-
Notifications
You must be signed in to change notification settings - Fork 14.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add blog article: Kubernetes v1.26: Advancements in Kubernetes Traffic Engineering #37648
Conversation
✅ Pull request preview available for checkingBuilt without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify site settings. |
HI @andrewsykim, Comms Shadow for the 1.26 release here. This feature blog is tracked for release, the deadline for submitting the draft is November 29. |
Hello @andrewsykim , we're doing a global reminder about submitting a draft for review for all opted-in feature blogs. If it's at all possible, it is very helpful for the release team to have drafts submitted for review before the hard deadline date, to better plan the release dates and avoid missing out. Thank you! |
@fsmunoz I have a working draft in a google doc, I'll have it copied over here sometime today or tomorrow |
eaa7926
to
c1c14e7
Compare
Thank you @andrewsykim , moving tracking for Ready for Review! |
/label tide/merge-method-squash |
c1c14e7
to
582448e
Compare
/remove-label tide/merge-method-squash |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks
/retitle [WIP] Add blog article: Kubernetes v1.26: Advancements in Kubernetes Traffic Engineering
If you have SVG images, or can get them, that's even better.
Kubernetes v1.26 includes significant advancements in traffic engineering with the graduation of the | ||
`ServiceInternalTrafficPolicy` and `EndpointSliceTerminatingCondition` features to GA and the | ||
`ProxyTerminatingEndpoints` feature to Beta. The combination of these enhancements aim to address | ||
short-comings in traffic engineering today and unlock new capabilities for the future. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Kubernetes v1.26 includes significant advancements in traffic engineering with the graduation of the | |
`ServiceInternalTrafficPolicy` and `EndpointSliceTerminatingCondition` features to GA and the | |
`ProxyTerminatingEndpoints` feature to Beta. The combination of these enhancements aim to address | |
short-comings in traffic engineering today and unlock new capabilities for the future. | |
Kubernetes v1.26 includes significant advancements in network traffic engineering with the graduation of | |
two features (Service internal traffic policy support, and EndpointSlice terminating conditions) GA, | |
and a third feature (Proxy terminating endpoints) `ProxyTerminatingEndpoints` feature to beta. | |
The combination of these enhancements aims to address short-comings in traffic engineering that | |
people face today, and unlock new capabilities for the future. |
No need to name the feature gates in the introduction; better to let people know that detail later,
if needed.
|
||
## Traffic Loss from Load Balancers During Rolling Updates | ||
|
||
Prior to Kubernetes v1.26, [clusters can experience loss of traffic](https://github.com/kubernetes/kubernetes/issues/85643) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Prior to Kubernetes v1.26, [clusters can experience loss of traffic](https://github.com/kubernetes/kubernetes/issues/85643) | |
Prior to Kubernetes v1.26, clusters could experience [loss of traffic](https://github.com/kubernetes/kubernetes/issues/85643) |
from Service load balancers during rolling updates when setting the `externalTrafficPolicy` field to `Local`. | ||
There are a lot of moving parts at play here so a quick overview of how Kubernetes manages load balancers might help! | ||
|
||
In Kubernetes, you can create a Service with Type=LoadBalancer to expose an application externally with a load balancer. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In Kubernetes, you can create a Service with Type=LoadBalancer to expose an application externally with a load balancer. | |
In Kubernetes, you can create a Service with `type: LoadBalancer` to expose an application externally with a load balancer. |
YAML is the norm; JSON is a fallback. Type=LoadBalancer
isn't part of the API either way (it's more like Golang).
``` | ||
|
||
Under the hood, Kubernetes allocates a NodePort for the Service, which is then used by kube-proxy to provide a | ||
network data path from the NodePort to the Pod. A controller running in the Kubernetes Control Plane will then |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
network data path from the NodePort to the Pod. A controller running in the Kubernetes Control Plane will then | |
network data path from the NodePort to the Pod. A controller will then |
The boundary is blurred here; you can set service.kubernetes.io/service-proxy-name
on a Service and use your own load balancer. We can assume that the thing watching for Services is a controller, though.
add all available Nodes in the cluster to the load balancer’s backend pool, using the designated NodePort for | ||
the Service as the backend target port. | ||
|
||
{{< figure src="traffic-engineering-service-load-balancer.png" alt="Figure 1: Overview of Service Load Balancers" >}} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(nit) You can caption the image rather than setting the figure name only in the alt
attribute.
the more likely this will happen, since the load balancer will take longer to realize that a node is no longer | ||
healthy and unable to accept traffic. This also occurred when Pods started terminating during rolling updates, | ||
specifically when a Node went from N to 0 healthy pods because Kubernetes does not consider terminating Pods | ||
as “Ready”, regardless of their readiness probes. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
as “Ready”, regardless of their readiness probes. | |
as `Ready`, regardless of their readiness probes. |
Starting in Kubernetes v1.26, kube-proxy enables the `ProxyTerminatingEndpoints` feature by default, which | ||
adds automatic failover and routing to terminating endpoints in scenarios where the traffic would otherwise | ||
be dropped. More specifically, when there is a rolling update and a Node only contains terminating replicas, | ||
kube-proxy will route traffic to the terminating replicas as long as their readiness probes are passing. | ||
By doing so, kube-proxy provides the external load balancer a window of time to gracefully steer traffic | ||
away from the Node after its next health check probe. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this right:
Starting in Kubernetes v1.26, kube-proxy enables the `ProxyTerminatingEndpoints` feature by default, which | |
adds automatic failover and routing to terminating endpoints in scenarios where the traffic would otherwise | |
be dropped. More specifically, when there is a rolling update and a Node only contains terminating replicas, | |
kube-proxy will route traffic to the terminating replicas as long as their readiness probes are passing. | |
By doing so, kube-proxy provides the external load balancer a window of time to gracefully steer traffic | |
away from the Node after its next health check probe. | |
Starting in Kubernetes v1.26, kube-proxy defaults to using _proxy terminating endpoints_ behavior. The | |
kube-proxy spots when traffic arrives that is destined to a terminating endpoint, and avoids some scenarios where the traffic would otherwise be dropped. | |
More specifically, when there is a rolling update and a Node only contains terminating replicas, | |
kube-proxy routes traffic to the terminating replicas only as long as their readiness probes are passing. | |
By doing so, kube-proxy provides the external load balancer a window of time to gracefully steer traffic | |
away from the Node after its next health check probe. | |
If there are no local healthy replicas, kube-proxy looks for another node with healthy endpoints and | |
tries to send the traffic there. |
?
I'm worried that readers won't work out how the new behavior is different.
@@ -0,0 +1 @@ | |||
PLACEHOLDER |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remember to remove this file.
/hold OK to unhold once this has a publication date assigned. |
61b0d45
to
2587e40
Compare
2587e40
to
1fdab41
Compare
Hello, Comms Lead for v1.26 here: this Feature Blog PR is confirmed for the post-release Feature Blog series. We will add the publishing date in the next days. Thank you for your work! |
c3deeb1
to
c466ce9
Compare
Signed-off-by: Andrew Sy Kim <[email protected]>
c466ce9
to
ed681db
Compare
Let's publish this on the 30th of December. |
Hello, Comms Lead for v1.26 here. The publication order and date for the Feature Blog series has been finalised and the tracking board updated (cf. discussion). The publication date for this article is 30-12-2022 (December 30). Thanks! |
@sftim I think the latest commits addressed the comments/suggestions, would you say this is ready to publish? |
/approve Don't merge this until v1.26 is released. |
The publication date in this PR is wrong; it should be 2022-12-30 /approve cancel Between now and publication it would be great to get SVG versions of the images. |
Thank you @sftim - @andrewsykim , could you correct the publication date to 2022-12-30 ? |
--- | ||
layout: blog | ||
title: "Kubernetes v1.26: Advancements in Kubernetes Traffic Engineering" | ||
date: 2022-11-28 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
date: 2022-11-28 | |
date: 2022-12-30 |
Please also change the path content/en/blog/_posts/2022-11-28-advancements-in-traffic-engineering/index.md
to match.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated publication date, thanks
Signed-off-by: Andrew Sy Kim <[email protected]>
Thanks /lgtm |
LGTM label has been added. Git tree hash: 656eea21d1090fec3c7dafee708e02880c174c91
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: sftim The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/hold cancel |
Signed-off-by: Andrew Sy Kim [email protected]
Add feature blog placeholder PR for KEP-2086