Cloud Native Rejekts EU (Valencia) 2022

Adding a backend to Next Generation Kube Proxy (KPNG)
2022-05-15, 10:20–10:50, Gallery

Have you ever wondered how kube-proxy originated in Kubernetes? Are you familiar with the userspace mode of kube-proxy? Have you thought about what it takes to add a mode to kube-proxy? In this session we will go through the evolution of the kube-proxy, from userspace, to iptables mode to Next-Generation-Kube-Proxy also known as KPNG.
We will dig into the working of userspace mode of kube-proxy and showcase what it takes to add it as a backend to KPNG. Attendees will get to know about the improvements introduced in KPNG over the current implementation of kube-proxy, the algorithms behind an intuitive “user space” proxy, and how to reason about kube-proxy’s logic in any mode, using a generic model. We promise to demonstrate KPNG in userspace mode and compare the performance with kube-proxy in userspace mode and exhibit how it performs better with KPNG.


With the growth of Kubernetes Project, kube-proxy has moved from userspace mode to iptables and now to ipvs. However, there are many other backends including eBPF and OVS based service proxies, which have emerged over time. They have not been included in kube-proxy given how difficult it is to maintain, update, and configure the kube-proxy due to these advancements in networking for Kubernetes. KPNG decouples the dataplane (backend), from the Kubernetes specific logic of the service-proxy, allowing for innovation in the way networks are built on Kubernetes without the need for adding more technical debt to Kubernetes core.
In this session we will showcase how easy it is to add a new backend to KPNG as compared to kube-proxy.

Rajas Kakodkar is a Software Engineer at VMware. Currently, he works on Tanzu Community Edition and Tanzu Framework. In the past (at Persistent Systems) he has been part of the team which added s390x conformance test results to testgrid. He is an active contributor to the Kubernetes project mostly in sig-testing and sig-network areas.

Neha Lohia is a Senior Member of Technical Staff@Vmware where she works on Tanzu Service Mesh as a Site Reliability Engineer. She has been known to the Kubernetes world for the last 2 years and has worked with the Openshift distribution. She also acquired her CKA and CKAD certifications. Over the past few months, she has been involved in the open-source Kubernetes community in different sigs like sig-network, sig-security. She has been an active contributor to the sig-network KPNG project which is a rework of Kubernetes Kube-proxy implementation.