SIG-Network Update: KubeCon NA 2018, Contributor Summit

Transcript

1. Google Cloud Platform SIG-Network Update Kubernetes Contributor Summit Dec 10,

   2018 Bowei Du, Tim Hockin, Dan Williams, Dan Winship

2. Google Cloud Platform Major advancements in 2018 CNI traffic shaping:

   GA in 1.12 NetworkPolicy egress & CIDRs: GA in 1.12 IPVS kube-proxy: GA in 1.11 CoreDNS replaces kube-dns: GA in 1.11, by default in 1.13 Configure NodePort IPs: GA in 1.10

3. Google Cloud Platform In progress IPv6 support: alpha in 1.9

   Custom pod DNS policy: beta in 1.10 Pod readiness gates: beta in 1.11 SCTP support: alpha in 1.12 Node-local DNS caching: alpha in 1.13

4. Google Cloud Platform Coming eventually (or not) Ingress revamp Dual-stack

   support Node-local Services Service/Endpoints revamp Multicast spec Windows

5. Google Cloud Platform Ingress Ingress is a lowest-common-denominator API Users

   are not happy with it • Too many annotations, most are not portable In 2018 we expect more from an L7 proxy! Was a hot topic at KubeCon 2017, much conflicting input, still not resolved Exploring alternate models, APIs, ideas

6. Google Cloud Platform IPv6 & Dual Stack Single-stack IPv6 is

   alpha now (needs CI) Dual-stack KEP is ~done Requires some significant changes • Multiple IPs for a single Pod (API change) • Multiple IPs for a single Service->Endpoint (API change) • Kube-proxy to run multiple modes • Kubelet to handle Pod hostPorts Could use more dev/test help!

7. Google Cloud Platform Node-local services & topology Clear demand for

   same-node Services Stalled for a while to investigate holistically After exploring, the simplest option seems sufficient (yay!) Some tricky corner-cases and scalability concerns Aiming for a limited alpha in 1.14

8. Google Cloud Platform Services v3 Services + Endpoints APIs “grew

   organically” • Kind of a grab-bag of features (aka “a disaster”) • Hard to use • Doesn’t scale well Need to start segmenting the “core” API group Opportunity to rethink and refactor • Endpoints -> Endpoint • Split the grouping construct from the input mechanisms • Maybe EOL some troublesome features

9. Google Cloud Platform Multicast spec Some plugins support multicast, some

   don’t Not clear which do or don’t Not all of them perform equally well Not clear what it means to multicast in k8s (e.g. what about namespaces?) KEP in progress to define behavior, but has to stay optional

10. Google Cloud Platform Windows Overall support is beta Some confusion

    around versions and feature support Some changes happening in kube-proxy to reach max parity Some incompatibilities in name resolution (e.g. search path) Some things just aren’t possible (e.g. hostNetwork)

11. Google Cloud Platform Non-core (for now) Multi-network Network service mesh

    Service mesh integrations

12. Google Cloud Platform Multi-network Tackling scenarios like NFV / MFV

    A Pod can be in multiple networks at once Caution to not repeat old mistakes - keep it simple Interesting intersection with devices, e.g. SRIOV SIG-Network Plumbing WG has a spec, (built on CNI) and impl (multus)

13. Google Cloud Platform Network service mesh Similar to service meshes,

    but L2/L3 rather than L4/L7 Handles more diverse needs by arbitrary controllers Enables arbitrary chains of “network services” Being developed out-of-core!

14. Google Cloud Platform Service mesh integrations Several systems, maturing rapidly

    Some of the ideas and APIs are pretty nice • not above stealing! Can’t be a default requirement Can be made to fit better, easier, more naturally, more completely

15. Google Cloud Platform Speculative Multi-cluster: can we do more to

    enable these use-cases? CNFs: deeper network configuration

16. Google Cloud Platform Maybe? Net plugins via GRPC DNS schema

    Reboot More policy (DNS, hostname grants)

17. Google Cloud Platform Net plugins, gRPC, Services Tighter coupling between

    net plugins and kube-proxy could be useful Maybe Services are an artifact of the net plugins? Other plugins are using gRPC, why not this?

18. Google Cloud Platform DNS Reboot We abuse DNS We messed

    up our DNS schema Changing it is hard (if we care about compatibility - which we do) Can we fix DNS spec or use “enlightened” DNS servers?

19. Google Cloud Platform Moar policy Always a need for more

    ways to specify policy Discussed: per-namespace and per-cluster default DNS policy Discussed: per-namespace “which hostnames can I use” policy

20. Google Cloud Platform There’s probably more Sorry...