kubernetes network model

docs/kube.yml

@@ -67,6 +67,7 @@ chapters:
   - versions-k8s.md
   - sampleapp.md
 - - concepts-k8s.md
+  - kubenet.md
   - kubectlget.md
   - setup-k8s.md
   - kubectlrun.md

docs/kubenet.md

@@ -0,0 +1,81 @@
+# Kubernetes network model
+
+- TL,DR:
+
+  *Our cluster (nodes and pods) is one big flat IP network.*
+
+--
+
+- In detail:
+
+ - all nodes must be able to reach each other, without NAT
+
+ - all pods must be able to reach each other, without NAT
+
+ - pods and nodes must be able to reach each other, without NAT
+
+ - each pod is aware of its IP address (no NAT)
+
+- Kubernetes doesn't mandate any particular implementation
+
+---
+
+## Kubernetes network model: the good
+
+- Everything can reach everything
+
+- No address translation
+
+- No port translation
+
+- No new protocol
+
+- Pods cannot move from a node to another and keep their IP address
+
+- IP addresses don't have to be "portable" from a node to another
+
+  (We can use e.g. a subnet per node and use a simple routed topology)
+
+- The specification is simple enough to allow many various implementations
+
+---
+
+## Kubernetes network model: the bad and the ugly
+
+- Everything can reach everything
+
+  - if you want security, you need to add network policies
+
+  - the network implementation that you use needs to support them
+
+- There are literally dozens of implementations out there
+
+  (15 are listed in the Kubernetes documentation)
+
+- It *looks like* you have a level 3 network, but it's only level 4
+
+  (The spec requires UDP and TCP, but not port ranges or arbitrary IP packets)
+
+- `kube-proxy` is on the data path when connecting to a pod or container,
+  <br/>and it's not particularly fast (relies on userland proxying or iptables)
+
+---
+
+## Kubernetes network model: in practice
+
+- The nodes that we are using have been setup to use Weave
+
+- We don't endorse Weave in a particular way, it just Works For Us
+
+- Don't worry about the warning about `kube-proxy` performance
+
+- Unless you:
+
+  - routinely saturate 10G network interfaces
+
+  - count packet rates in millions per second
+
+  - run high-traffic VOIP or gaming platforms
+
+  - do weird things that involve millions of simultaneous connections
+    <br/>(in which case you're already familiar with kernel tuning)

docs/setup-k8s.md

@@ -54,9 +54,8 @@
 
 - On a local machine:
   [minikube](https://kubernetes.io/docs/getting-started-guides/minikube/),
-  [kubespawn](https://github.com/kinvolk/kube-spawn)
-
-  FIXME
+  [kubespawn](https://github.com/kinvolk/kube-spawn),
+  [Docker4Mac (coming soon)](https://beta.docker.com/)
 
 - If you want something customizable:
   [kubicorn](https://github.com/kris-nova/kubicorn)
@@ -64,5 +63,3 @@
   Probably the closest to a multi-cloud/hybrid solution so far, but in development
 
 - Also, many commercial options!
-
-  FIXME