SIG-NETWORK: Updates and Directions
Conference: KubeCon + CloudNativeCon North America 2021
2021-10-13
Authors: Tim Hockin, Bowei Du
Summary
Updates and directions on Kubernetes Network Components presented at SIG-NETWORK conference
- SIG-NETWORK is responsible for Kubernetes network components such as pod networking, ingress and egress traffic, service abstractions, and network policies
- The SIG is focused on major projects such as dual stack support, gateway API for L4 and L7, and network policy improvements
- IPv4 v6 dual stack is now GA and services and pods now support both IPv4 and IPv6
- Gateway API has made significant progress towards v1 alpha 2 and aims to be role-oriented and extensible
- Reference policy governs whether or not a given resource is allowed to be referenced from another namespace
- A CVE was discovered in the 122-123 cycle regarding endpoint or endpoint slice APIs directing traffic with unintended effects
- The mitigation for this issue is to treat the ability to create, modify endpoint and endpoint slices as a privileged operation and remove this capability from the ordinary users of your cluster
Abstract
We will be presenting what has been going on in the Network SIG for the past few releases. The session will cover new and upcoming topics, including recent features and new APIs that are under development. Topics include: IPv6, Gateway API, Network Policy improvments, other improvements, as well as future directions for the rea. This session is mostly aimed at people who are already using Kubernetes, although new users are definitely welcome. Significant time will be allotted for Q&A, so bring your questions!
Materials: