diff --git a/docs/kube.yml b/docs/kube.yml
index a3753d4d..3e23dbb0 100644
--- a/docs/kube.yml
+++ b/docs/kube.yml
@@ -67,6 +67,7 @@ chapters:
- versions-k8s.md
- sampleapp.md
- - concepts-k8s.md
+ - kubenet.md
- kubectlget.md
- setup-k8s.md
- kubectlrun.md
diff --git a/docs/kubenet.md b/docs/kubenet.md
new file mode 100644
index 00000000..a75a413d
--- /dev/null
+++ b/docs/kubenet.md
@@ -0,0 +1,81 @@
+# Kubernetes network model
+
+- TL,DR:
+
+ *Our cluster (nodes and pods) is one big flat IP network.*
+
+--
+
+- In detail:
+
+ - all nodes must be able to reach each other, without NAT
+
+ - all pods must be able to reach each other, without NAT
+
+ - pods and nodes must be able to reach each other, without NAT
+
+ - each pod is aware of its IP address (no NAT)
+
+- Kubernetes doesn't mandate any particular implementation
+
+---
+
+## Kubernetes network model: the good
+
+- Everything can reach everything
+
+- No address translation
+
+- No port translation
+
+- No new protocol
+
+- Pods cannot move from a node to another and keep their IP address
+
+- IP addresses don't have to be "portable" from a node to another
+
+ (We can use e.g. a subnet per node and use a simple routed topology)
+
+- The specification is simple enough to allow many various implementations
+
+---
+
+## Kubernetes network model: the bad and the ugly
+
+- Everything can reach everything
+
+ - if you want security, you need to add network policies
+
+ - the network implementation that you use needs to support them
+
+- There are literally dozens of implementations out there
+
+ (15 are listed in the Kubernetes documentation)
+
+- It *looks like* you have a level 3 network, but it's only level 4
+
+ (The spec requires UDP and TCP, but not port ranges or arbitrary IP packets)
+
+- `kube-proxy` is on the data path when connecting to a pod or container,
+
and it's not particularly fast (relies on userland proxying or iptables)
+
+---
+
+## Kubernetes network model: in practice
+
+- The nodes that we are using have been setup to use Weave
+
+- We don't endorse Weave in a particular way, it just Works For Us
+
+- Don't worry about the warning about `kube-proxy` performance
+
+- Unless you:
+
+ - routinely saturate 10G network interfaces
+
+ - count packet rates in millions per second
+
+ - run high-traffic VOIP or gaming platforms
+
+ - do weird things that involve millions of simultaneous connections
+
(in which case you're already familiar with kernel tuning)
diff --git a/docs/setup-k8s.md b/docs/setup-k8s.md
index dff334f1..ac3fbd0d 100644
--- a/docs/setup-k8s.md
+++ b/docs/setup-k8s.md
@@ -54,9 +54,8 @@
- On a local machine:
[minikube](https://kubernetes.io/docs/getting-started-guides/minikube/),
- [kubespawn](https://github.com/kinvolk/kube-spawn)
-
- FIXME
+ [kubespawn](https://github.com/kinvolk/kube-spawn),
+ [Docker4Mac (coming soon)](https://beta.docker.com/)
- If you want something customizable:
[kubicorn](https://github.com/kris-nova/kubicorn)
@@ -64,5 +63,3 @@
Probably the closest to a multi-cloud/hybrid solution so far, but in development
- Also, many commercial options!
-
- FIXME