Update iptables perf / KEP-3453 discussion for 1.27

[danwinship]

This is an update for a feature going to beta, so I assume it belongs on dev-1.27, but that branch doesn't seem to be up-to-date? In particular, it doesn't have #38435, which this rewrites.

(I moved the feature-specific section because it seemed to make more sense to talk about that first now, since it's enabled by default.)

/cc @sftim @aojea

[netlify]

✅ Pull request preview available for checking

Built without sensitive environment variables

Name	Link
🔨 Latest commit	14263a3
🔍 Latest deploy log	https://app.netlify.com/sites/kubernetes-io-main-staging/deploys/63e3deaa6d1d150008913e87
😎 Deploy Preview	https://deploy-preview-39188--kubernetes-io-main-staging.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site settings.

[sftim]

/hold

This PR needs to target dev-1.27 (it's OK to wait until dev-1.27 incorporates everything that's in main today).

OK to unhold once we fix the base branch.

[sftim]

/sig network

[sftim]

Thanks

For beta, please also revise the text that talks about Endpoints - refer to EndpointSlices if you can. I'm assuming that kube-proxy actually watches EndpointSlices these days (if not, we ought to document that detail somewhere else, and can file an issue to track that).

[sftim]

We avoid documenting transitions between versions within the reference docs (exception: https://kubernetes.io/docs/reference/using-api/deprecation-guide/ and friends). As docs and features move towards GA, this approach becomes more important.

As a result, this information probably belongs in the post-release blog article and in the v1.27 release notes.
The PR that adds the blog article can also update this page to link there, and we can merge that on release day provided that folks plan ahead and get everything ready for review in plenty of time.

[danwinship]

ok, it's already in the release note for kubernetes/kubernetes#115138

[sftim]

The next step is to cut out or reword this section - otherwise, you'll need to commit SIG Network to maintaining this and updating it for the v1.28 release, when this wording will be stale.

[sftim]

Try to describe the current state of Kubernetes, post-release. Eg:

By default, the `kube-proxy` component of Kubernetes {{< skew currentVersion >}}
aggregates its updates to `iptables` rules.
Previous versions of Kubernetes (before v1.27) did not default to this behavior, and
FIXME - what does this mean for a cluster operator?

[danwinship]

For beta, please also revise the text that talks about Endpoints - refer to EndpointSlices if you can.

Changed one "Endpoints" to "EndpointSlices" and another to "endpoints"; we still use lowercase-e "endpoints" in many places to refer to endpoints as a general idea

[sftim]

Once this targets the right branch, I think it'll be good to go in. The tweaks I'm suggesting here aren't blockers.

[danwinship]

/hold cancel
this was marked /hold because it was originally targeting main, but that's fixed now

[aojea]

/lgtm

[k8s-ci-robot]

LGTM label has been added.

Git tree hash: a98f36df84ff9151f057b7a4057615214788712a

[sftim]

/lgtm

with further tweaks available

[tengqm]

/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: tengqm

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• content/en/OWNERS [tengqm]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[tengqm]

/lgtm
again

[k8s-ci-robot]

LGTM label has been added.

Git tree hash: 0aecedf4a7beb71a26ebdc72f92202d5ffbf9570