Dan Winship

> We had a hard time agreeing on what we should do to policy subjects when they don't have the tenancy labels (either no-op for these specific namespaces or group...

> Any option has this either/or switch to turn tenancy mode on, which is a bit ugly, but may be worth it to avoid extra CRDs. Well, we were avoiding...

OK, Nadia and I met to talk about this. I don't really like the current "Final suggestion" as proposed, because [it makes the common cases complicated](https://github.com/kubernetes-sigs/network-policy-api/pull/178#discussion_r1504711463) because you need both...

``` [FAILED] Unexpected error: : running [/usr/sbin/iptables -t nat -D POSTROUTING -s 10.1.2.2 -j CNI-43a5a67926c1a665ff4c21b7 -m comment --comment name: "testConfig" id: "dummy-0" --wait]: exit status 2: iptables v1.8.7 (nf_tables): Chain...

OpenShift internally uses haproxy, not nginx, for ingress, so I think we don't _directly_ care about this, though it's possible we care because of things customers are doing with nginx....

> ### Requested name for new repository > > kube-netpol Should bikeshed the name a bit; we don't really use "netpol" as an abbreviation anywhere other than `test/e2e/network/netpol/`. Also, if...

If this is purely a "reference implementation" then it should have a boring, obvious name. If we intend for it to actually be/become a viable option for use in production...

/retitle REQUEST: Create new repository for kube-network-policies (fix typo)

More discussion of kubelet-startup-network-readiness: https://github.com/kubernetes/kubernetes/issues/120486

> So the summary is - this is great improvement! We're roughly 2x better on all percentiles. > [TBH, I initially thought it would be even better, but that's still...