Skip to content

Instantly share code, notes, and snippets.

What would you like to do?

#GSOC 2015 Proposal - Benjamin Elder (BenTheElder) ##Kubernetes: Improve Proxy ###Project Info:

###Applicant Info:

I love working with go, *nixes, and open source.

###Abstract: Google's Kubernetes is an open source system for managing containerized applications. Kubernetes currently uses a proxy to route between services (pods), this consists of a tcp/udp proxy in go (kube-proxy) along with some iptables rules.

Ideally where possible we can improve performance by using iptables to perform transparent routing in place of the userspace proxy. (see issue #3670)

I'm also interested in adding support for pf and will be working on that leading up to GSC (see my pull request), and if that works out will work to include pf ports of any iptables work under the time alloted to improvements.

###Project Proposal: Implement iptables rules based proxying to move proxy load to the kernel instead of userspace. Given enough time, potentially port to pf as well for OSX/BSD support (I've already started work abstracting the necessary components to be agnostic to the firewall rules backend).

###Schedule: ####First a brief explanation about possible summer classes:####

Registration is unfortunately next week here.

  • I cannot be certain but I may be attempting to take 1-2 CS courses over part of the summer.
  • (particularly if I am not accepted to GSOC, then I may even take more).

If I am able to register for them succesfully:

  • I'll most likely have class mondays and wednesdays mid-day but I'd still be relatively free to work the rest of the day/week and weekends.
  • There will also be will be a gap on either side of the summer semester where I have no class anyhow, and I intend to / have started work now.

If I am able to register for these, and I am accepted to GSoC, and the classes are a concern I should be able to un-register from them in favor of GSoC. I have no other major plans this summer and I love to tinker and code and would highly prefer GSoC to a trivial number of credit hours I can take in the fall instead.

####Schedule (Tentative, and Open to suggestion): Present - April 30th:

  • Begin Tinkering with iptables and kube-proxy.
  • Attempt to add support for current iptables related usage with a pf backend for OSX/BSD.

May 1st - August 21st:

Week Dates Work
1 May 1st - 7th Design / Research
2 May 8th - 14th Host OS support detection for iptables / pf
3 May 15th - 21st Write Iptables Proxy Rules
4 May 22nd - 28th Write Iptables Proxy Rules
5 May 29th - June 4th Implement Rules in Proxy
6 June 5th - 11th Write Tests / Debug
7 June 12th - 18th Improvements / PF Rules(?)
8 June 19th - 25th Improvements / PF Rules(?)
9 June 26th - July 2nd Improvements / PF Rules(?)
10 July 3rd - 9th Write Tests / Debug
11 July 10th - 16th Write Tests / Debug
12 July 17th - 23rd General Improvements (Performance, etc)
13 July 24th - 30th General Improvements (Performance, etc)
14 July 31st - August 6th Improvements / Write Tests
15 August 7th - 13th Write Tests / Cleanup
16 August 14th - 21st Final Wrap-up

##Why Me?

  • I love, go, nixes, and open source.
  • I'll work hard. I'm not here for the money or the shirt (though they'd be nice though of course :) ). I'm here for the work, and the experience. I'd like to work with an experienced mentor on an interesting project, and to be able to put some real experience on my resume.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.