Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KEP-4963: Kube-proxy Services Acceleration #4964

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

KEP-4963: Kube-proxy Services Acceleration #4964

wants to merge 1 commit into from
+505 −0

Conversation

aojea
Copy link
Member

@aojea aojea commented Nov 15, 2024
edited
Loading

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Nov 15, 2024
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: aojea
Once this PR has been reviewed and has the lgtm label, please assign soltysh for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the kind/kep Categorizes KEP tracking issues and PRs modifying the KEP directory label Nov 15, 2024
@k8s-ci-robot k8s-ci-robot added the sig/network Categorizes an issue or PR as relevant to SIG Network. label Nov 15, 2024
@aojea aojea changed the title KEP-4963: use flowtables to accelerate kube-proxy WIP - KEP-4963: use flowtables to accelerate kube-proxy Nov 15, 2024
@k8s-ci-robot k8s-ci-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Nov 15, 2024
@aojea aojea marked this pull request as draft November 15, 2024 05:01
@aojea aojea mentioned this pull request Nov 15, 2024
Open
4 tasks
@aojea aojea changed the title WIP - KEP-4963: use flowtables to accelerate kube-proxy KEP-4963: Kube-proxy Services Acceleration Nov 28, 2024
@aojea
KEP-4963: Kube-proxy Services Acceleration
8442122 
Use the kernel flowtables infrastructure to allow kube-proxy users to
accelerate service traffic.

Change-Id: Iee638c8e86a4d17ddbdb30901b4fb4fd20e7dbda
@aojea aojea marked this pull request as ready for review November 28, 2024 12:10
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Nov 28, 2024
@aojea
Copy link
Member Author

aojea commented Nov 28, 2024

/assign @thockin @danwinship

I leave up to you if is worth to go through the feature gate process if this is an opt-in option

adrianmoisey
adrianmoisey reviewed Nov 28, 2024
View reviewed changes
keps/sig-network/4963-kube-proxy-flowtables-fastpath/README.md

Once the network traffic moves to the datapath it completely bypass the kernel stack, so
any other network applications that depend on the packets going through the network stack (monitoring per example) we'll not be able to see the connection data. The feature will only
apply the fast path on established connections, since most of the network applications are statefuls, usually is safe to think that once a connection is established no additional operations are required on it.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Small typo:

Suggested change
apply the fast path on established connections, since most of the network applications are statefuls, usually is safe to think that once a connection is established no additional operations are required on it.
apply the fast path on established connections, since most of the network applications are stateful, usually is safe to think that once a connection is established no additional operations are required on it.

adrianmoisey
adrianmoisey reviewed Nov 28, 2024
View reviewed changes
keps/sig-network/4963-kube-proxy-flowtables-fastpath/README.md

This feature will only work with kube-proxy nftables mode.

Users will be able to opt-in to Service traffic acceleration by passing a CEL expression using the flag `--accelerated-interface-expression` or the configuration option `AcceleratedInterfaceExpression` to match the network interfaces in the node that are subjet to Service traffic acceleration. The absence of a CEL expression disables the feature.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Users will be able to opt-in to Service traffic acceleration by passing a CEL expression using the flag `--accelerated-interface-expression` or the configuration option `AcceleratedInterfaceExpression` to match the network interfaces in the node that are subjet to Service traffic acceleration. The absence of a CEL expression disables the feature.
Users will be able to opt-in to Service traffic acceleration by passing a CEL expression using the flag `--accelerated-interface-expression` or the configuration option `AcceleratedInterfaceExpression` to match the network interfaces in the node that are subject to Service traffic acceleration. The absence of a CEL expression disables the feature.

@adrianmoisey
Copy link
Member

I like this proposal. Giving users the choice to opt in makes a lot of sense and reduces risk.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adrianmoisey adrianmoisey adrianmoisey left review comments

@danwinship danwinship Awaiting requested review from danwinship

@jeremyrickard jeremyrickard Awaiting requested review from jeremyrickard

@johnbelamaric johnbelamaric Awaiting requested review from johnbelamaric

Assignees

@danwinship danwinship

@thockin thockin

Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/kep Categorizes KEP tracking issues and PRs modifying the KEP directory sig/network Categorizes an issue or PR as relevant to SIG Network. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@aojea @k8s-ci-robot @adrianmoisey @danwinship @thockin