docs(day-2): Added cilium talk notes

content/day-2/06-kubeproxy.md

@@ -0,0 +1,39 @@
+---
+title: "Unleashing the tides of kubernetes networking by removing kube-proxy"
+weight: 6
+tags:
+ - rejekts
+ - isovalent
+ - cilium
+---
+
+<!-- {{% button href="https://youtu.be/rkteV6Mzjfs" style="warning" icon="video" %}}Watch talk on YouTube{{% /button %}} -->
+<!-- {{% button href="https://docs.google.com/presentation/d/1nEK0CVC_yQgIDqwsdh-PRihB6dc9RyT-" style="tip" icon="person-chalkboard" %}}Slides{{% /button %}} -->
+<!--{{% button href="https://github.com/graz-dev/automatic-reosurce-optimization-loop" style="info" icon="code" %}}Code/Demo{{% /button %}} -->
+
+A talk by isovalent (now part of cisco - god i love that they have to say this every time).
+It'S a good baseline introduction to how kubernetes service routing works but also a bit dry (in terms of the presentation itself).
+I skipped the introduction to cilium in these notes. The docs exist for a reason.
+
+## Kubernetes Services - a baseline
+
+- East-West: ClusterIP -> App2App inside the cluster
+- North-South: NodePort -> External Client to app in Cluster
+
+## Kube-Proxy - IPTables Mode
+
+- IPTables: Traffics flows through different tables/chains - most imporantly the NAT-Table
+- Every Node has it's own kube-proxy next to the kubelet
+- ClusterIP: Scales to a huge numer of rules when exposing multiple services
+- NodePort: Masquerades sources if routing cross-node (Source-IP is lost)
+
+TODO: Steal iptables visualizer
+TODO: Steal livecycle of a packet clusterip
+TODO: Steal livecycle of a packet nodeport
+
+## Kube-Proxy free
+
+- Cilium deploys one agent pod per node that handles management of eBPF on the kernel
+- ClusterIP: LoadBalancing happens on the socket-level
+- NodePort: Also does SNAT
+- Adds hubble for observability