
goals.
C
Yeah,
in
my
experience
with
Ensure
I,
think
it's
98
of
the
cases.
If
not
100
people
are
coming
to
toe
to
us,
saying
that
why
don't
you
select
host
network
products?
It's
because
they
want
to
select
kubernetes,
API
server
right,
so
I
I
can't
think
of
another
use
case
for
host
Network
pass
as
well.
So.
H
C
A
And
then
like
as
to
whether
or
not
things
should
be
extended
or
not,
Surya
like
I,
don't
think
we
have
to
know
that
right
now,
I
think
like.
If
we
get
to
the
point
where
we've
you
know
written
a
new
feature
or
written
the
the
yaml
for
this,
the
API
definition
and
we
have
implementers
right,
ieu
or
Yang,
and
then
whoever
else
comes
on
board
in
the
future
telling
us
like.
Oh,
we
can't
do
this,
then
it's
a
strong
case
for
us
to
make
it
experimental
right
or
extended
support,
so
I.
A
B
A
A
A
B
B
E
Was
gonna,
say,
I
think
the
the
point
of
pass
was
so
that
basically,
you
could
create
a
hole
in
an
ANP
like
if
you
wanted
to
say
that,
like
you
know,
if
it's
on
Port
80
then
pass
otherwise.
If
it's
you
know
to
these
things,
then
drop
in
and
and
so
then
you're
saying,
like
you
know,
drop
egress
to
these
pods
but
allow
Network
policy
to
decide
whether
to
drop
or
80
to
those
bullets.
A
Exactly
what
I
was
gonna
say
it
like
I
feel,
like
we
went
around
in
circles
for
a
long
time
on
how
to
define
exceptions
to
anps
and
what
that
means,
and
we
settled
on
making
it
explicit
right.
Like
obviously
an
exception
to
any
rule,
you
could
say
is
the
same
thing
as
not
defining
it,
but
we
kind
of
ended
up
with
past
what
was
the
other
one?
We
had
Yang.
It
was
like
in
power.
We
had
a
whole
host
of
ideas,
yeah.
C
The
focusing
signal
really
didn't
didn't,
like
it
I
think
but
yeah
but
I
feel
like
yes,
this
is
kind
of
like
a
little
bit
more
into
the
the
philosopher
kind
of
things
where
you
know
it
really
depends
on
how
you
look
at
it
right.
So
it's
an
elephant.
If
you
look
at
it
at
different
angles,
you'll
see
different
things,
but
by
the
end
of
the
day,
if
people
understand
what
it
is
and
know
how
to
use
it,
we're
good,
we
just
wanted
to
come
up
with
a
good.
C
A
C
D
A
One
of
the
that's
one
of
the
big
things
I
think
the
other
thing
to
think
about
maybe
I
didn't
convey
to
that
issue
was
like
with
network
policy.
You
know
we
have
docs
all
over
and
Upstream.
That's
like.
We
suggest
that
you
do
this
right.
We
suggest
that
you
lock
down
everything
in
your
cluster
explicitly,
even
though
it
happens
implicitly
and
then
poke
holes
in
it,
because
that's
what
makes
the
most
sense
right
default
denial
and
then
a
bunch
of.
A
So
like
having
something
along
the
same
lines
for
amp
and
BMP
like
and
maybe
Syria
can
speak
a
little
bit
more
to
it.
Maybe
not,
but
we
we
had
QE
testing
the
feature
and
they
were
getting
a
little
confused
right.
They,
they
defined
to
be
an
ANP
really
quickly
that
like
denied
everything
and
then
they
realized.
Oh
wow.
We
have
to
write
like
a
custom
Rule
now
to
poke
holes
for
our
control
plane
right
because
everything's
gonna
pause.
C
I
feel
like
it's
kind
of
like
completely
different
or
the
opposite
way.
Right
rather
than
you
know,
I
wanted
to
lock
anything
up
and
then
Focus
like
kubernetes
now
policy
in
the
admining,
our
policy,
because
it's
a
little
bit
more
powerful,
you
don't
really
want
it
to
just
blindly,
throw
it
and
then
I
mean
now
policy
there
you,
you
would
really
want
to
have
a
really
specific
traffic
pattern.
You
wanted
to
explicitly
allow
a
block
for
you
to
actually
apply
one
of
these.
You
don't
just
you
know,
throw.
A
A
I
just
wanted
well
just
remember
that
everyone
has
been
right
using
and
stuck
with
network
policy
for
the
past
six
I
mean,
however
many
years
five
years
now
so
they're,
very
that's
our
that's
very
ingrained
at
the
in
their
head
at
this.
At
this
point,
right
I,
don't
know
we'll
see
you
know,
as
as
we
get
more
feedback
and
stuff.
H
I
wanna,
like
maybe
I'm,
not
sure
what
the
right
place
to
do
this
is
but
I
do
think.
We
need
more
examples
of
Baseline
admin,
Network
policy,
because
I
I
think
I
had
a
conversation
with
you
Andrew
and
Yang
a
while
back
now,
where
I
was
very
confused
about
what
banp
is
actually
supposed
to
do
and
I
think
it's
kind
of
underspect
in
general
like
it's
not
there
aren't
enough
worked
examples
to
make
it
clear
what
happens
like.
Maybe
the
wording
is
true,
but
it's.
It
is
pretty
dense.
H
Yeah,
because
it's
it's
not
clear
to
me
from
the
docs
currently
that
BNP
is
not
really
a
fall
through
it's
a
default
like
you,
don't
fall
through
Network
policies
and
hit
banp.
It's
just.
If
there's
no
network
policy,
you
evaluate
B
and
B,
and
that's
actually
like
it's
consistent
with
network
policy,
but
that
doesn't
mean
it's
not
surprising,
given
how
enp
works
right.
C
D
A
Thank
you
so
much
yeah.
Let's
just
make
sure
it's
on
the
website
as
well:
okay,
sweet
sweet
all
good
stuff
I
feel
like
we're.
Making
good
progress,
kind
of
looking
forward
to
kubecon
excited
to
see
everyone
who's
going
to
be
there
I
think.
That's
all
I
got
for
today.
We'll
keep
reviewing
npeps,
try
to
get
Syria's
one
in
ASAP
and
keep
kind
of
moving
along
on
the
others.
So
is.
D
G
So
one
other
idea
that
you
guys
were
talking
about
was
just
selecting
parts
of
psychonists
to
keep
so
overall
I
was
thinking.
Probably
the
most
beneficial
Parts
would
be
the
test
case.
Generation
I
think
this
is
just
an
example
here,
where
it
maybe
I
could
zoom
in
a
little
better
much
better.
Thanks.
D
G
So
the
there's,
like
a
framework
where
you
can
kind
of
programmatically
create
tests
like
this
I'm,
not
really
sure
what
the
state
of
our
conformance
is
right
now-
and
maybe
this
is
all
these
things
are
already
part
of
that,
but
I'll
just
go
into
what
the
cyclinist
kind
of
looks
like
so
yeah.
You
just
have
like
Steps
for
each
test
case
and
you
can
do
actions
like
labeling
pods,
creating
a
policy
in
that
programmatic
way.
G
G
A
So
that,
on
that
little
snippet
there,
it
looks
like
you're,
defining
right,
explicit
test
cases
when
you
say
there's
generated
test
cases.
Is
it
literally
just
like
a
matrix
so
like
it'll
you'll
have
right?
Is
it?
Is
it
a
connectivity
Matrix
or
is
a
that
is
auto-generated
or
is
it
a
test?
Matrix,
that's
auto-generated.
G
D
G
To
X
is
one
of
them
and
it
has
One
Step
here
and
then
it
sees
like
if
the
connections
are
correct
or
or
wrong
that
isn't
the
best
example
I
think
I
get
what
you're
saying,
though
yeah,
but
this
is
the
connectivity
Matrix
that
you
get
for
free
once
you
implement
the
like
Network
policy
simulation
and
then
they
come.
They
compare
like
the
expected
results.
A
Okay,
so
breaking
it
down
I
try
to
make
the
question
a
little
more
explicit,
I
think
I
understand
what
you're
saying.
So,
if
you
write
a
test
that
for
Network
policy
ensures
that
pod
a
you
wouldn't
write,
a
test
that
says
ensure
pod
a
can
talk
to
pod
B
right,
you'd,
write
a
test
that
says
deploy
this
default,
deny
all
and
then
Auto
generate
a
matrix
of
expected
connections
like
okay.
That's.
A
And
then
cyclonus
goes
in
and
does
all
this?
This
makes
Matrix
generation
for
you,
basically
yeah
yeah,
that's
right,
sweet,
so
I
know
today.
Surya
and
yang
can
both
speak
more
to
this
to
me
because
I've
reviewed
it,
but
it's
been
a
while
we
in
our
conformance
testing
today,
we
like
literally
hard
code
like
it's
explicit,
like
we
literally
have
a
matrix
of
PODS,
and
then
we
go
through
and
say
like
for
this
test.
A
D
A
B
Yeah,
but
when
we
had
started
off
with
the
conformance
tests
right,
we
had
looked
at
Cyclones
in
this
metrics
and
then
eventually
I
think
we
all
wanted
to
reach
that
state.
So
I
think
it's
a
cool
thing
to
have
where
we
just
create
an
A
and
B
and
then
see
that
effect
across
different
combinations
based
on
connections
of
labels
right
so
I
plus
one.
For
me,
it's
just
a
matter
of
figuring
out
how
to
merge
this
with
the
existing.
A
I
think
this
is
step
one
and
then
step
two
is
the
table
right,
because
this
is
more
like
core
infrastructure
Improvement
versus
like
the
table
output
view
is
more
of
like
really
great.
You
know
good
new
tooling
that
we
don't
have
right.
Well,
maybe
it's
I
don't
know.
Maybe
it's
not
maybe
it's
more
important
that
we
work
on
the
tooling
first
actually,
because
we
already
have
conformance
tests
I'm,
not
really
sure.
A
G
A
G
G
A
Yep
cool
that
would
be
so
helpful,
I
mean
I.
Think
that's.
That
was
one
of
the
things
in
our
initial
design
of
the
cup
and
we've
talked
about
over
and
over
is
like
having
good
tooling
from
the
get-go,
which
is
really
hard
right,
because
our
API
is
still
changing
and
there's
other
priorities,
but
something
like
this
would
be
really
great.
So
is
there
anyone
who
has
other
opinions
so
like?
Basically,
what
you're
saying
Hunter
is
like
the
bones
are
good.
A
G
A
Something
no
I
think
we
should
I
think
we
should
definitely
remove
it.
I
don't
think
that's
bad,
especially
considering
like
cyclonus,
is
still
existing
in
its
original
place.
Right,
like
I,
don't
feel
like.
We
have
a
responsibility
to
keep
it
all,
as
is
essentially
like.
We
should
make
it
work
for
us
and
definitely
credit
Matt,
because
this
was
like
a
really
awesome
project:
yeah.
Okay.
So
how
about
this
I,
really
like
everything
you've
done
here,
I'm
stoked
on
it?
A
Do
you
want
to
maybe
break
the
two
things
we
talked
about
and
make
and
try
to
make
issues
and
like
break
it
down
on
our
on
in
in
our
project?
So
then
we
can
actually
start
kind
of
working
on
some
things.
I
I
still
am
kind
of
unclear
on
what
we
should
prioritize.
It
might
be
like
what
people
are
interested
in
right
or
what
you're
interested
in
I
don't
know.
If
you
want
to
kind
of
keep
going
down
this
path,
you've
already
done.
A
A
A
A
A
That
that's
like
a
a
dream
right,
I
I'm,
happy
to
help
facilitate
as
fast
as
you
want
to
go.
I
just
don't
want
to
put
it
all
on
you,
because
that's
what
happens
in
Upstream.
A
lot
is
like
you
did.
You
did
this
deep
dive
and
then
you
end
up
owning
everything,
but
if
you're
excited
to
get
going
I'm
happy
to
help
review
and
help
out
with
it,
so.
A
G
A
Well,
I
think,
maybe
that's
one
of
the
issues
we
need
to
make
is
like.
How
do
we
deal
with
the
Upstream
right
like?
Is
this
gonna
be
like
a
hard?
Are
we
gonna
treat
whatever
we're
gonna
turn
this
tool
and
tooling
into
as
like
a
hard
Fork,
where
we
kind
of
like
make
it
our
own,
or
is
it
gonna
be
sort
of
a
staff
work
that
we
continue
to
try
to
keep
up
to
date
with
cyclonus,
which
I
don't
is
Cyclone
is
like
iterating,
really
fast,
I,
don't
think,
there's
that
many
new
commitses.
G
F
A
A
A
I'm
gonna
add
a
note
to
the
agenda
just
to
talk
just
to
make
sure
everyone
knows
that
we
had
a
good
talk
about
Cyclones
today
and
that
Hunter
is
going
to
kind
of
keep
going
on
that
train
but
yeah.
Otherwise,
that's
all
I
have
for
today
thanks
so
much
for
coming.
Everyone
I
really
really
appreciate
it
and
we'll
keep
moving
forward.