Jan 11th @ 8am PT: Kubernetes Networking Infrastructure
Discuss different trust models for Kubernetes networking. The delineation between components remaining on the host compute and what must be separated as part of the infrastructure will determine the level of security isolation and types of offload between tenant and infrastructure. Different models may require new management, orchestration flows, and communication channels between the host and infrastructure components.
Jan 26th @ 8am PT (new Date): Kubernetes Networking Dataplane Offload
Discuss the dataplane model for the networking functions inside Kubernetes, including stateful firewall, multi-tiered Network Policy, micro-segmentation, dynamic load balancing (using NAT), tunneling and telemetry. The proposal is to define this dataplane in P4 and instantiate a P4 pipeline as a ‘co-processor’ alongside the network operating system to process packets on its behalf. This preserves the control planes used to interconnect nodes and services used in Kubernetes while replacing the linux kernel dataplane with a programmable pipeline defined in P4. This P4 pipeline can be run in software, hardware or some combination, assuming a compiler for that target that can compile the Kubernetes program written in P4_16 using PNA (the Portable NIC Architecture).