add service topology kep

Author: m1093782566

keps/NEXT_KEP_NUMBER

@@ -1 +1 @@
-31
+32

keps/sig-network/0031-service-topology.md

@@ -0,0 +1,218 @@
+---
+kep-number: 31
+title: Topology-aware service routing
+status: Pending
+authors:
+    - "@m1093782566"
+owning-sig: sig-network
+reviewers:
+  - "@thockin"
+  - "@johnbelamaric"
+approvers:
+  - "@thockin"
+creation-date: 2018-10-24
+last-updated: 2018-10-26
+---
+
+# Topology-aware service routing
+
+## Table of Contents
+
+* [Motivation](#motivation)
+  * [Goals](#goals)
+  * [Non\-goals](#non-goals)
+  * [User cases](#user-cases)
+  * [Background](#background)
+* [Proposal](#proposal)
+* [Implementation History](#implementation-history)
+  * [Service API changes](#service-api-changes)
+  * [Endpoints API changes](#endpoints-api-changes)
+  * [Endpoints Controller changes](#endpoints-controller-changes)
+  * [Kube-proxy changes](#kube-proxy-changes)
+  * [DNS changes](#dns-changes)
+    * [CoreDNS changes](#coredns-changes)
+    * [Kube-dns changes](#kube-dns-changes)
+
+## Motivation
+
+Figure out a generic way to implement the "local service" route, say "topology aware routing of service".
+
+Locality is defined by user, it can be any topology-related thing. "Local" means the "same topology level", e.g. same node, same rack, same failure zone, same failure region, same cloud provider etc. Two nodes are considered "local" if they have the same value for a particular label, called the "topology key".
+
+### Goals
+
+A generic way to support topology aware routing of services in arbitrary topological domains, e.g. node, rack, zone, region, etc. by node labels.
+
+### Non-goals
+
+* Scheduler spreading to implement this sort of topology guarantee
+* Dynamic Availability
+* Health-checking
+* Capacity-based or load-based spillover
+
+### User cases
+
+* Logging agents such as fluentd. Deploy fluentd as DaemonSet and applications only need to communicate with the fluentd in the same node.
+* For a sharded service that keeps per-node local information in each shard.
+* Authenticating proxies such as [aws-es-proxy](https://github.com/kopeio/aws-es-proxy).
+* In container identity wg, being able to give daemonset pods a unique identity per host is on the 2018 plan, and ensuring local pods can communicate to local node services securely is a key goal there. -- from @smarterclayton
+* Regional data costs in multi-AZ setup - for instance, in AWS, with a multi-AZ setup, half of the traffic will switch AZ, incurring regional data Transfer costs, whereas if something was local, it wouldn't hit the network.
+* Performance benefit (node local/rack local) is lower latency/higher bandwidth.
+
+### Background
+
+It's a pain point for multi-zone clusters deployment since cross-zone network traffic being charged, while in-zone is not. In addition, cross-node traffic may carry sensitive metadata from other nodes. Therefore, users always prefer the service backends that close to them, e.g. same zone, rack and host etc. for security, performance and cost concerns.
+
+Kubernetes scheduler can constraining a pod to only be able to run on particular nodes/zones. However, Kubernetes service proxy just randomly picks an available backend for service routing and this one can be very far from the user, so we need a topology-aware service routing solution in Kubernetes. Basically, to find the nearest service backend. In other words, allowing people to configure if ALWAY reach a to local service backend. In this way, they can reduce network latency, improve security, save money and so on. However, because topology is arbitrary, zone, region, rack, generator, whatever, who knows? We should allow arbitrary locality.
+
+`ExternalTrafficPolicy` was added in v1.4, but only for NodePort and external LB traffic. NodeName was added to `EndpointAddress` to allow kube-proxy to filter local endpoints for various future purposes.
+
+Based on our experience of advanced routing setup and recent demo of enabling this feature in Kubernetes, this document would like to introduce a more generic way to support arbitrary service topology.
+
+## Proposal
+
+This proposal builds off of earlier requests to [use local pods only for kube-proxy loadbalancing](https://github.com/kubernetes/kubernetes/issues/7433) and [node-local service proposal](https://github.com/kubernetes/kubernetes/pull/28637). But, this document proposes that not only the particular "node-local" user case should be taken care, but also a more generic way should be figured out.
+
+Locality is an "user-defined" thing. When we set topology key "hostname" for service, we expect node carries different node labels on the key "hostname".
+
+Users can control the level of topology. For example, if someone run logging agent as a daemonset, he can set the "hard" topology requirement for same-host. If "hard" is not met, then just return "service not available". 
+
+And if someone set a "soft" topology requirement for same-host, say he "preferred" same-host endpoints and can accept other hosts when for some reasons local service's backend is not available on some host.
+
+If multiple endpoints satisfy the "hard" or "soft" topology requirement, we will randomly pick one by default. 
+
+Routing decision is expected to be implemented by kube-proxy and kube-dns/coredns for headless service.
+
+
+## Implementation history
+
+### Service API changes
+
+Users need a way to declare what service is local and the definition of local backends for the particular service.
+
+In this proposal, we give the service owner a chance to configure the service locality things. A new property would be introduced to `ServiceSpec`, say `topologyKeys` - it's a string slice and should be optional.
+
+```go
+type ServiceSpec struct {
+  // topologyKeys is a preference-order list of topology keys.  If backends exist for
+  // index [0], they will always be chosen; only if no backends exist for index [0] will backends for index [1] be considered.
+  // If this field is specified and all indices have no backends, the service has no backends, and connections will fail.  We say these requirements are hard.
+  // In order to experss soft requirement, we may give a special node label key "" as it means "match all nodes".
+  TopologyKeys []string `json:"topologyKeys" protobuf:"bytes,1,opt,name=topologyKeys"`
+}
+```
+
+An example of `Service` with topology keys:
+
+```yaml
+kind: Service
+metadata:
+  name: service-local
+spec:
+  topologyKeys: ["host", "zone"]
+```
+
+
+In our example above, we will firstly try to find the backends in the same host. If no backends match, we will then try the lucky of same zone. If finally we can't find any backends in the same host or same zone, then we say the service has no satisfied backends and connections will fail.
+
+If we configure topologyKeys as `["host", ""]`, we just do the effort to find the backends in the same host and will not fail the connection if no matched backends found.
+
+### Endpoints API changes
+
+Although `NodeName` was already added to `EndpointAddress`, we want `Endpoints` to carry more node's topological informations so that allowing more topology information other than hostname.
+
+This proposal will create a new `Topologies` field in `Endpoints.Subsets.Addresses` for identifying what topological domain the backend pod exists. 
+
+```go
+type EndpointAddress struct {
+  // labels of node hosting the endpoint
+  Topologies map[string]string
+}
+```
+
+Please note that we only copy the labels that we know are needed by the topological constraints. In other words, only copying the labels which are used by `serviceSpec.topologyKeys` from node to endpoint.
+
+### Endpoints Controller changes
+
+Endpoint Controller will populate the `Topologyies` property for each `EndpointAddress`. We want `EndpointAddress.Topology` to tell the LB, such as kube-proxy what topological domain the endpoint exists.
+
+Endpoints controller will need to watch Nodes for knowing labels of node hosting the endpoint and copy the node labels referenced in the service spec's topology constraints to EndpointAddress.
+
+Endpoints Controller will also maintain an extra cache: `NodeToPodsCache`.
+`NodeToPodsCache` maps the node's name to the pods running on it. Node's add, delete and labels' change will trigger `NodeToPodsCache` re-index.
+
+So, the new logic of endpoint controller might be like:
+
+```go
+go watch Node
+// In each sync loop, for a given service, sync its endpoints
+for i, pod := range service backends; do
+  node := nodeCache[pod.Spec.NodeName]
+  endpointAddress := &v1.EndpointAddress {}
+  // Copy all topology-related labels of node to all the endpoints running on it.
+  // We can only include node labels referenced in the service spec's topology constraints
+  for _, topologyKey := range service.TopologyKeys; do
+    endpointAddress.Topologies[topoKey] = node.Labels[topologyKey]
+  done
+  endpoints.Subsets[i].Addresses = endpointAddress
+done
+```
+
+### Kube-proxy changes
+
+Kube-proxy will respect topology keys for each service, so kube-proxy on different nodes may create different proxy rules.
+
+Kube-proxy will watch or periodically get(which approach has better performance?) its own node and will find the endpoints that are in the same topological domain as the node if `service.TopologyKeys` is not empty.
+
+The new logic of kube-proxy might be like:
+
+```go
+go watch/periodically get node with its nodename
+endpointsMeetRequirement := make([]endpointInfo, 0)
+for _, topologyKey := range service.TopologyKeys; do
+  for i := range service's endpoints.Subsets; do
+    ss := endpoints.Subsets[i]
+    for j := range ss.Addresses; do
+      // check if endpoint are in the same topological domain as the node running kube-proxy
+      if ss.Addresses[j].TopologyKey[topologyKey] == node.Labels[topologyKey]; then
+        endpointsMeetRequirement = append(endpointsMeetHardRequirement, endpoint)
+      fi
+    done
+    // Randomly pick one if there are some endpoints(>=1) matched
+    if len(endpointsMeetRequirement) != 0; then
+      route request to an endpoint randomly
+      return
+    fi
+  done
+done
+connection fails due to no mactch endpoint
+```
+
+### DNS changes
+
+We should consider this kind of topology support for headless service in coredns and kube-dns. As the DNS servers will respect topology keys for each headless service, different clients/pods on different nodes may get different dns response.
+
+#### CoreDNS changes
+
+CoreDNS already has the client IP to Pod mapping and it will need to watch nodes to get topology-related information. When a client/pod request a headless service domain to CoreDNS, CoreDNS will retrieve the node labels of both client and the backend Pods. CoreDNS will only select the IPs of backend Pods which are in the same topological domain with client Pod, and then write A record.
+
+The new logic of CoreDNS might be like:
+
+```go
+go watch nodes
+clientIP := request.SourceIP
+clientPod := clinetIPToPod[clientIP]
+clientNode := nodes[clientPod.Spec.NodeName]
+for _, topologyKey := range headlessService.TopologyKeys; do
+  for _, backendPod := range service endpoints; do
+    backendNode := nodes[backendPod.Spec.NodeName]
+    if clientNode[topologyKey] = backendNode[topologyKey]; then
+      write backendPod IP as A record
+    fi
+  done
+done
+```
+
+#### Kube-dns changes
+
+Kube-dns should have the client IP to Pod mapping first and the other new behaviors are same as CoreDNS.