API Priority and Fairness: Kube-APIServer Flow-control Protection

Min Jin at KubeCon + CloudNativeCon North America 2020

Currently the API Server has no concept of priority or fairness for requests. This means that a buggy webhook or bad actor can potentially DOS an API Server by sending lots of requests. This also means that currently the API Server cannot prioritize more important traffic when subjected to high load. This session will introduce the architecture of the APIPriorityAndFairnesss feature for Kubernetes which aims to solve these issues. Using the feature, administrators can categorize API Server requests into various priority levels and flows within each priority level, allocating concurrency to each priority level and getting fairness between the flows of a priority level. This talk is targeted at Kubernetes developers and SREs who are interested in the new features to help prevent API Server downtime as well as those wanting API Server request limits for multi-tenancy.