KEP-3396: WebSocket protocol enhancements #3401
Conversation
ash2k
commented
Jun 16, 2022
•
ash2k
commented
- One-line PR description: this is a KEP to enhance WebSocket protocol in API server and migrate some kubectl commands to WebSocket from SPDY.
- Issue link: WebSocket protocol enhancements #3396
- Other comments: it is my first KEP and I need help to flesh it out.
k8s-ci-robot
added
cncf-cla: yes
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: ash2k The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
kind/kep
k8s-ci-robot
added
the
sig/api-machinery
ash2k
force-pushed
the
3396-websocket-kep
branch
from
085c930 to
eb6dfb6
Compare
k8s-ci-robot
added
the
do-not-merge/work-in-progress
keps/sig-api-machinery/3396-websocket-protocol-enhancements/README.md
Outdated
Show resolved
Hide resolved
ash2k
force-pushed
the
3396-websocket-kep
branch
from
eb6dfb6 to
5424a6a
Compare
k8s-ci-robot
removed
the
do-not-merge/work-in-progress
keps/sig-api-machinery/3396-websocket-protocol-enhancements/README.md
Outdated
Show resolved
Hide resolved
keps/sig-api-machinery/3396-websocket-protocol-enhancements/README.md
Outdated
Show resolved
Hide resolved
| The "Design Details" section below is for the real | ||
| nitty-gritty. | ||
| --> | ||
|
|
There was a problem hiding this comment.
| - Update the WebSocket support in the API server. Support a v5 framing protocol on top of WebSocket. |
?
There was a problem hiding this comment.
My understanding is that this section describes what changes this KEP is proposing. What you are suggesting is HOW to implement those changes, so I think it doesn't need to be here 🤷
| An alternative is to try to establish `v5.channel.k8s.io` and fall back to `SPDY/3.1` but that is 2x | ||
| the number of requests when newer client is used with an older server. Perhaps this is acceptable | ||
| since `exec`, `attach`, and `cp` are I/O-heavy anyway and are not used all the time. This is a temporary | ||
| overhead, eventually this situation will become less and less frequent as servers upgrade to a version with | ||
| the new protocol. If the overhead is not acceptable, user can almost always use a client of a matching version. | ||
| At some point SPDY support should be removed and this problem will go away completely. |
There was a problem hiding this comment.
Consider moving this under ## Alternatives, and replace the moved text with a link to it.
There was a problem hiding this comment.
This is an alternative to the protocol negotiation section only, not to the whole proposal. I think it will be out of context if move to another section.
| If we have a new protocol, then older servers will not have support for it. In that case a newer client will try | ||
| v5 but an older server will not accept that. To be backwards compatible, ideally client should use the intended | ||
| mechanism that HTTP `Upgrade` provides - send a list of protocols. I.e. client would send a header with | ||
| something like `Upgrade: v5.channel.k8s.io, SPDY/3.1` and server would pick a protocol it supports, | ||
| taking into account client's preference (the list is ordered). | ||
|
|
||
| The difficulty with the above is that both Gorilla WebSocket and SPDY libraries are not built to allow to | ||
| use them this way. Both encapsulate negotiation, and you cannot compose them to get the above behavior. | ||
| Refactoring them is not an option since SPDY is dead and nobody will spend time on the library and Gorilla | ||
| WebSocket is [looking for maintainers](https://github.com/gorilla/websocket/issues/370) and hence | ||
| a PR is unlikely to get merged quickly even if at all (since this is a big API addition/change). |
There was a problem hiding this comment.
Perhaps the Kubernetes API could provide a way for the cluster to expose what protocols it can negotiate?
Eg, GET /api/v1alpha1/protocol-availability (or something similar)
There was a problem hiding this comment.
This wouldn't reduce the number of API calls compared to what is being suggesting in this PR right now. The current suggestion will do 1 more call temporarily, and only when client is newer than the server. Eventually old clients will come out of use and clients will not be affected anymore.
| <!-- | ||
| What other approaches did you consider, and why did you rule them out? These do | ||
| not need to be as detailed as the proposal, but should include enough | ||
| information to express the idea and why it was not acceptable. | ||
| --> |
There was a problem hiding this comment.
One alternative I'd hope to see listed is WebRTC data channels. We should document what this might look like and briefly state why this isn't a good choice (it's really complicated, for a start).
There was a problem hiding this comment.
:) There are probably a few protocols that can mux multiple streams on top of TCP. We don't need to list them all. I only want to solve the problem with a small organic change, don't want to rework how Kubernetes does streaming (not a goal of this KEP). Kubernetes already has WebSocket support, so that's what I want to use, just an improved version.
There was a problem hiding this comment.
Added this explicitly as not a goal.
|
BTW @ash2k the PR description still says that this is a draft - is that right? |
k8s-ci-robot
added
size/L
|
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
|
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
k8s-ci-robot
added
lifecycle/rotten
|
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /close |
|
@k8s-triage-robot: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
