Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Sandbox] Kmesh #108

Closed
2 tasks done
hzxuzhonghu opened this issue Jul 11, 2024 · 18 comments
Closed
2 tasks done

[Sandbox] Kmesh #108

hzxuzhonghu opened this issue Jul 11, 2024 · 18 comments

Comments

@hzxuzhonghu
Copy link

hzxuzhonghu commented Jul 11, 2024

Application contact emails

[email protected], [email protected]

Project Summary

Kmesh is a service mesh dataplane which manages service to service communication transparently based on eBPF and programmable kernel.

Project Description

Kmesh is a cloud-native high-performance and low overhead service mesh data plane based on eBPF and programmable kernel. It brings advanced traffic management, security and monitoring to service communications. It is natively sidecarless, zero intrusion and without adding any resource cost to application container.

Kmesh leverages eBPF technology to perform traffic management in kernel mode, ensuring that traffic management operates seamlessly with traffic flows. By preventing service connections from being cut off, Kmesh largely reduces the number of connections along the traffic path and minimizes application access delays.

Org repo URL (provide if all repos under the org are in scope of the application)

https://github.com/kmesh-net

Project repo URL in scope of application

https://github.com/kmesh-net/kmesh

Additional repos in scope of the application

No response

Website URL

https://kmesh.net

Roadmap

https://github.com/kmesh-net/community/blob/main/roadmap.md

Roadmap context

No response

Contributing Guide

https://github.com/kmesh-net/kmesh/blob/main/CONTRIBUTING.md

Code of Conduct (CoC)

https://github.com/kmesh-net/kmesh/blob/main/CODE_OF_CONDUCT.md

Adopters

No response

Contributing or Sponsoring Org

No response

Maintainers file

https://github.com/kmesh-net/kmesh/blob/main/OWNERS

IP Policy

  • If the project is accepted, I agree the project will follow the CNCF IP Policy

Trademark and accounts

  • If the project is accepted, I agree to donate all project trademarks and accounts to the CNCF

Why CNCF?

To grow sustainably as an open source project, Kmesh needs contunuous contibutions and innovations from its community, the CNCF is at the forefront of fostering innovation and collaboration within the open-source community. Becoming a CNCF donor enhances KMesh's visibility and credibility within the cloud-native landscape. It demonstrates KMesh's commitment to the open-source community and its dedication to supporting industry standards and best practices. This can lead to increased trust and recognition from peers, partners, and customers, positioning KMesh as a leader in the cloud-native space.

Benefit to the Landscape

It is widely accepted that sidecar traffic management mode can result in high resource overhead and great latency. And the underlying connection termination and initiation can increase connection numbers between two service instances and also cause mismatch on connection level settings like timeout. Kmesh is natively sidecarless, it makes use of ebpf and programmable kernel technology to get rid of the sidecar's defects. In doing so, Kmesh gains a substantial industry advantage over resource overhead and latency.

Kmesh also provides an slicing mode that enhances L7 traffic management by separating L4 and L7. For L4 taffic, we make use of ebpf to do simple redirecting and loadbalancing, and for L7 we automatically make use of waypoint, a userspace proxy based on istio proxy.

The greatest benefit with kmesh is that during upgrade, we donot influence application's traffic.

Cloud Native 'Fit'

Kmesh natively runns on kubernets, and manage traffic from or to pods. As a service mesh data plane, it interates with istio and subscribes xDS configurations from istiod. Kmesh has two important components, kmesh daemon that runns on each node and is responsible of subscribing xDS configuration and managing ebpf prog. The other one is ebpf progs, which works on cgroups, sockops and other hook points.

Cloud Native 'Integration'

Istio, Envoy, Gateway APIs, Prometheus

Kmesh makes use of istio as its controlplane, so it natively supports Gateway APIS. The Kmesh waypoint component adds an additional filter to istio-prxy and envoy, so the advanced L7 protocol management is mosytly exploiting envoy capabilities.

Cloud Native Overlap

No response

Similar projects

Linkerd, Istio and Cilium ServiceMesh

But Kmesh provides a totally different dataplane architecture, and in future we may provide its own control plane for simplicity.

Landscape

Yes, here it is

Business Product or Service to Project separation

N/A

Project presentations

No response

Project champions

No response

Additional information

No response

@angellk
Copy link
Contributor

angellk commented Aug 29, 2024

@hzxuzhonghu please coordinate a project presentation with TAG Network

@hzxuzhonghu
Copy link
Author

Sure, we plan to present at next Network meeting

@TheFoxAtWork
Copy link
Contributor

@nicholasjackson @leecalcote @Zachbutcher Does the TAG have a recommendation regarding Kmesh? Was the project able to present?

@hzxuzhonghu (CC @linsun ) Can you provide any additional clarification on how this project compares with Istio's Ambient Mesh?

@linsun
Copy link
Contributor

linsun commented Sep 26, 2024

FYI, we had a discussion in Istio community meeting yesterday, and we don't intend to host any piece of kmesh in Istio. I'll let Zhonghu to comment on how it differs from Istio in details.

@hzxuzhonghu
Copy link
Author

Image

@TheFoxAtWork I drafted a picture on the traffic flow try to clarify

we can see that kmesh support two working modes:

  1. Kernel-Native mode: it makes use of ebpf and kernel module to do both L4 and L7 traffic management, this is offloading all the manaement to kernel. And we can see no connection termination at all.

  2. Dual-Engine mode: it makes use of ebpf to do L4 traffic routing and loadbalancing, and there is a waypoint, which can be deployed anywhere to do L7 taffic management. Actually the kmesh-waypoint is also based on envoy and we developed a new filter to communicate with ebpf program.

And for the istio ambient:

  1. It is using a userspace proxy ztunnel to do L4 traffic management and a L7 proxy waypoint to do L7 traffic management.

So the conclusion should be clear now:

  • Kmesh Kernel-Native mode is totally different with ambient.

  • Kmesh Dual-Engine mode has something similar with ambient mesh in that both has a waypoint based on envoy. We believe using a namespace/service scoped L7 proxy can better isolate fault and reduce resource overload, so we recognize this arch too. But the first diffrence here is we kmesh are using ebpf progs attached to hook points like cgroup/connect, sockops, xdp, etc to redirect traffic to remote kmesh-waypoint, while ambient mesh using iptables and userspace ztunnel to redirect to istio-waypoint. Secondly, the kmesh-waypoint communicate with ebpf prog with a diffrent protocol compared with istio HBONE.

@nicholasjackson
Copy link

Apologies, I have had flu for the last week, I will update the DTR document as soon as I am back at work.

Until that is done, TagNetwork believe that Kmesh takes an innovative and unique approach to providing a dataplane for Istio. One which according to the published figures, delivers increased speed and efficiency for the end user. Assuming all the other requirements around governance and project maintenance are satisfied we believe it is a great benefit to the community and should be moved forward to TOC vote.

@cathyhongzhang
Copy link

Interesting technologies to do service mesh, which should render enhanced network performance. A good addition to CNCF service mesh.

@jberkus
Copy link

jberkus commented Oct 7, 2024

TAG Contributor strategy has reviewed this project and found the following:

  • The contributor guide is mostly a generic template at this stage
  • The governance is WIP right now; the project plans to have a SIG structure. There is a contributor ladder, based on Kubernetes.
  • The roadmap is a high-level document, but it's probably better to look at the project milestones
  • There are 5 maintainers, whose affiliation is not documented.
  • The project has been independent for around 9 months, but existed previously as an openEuler subproject.

This review is for the TOC’s information only. Sandbox projects are not required to have full governance or contributor documentation.

@mrbobbytables
Copy link
Member

Project has been given the okay to move to a vote in today's sandbox review
/vote

Copy link

git-vote bot commented Oct 8, 2024

Vote created

@mrbobbytables has called for a vote on [Sandbox] Kmesh (#108).

The members of the following teams have binding votes:

Team
@cncf/cncf-toc

Non-binding votes are also appreciated as a sign of support!

How to vote

You can cast your vote by reacting to this comment. The following reactions are supported:

In favor Against Abstain
👍 👎 👀

Please note that voting for multiple options is not allowed and those votes won't be counted.

The vote will be open for 2months 30days 2h 52m 48s. It will pass if at least 66% of the users with binding votes vote In favor 👍. Once it's closed, results will be published here as a new comment.

@mrbobbytables
Copy link
Member

/check-vote

Copy link

git-vote bot commented Oct 9, 2024

Vote status

So far 54.55% of the users with binding vote are in favor (passing threshold: 66%).

Summary

In favor Against Abstain Not voted
6 0 0 5

Binding votes (6)

User Vote Timestamp
nikhita In favor 2024-10-09 6:05:30.0 +00:00:00
TheFoxAtWork In favor 2024-10-08 17:36:23.0 +00:00:00
rochaporto In favor 2024-10-09 1:02:24.0 +00:00:00
kgamanji In favor 2024-10-09 12:51:10.0 +00:00:00
dims In favor 2024-10-08 18:06:38.0 +00:00:00
angellk In favor 2024-10-08 17:21:51.0 +00:00:00
@mauilion Pending
@linsun Pending
@dzolotusky Pending
@kevin-wangzefeng Pending
@cathyhongzhang Pending

Non-binding votes (1)

User Vote Timestamp
hzxuzhonghu In favor 2024-10-09 7:51:35.0 +00:00:00

@kevin-wangzefeng
Copy link
Member

I will be abstaining due to a conflict of interest, thanks

@lec-bit
Copy link

lec-bit commented Oct 11, 2024

/check-vote

Copy link

git-vote bot commented Oct 11, 2024

Vote status

So far 72.73% of the users with binding vote are in favor (passing threshold: 66%).

Summary

In favor Against Abstain Not voted
8 0 1 2

Binding votes (9)

User Vote Timestamp
angellk In favor 2024-10-08 17:21:51.0 +00:00:00
dzolotusky In favor 2024-10-10 23:02:18.0 +00:00:00
kgamanji In favor 2024-10-09 12:51:10.0 +00:00:00
kevin-wangzefeng Abstain 2024-10-10 1:17:38.0 +00:00:00
TheFoxAtWork In favor 2024-10-08 17:36:23.0 +00:00:00
rochaporto In favor 2024-10-09 1:02:24.0 +00:00:00
nikhita In favor 2024-10-09 6:05:30.0 +00:00:00
dims In favor 2024-10-08 18:06:38.0 +00:00:00
cathyhongzhang In favor 2024-10-09 20:47:33.0 +00:00:00
@mauilion Pending
@linsun Pending

Non-binding votes (2)

User Vote Timestamp
hzxuzhonghu In favor 2024-10-09 7:51:35.0 +00:00:00
LiZhenCheng9527 In favor 2024-10-10 1:39:19.0 +00:00:00

Copy link

git-vote bot commented Oct 11, 2024

Vote closed

The vote passed! 🎉

72.73% of the users with binding vote were in favor (passing threshold: 66%).

Summary

In favor Against Abstain Not voted
8 0 1 2

Binding votes (9)

User Vote Timestamp
@dzolotusky In favor 2024-10-10 23:02:18.0 +00:00:00
@kgamanji In favor 2024-10-09 12:51:10.0 +00:00:00
@cathyhongzhang In favor 2024-10-09 20:47:33.0 +00:00:00
@kevin-wangzefeng Abstain 2024-10-10 1:17:38.0 +00:00:00
@TheFoxAtWork In favor 2024-10-08 17:36:23.0 +00:00:00
@rochaporto In favor 2024-10-09 1:02:24.0 +00:00:00
@nikhita In favor 2024-10-09 6:05:30.0 +00:00:00
@dims In favor 2024-10-08 18:06:38.0 +00:00:00
@angellk In favor 2024-10-08 17:21:51.0 +00:00:00

Non-binding votes (2)

User Vote Timestamp
@hzxuzhonghu In favor 2024-10-09 7:51:35.0 +00:00:00
@LiZhenCheng9527 In favor 2024-10-10 1:39:19.0 +00:00:00

@git-vote git-vote bot removed the vote open label Oct 11, 2024
@Cmierly
Copy link

Cmierly commented Oct 17, 2024

Congrats on being accepted into the CNCF Sandbox!
Here's a link to your onboarding checklist:
#301

If you have any questions or concerns, please don't hesitate to reach out!

@mrbobbytables
Copy link
Member

With the onboarding issue created, we can go ahead and close this out. :)
Congrats again!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Status: Done
Development

No branches or pull requests