Why Service is the worst API in Kubernetes, and what we can do about it

Transcript

1. Google Cloud Platform Why Service is the worst API in

   Kubernetes, and what we can do about it KubeCon, Chicago Nov 6, 2023 Tim Hockin <[email protected]> @thockin

2. Google Cloud Platform “Service” is one of the oldest APIs

   in Kubernetes

3. Google Cloud Platform “Service” is one of the oldest APIs

   in Kubernetes $ git blame --ignore-rev bd7643c03339 pkg/apis/core/types.go | grep "type Service struct" ^2c4b3a562ce pkg/api/types.go (Joe Beda 2014-06-06 16:40:48 -0700 4358) type Service struct {

4. Google Cloud Platform “Service” is also one of the most

   widely used APIs in Kubernetes

5. Google Cloud Platform In-cluster virtual services

6. Google Cloud Platform In-cluster virtual services IP allocation

7. Google Cloud Platform In-cluster virtual services IP allocation Out-of-cluster loadbalancers

8. Google Cloud Platform In-cluster virtual services IP allocation Out-of-cluster loadbalancers

   Node-ports

9. Google Cloud Platform In-cluster virtual services IP allocation Out-of-cluster loadbalancers

   Node-ports DNS names & SRV

10. Google Cloud Platform In-cluster virtual services IP allocation Out-of-cluster loadbalancers

    Node-ports DNS names & SRV Name aliases

11. Google Cloud Platform In-cluster virtual services IP allocation Out-of-cluster loadbalancers

    Node-ports DNS names & SRV Name aliases LB health-checks

12. Google Cloud Platform In-cluster virtual services IP allocation Out-of-cluster loadbalancers

    Node-ports DNS names & SRV Name aliases LB health-checks Routing policy

13. Google Cloud Platform In-cluster virtual services IP allocation Out-of-cluster loadbalancers

    Node-ports DNS names & SRV Name aliases LB health-checks Routing policy Automatic endpoint management

14. Google Cloud Platform In-cluster virtual services IP allocation Out-of-cluster loadbalancers

    Node-ports DNS names & SRV Name aliases LB health-checks Routing policy Automatic endpoint management Manual endpoints

15. Google Cloud Platform In-cluster virtual services IP allocation Out-of-cluster loadbalancers

    Node-ports DNS names & SRV Name aliases LB health-checks Routing policy Automatic endpoint management Manual endpoints Session affinity

16. Google Cloud Platform In-cluster virtual services IP allocation Out-of-cluster loadbalancers

    Node-ports DNS names & SRV Name aliases LB health-checks Routing policy Automatic endpoint management Manual endpoints Session affinity Node implementation hints

17. Google Cloud Platform In-cluster virtual services IP allocation Out-of-cluster loadbalancers

    Node-ports DNS & SRV names Name aliases LB health-checks Routing policy Automatic endpoint management Manual endpoints Session affinity Node implementation hints Port mappings

18. Google Cloud Platform In-cluster virtual services IP allocation Out-of-cluster loadbalancers

    Node-ports DNS & SRV names Name aliases LB health-checks Routing policy Automatic endpoint management Manual endpoints Session affinity Node implementation hints Port mappings Simple firewall

19. Google Cloud Platform “Service” was designed to be simple! LoadBalancer

    NodePort ClusterIP

20. Google Cloud Platform As Kubernetes expanded and matured, we accumulated

    functionality: • Internal and external traffic policies • Dual-stack support • Topology awareness • LB Options • Don’t allocate NodePorts for LBs • Don’t allocate HCNPs

21. Google Cloud Platform The API that we laid out almost

    10 years ago is starting to limit how we can evolve But, we have a strong commitment to compat, which includes under-specified semantics!

22. Google Cloud Platform Is session affinity per-service or per-port?

23. Google Cloud Platform Are implementations required to consider port-protocol or

    just port number when routing?

24. Google Cloud Platform Is a Service immutable, or can it

    be updated?

25. Google Cloud Platform Service API does too many things for

    too many use-cases Service API is different from other APIs in too many subtle ways • Example: synchronous IP and node-port allocation

26. Google Cloud Platform Result: A complex API to use and

    maintain • Lots of inter-related fields • Hard to validate and test • Hard to document

27. Google Cloud Platform Result: Hard to extend • “All ports”

    is basically impossible • Port naming across protocols is clunky • Implementations need more and more knobs • Adding different types of LBs is challenging

28. Google Cloud Platform So...what are we going to do about

    it?

29. Google Cloud Platform Gateway API

30. Google Cloud Platform Application Operator Infrastructure Provider Cluster Operator

31. Google Cloud Platform Gateway (front door) Application Operator Infrastructure Provider

    Cluster Operator

32. Google Cloud Platform Gateway (front door) Gateway Class (which impl)

    Application Operator Infrastructure Provider Cluster Operator

33. Google Cloud Platform Gateway (front door) Gateway Class (which impl)

    Application Operator Infrastructure Provider Cluster Operator *Route *Route *Route

34. Google Cloud Platform Gateway (front door) Gateway Class (which impl)

    Application Operator Infrastructure Provider Cluster Operator *Route *Route *Route *Route *Route Service

35. Google Cloud Platform Gateway class=ClusterIP

36. Google Cloud Platform Gateway class=LoadBalancer

37. Google Cloud Platform Gateway class=LoadBalancer Gateway class=ClusterIP

38. Google Cloud Platform Legacy model, evolved GW LoadBalancer class=internal Pod

    Selector Cluster IP Service Name GW ClusterIP Cluster IP Service Name GW LoadBalancer class=external

39. Google Cloud Platform This is not a commitment! • Several

    of these pieces are already in progress • Some are barely sketched out • Gateway API is hitting 1.0 imminently ◦ That doesn’t include ClusterIP support, yet I am seeking feedback on the idea!