|
| 1 | +--- |
| 2 | +layout: blog |
| 3 | +title: 'Kubernetes 1.31:流式传输从 SPDY 转换为 WebSocket' |
| 4 | +date: 2024-08-20 |
| 5 | +slug: websockets-transition |
| 6 | +author: > |
| 7 | + [Sean Sullivan](https://github.com/seans3) (Google) |
| 8 | + [Shannon Kularathna](https://github.com/shannonxtreme) (Google) |
| 9 | +translator: > |
| 10 | + Xin Li (DaoCloud) |
| 11 | +--- |
| 12 | +<!-- |
| 13 | +layout: blog |
| 14 | +title: 'Kubernetes 1.31: Streaming Transitions from SPDY to WebSockets' |
| 15 | +date: 2024-08-20 |
| 16 | +slug: websockets-transition |
| 17 | +author: > |
| 18 | + [Sean Sullivan](https://github.com/seans3) (Google) |
| 19 | + [Shannon Kularathna](https://github.com/shannonxtreme) (Google) |
| 20 | +--> |
| 21 | + |
| 22 | +<!-- |
| 23 | +In Kubernetes 1.31, by default kubectl now uses the WebSocket protocol |
| 24 | +instead of SPDY for streaming. |
| 25 | +
|
| 26 | +This post describes what these changes mean for you and why these streaming APIs |
| 27 | +matter. |
| 28 | +--> |
| 29 | +在 Kubernetes 1.31 中,kubectl 现在默认使用 WebSocket 协议而不是 SPDY 进行流式传输。 |
| 30 | + |
| 31 | +这篇文章介绍了这些变化对你意味着什么以及这些流式传输 API 的重要性。 |
| 32 | + |
| 33 | +<!-- |
| 34 | +## Streaming APIs in Kubernetes |
| 35 | +
|
| 36 | +In Kubernetes, specific endpoints that are exposed as an HTTP or RESTful |
| 37 | +interface are upgraded to streaming connections, which require a streaming |
| 38 | +protocol. Unlike HTTP, which is a request-response protocol, a streaming |
| 39 | +protocol provides a persistent connection that's bi-directional, low-latency, |
| 40 | +and lets you interact in real-time. Streaming protocols support reading and |
| 41 | +writing data between your client and the server, in both directions, over the |
| 42 | +same connection. This type of connection is useful, for example, when you create |
| 43 | +a shell in a running container from your local workstation and run commands in |
| 44 | +the container. |
| 45 | +--> |
| 46 | +## Kubernetes 中的流式 API |
| 47 | + |
| 48 | +在 Kubernetes 中,某些以 HTTP 或 RESTful 接口公开的某些端点会被升级为流式连接,因而需要使用流式协议。 |
| 49 | +与 HTTP 这种请求-响应协议不同,流式协议提供了一种持久的双向连接,具有低延迟的特点,并允许实时交互。 |
| 50 | +流式协议支持在客户端与服务器之间通过同一个连接进行双向的数据读写。 |
| 51 | +这种类型的连接非常有用,例如,当你从本地工作站在某个运行中的容器内创建 shell 并在该容器中运行命令时。 |
| 52 | + |
| 53 | +<!-- |
| 54 | +## Why change the streaming protocol? |
| 55 | +
|
| 56 | +Before the v1.31 release, Kubernetes used the SPDY/3.1 protocol by default when |
| 57 | +upgrading streaming connections. SPDY/3.1 has been deprecated for eight years, |
| 58 | +and it was never standardized. Many modern proxies, gateways, and load balancers |
| 59 | +no longer support the protocol. As a result, you might notice that commands like |
| 60 | +`kubectl cp`, `kubectl attach`, `kubectl exec`, and `kubectl port-forward` |
| 61 | +stop working when you try to access your cluster through a proxy or gateway. |
| 62 | +--> |
| 63 | +## 为什么要改变流式传输协议? |
| 64 | + |
| 65 | +在 v1.31 版本发布之前,Kubernetes 默认使用 SPDY/3.1 协议来升级流式连接。 |
| 66 | +但是 SPDY/3.1 已经被废弃了八年之久,并且从未被标准化,许多现代代理、网关和负载均衡器已经不再支持该协议。 |
| 67 | +因此,当你尝试通过代理或网关访问集群时,可能会发现像 `kubectl cp`、`kubectl attach`、`kubectl exec` |
| 68 | +和 `kubectl port-forward` 这样的命令无法正常工作。 |
| 69 | + |
| 70 | +<!-- |
| 71 | +As of Kubernetes v1.31, SIG API Machinery has modified the streaming |
| 72 | +protocol that a Kubernetes client (such as `kubectl`) uses for these commands |
| 73 | +to the more modern [WebSocket streaming protocol](https://datatracker.ietf.org/doc/html/rfc6455). |
| 74 | +The WebSocket protocol is a currently supported standardized streaming protocol |
| 75 | +that guarantees compatibility and interoperability with different components and |
| 76 | +programming languages. The WebSocket protocol is more widely supported by modern |
| 77 | +proxies and gateways than SPDY. |
| 78 | +--> |
| 79 | +从 Kubernetes v1.31 版本开始,SIG API Machinery 修改了 Kubernetes |
| 80 | +客户端(如 `kubectl`)中用于这些命令的流式传输协议,将其改为更现代化的 |
| 81 | +[WebSocket 流式传输协议](https://datatracker.ietf.org/doc/html/rfc6455)。 |
| 82 | +WebSocket 协议是一种当前得到支持的标准流式传输协议, |
| 83 | +它可以确保与不同组件及编程语言之间的兼容性和互操作性。 |
| 84 | +相较于 SPDY,WebSocket 协议更为广泛地被现代代理和网关所支持。 |
| 85 | + |
| 86 | +<!-- |
| 87 | +## How streaming APIs work |
| 88 | +
|
| 89 | +Kubernetes upgrades HTTP connections to streaming connections by adding |
| 90 | +specific upgrade headers to the originating HTTP request. For example, an HTTP |
| 91 | +upgrade request for running the `date` command on an `nginx` container within |
| 92 | +a cluster is similar to the following: |
| 93 | +--> |
| 94 | +## 流式 API 的工作原理 |
| 95 | + |
| 96 | +Kubernetes 通过在原始的 HTTP 请求中添加特定的升级头字段来将 HTTP 连接升级为流式连接。 |
| 97 | +例如,在集群内的 `nginx` 容器上运行 `date` 命令的 HTTP 升级请求类似于以下内容: |
| 98 | + |
| 99 | +```console |
| 100 | +$ kubectl exec -v=8 nginx -- date |
| 101 | +GET https://127.0.0.1:43251/api/v1/namespaces/default/pods/nginx/exec?command=date… |
| 102 | +Request Headers: |
| 103 | + Connection: Upgrade |
| 104 | + Upgrade: websocket |
| 105 | + Sec-Websocket-Protocol: v5.channel.k8s.io |
| 106 | + User-Agent: kubectl/v1.31.0 (linux/amd64) kubernetes/6911225 |
| 107 | +``` |
| 108 | + |
| 109 | +<!-- |
| 110 | +If the container runtime supports the WebSocket streaming protocol and at least |
| 111 | +one of the subprotocol versions (e.g. `v5.channel.k8s.io`), the server responds |
| 112 | +with a successful `101 Switching Protocols` status, along with the negotiated |
| 113 | +subprotocol version: |
| 114 | +--> |
| 115 | +如果容器运行时支持 WebSocket 流式协议及其至少一个子协议版本(例如 `v5.channel.k8s.io`), |
| 116 | +服务器会以代表成功的 `101 Switching Protocols` 状态码进行响应,并附带协商后的子协议版本: |
| 117 | + |
| 118 | +```console |
| 119 | +Response Status: 101 Switching Protocols in 3 milliseconds |
| 120 | +Response Headers: |
| 121 | + Upgrade: websocket |
| 122 | + Connection: Upgrade |
| 123 | + Sec-Websocket-Accept: j0/jHW9RpaUoGsUAv97EcKw8jFM= |
| 124 | + Sec-Websocket-Protocol: v5.channel.k8s.io |
| 125 | +``` |
| 126 | + |
| 127 | +<!-- |
| 128 | +At this point the TCP connection used for the HTTP protocol has changed to a |
| 129 | +streaming connection. Subsequent STDIN, STDOUT, and STDERR data (as well as |
| 130 | +terminal resizing data and process exit code data) for this shell interaction is |
| 131 | +then streamed over this upgraded connection. |
| 132 | +--> |
| 133 | +此时,原本用于 HTTP 协议的 TCP 连接已转换为流式连接。 |
| 134 | +随后,此 Shell 交互中的标准输入(STDIN)、标准输出(STDOUT)和标准错误输出(STDERR)数据 |
| 135 | +(以及终端重置大小数据和进程退出码数据)会通过这个升级后的连接进行流式传输。 |
| 136 | + |
| 137 | +<!-- |
| 138 | +## How to use the new WebSocket streaming protocol |
| 139 | +
|
| 140 | +If your cluster and kubectl are on version 1.29 or later, there are two |
| 141 | +control plane feature gates and two kubectl environment variables that |
| 142 | +govern the use of the WebSockets rather than SPDY. In Kubernetes 1.31, |
| 143 | +all of the following feature gates are in beta and are enabled by |
| 144 | +default: |
| 145 | +--> |
| 146 | +## 如何使用新的 WebSocket 流式协议 |
| 147 | + |
| 148 | +如果你的集群和 kubectl 版本为 1.29 及以上版本,有两个控制面特性门控以及两个 |
| 149 | +kubectl 环境变量用来控制启用 WebSocket 而不是 SPDY 作为流式协议。 |
| 150 | +在 Kubernetes 1.31 中,以下所有特性门控均处于 Beta 阶段,并且默认被启用: |
| 151 | + |
| 152 | +<!-- |
| 153 | +- [Feature gates](/docs/reference/command-line-tools-reference/feature-gates/) |
| 154 | + - `TranslateStreamCloseWebsocketRequests` |
| 155 | + - `.../exec` |
| 156 | + - `.../attach` |
| 157 | + - `PortForwardWebsockets` |
| 158 | + - `.../port-forward` |
| 159 | +- kubectl feature control environment variables |
| 160 | + - `KUBECTL_REMOTE_COMMAND_WEBSOCKETS` |
| 161 | + - `kubectl exec` |
| 162 | + - `kubectl cp` |
| 163 | + - `kubectl attach` |
| 164 | + - `KUBECTL_PORT_FORWARD_WEBSOCKETS` |
| 165 | + - `kubectl port-forward` |
| 166 | +--> |
| 167 | +- [特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/) |
| 168 | + - `TranslateStreamCloseWebsocketRequests` |
| 169 | + - `.../exec` |
| 170 | + - `.../attach` |
| 171 | + - `PortForwardWebsockets` |
| 172 | + - `.../port-forward` |
| 173 | +- kubectl 特性控制环境变量 |
| 174 | + - `KUBECTL_REMOTE_COMMAND_WEBSOCKETS` |
| 175 | + - `kubectl exec` |
| 176 | + - `kubectl cp` |
| 177 | + - `kubectl attach` |
| 178 | + - `KUBECTL_PORT_FORWARD_WEBSOCKETS` |
| 179 | + - `kubectl port-forward` |
| 180 | + |
| 181 | +<!-- |
| 182 | +If you're connecting to an older cluster but can manage the feature gate |
| 183 | +settings, turn on both `TranslateStreamCloseWebsocketRequests` (added in |
| 184 | +Kubernetes v1.29) and `PortForwardWebsockets` (added in Kubernetes |
| 185 | +v1.30) to try this new behavior. Version 1.31 of `kubectl` can automatically use |
| 186 | +the new behavior, but you do need to connect to a cluster where the server-side |
| 187 | +features are explicitly enabled. |
| 188 | +--> |
| 189 | +如果你正在使用一个较旧的集群但可以管理其特性门控设置, |
| 190 | +那么可以通过开启 `TranslateStreamCloseWebsocketRequests`(在 Kubernetes v1.29 中添加) |
| 191 | +和 `PortForwardWebsockets`(在 Kubernetes v1.30 中添加)来尝试启用 Websocket 作为流式传输协议。 |
| 192 | +版本为 1.31 的 kubectl 可以自动使用新的行为,但你需要连接到明确启用了服务器端特性的集群。 |
| 193 | + |
| 194 | +<!-- |
| 195 | +## Learn more about streaming APIs |
| 196 | +
|
| 197 | +- [KEP 4006 - Transitioning from SPDY to WebSockets](https://github.com/kubernetes/enhancements/tree/master/keps/sig-api-machinery/4006-transition-spdy-to-websockets) |
| 198 | +- [RFC 6455 - The WebSockets Protocol](https://datatracker.ietf.org/doc/html/rfc6455) |
| 199 | +- [Container Runtime Interface streaming explained](https://kubernetes.io/blog/2024/05/01/cri-streaming-explained/) |
| 200 | +--> |
| 201 | +## 了解有关流式 API 的更多信息 |
| 202 | + |
| 203 | +- [KEP 4006 - Transitioning from SPDY to WebSockets(英文)](https://github.com/kubernetes/enhancements/tree/master/keps/sig-api-machinery/4006-transition-spdy-to-websockets) |
| 204 | +- [RFC 6455 - The WebSockets Protocol(英文)](https://datatracker.ietf.org/doc/html/rfc6455) |
| 205 | +- [Container Runtime Interface streaming explained(英文)](https://kubernetes.io/blog/2024/05/01/cri-streaming-explained/) |
0 commit comments