Mixed Protocol LB KEP updates (kubernetes#2058)

* Mixed Protocol LB KEP updates

Migrated to the new format
Status set to implementable
Some more test plan details added

* fix review comments

* fix review comments

* add line feeds

* update toc

Author: Laszlo Janosi

keps/sig-network/20200103-mixed-protocol-lb.md renamed to keps/sig-network/1435-mixed-protocol-lb/README.md

@@ -1,28 +1,4 @@
----
-title: Different protocols in the same Service definition with type=LoadBalancer
-authors:
-  - "@janosi"
-owning-sig: sig-network
-participating-sigs:
-  - sig-cloud-provider
-reviewers:
-  - "@thockin"
-  - "@dcbw"
-  - "@andrewsykim"
-approvers:
-  - "@thockin"
-editor: TBD
-creation-date: 2020-01-03
-last-updated: 2020-07-09
-status: provisional
-see-also:
-replaces:
-superseded-by:
----
-
-# different protocols in the same service definition with type=loadbalancer
-
-## Table of Contents
+# KEP-1435: different protocols in the same service definition with type=loadbalancer
 
 <!-- toc -->
 - [Release Signoff Checklist](#release-signoff-checklist)
@@ -55,30 +31,52 @@ superseded-by:
   - [Kube-proxy](#kube-proxy)
   - [Test Plan](#test-plan)
   - [Graduation Criteria](#graduation-criteria)
+    - [Alpha Graduation](#alpha-graduation)
+    - [Alpha -&gt; Beta Graduation](#alpha---beta-graduation)
+    - [Beta -&gt; GA Graduation](#beta---ga-graduation)
+    - [Removing a Deprecated Flag](#removing-a-deprecated-flag)
   - [Upgrade / Downgrade Strategy](#upgrade--downgrade-strategy)
     - [Downgrade Strategy](#downgrade-strategy)
   - [Version Skew Strategy](#version-skew-strategy)
+- [Production Readiness Review Questionnaire](#production-readiness-review-questionnaire)
+  - [Feature Enablement and Rollback](#feature-enablement-and-rollback)
+  - [Rollout, Upgrade and Rollback Planning](#rollout-upgrade-and-rollback-planning)
+  - [Monitoring Requirements](#monitoring-requirements)
+  - [Dependencies](#dependencies)
+  - [Scalability](#scalability)
+  - [Troubleshooting](#troubleshooting)
 - [Implementation History](#implementation-history)
-- [Drawbacks [optional]](#drawbacks-optional)
-- [Alternatives [optional]](#alternatives-optional)
-- [Infrastructure Needed [optional]](#infrastructure-needed-optional)
+- [Drawbacks](#drawbacks)
+- [Alternatives](#alternatives)
+- [Infrastructure Needed (Optional)](#infrastructure-needed-optional)
 <!-- /toc -->
 
 ## Release Signoff Checklist
 
-- [ ] kubernetes/enhancements issue in release milestone, which links to KEP (this should be a link to the KEP location in kubernetes/enhancements, not the initial KEP PR) https://github.com/kubernetes/enhancements/issues/1435
-- [ ] KEP approvers have set the KEP status to `implementable`
-- [ ] Design details are appropriately documented
-- [ ] Test plan is in place, giving consideration to SIG Architecture and SIG Testing input
-- [ ] Graduation criteria is in place
+Items marked with (R) are required *prior to targeting to a milestone / release*.
+
+- [ ] (R) Enhancement issue in release milestone, which links to KEP dir in [kubernetes/enhancements] (not the initial KEP PR)
+- [ ] (R) KEP approvers have approved the KEP status as `implementable`
+- [ ] (R) Design details are appropriately documented
+- [ ] (R) Test plan is in place, giving consideration to SIG Architecture and SIG Testing input
+- [ ] (R) Graduation criteria is in place
+- [ ] (R) Production readiness review completed
+- [ ] Production readiness review approved
 - [ ] "Implementation History" section is up-to-date for milestone
 - [ ] User-facing documentation has been created in [kubernetes/website], for publication to [kubernetes.io]
-- [ ] Supporting documentation e.g., additional design documents, links to mailing list discussions/SIG meetings, relevant PRs/issues, release notes
+- [ ] Supporting documentation—e.g., additional design documents, links to mailing list discussions/SIG meetings, relevant PRs/issues, release notes
+
+
+[kubernetes.io]: https://kubernetes.io/
+[kubernetes/enhancements]: https://git.k8s.io/enhancements
+[kubernetes/kubernetes]: https://git.k8s.io/kubernetes
+[kubernetes/website]: https://git.k8s.io/website
 
 ## Summary
 
 This feature enables the creation of a LoadBalancer Service that has different port definitions with different protocols. 
 
+
 ## Motivation
 
 The ultimate goal of this feature is to support users that want to expose their applications via a single IP address but different L4 protocols with a cloud provided load-balancer. 
@@ -99,6 +97,7 @@ The goals of this KEP are:
 
 ### Non-Goals
 
+N/A
 
 ## Proposal
 
@@ -267,7 +266,6 @@ A user can ask for an internal Load Balancer via a K8s Service definition that
 
 Summary: Tencent Cloud CPI and LBs seem to support mixed protocol Services, and the pricing is not based on the number of protocols per Service.
 
-
 ### Risks and Mitigations
 
 #### Billing perspective
@@ -307,7 +305,7 @@ Our feature does not introduce new values or new fields. It enables the usage of
 - Oracle: no risk. The CPI and LB already supports mixed protocols. The same situation like in the case of Alibaba.
 - Tencent Cloud: no risk. The CPI and LB already supports mixed protocols. The same situation like in the case of Alibaba.
 
-As stated above we must implement a feature gate based phased introduction for this feature because of its effects. See the `Proposed solution` part for details in this document below.
+As stated above we must implement a feature gate based phased introduction for this feature because of its effects. See the `The selected solution for the option control` part for details in this document below.
 
 ## Design Details
 
@@ -475,9 +473,14 @@ In the long term:
 
 The kube-proxy should use the port status information from `Service.status.loadBalancer.ingress` in order not to allow traffic to those ports that could not be opened by the load balancer either. 
 
+
 ### Test Plan
 
 There must be e2e cases that test whether CPI implementations handle Service definitions with mixed protocol configuration on a consistent way. I.e. either the cloud LB is set up properly or the Service is rejected by the CPI implementation.
+The e2e tests shall check that
+- a multi-protocol Service triggers the creation of a multi-protocol cloud load balancer 
+Optionally, if the CPI supports that:
+- the CPI sets the new Conditions and or Port Status in the Load Balancer Service after creating the cloud load balancer
 
 ### Graduation Criteria
 
@@ -487,6 +490,21 @@ From CPI implementation perspective thet feature can be graduated to beta, as th
 
 Graduating to GA means, that the feature flag checking is removed from the code. It means, that all CPI implementations must be ready to deal with Services with mixed protocol configuration - either rejecting such Services properly or managing the cloud load balancers according to the Service definition.
 
+#### Alpha Graduation
+
+- Feature is implemented and controller with a feature flag. The feature flag is disabled by default.
+
+#### Alpha -> Beta Graduation
+
+- We shall have test results or real life usage results from the affected clouds that prove that the enabling of this feature does not break their load balancer management and functionality.
+
+#### Beta -> GA Graduation
+
+TBD
+
+#### Removing a Deprecated Flag
+
+TBD
 
 ### Upgrade / Downgrade Strategy
 
@@ -504,20 +522,143 @@ Version skew is possible among the following components in this case: K8s API se
 
 Once this feature is implemented in the API server there is a chance that the CPI implementation has to deal with load balancer Services with mixed protocol configuration anytime, even if the API server is downgraded later. The CPI implementation shall be prepared for this, i.e. the CPI implementation cannot expect anymore that the API Server (or any other component, like the Service Controller) filters out such Service definitions. If the CPI implementation wants to have such filtering it has to implement that on its own. In this case the CPI implementation shall be upgraded before the feature is enabled on the API server. In case of a rollback of the API Server such Services can still exist in the cluster, so the CPI implementation should not be downgraded to a version that does not implement that filtering. This is the reason why the CPI implementations shall be updated (if necessary) to be able to deal with such Service definitions already in the first release of this feature.
 
+## Production Readiness Review Questionnaire
+
+### Feature Enablement and Rollback
+
+_This section must be completed when targeting alpha to a release._
+
+* **How can this feature be enabled / disabled in a live cluster?**
+  - [x] Feature gate (also fill in values in `kep.yaml`)
+    - Feature gate name: MixedProtocolLBSVC
+    - Components depending on the feature gate: Kubernetes API Server
+
+* **Does enabling the feature change any default behavior?**
+
+  When the feature is enabled the Services with mixed protocols are not rejected anymore by the Kuber API server, and it is up to the CPI to handle those.
+  Please see the analysis at `API change and upgrade/downgrade situations`
+
+* **Can the feature be disabled once it has been enabled (i.e. can we roll back
+  the enablement)?**
+
+  Yes. 
+
+* **What happens if we reenable the feature if it was previously rolled back?**
+
+  Nothing serious, as this feature removes a restriction in the API Server. I.e. this direction does not introduce problems.
+
+* **Are there any tests for feature enablement/disablement?**
+
+  TBD
+
+### Rollout, Upgrade and Rollback Planning
+
+_This section must be completed when targeting beta graduation to a release._
+
+* **How can a rollout fail? Can it impact already running workloads?**
+
+  TBD
+
+* **What specific metrics should inform a rollback?**
+
+  TBD
+
+* **Were upgrade and rollback tested? Was the upgrade->downgrade->upgrade path tested?**
+
+  TBD
+
+### Monitoring Requirements
+
+_This section must be completed when targeting beta graduation to a release._
+
+* **How can an operator determine if the feature is in use by workloads?**
+
+  TBD
+
+* **What are the SLIs (Service Level Indicators) an operator can use to determine 
+the health of the service?**
+  - [ ] Metrics
+    - Metric name:
+    - [Optional] Aggregation method:
+    - Components exposing the metric:
+  - [ ] Other (treat as last resort)
+    - Details:
+
+* **What are the reasonable SLOs (Service Level Objectives) for the above SLIs?**
+
+  TBD
+
+* **Are there any missing metrics that would be useful to have to improve observability 
+of this feature?**
+
+  TBD
+
+### Dependencies
+
+_This section must be completed when targeting beta graduation to a release._
+
+* **Does this feature depend on any specific services running in the cluster?**
+  CPIs shall be prepared to handle Service definitions with mixed protocols. Please see the analysis above.
+
+
+### Scalability
+
+* **Will enabling / using this feature result in any new API calls?**
+
+  If a CPI supports the management of the new Conditions and PortStatus in the LoadBalancer Service the managemenof of those fileds will mean additional traffic on the API
+
+* **Will enabling / using this feature result in introducing new API types?**
+
+ No
+
+* **Will enabling / using this feature result in any new calls to the cloud 
+provider?**
+
+  If the cloud provider requires more calls to add ports/listeners with different protocols to a load balancer then this feature introduces additional calls
+
+* **Will enabling / using this feature result in increasing size or count of 
+the existing API objects?**
+
+  Yes. As detailed above, the Status of the Service is planned to be extended with new Conditions and PortStatus
+
+* **Will enabling / using this feature result in increasing time taken by any 
+operations covered by [existing SLIs/SLOs]?**
+
+  The setup of more ports/listeners with different protocols may take more time, depending on how the CPI and the cloud provider API is implemented
+
+* **Will enabling / using this feature result in non-negligible increase of 
+resource usage (CPU, RAM, disk, IO, ...) in any components?**
+
+  Not expected.
+
+### Troubleshooting
+
+* **How does this feature react if the API server and/or etcd is unavailable?**
+
+* **What are other known failure modes?**
+
+  TBD
+
+* **What steps should be taken if SLOs are not being met to determine the problem?**
+
+  TBD
+
+[supported limits]: https://git.k8s.io/community//sig-scalability/configs-and-limits/thresholds.md
+[existing SLIs/SLOs]: https://git.k8s.io/community/sig-scalability/slos/slos.md#kubernetes-slisslos
+
 ## Implementation History
 
-Major milestones in the life cycle of a KEP should be tracked in `Implementation History`.
-Major milestones might include
+- the `Proposal` section being merged, signaling agreement on a proposed design: 14th July 2020
+
+## Drawbacks
+
+ TBD
 
-- the `Summary` and `Motivation` sections being merged signaling SIG acceptance
-- the `Proposal` section being merged signaling agreement on a proposed design
-- the date implementation started
-- the first Kubernetes release where an initial version of the KEP was available
-- the version of Kubernetes where the KEP graduated to general availability
-- when the KEP was retired or superseded
+## Alternatives
 
-## Drawbacks [optional]
+ No known alternatives, beside those analysed above.
 
-## Alternatives [optional]
+## Infrastructure Needed (Optional)
 
-## Infrastructure Needed [optional]
+ The Cloud Load Balancer shall support the setup of different protocols on the same IP address in order to utilize the benefits of this feature.
+ The CPI implementation shall either indicate problems with the Service in the new status fields, or the CPI shall be able to setup the cloud load balancer with the different protocols.

keps/sig-network/1435-mixed-protocol-lb/kep.yaml

@@ -0,0 +1,45 @@
+title: Different protocols in the same service definition with type=loadbalancer
+kep-number: 1435
+authors:
+  - "@[email protected]"
+owning-sig: sig-network
+participating-sigs:
+  - sig-cloud-provider
+status: implementable
+creation-date: 2020-01-03
+reviewers:
+  - "@thockin"
+  - "@dcbw"
+  - "@andrewsykim"
+approvers:
+  - "@thockin"
+prr-approvers:
+see-also:
+replaces:
+  - "/keps/sig-network/ 20200103-mixed-protocol-lb"
+
+# The target maturity stage in the current dev cycle for this KEP.
+stage: alpha
+
+# The most recent milestone for which work toward delivery of this KEP has been
+# done. This can be the current (upcoming) milestone, if it is being actively
+# worked on.
+latest-milestone: "v1.20"
+
+# The milestone at which this feature was, or is targeted to be, at each stage.
+milestone:
+  alpha: "v1.20"
+  beta: "v1.21"
+  stable: "v1.22"
+
+# The following PRR answers are required at alpha release
+# List the feature gate name and the components for which it must be enabled
+feature-gates:
+  - name: MixedProtocolLBSVC
+    components:
+      - kube-apiserver
+disable-supported: true
+
+# The following PRR answers are required at beta release
+#metrics:
+#  - my_feature_metric