KEP-2819: CNI traffic shaping support #2808
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: uablrek The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
kind/kep
|
/cc @thockin |
|
Should we retitle this to KEP-0012? |
|
If the number is still valid, yes. I don't know how the number is assigned. I read it is the trackíng number, but I don't know what that is. |
uablrek
changed the title
Now "CNI traffic shaping support" in KEP, issue and PR.
| "kubernetes.io/ingress-bandwidth": "10M", | ||
| "kubernetes.io/egress-bandwidth": "10M" |
There was a problem hiding this comment.
We should add these to https://kubernetes.io/docs/reference/labels-annotations-taints/
Co-authored-by: Tim Bannister <[email protected]>
|
/assign @thockin |
|
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
|
Is this still being pursued? Would be sad so see my proprietary implementations in various networks without going via the CNI. |
|
/remove-lifecycle stale |
k8s-ci-robot
removed
the
lifecycle/stale
There was a problem hiding this comment.
Given that Dockershim is out (even if it were to be reverted, that would be temporary) do we need to re-position this in terms of CRI? E.g. kubelet passes these annotations to the runtime via CRI and then containerd or CRI-O (or whatever) handle it in terms of CNI ?
|
Is this trying to hit 1.24 ? |
Um, does this only work with Dockershim? Sorry, I haven't tested this myself only relayed a wish to promote this feature from my stake-holders. I am using |
No. Considering the comments above. |
Thanks @sftim for the response. Is there any reference on the "extension APIs" you mentioned? I would like to take a look when I'm free. |
| "type": "bandwidth", | ||
| "runtimeConfig": { | ||
| "trafficShaping": { | ||
| "ingressRate": "X", |
There was a problem hiding this comment.
One of the problem with the existing annotation is that they rely on plugin-specific definitions of bandwidth and burst.
We should probably clearly define either
- Burst isn't required
- Burst has a precise definition (e.g. Bucket size is N percent / ratio of bandwidth)
https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/ |
|
|
||
| * [add traffic shaping support](https://github.com/kubernetes/kubernetes/pull/63194) | ||
|
|
||
| ## Drawbacks |
There was a problem hiding this comment.
The only drawback is a larger feature: bandwidth is not currently a scheduled resource. Do we want to consider adding node-egress-bandwidth to a pod's resources?
There was a problem hiding this comment.
This is made complicated by the fact that bandwidth is only accountable as a pod-level resource, rather than a container-level resource (barring serious trickery)
There was a problem hiding this comment.
brief outline of an approach
Someone who wants to can define an extended resource and assign that to a Pod. Pick something like “bits per second” because you can only have whole numbers of these.
Nodes can advertise their actual uplink as the available amount of that resource. Or, if we decide to, we could implement some cleverness around a particular extended resource where this doesn't hold (allowing overcommitment).
|
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
|
/remove-lifecycle stale |
k8s-ci-robot
removed
the
lifecycle/stale
| - "@m1093782566" | ||
| owning-sig: sig-network | ||
| participating-sigs: | ||
| status: implemented |
There was a problem hiding this comment.
Would that mean that this is generally available?
| status: implemented | |
| status: implementable |
|
|
||
| ## Alternatives | ||
|
|
||
| None |
There was a problem hiding this comment.
Let's document some alternative approaches.
Rather than using annotations, we could add the network restrictions to the Pod API.
That could allow the kubelet to report via .status whether the shaping was active. It also enables a richer control over flow shaping.
I'd prefer to see Pods refer indirectly to a custom resource, eg NetworkTrafficQuota, but still have the Pod report enforcement via its .status. (Why? Because you might have nodes where this works and other nodes where it doesn't).
|
The right way to handle this is some first-class API, but I am not sure yet
what it looks like. There are KEPs open on QoS and other things.
…On Thu, Dec 22, 2022 at 12:52 PM Tim Bannister ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In keps/sig-network/2819-CNI-traffic-shaping-support/kep.yaml
<#2808 (comment)>
:
> @@ -0,0 +1,35 @@
+title: CNI traffic shaping support
+kep-number: 2819
+authors:
+ - ***@***.***"
+ - ***@***.***"
+owning-sig: sig-network
+participating-sigs:
+status: implemented
Would that mean that this is generally available?
⬇️ Suggested change
-status: implemented
+status: implementable
------------------------------
In keps/sig-network/2819-CNI-traffic-shaping-support/README.md
<#2808 (comment)>
:
> +### CNI plugin part
+
+* [traffic shaping plugin](containernetworking/plugins#96)
+* [support runtime config](containernetworking/plugins#138)
+
+### Kubernetes part
+
+* [add traffic shaping support](kubernetes/kubernetes#63194)
+
+## Drawbacks
+
+None
+
+## Alternatives
+
+None
Let's document some alternative approaches.
Rather than using annotations, we could add the network restrictions to
the Pod API.
That could allow the kubelet to report via .status whether the shaping
was active. It also enables a richer control over flow shaping.
I'd prefer to see Pods refer indirectly to a custom resource, eg
NetworkTrafficQuota, but still have the Pod report enforcement via its
.status. (Why? Because you might have nodes where this works and other
nodes where it doesn't).
—
Reply to this email directly, view it on GitHub
<#2808 (review)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABKWAVBSYRI4CHWYB6UEQUDWOS5RHANCNFSM47YETHGA>
.
You are receiving this because you were assigned.Message ID:
***@***.***>
|
|
The Kubernetes project currently lacks enough contributors to adequately respond to all PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
|
The Kubernetes project currently lacks enough active contributors to adequately respond to all PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
k8s-ci-robot
added
lifecycle/rotten
|
/remove-lifecycle rotten |
k8s-ci-robot
removed
the
lifecycle/rotten
|
The Kubernetes project currently lacks enough contributors to adequately respond to all PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
|
The Kubernetes project currently lacks enough active contributors to adequately respond to all PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
k8s-ci-robot
added
lifecycle/rotten
|
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /close |
|
@k8s-triage-robot: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Note: This is not a new KEP. It is for regain tracking of an already-implemented feature (in alpha)
This KEP is revived to regain tracking for the traffic shaping feature. It was introduced in v1.9 (I think) but has not left "alpha" since 2018. The intention is to allow the function to graduate. (kubernetes/community#2202 (comment))
The original KEP was not merged or moved to kubernetes/enhancements.
Links