-
Notifications
You must be signed in to change notification settings - Fork 14.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add diagrams to The Kubernetes Network Model #32243
Comments
/sig network |
We could take inspiration - without any plagiarism, of course - from https://blog.neuvector.com/article/advanced-kubernetes-networking. /triage accepted |
It'd be nice to mix in some IPv6 examples. Kubernetes lets you use IPv6-only, IPv4-only or even dual-stack networking. |
/assign |
@sftim, I view this page as an intro-high-level intro that tees up the 4 x requirements discussion and more network concepts. IMHO, particular with k8s-cloud-network-newbies, keeping it simple would be appropriate for start. Diagrams on IPv6, IPv4, dual stack best belong (and badly needed) in /docs/concepts/services-networking/dual-stack/. |
@chrismetz09 I think you're recommending that we treat IPv4 as the stack we prefer and document, and relegate discussion of IPv6 to separate pages. We try not to favor one technology over another, overall. With that in mind, I'd like to see at least some mention of IPv6 being an option in the overview page. It might be that we can't find a way to get it in without confusing readers; however, our starting point should be to try. If illustrating things ends up easier where we've used all-IPv4 for an example, that's OK. In that case, let's add some text to explain that detail. I'm not sure if we can use images within tabs, but if we can, then we may actually be able to illustrate all three options and let readers compare. |
One key thing we should aim to convey with diagrams is that every pod in a cluster can address every other pod in a cluster; packets from one pod to any other pod should never yield a “no route to host” error. |
@sftim, thinking that classic container eth0, cbr0, vethx, etc. diagram is waaaay too complex for initial K8s network model discussion on this page Could lead complexity bloat quickly. This should be placed in new separate section, maybe combined with CNI, etc. |
Totally. |
@PriyanshuAhlawat, thanks for taking this on. If possible, please use Mermaid to hack the diagrams. This will facilitate collaboration and reviews for this interesting and important topic. Tx! |
Work on this important issue is very welcome. If anyone's made a start, please share what you have - even if it's not finished, that could help someone else move the work forward. |
Hey @PriyanshuAhlawat Are you still working on this issue, I would like to collaborate on this issue please. |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/assign |
/remove-lifecycle stale |
Looking over https://kubernetes.io/docs/concepts/services-networking/. New and/or experienced network person looking over K8s networking for the first time could find this difficult to parse. Simple pictures plus text edits is necessary. More detailed pictures with veths, namespaces, cbr0, cni etc. can be added at the bottom. This tees up the cluster networking discussion. I will hack up some pictures to illustrate. |
@chrismetz09 you might like to look at https://deploy-preview-30817--kubernetes-io-main-staging.netlify.app/docs/concepts/services-networking/service/ which illustrates how I hope the page will look within 12 months or so (see PR #30817) The existing diagrams have moved into the reference section: https://deploy-preview-30817--kubernetes-io-main-staging.netlify.app/docs/reference/networking/virtual-ips/ |
I don't have plans to make any significant change to https://kubernetes.io/docs/concepts/services-networking/ |
I do recommend putting more advanced / detailed information inside https://k8s.io/docs/reference/networking/ |
Got it, will go with that approach. |
#36671 generates 404. |
Some initial pointers: veth |
We might want to distinguish between:
|
Exactly what I was thinking! Keeping it simple we have: K8s network model: "IP-per-Pod", localhost for containers in same pod namespace, L2/IP networking for Inter-pod. |
|
Template diagram for pod networking between different hosts. This can be broken up into multiple diagrams, perhaps showing one with CNI-specific encaps and one with native L2/IP networking. Again just a template. Looking to keep it simple for readers wishing to understand the k8s network model. The diagrams and text would be added to k8s network model page. |
Feedback at this point is maybe don't use names |
@chrismetz09 if you're happy to, please feel free to open a PR. |
@PriyanshuAhlawat I don't see any updates; so unassigning you. Please feel free to assign, if you come back here again and are willing to work on 🙂 |
This issue has not been updated in over 1 year, and should be re-triaged. You can:
For more details on the triage process, see https://www.kubernetes.dev/docs/guide/issue-triage/ /remove-triage accepted |
It's tricky because this isn't about documenting a thing people already agree on. Instead, we need to find that agreement partly by proposing a model and then seeing what concerns people have. What we need to find is a shared understanding of what is core to Kubernetes networking. We need that understanding, perhaps as a sketch or wireframe or as a writeup, so that we can explain it and agree on how to explain it. This isn't a small ask, IMO. I can probably make time to facilitate a discussion around this, or to help smooth out disagreements on where the boundaries are. Maybe some other folks can too. Specifically, we need to take things out of the model. We won't show layer 2 (Kubernetes doesn't have opinions here), or packet filtering (Kubernetes doesn't really require it), or iptables. We really would prefer to abstract away kube-proxy because that is an implementation rather than the underlying model. It needs effort and it needs time from the key stakeholders (Docs, Network, Architecture). |
This is a Feature Request
What would you like to be added
Add diagrams to the The Kubernetes network model paragraphs.
Why is this needed
Readers, new and experienced, may find it difficult to visualize the concepts described in the Kubernetes network model intro discussion.
A couple of simple diagrams will assist readers in understanding and preparing them for the subsequent explanations of the Kubernetes networking concerns referenced at the bottom of the page.
Comments
Here is an example-hack diagram to accompany the
Kubernetes imposes the following ...
paragraphs. A diagram referral and caption described in the How to use captions section of the Diagram guide will further help the reader grasp this concept.Mermaid live editor link
Here is an example-hack diagram to accompany the
IP-per-pod
model description. Again, a diagram referral and caption will help the reader grasp this concept.Mermaid live editor link
The text was updated successfully, but these errors were encountered: