Merge pull request #42790 from my-git9/blog23

k8s-ci-robot · web-flow · commit 5836d264de05 · 2023-09-08T01:04:14.000-07:00
[zh-cn] sync blog:2023-08-29-Gateway-API-v080.md
diff --git a/content/zh-cn/blog/_posts/2023-08-29-Gateway-API-v080.md b/content/zh-cn/blog/_posts/2023-08-29-Gateway-API-v080.md
@@ -0,0 +1,351 @@
+layout: blog
+title: "Gateway API v0.8.0：引入服务网格支持"
+date: 2023-08-29T10:00:00-08:00
+slug: gateway-api-v0-8
+---
+<!--
+layout: blog
+title: "Gateway API v0.8.0: Introducing Service Mesh Support"
+date: 2023-08-29T10:00:00-08:00
+slug: gateway-api-v0-8
+-->
+
+<!--
+***Authors:*** Flynn (Buoyant), John Howard (Google), Keith Mattix (Microsoft), Michael Beaumont (Kong), Mike Morris (independent), Rob Scott (Google)
+-->
+**作者：** Flynn (Buoyant), John Howard (Google), Keith Mattix (Microsoft), Michael Beaumont (Kong), Mike Morris (independent), Rob Scott (Google)
+
+**译者：** Xin Li (Daocloud)
+
+<!--
+We are thrilled to announce the v0.8.0 release of Gateway API! With this
+release, Gateway API support for service mesh has reached [Experimental
+status][status]. We look forward to your feedback!
+
+We're especially delighted to announce that Kuma 2.3+, Linkerd 2.14+, and Istio
+1.16+ are all fully-conformant implementations of Gateway API service mesh
+support.
+-->
+我们很高兴地宣布 Gateway API 的 v0.8.0 版本发布了！
+通过此版本，Gateway API 对服务网格的支持已达到[实验性（Experimental）状态][status]。
+我们期待你的反馈！
+
+我们很高兴地宣布 Kuma 2.3+、Linkerd 2.14+ 和 Istio 1.16+ 都是 Gateway API
+服务网格支持的完全一致实现。
+
+<!--
+## Service mesh support in Gateway API
+
+While the initial focus of Gateway API was always ingress (north-south)
+traffic, it was clear almost from the beginning that the same basic routing
+concepts should also be applicable to service mesh (east-west) traffic. In
+2022, the Gateway API subproject started the [GAMMA initiative][gamma], a
+dedicated vendor-neutral workstream, specifically to examine how best to fit
+service mesh support into the framework of the Gateway API resources, without
+requiring users of Gateway API to relearn everything they understand about the
+API.
+-->
+## Gateway API 中的服务网格支持
+
+虽然 Gateway API 最初的重点一直是入站（南北）流量，但几乎从最开始就比较明确，
+相同的基本路由概念也应适用于服务网格（东西）流量。2022 年，Gateway API
+子项目启动了 [GAMMA 计划][gamma]，这是一个专门的供应商中立的工作流，
+旨在专门研究如何最好地将服务网格支持纳入 Gateway API 资源的框架中，
+而不需要 Gateway API 的用户重新学习他们了解的有关 API 的一切。
+
+<!--
+Over the last year, GAMMA has dug deeply into the challenges and possible
+solutions around using Gateway API for service mesh. The end result is a small
+number of [enhancement proposals][geps] that subsume many hours of thought and
+debate, and provide a minimum viable path to allow Gateway API to be used for
+service mesh.
+-->
+在过去的一年中，GAMMA 深入研究了使用 Gateway API 用于服务网格的挑战和可能的解决方案。
+最终结果是少量的[增强提案][geps]，其中包含了很长时间的思考和辩论，并提供允许使用 Gateway API
+用于服务网格的最短可行路径。
+
+<!--
+### How will mesh routing work when using Gateway API?
+
+You can find all the details in the [Gateway API Mesh routing
+documentation][mesh-routing] and [GEP-1426], but the short version for Gateway
+API v0.8.0 is that an HTTPRoute can now have a `parentRef` that is a Service,
+rather than just a Gateway. We anticipate future GEPs in this area as we gain
+more experience with service mesh use cases -- binding to a Service makes it
+possible to use the Gateway API with a service mesh, but there are several
+interesting use cases that remain difficult to cover.
+
+As an example, you might use an HTTPRoute to do an A-B test in the mesh as
+follows:
+-->
+### 当使用 Gateway API 时，网格路由将如何工作？
+
+你可以在 [Gateway API Mesh 路由文档][mesh-routing]和 [GEP-1426] 中找到所有详细信息，
+但对于 Gateway API v0.8.0 的简短的版本是现在 HTTPRoute 可以设置 `parentRef`，
+它是一个 Service，而不仅仅是一个网关。随着我们对服务网格用例的经验不断丰富，我们预计在这个领域会出现更多
+GEP -- 绑定到 Service 使得将 Gateway API 与服务网格结合使用成为可能，但仍有几个有趣的用例难以覆盖。
+
+例如，你可以使用 HTTPRoute 在网格中进行 A-B 测试，如下所示：
+
+```yaml
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: HTTPRoute
+metadata:
+  name: bar-route
+spec:
+  parentRefs:
+  - group: ""
+    kind: Service
+    name: demo-app
+    port: 5000
+  rules:
+  - matches:
+    - headers:
+      - type: Exact
+        name: env
+        value: v1
+    backendRefs:
+    - name: demo-app-v1
+      port: 5000
+  - backendRefs:
+    - name: demo-app-v2
+      port: 5000
+```
+
+<!--
+Any request to port 5000 of the `demo-app` Service that has the header `env:
+v1` will be routed to `demo-app-v1`, while any request without that header
+will be routed to `demo-app-v2` -- and since this is being handled by the
+service mesh, not the ingress controller, the A/B test can happen anywhere in
+the application's call graph.
+-->
+任何对 `demo-app` Service 5000 端口且具有 `env: v1` 表头的请求都将被路由到 `demo-app-v1`，
+而没有该标头的请求都将被路由到 `demo-app-v2` -- 并且由于这是由服务网格而不是
+Ingress 控制器处理的，A/B 测试可以发生在应用程序的调用图中的任何位置。
+
+<!--
+### How do I know this will be truly portable?
+
+Gateway API has been investing heavily in conformance tests across all
+features it supports, and mesh is no exception. One of the challenges that the
+GAMMA initiative ran into is that many of these tests were strongly tied to
+the idea that a given implementation provides an ingress controller. Many
+service meshes don't, and requiring a GAMMA-conformant mesh to also implement
+an ingress controller seemed impractical at best. This resulted in work
+restarting on Gateway API _conformance profiles_, as discussed in [GEP-1709].
+-->
+### 如何确定这种方案的可移植性是真的？
+
+Gateway API 一直在其支持的所有功能的一致性测试上投入大量资源，网格也不例外。
+GAMMA 面临的挑战之一是，许多测试都认为一个给定实现会提供 Ingress 控制器。
+许多服务网格不提供 Ingress 控制器，要求符合 GAMMA 标准的网格同时实现 Ingress 控制器似乎并不切实际。
+这导致在 Gateway API **一致性配置文件**的工作重新启动，如 [GEP-1709] 中所述。
+
+<!--
+The basic idea of conformance profiles is that we can define subsets of the
+Gateway API, and allow implementations to choose (and document) which subsets
+they conform to. GAMMA is adding a new profile, named `Mesh` and described in
+[GEP-1686], which checks only the mesh functionality as defined by GAMMA. At
+this point, Kuma 2.3+, Linkerd 2.14+, and Istio 1.16+ are all conformant with
+the `Mesh` profile.
+-->
+一致性配置文件的基本思想是，我们可以定义 Gateway API 的子集，并允许实现选择（并记录）他们符合哪些子集。
+GAMMA 正在添加一个名为 `Mesh` 的新配置文件，其描述在 [GEP-1686] 中，仅检查由 GAMMA 定义的网格功能。
+此时，Kuma 2.3+、Linkerd 2.14+ 和 Istio 1.16+ 都符合 `Mesh` 配置文件的标准。
+
+<!--
+## What else is in Gateway API v0.8.0?
+
+This release is all about preparing Gateway API for the upcoming v1.0 release
+where HTTPRoute, Gateway, and GatewayClass will graduate to GA. There are two
+main changes related to this: CEL validation and API version changes.
+-->
+## Gateway API v0.8.0 中还有什么？
+
+这个版本的发布都是为了即将到来的 v1.0 版本做准备，其中
+HTTPRoute、Gateway 和 GatewayClass 将进级为 GA。与此相关的有两个主要更改：
+CEL 验证和 API 版本更改。
+
+<!--
+### CEL Validation
+
+The first major change is that Gateway API v0.8.0 is the start of a transition
+from webhook validation to [CEL validation][cel] using information built into
+the CRDs. That will mean different things depending on the version of
+Kubernetes you're using:
+-->
+### CEL 验证
+
+第一个重大变化是，Gateway API v0.8.0 起从 Webhook 验证转向使用内置于
+CRD 中的信息的 [CEL 验证][cel]。取决于你使用的 Kubernetes 版本，这一转换的影响有些不同：
+
+<!--
+#### Kubernetes 1.25+
+
+CEL validation is fully supported, and almost all validation is implemented in
+CEL. (The sole exception is that header names in header modifier filters can
+only do case-insensitive validation. There is more information in [issue
+2277].)
+
+We recommend _not_ using the validating webhook on these Kubernetes versions.
+-->
+#### Kubernetes 1.25+
+
+CEL 验证得到了完全支持，并且几乎所有验证都是在 CEL 中实现的。
+（唯一的例外是，标头修饰符过滤器中的标头名称只能进行不区分大小写的验证，
+更多的相关信息，请参见 [issue 2277]。）
+
+我们建议在这些 Kubernetes 版本上不使用验证 Webhook。
+
+<!--
+#### Kubernetes 1.23 and 1.24
+
+CEL validation is not supported, but Gateway API v0.8.0 CRDs can still be
+installed. When you upgrade to Kubernetes 1.25+, the validation included in
+these CRDs will automatically take effect.
+
+We recommend continuing to use the validating webhook on these Kubernetes
+versions.
+-->
+#### Kubernetes 1.23 和 1.24
+
+不支持 CEL 验证，但仍可以安装 Gateway API v0.8.0 CRD。
+当你升级到 Kubernetes 1.25+ 时，这些 CRD 中包含的验证将自动生效。
+
+我们建议在这些 Kubernetes 版本上继续使用验证 Webhook。
+
+<!--
+#### Kubernetes 1.22 and older
+
+Gateway API only commits to support for [5 most recent versions of
+Kubernetes][supported-versions]. As such, these versions are no longer
+supported by Gateway API, and unfortunately Gateway API v0.8.0 cannot be
+installed on them, since CRDs containing CEL validation will be rejected.
+-->
+#### Kubernetes 1.22 及更早版本
+
+Gateway API 只承诺支持[最新的 5 个 Kubernetes 版本][supported-versions]。
+因此，Gateway API 不再支持这些版本，不幸的是，在这些集群版本中无法安装 Gateway API v0.8.0，
+因为包含 CEL 验证的 CRD 将被拒绝。
+
+<!--
+### API Version Changes
+
+As we prepare for a v1.0 release that will graduate Gateway, GatewayClass, and
+HTTPRoute to the `v1` API Version from `v1beta1`, we are continuing the process
+of moving away from `v1alpha2` for resources that have graduated to `v1beta1`.
+For more information on this change and everything else included in this
+release, refer to the [v0.8.0 release notes][v0.8.0 release notes].
+-->
+### API 版本更改
+
+在我们所准备的 v1.0 版本中，Gateway、GatewayClass 和 HTTPRoute 都会从
+`v1beta1` 升级到 `v1` API 版本，对于已升级到 `v1beta1` 的资源，我们将继续从 `v1alpha2` 迁移的过程。
+
+有关此更改以及此版本中包含的所有其他内容的更多信息，请参见 [v0.8.0 发布说明][v0.8.0 release notes]。
+
+<!--
+## How can I get started with Gateway API?
+
+Gateway API represents the future of load balancing, routing, and service mesh
+APIs in Kubernetes. There are already more than 20 [implementations][impl]
+available (including both ingress controllers and service meshes) and the list
+keeps growing.
+-->
+## 如何开始使用 Gateway API？
+
+Gateway API 代表了 Kubernetes 中负载平衡、路由和服务网格 API 的未来。
+已经有超过 20 个[实现][impl]可用（包括入口控制器和服务网格），而这一列表还在不断增长。
+
+<!--
+If you're interested in getting started with Gateway API, take a look at the
+[API concepts documentation][concepts] and check out some of the
+[Guides][guides] to try it out. Because this is a CRD-based API, you can
+install the latest version on any Kubernetes 1.23+ cluster.
+-->
+如果你有兴趣开始使用 Gateway API，请查阅 [API 概念文档][concepts] 和一些[指南][guides]以尝试使用它。
+因为这是一个基于 CRD 的 API，所以你可以在任何 Kubernetes 1.23+ 集群上安装最新版本。
+
+<!--
+If you're specifically interested in helping to contribute to Gateway API, we
+would love to have you! Please feel free to [open a new issue][issue] on the
+repository, or join in the [discussions][disc]. Also check out the [community
+page][community] which includes links to the Slack channel and community
+meetings. We look forward to seeing you!!
+-->
+如果你有兴趣为 Gateway API 做出贡献，我们非常欢迎你！
+请随时在仓库中[报告问题][issue]，或加入[讨论][disc]。
+另请查看[社区页面][community]，其中包含 Slack 频道和社区会议的链接。
+我们期待你的光临！！
+
+<!--
+## Further Reading:
+
+- [GEP-1324] provides an overview of the GAMMA goals and some important
+  definitions. This GEP is well worth a read for its discussion of the problem
+  space.
+- [GEP-1426] defines how to use Gateway API route resources, such as
+  HTTPRoute, to manage traffic within a service mesh.
+- [GEP-1686] builds on the work of [GEP-1709] to define a _conformance
+  profile_ for service meshes to be declared conformant with Gateway API.
+-->
+## 进一步阅读：
+
+- [GEP-1324] 提供了 GAMMA 目标和一些重要定义的概述。这个 GEP 值得一读，因为它讨论了问题空间。
+- [GEP-1426] 定义了如何使用 Gateway API 路由资源（如 HTTPRoute）管理服务网格内的流量。
+- [GEP-1686] 在 [GEP-1709] 的工作基础上，为声明符合 Gateway API 的服务网格定义了一个一致性配置文件。
+
+<!--
+Although these are [Experimental][status] patterns, note that they are available
+in the [`standard` release channel][ch], since the GAMMA initiative has not
+needed to introduce new resources or fields to date.
+-->
+虽然这些都是[实验特性][status]，但请注意，它们可在 [standard 发布频道][ch]使用，
+因为 GAMMA 计划迄今为止不需要引入新的资源或字段。
+
+<!--
+[gamma]:https://gateway-api.sigs.k8s.io/concepts/gamma/
+[status]:https://gateway-api.sigs.k8s.io/geps/overview/#status
+[ch]:https://gateway-api.sigs.k8s.io/concepts/versioning/#release-channels-eg-experimental-standard
+[cel]:/docs/reference/using-api/cel/
+[crd]:/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/
+[concepts]:https://gateway-api.sigs.k8s.io/concepts/api-overview/
+[geps]:https://gateway-api.sigs.k8s.io/contributing/enhancement-requests/
+[guides]:https://gateway-api.sigs.k8s.io/guides/getting-started/
+[impl]:https://gateway-api.sigs.k8s.io/implementations/
+[install-crds]:https://gateway-api.sigs.k8s.io/guides/getting-started/#install-the-crds
+[issue]:https://github.com/kubernetes-sigs/gateway-api/issues/new/choose
+[disc]:https://github.com/kubernetes-sigs/gateway-api/discussions
+[community]:https://gateway-api.sigs.k8s.io/contributing/community/
+[mesh-routing]:https://gateway-api.sigs.k8s.io/concepts/gamma/#how-the-gateway-api-works-for-service-mesh
+[GEP-1426]:https://gateway-api.sigs.k8s.io/geps/gep-1426/
+[GEP-1324]:https://gateway-api.sigs.k8s.io/geps/gep-1324/
+[GEP-1686]:https://gateway-api.sigs.k8s.io/geps/gep-1686/
+[GEP-1709]:https://gateway-api.sigs.k8s.io/geps/gep-1709/
+[issue 2277]:https://github.com/kubernetes-sigs/gateway-api/issues/2277
+[supported-versions]:https://gateway-api.sigs.k8s.io/concepts/versioning/#supported-versions
+[v0.8.0 release notes]:https://github.com/kubernetes-sigs/gateway-api/releases/tag/v0.8.0
+[versioning docs]:https://gateway-api.sigs.k8s.io/concepts/versioning/
+-->
+[gamma]:https://gateway-api.sigs.k8s.io/concepts/gamma/
+[status]:https://gateway-api.sigs.k8s.io/geps/overview/#status
+[ch]:https://gateway-api.sigs.k8s.io/concepts/versioning/#release-channels-eg-experimental-standard
+[cel]:/zh-cn/docs/reference/using-api/cel/
+[crd]:/zh-cn/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/
+[concepts]:https://gateway-api.sigs.k8s.io/concepts/api-overview/
+[geps]:https://gateway-api.sigs.k8s.io/contributing/enhancement-requests/
+[guides]:https://gateway-api.sigs.k8s.io/guides/getting-started/
+[impl]:https://gateway-api.sigs.k8s.io/implementations/
+[install-crds]:https://gateway-api.sigs.k8s.io/guides/getting-started/#install-the-crds
+[issue]:https://github.com/kubernetes-sigs/gateway-api/issues/new/choose
+[disc]:https://github.com/kubernetes-sigs/gateway-api/discussions
+[community]:https://gateway-api.sigs.k8s.io/contributing/community/
+[mesh-routing]:https://gateway-api.sigs.k8s.io/concepts/gamma/#how-the-gateway-api-works-for-service-mesh
+[GEP-1426]:https://gateway-api.sigs.k8s.io/geps/gep-1426/
+[GEP-1324]:https://gateway-api.sigs.k8s.io/geps/gep-1324/
+[GEP-1686]:https://gateway-api.sigs.k8s.io/geps/gep-1686/
+[GEP-1709]:https://gateway-api.sigs.k8s.io/geps/gep-1709/
+[issue 2277]:https://github.com/kubernetes-sigs/gateway-api/issues/2277
+[supported-versions]:https://gateway-api.sigs.k8s.io/concepts/versioning/#supported-versions
+[v0.8.0 release notes]:https://github.com/kubernetes-sigs/gateway-api/releases/tag/v0.8.0
+[versioning docs]:https://gateway-api.sigs.k8s.io/concepts/versioning/
