Revise glossary entry for kube-proxy #15172
Conversation
k8s-ci-robot
added
priority/backlog
|
Deploy preview for kubernetes-io-master-staging ready! Built with commit 3bf62ab https://deploy-preview-15172--kubernetes-io-master-staging.netlify.com |
|
/assign @MistyHacks |
|
|
||
| kube-proxy maintains network rules on nodes so that sessions (that |
There was a problem hiding this comment.
I think this can be improved by more active voice:
kube-proxy maintains network rules on nodes, such as iptables rules on Linux nodes or <what is this called on Windows nodes??> on Windows Server nodes. These network rules allow network communication to your Pods from network sessions inside or outside of your cluster.
There was a problem hiding this comment.
That's good feedback @MistyHacks. I think the wording I proposed is not strictly wrong but it would be misleading, especially for less common cluster configutations. On Windows nodes (and Linux nodes where iptables isn't available) I think kube-proxy is a userland proxy for TCP & SCTP. For UDP, kube-proxy in userland mode acts as a rewriting UDP forwarder.
There are acceleration options on Linux and, AFAIK, just Linux.
Sometimes kube-proxy manages the list of rules and implements the forwarding itself. Sometimes, kube-proxy gets OS kernel help: it manages the list of rules and lets another component do the forwarding (iptables mode / ipvs mode). iptables mode and ipvs mode are more efficient than userland forwarding.
Also relevant:
There was a problem hiding this comment.
Maybe “an internal set of traffic forwarding rules” would work for Windows(?)
There was a problem hiding this comment.
How about this rewording?
sftim
changed the title
k8s-ci-robot
added
the
do-not-merge/work-in-progress
|
Marked this as WIP. To find the right new wording, I need to take more care than I'd realized. Comments & suggestions: welcome! |
sftim
force-pushed
the
20190627_kube-proxy_glossary_update
branch
from
cf2131e to
8804322
Compare
sftim
changed the title
k8s-ci-robot
removed
the
do-not-merge/work-in-progress
|
|
||
| kube-proxy can optionally copy those rules to the operating system's packet | ||
| filtering layer (eg iptables on Linux). Using the OS' packet filtering layer |
There was a problem hiding this comment.
consider avoiding Latin (eg). Also you should put iptables in backticks. Also don't use plural possessive for "OS'". You could reword this to "To improve performance, kube-proxy can optionally....." But can you provide some info about when it would or wouldn't improve performance? Presumably there is a trade-off since it's not enabled by default.
There was a problem hiding this comment.
kube-proxy uses the operating system packet filtering layer if there is one and it's available. I'll say that.
sftim
force-pushed
the
20190627_kube-proxy_glossary_update
branch
from
8804322 to
6bab083
Compare
|
/lgtm You can lift the hold after you've made the final change. Thanks! |
k8s-ci-robot
added
do-not-merge/hold
- Mark as relevant to networking. - Unmark as a core object. kube-proxy is not an API object. - Fix hyperlink to reference docs. - Include hyperlink in definition. This is used in /docs/concepts/overview/components/ - Revise wording.
sftim
force-pushed
the
20190627_kube-proxy_glossary_update
branch
from
6bab083 to
3bf62ab
Compare
k8s-ci-robot
removed
the
lgtm
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mistyhacks The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/hold cancel |
k8s-ci-robot
removed
the
do-not-merge/hold
|
(also needs an |
|
It's a funny quirk but you an supply that LGTM, as the author. But I'll do it for you again. SOrry for the churn. /lgtm |
k8s-ci-robot
added
the
lgtm
|
Thanks. It feels odd to |
/priority backlog