|
| 1 | +--- |
| 2 | +title: KaaS Networking Standard |
| 3 | +type: Standard |
| 4 | +status: Draft |
| 5 | +track: KaaS |
| 6 | +--- |
| 7 | + |
| 8 | +## Introduction |
| 9 | + |
| 10 | +Kubernetes defines a networking model that needs to be implented by a separate CNI plugin. |
| 11 | +Beyond basic connectivity within the cluster, however, there are many networking features that are specified but optional. |
| 12 | +Some of these optional features provide vital functionality, such as the NetworkPolicy API and the Ingress API. |
| 13 | + |
| 14 | +This standard specifies a minimal set of networking features that users can expect in clusters created by an SCS complient KaaS provider. |
| 15 | + |
| 16 | +## Terminology |
| 17 | + |
| 18 | +Example (abbr. Ex) |
| 19 | + This is the description for an example terminology. |
| 20 | + |
| 21 | +## Motivation |
| 22 | + |
| 23 | +KaaS providers will typically support aditional networking functionality beyond basic Kubernetes networking. |
| 24 | +The specific range features depends on the used CNI plugin, but may also be extended by additional operators. |
| 25 | +Users may expect certain optional functionality, so we should define a baseline feature set that has to be available in an SCS-compliant KaaS cluster. |
| 26 | + |
| 27 | +## Design Considerations |
| 28 | + |
| 29 | +- Avoid mandating features specific to certain CNI plugins (like CiliumClusterwideNetworkPolicy) |
| 30 | + |
| 31 | +### Options considered |
| 32 | + |
| 33 | +#### NetworkPolicy API |
| 34 | + |
| 35 | +- Should be a requirement |
| 36 | +- We need to be specific about which API version to require and reference the upstream definition |
| 37 | +- Only recommend recent additions like AdminNetworkPolicy |
| 38 | + |
| 39 | +#### Ingress API |
| 40 | + |
| 41 | +- Some CNI plugins (specifically Cilium) have builtin support for the Ingress and Gateway API |
| 42 | +- Those can also be provided by separate ingress controllers (like ingress-nginx) |
| 43 | +- Ingress controllers seem to be regularly requested by managed k8s users |
| 44 | +- some users may prefer to deploy their own ingress controllers |
| 45 | + |
| 46 | +### Open questions |
| 47 | + |
| 48 | +RECOMMENDED |
| 49 | + |
| 50 | +## Standard |
| 51 | + |
| 52 | +CSPs MUST provide a network plugin that supports the basic NetworkPolicy API |
| 53 | +CSPs SHOULD provide a network plugin that implements the AdminNetworkPolicy and BaselineAdminNetworkPolicy resources. |
| 54 | + |
| 55 | +## Related Documents |
| 56 | + |
| 57 | +Related Documents, OPTIONAL |
| 58 | + |
| 59 | +## Conformance Tests |
| 60 | + |
| 61 | +Conformance Tests, OPTIONAL |
0 commit comments