Google Cloud Platform SIG-Network Update Kubernetes Contributor Summit Dec 10, 2018 Bowei Du, Tim Hockin, Dan Williams, Dan Winship

Google Cloud Platform Major advancements in 2018 CNI traffic shaping: GA in 1.12 NetworkPolicy egress & CIDRs: GA in 1.12 IPVS kube-proxy: GA in 1.11 CoreDNS replaces kube-dns: GA in 1.11, by default in 1.13 Configure NodePort IPs: GA in 1.10

Google Cloud Platform In progress IPv6 support: alpha in 1.9 Custom pod DNS policy: beta in 1.10 Pod readiness gates: beta in 1.11 SCTP support: alpha in 1.12 Node-local DNS caching: alpha in 1.13

Google Cloud Platform Coming eventually (or not) Ingress revamp Dual-stack support Node-local Services Service/Endpoints revamp Multicast spec Windows

Google Cloud Platform Ingress Ingress is a lowest-common-denominator API Users are not happy with it • Too many annotations, most are not portable In 2018 we expect more from an L7 proxy! Was a hot topic at KubeCon 2017, much conflicting input, still not resolved Exploring alternate models, APIs, ideas

Google Cloud Platform IPv6 & Dual Stack Single-stack IPv6 is alpha now (needs CI) Dual-stack KEP is ~done Requires some significant changes • Multiple IPs for a single Pod (API change) • Multiple IPs for a single Service->Endpoint (API change) • Kube-proxy to run multiple modes • Kubelet to handle Pod hostPorts Could use more dev/test help!

Google Cloud Platform Node-local services & topology Clear demand for same-node Services Stalled for a while to investigate holistically After exploring, the simplest option seems sufficient (yay!) Some tricky corner-cases and scalability concerns Aiming for a limited alpha in 1.14

Google Cloud Platform Services v3 Services + Endpoints APIs “grew organically” • Kind of a grab-bag of features (aka “a disaster”) • Hard to use • Doesn’t scale well Need to start segmenting the “core” API group Opportunity to rethink and refactor • Endpoints -> Endpoint • Split the grouping construct from the input mechanisms • Maybe EOL some troublesome features

Google Cloud Platform Multicast spec Some plugins support multicast, some don’t Not clear which do or don’t Not all of them perform equally well Not clear what it means to multicast in k8s (e.g. what about namespaces?) KEP in progress to define behavior, but has to stay optional

Google Cloud Platform Windows Overall support is beta Some confusion around versions and feature support Some changes happening in kube-proxy to reach max parity Some incompatibilities in name resolution (e.g. search path) Some things just aren’t possible (e.g. hostNetwork)

Google Cloud Platform Non-core (for now) Multi-network Network service mesh Service mesh integrations

Google Cloud Platform Multi-network Tackling scenarios like NFV / MFV A Pod can be in multiple networks at once Caution to not repeat old mistakes - keep it simple Interesting intersection with devices, e.g. SRIOV SIG-Network Plumbing WG has a spec, (built on CNI) and impl (multus)

Google Cloud Platform Network service mesh Similar to service meshes, but L2/L3 rather than L4/L7 Handles more diverse needs by arbitrary controllers Enables arbitrary chains of “network services” Being developed out-of-core!

Google Cloud Platform Service mesh integrations Several systems, maturing rapidly Some of the ideas and APIs are pretty nice • not above stealing! Can’t be a default requirement Can be made to fit better, easier, more naturally, more completely

Google Cloud Platform Speculative Multi-cluster: can we do more to enable these use-cases? CNFs: deeper network configuration

Google Cloud Platform Maybe? Net plugins via GRPC DNS schema Reboot More policy (DNS, hostname grants)

Google Cloud Platform Net plugins, gRPC, Services Tighter coupling between net plugins and kube-proxy could be useful Maybe Services are an artifact of the net plugins? Other plugins are using gRPC, why not this?

Google Cloud Platform DNS Reboot We abuse DNS We messed up our DNS schema Changing it is hard (if we care about compatibility - which we do) Can we fix DNS spec or use “enlightened” DNS servers?

Google Cloud Platform Moar policy Always a need for more ways to specify policy Discussed: per-namespace and per-cluster default DNS policy Discussed: per-namespace “which hostnames can I use” policy

Google Cloud Platform There’s probably more Sorry...