►
From YouTube: Kubernetes SIG Network meeting 20230216 (Part 1)
Description
Kubernetes SIG Network meeting 20230216 (Part 1)
A
A
D
E
D
Was
developing
a
test
and
that
can
become
racist
in
the
same
situation,
so
I
I
was
checking
some
graphs
and
doing
some
experiments
and
I
say
what
we
can
use
one.
Second,
it
should
be
good
and
it
seemed
that
it
was
good.
But
after
four
months
you
do
scroll
down
and
go
to
the
graphs.
You
can
see
that
we
reduce
the
latency.
D
D
The
good
thing
is
that
that
there
is
one
thing
from
then
we
see
it
as
we
use
the
latency.
The
higher
high
percentages
of
95
and
99
now
are
much
better
with
his
team,
so
this
graph,
the
graph
with
the
cycle.
So
you
just
see
the
latest
one,
the
95
and
99,
that's
the
type,
those
improve
and
and
the
other
way
that's
when
I
rejected
my
change.
D
F
E
G
H
H
H
E
I
J
J
H
J
E
Sorry,
team,
I,
I
I
I
think
that
I
I
kind
of
got
misunderstood
on
that
I'm,
not
pointing
that
this
should
be
Gateway
API.
What
I
was
saying
is
that
during
our
Network
policy
meetings,
we
were
kind
of
discussing
having
some
new
network
policy,
but
not
calling
that
V2,
because
we
are
not
never
gonna,
have
a
V2
right,
getting
compatibility
with
V1.
E
So
what
we've
been
thinking
actually
then
and
and
and
Andrea
was
creating
some
similar
thing
that
is
like
Network
policy
V2,
but
with
a
different
name
as
Gateway
API
was
like
the
Ingress
V2,
but
never
got.
That
was
never
the
Ingress
V2
right.
So
we
don't
have
this
kind
of
confusion,
and
probably
we
should
move
that
to
that
effort.
That's
that's
my
point
on
that.
I
H
H
H
But
is
that
something
that
kubernetes
defines
or
is
that
something
that
some
other
implementation
defines
like
istio
already
kind
of?
Does
this
right,
yeah,
Bridget
you're,
exactly
right,
istio
kind
of?
Does
this
already
transparently,
like
you
as
a
user,
you
don't
need
to
know
that
you're
using
a
service
mesh
and
it
can
do
packet
sniffing
or
it
can
be
disabled,
to
figure
out
what
L7
policies
it
wants
to
apply
and
then
there's
a
policy
language
that
it
uses
to
Define.
What
is
a
MySQL
policy?
A
I'm
particularly
wary
of
it
in
lieu
of
anybody
being
really
noisy
on
this
issue
like
doing
its
one
thing,
but
then
doing
it
when
nobody's
like
apparently
beating
down
our
door
to
do
it.
I
think
is
another,
so
I
I
would
lean
towards
we
close
the
issue
and
then,
if
somebody
really
wants
to
start
beating
down
our
door,
they
can,
and
we
can
reopen
it
and
talk
about
it
more.
E
F
F
F
H
It
there's
there's
an
opportunity
to
say
within
the
Gateway
framework.
This
is
where
you
would
attach
policy
resources,
but
policy
resources
aren't
defined
by
the
Gateway
API
and
standardization
doesn't
necessarily
mean
it
has
a
case.io
API.
It
could
mean
it
has
an
istio.io
API
or
it
has
a
psyllium.io
API,
because
those
are
both
cncf
projects
too,
like
we
don't
need
to
own
everything.
In
fact,
that's
poisonous
right.
That's.
G
That's
I
didn't
say
what
it
was,
but
I
mean
before
we
get
to
the
function.
That
can
do
it,
but
we
also
and
there's
nothing
here,
but
at
some
point
need
to
start
looking
at.
Should
we
try
to
do
something
around
quick
I
would
say
it's
really
really
hard
to
do.
Multiple
T
subp
we'll
have
more
and
more
encryption
everywhere.
So
so,
how
do
we
manage
that
from
a
from
a
service
perspective?
Are
we
asked
gonna
do
TCP
and
UDP
and
that's
it,
and
so,
where
would?
If
anyone
wants
you
to
do
quick?
H
A
H
We
got
as
far
as
actually
having
a
cap,
and
then
we
didn't
follow
through
with
it,
because
it
was
hard
and
there
wasn't
a
ton
of
obvious
demand.
I
think
everybody
thinks
yeah.
We
probably
need
to
do
this,
but
unless
somebody
feels
like
I
need
to
do
this,
it's
not
getting
done
and
I
will
note
that
it
is
currently
marked
as
life
cycle
Frozen,
which
I'm
going
to
remove
right
now
and
force
us
to
reevaluate
this
issue
periodically.
C
I
H
I
mean
what
I
recall
was
Port
ranges
were
simply
not
implementable.
In,
like
ipvs
like
there
isn't
a
affordance
in
ipbs
for
doing
a
range.
You
can
do
a
whole
IP
with
a
sort
of
weird
the
persistent
flag,
and
you
could
do
a
single
port,
but
you
couldn't
do
ranges
and
in
iptables
you
couldn't
do
remapping,
which
I
think
is
okay.
We
could
ignore
that
we
could
wave
that
feature
away
with
in
the
face
of
ranges,
but
you're
looking
at
NF
tables.
What
what
are
the
capabilities
of
NF
tables
here.
I
G
Use
it
as
a
notation
right,
that's
a
short
form
today.
What
you'll
do
if
you
want
to
automate
this?
Probably
that
you,
you
have
a
function
that
runs
over
you
sort
of
the
definition
with
the
port
with
the
range
and
makes
one
I
mean,
makes
it
the
single
entries.
You
could
do
the
same
thing
in
the
back
end
right.
Yes,
you
cannot
use
the
port
range.
G
You
will
have
to
generate
the
rule
for
every
port
in
the
range
which,
of
course,
can
be
very
costly
if
the
range
is
like
3000
ports,
but
anyone
doing
3000
ports
should
be
well
the
source
problems,
because
if
we
added
here,
you
also
probably
want
to
do
something
with
the
service
audio
map
interest.
You
want
to
have
a
service
over
ranges,
so.
H
G
G
H
H
Yeah
I
I,
don't
think
that's
a
practical
answer.
I
I
think
we
could
get
away
with
saying
here's
how
you
specify
the
whole
IP
will
be
forwarded
with
no
remapping,
but
I.
Don't
think
we
can
get
away
with
saying
like
realistically,
it's
either
list
your
specifically
list
your
ports
and
they
better
be
a
relatively
small
number
or
that's
it.
H
G
H
G
H
G
H
A
Yeah,
it
sounds,
it
seems
like
this
falls
into
the
Fairly
common
category.
We
have
of
things
that
are
open,
but
won't
be
moving
that
we
talked
about
last
time
and
we
need
to
come
up
with
some
kind
of
solutions
for,
but
like
removing
life
cycle.
Frozen
for
now
may
be
good
enough
as
an
action
I
think,
and
then
we
just
need
to
keep
following
up
on
how
we're
going
to
better
organize
some
of
these
issues
that
need
Champions,
which
I
think
this
is
basically
the
problem
that
we
have
here.