Merge pull request #31150 from shuaijinchao/zh/sync/access-application-cluster/access-cluster

k8s-ci-robot · web-flow · commit 900a8114063e · 2021-12-30T22:10:50.000-08:00
[zh] synchronize translate access-cluster.md
diff --git a/content/zh/docs/tasks/access-application-cluster/access-cluster.md b/content/zh/docs/tasks/access-application-cluster/access-cluster.md
@@ -355,214 +355,14 @@ In each case, the credentials of the pod are used to communicate securely with t
 <!--
 ## Accessing services running on the cluster
 
-The previous section was about connecting the Kubernetes API server.  This section is about
-connecting to other services running on Kubernetes cluster.  In Kubernetes, the
-[nodes](/docs/admin/node), [pods](/docs/user-guide/pods) and [services](/docs/user-guide/services) all have
-their own IPs.  In many cases, the node IPs, pod IPs, and some service IPs on a cluster will not be
-routable, so they will not be reachable from a machine outside the cluster,
-such as your desktop machine.
+The previous section describes how to connect to the Kubernetes API server. For information about connecting to other services running on a Kubernetes cluster, see [Access Cluster Services.](/docs/tasks/access-application-cluster/access-cluster/)
 -->
-## 访问集群中正在运行的服务  {#accessing-services-running-on-the-cluster}
 
-上一节介绍了如何连接 Kubernetes API 服务。本节介绍如何连接到 Kubernetes
-集群上运行的其他服务。
-在 Kubernetes 中，[节点](/zh/docs/concepts/architecture/nodes/)、
-[pods](/zh/docs/concepts/workloads/pods/) 和
-[服务](/zh/docs/concepts/services-networking/service/) 都有自己的 IP。
-在许多情况下，集群上的节点 IP、Pod IP 和某些服务 IP 将无法路由，
-因此无法从集群外部的计算机（例如桌面计算机）访问它们。
+## 访问集群上运行的服务  {#accessing-services-running-on-the-cluster}
 
-<!--
-### Ways to connect
-
-You have several options for connecting to nodes, pods and services from outside the cluster:
-
-  - Access services through public IPs.
-    - Use a service with type `NodePort` or `LoadBalancer` to make the service reachable outside
-      the cluster.  See the [services](/docs/user-guide/services) and
-      [kubectl expose](/docs/reference/generated/kubectl/kubectl-commands/#expose) documentation.
-    - Depending on your cluster environment, this may only expose the service to your corporate network,
-      or it may expose it to the internet.  Think about whether the service being exposed is secure.
-      Does it do its own authentication?
-    - Place pods behind services.  To access one specific pod from a set of replicas, such as for debugging,
-      place a unique label on the pod and create a new service which selects this label.
-    - In most cases, it should not be necessary for application developer to directly access
-      nodes via their nodeIPs.
--->
-### 连接的方法   {#ways-to-connect}
-
-有多种方式可以从集群外部连接节点、Pod 和服务：
-
-- 通过公共 IP 访问服务。
-
-  - 类型为 `NodePort` 或 `LoadBalancer` 的服务，集群外部可以访问。
-    请参阅 [服务](/zh/docs/concepts/services-networking/service/) 和
-    [kubectl expose](/docs/reference/generated/kubectl/kubectl-commands/#expose) 文档。
-  - 取决于你的集群环境，该服务可能仅暴露给你的公司网络，或者也可能暴露给
-    整个互联网。
-    请考虑公开该服务是否安全。它是否进行自己的身份验证？
-  - 在服务后端放置 Pod。要从一组副本中访问一个特定的 Pod，例如进行调试，
-    请在 Pod 上设置一个唯一的标签，然后创建一个选择此标签的新服务。
-  - 在大多数情况下，应用程序开发人员不应该通过其 nodeIP 直接访问节点。
-
-<!--
-  - Access services, nodes, or pods using the Proxy Verb.
-    - Does apiserver authentication and authorization prior to accessing the remote service.
-      Use this if the services are not secure enough to expose to the internet, or to gain
-      access to ports on the node IP, or for debugging.
-    - Proxies may cause problems for some web applications.
-    - Only works for HTTP/HTTPS.
-    - Described [here](#manually-constructing-apiserver-proxy-urls).
--->
-- 使用 proxy 动词访问服务、节点或者 Pod。
-  - 在访问远程服务之前进行 apiserver 身份验证和授权。
-    如果服务不能够安全地暴露到互联网，或者服务不能获得节点 IP 端口的
-    访问权限，或者是为了调试，那么请使用此选项。
-  - 代理可能会给一些 web 应用带来问题。
-  - 只适用于 HTTP/HTTPS。
-  - 更多详细信息在[这里](#manually-constructing-apiserver-proxy-urls)。
-
-<!--
-  - Access from a node or pod in the cluster.
-    - Run a pod, and then connect to a shell in it using [kubectl exec](/docs/reference/generated/kubectl/kubectl-commands/#exec).
-      Connect to other nodes, pods, and services from that shell.
-    - Some clusters may allow you to ssh to a node in the cluster.  From there you may be able to
-      access cluster services.  This is a non-standard method, and will work on some clusters but
-      not others.  Browsers and other tools may or may not be installed.  Cluster DNS may not work.
--->
-- 从集群中的节点或者 Pod 中访问。
-
-  - 运行一个 Pod，然后使用 [kubectl exec](/docs/reference/generated/kubectl/kubectl-commands/#exec)
-    来连接 Pod 里的 Shell。
-    然后从 Shell 中连接其它的节点、Pod 和服务。
-  - 有些集群可能允许你通过 SSH 连接到节点，从那你可能可以访问集群的服务。
-    这是一个非正式的方式，可能可以运行在个别的集群上。
-    浏览器和其它一些工具可能没有被安装。集群的 DNS 可能无法使用。
-
-<!--
-### Discovering builtin services
-
-Typically, there are several services which are started on a cluster by kube-system. Get a list of these
-with the `kubectl cluster-info` command:
--->
-### 发现内建服务
-
-通常来说，集群中会有 kube-system 创建的一些运行的服务。
-
-通过 `kubectl cluster-info` 命令获得这些服务列表：
-
-```shell
-kubectl cluster-info
-```
-
-```
-Kubernetes master is running at https://104.197.5.247
-elasticsearch-logging is running at https://104.197.5.247/api/v1/namespaces/kube-system/services/elasticsearch-logging/proxy
-kibana-logging is running at https://104.197.5.247/api/v1/namespaces/kube-system/services/kibana-logging/proxy
-kube-dns is running at https://104.197.5.247/api/v1/namespaces/kube-system/services/kube-dns/proxy
-grafana is running at https://104.197.5.247/api/v1/namespaces/kube-system/services/monitoring-grafana/proxy
-heapster is running at https://104.197.5.247/api/v1/namespaces/kube-system/services/monitoring-heapster/proxy
-```
-
-<!--
-This shows the proxy-verb URL for accessing each service.
-For example, this cluster has cluster-level logging enabled (using Elasticsearch), which can be reached
-at `https://104.197.5.247/api/v1/namespaces/kube-system/services/elasticsearch-logging/proxy/` if suitable credentials are passed.  Logging can also be reached through a kubectl proxy, for example at:
-`http://localhost:8080/api/v1/namespaces/kube-system/services/elasticsearch-logging/proxy/`.
-(See [Access Clusters Using the Kubernetes API](/docs/tasks/administer-cluster/access-cluster-api/) for how to pass credentials or use kubectl proxy.)
--->
-这展示了访问每个服务的 proxy-verb URL。
-例如，如果集群启动了集群级别的日志（使用 Elasticsearch），并且传递合适的凭证，
-那么可以通过
-`https://104.197.5.247/api/v1/namespaces/kube-system/services/elasticsearch-logging/proxy/`
-进行访问。日志也能通过 kubectl 代理获取，例如：
-`http://localhost:8080/api/v1/namespaces/kube-system/services/elasticsearch-logging/proxy/`。
-（参阅[使用 Kubernetes API 访问集群](/zh/docs/tasks/administer-cluster/access-cluster-api/)
-了解如何传递凭据，或者使用 kubectl proxy）
-<!--
-#### Manually constructing apiserver proxy URLs
-
-As mentioned above, you use the `kubectl cluster-info` command to retrieve the service's proxy URL. To create proxy URLs that include service endpoints, suffixes, and parameters, you append to the service's proxy URL:
-`http://`*`kubernetes_master_address`*`/api/v1/namespaces/`*`namespace_name`*`/services/`*`service_name[:port_name]`*`/proxy`
-
-If you haven't specified a name for your port, you don't have to specify *port_name* in the URL. You can also use the port number in place of the *port_name* for both named and unnamed ports.
-
-By default, the API server proxies to your service using http. To use https, prefix the service name with `https:`:
-`http://`*`kubernetes_master_address`*`/api/v1/namespaces/`*`namespace_name`*`/services/`*`https:service_name:[port_name]`*`/proxy`
-
-The supported formats for the name segment of the URL are:
-
-* `<service_name>` - proxies to the default or unnamed port using http
-* `<service_name>:<port_name>` - proxies to the specified port name or port number using http
-* `https:<service_name>:` - proxies to the default or unnamed port using https (note the trailing colon)
-* `https:<service_name>:<port_name>` - proxies to the specified port name or port number using https
--->
-#### 手动构建 apiserver 代理 URL {#manually-constructing-apiserver-proxy-urls}
-
-如上所述，你可以使用 `kubectl cluster-info` 命令来获得服务的代理 URL。
-要创建包含服务端点、后缀和参数的代理 URL，需添加到服务的代理 URL：
-`http://`*`kubernetes_master_address`*`/api/v1/namespaces/`*`namespace_name`*`/services/`*`service_name[:port_name]`*`/proxy`
-
-如果尚未为端口指定名称，则不必在 URL 中指定 *port_name*。
-对于已命名和未命名的端口，也可以使用端口号代替 *port_name*。
-
-默认情况下，API server 使用 HTTP 代理你的服务。
-要使用 HTTPS，请在服务名称前加上 `https:`：
-`http://`*`kubernetes_master_address`*`/api/v1/namespaces/`*`namespace_name`*`/services/`*`https:service_name:[port_name]`*`/proxy`
-
-URL 名称段支持的格式为：
-
-* `<service_name>` - 使用 http 代理到默认或未命名的端口
-* `<service_name>:<port_name>` - 使用 http 代理到指定的端口名称或端口号
-* `https:<service_name>:` - 使用 https 代理到默认或未命名的端口（注意后面的冒号）
-* `https:<service_name>:<port_name>` - 使用 https 代理到指定的端口名称或端口号
-
-<!--
-##### Examples
-
- * To access the Elasticsearch service endpoint `_search?q=user:kimchy`, you would use:   `http://104.197.5.247/api/v1/namespaces/kube-system/services/elasticsearch-logging/proxy/_search?q=user:kimchy`
- * To access the Elasticsearch cluster health information `_cluster/health?pretty=true`, you would use:   `https://104.197.5.247/api/v1/namespaces/kube-system/services/elasticsearch-logging/proxy/_cluster/health?pretty=true`
--->
-##### 示例
-
-* 要访问 Elasticsearch  服务端点 `_search?q=user:kimchy`，你需要使用：
-  `http://104.197.5.247/api/v1/namespaces/kube-system/services/elasticsearch-logging/proxy/_search?q=user:kimchy`
-* 要访问 Elasticsearch 集群健康信息 `_cluster/health?pretty=true`，你需要使用：
-  `https://104.197.5.247/api/v1/namespaces/kube-system/services/elasticsearch-logging/proxy/_cluster/health?pretty=true`
-
-```json
-  {
-    "cluster_name" : "kubernetes_logging",
-    "status" : "yellow",
-    "timed_out" : false,
-    "number_of_nodes" : 1,
-    "number_of_data_nodes" : 1,
-    "active_primary_shards" : 5,
-    "active_shards" : 5,
-    "relocating_shards" : 0,
-    "initializing_shards" : 0,
-    "unassigned_shards" : 5
-  }
-```
-
-<!--
-### Using web browsers to access services running on the cluster
-
-You may be able to put an apiserver proxy url into the address bar of a browser. However:
-
-  - Web browsers cannot usually pass tokens, so you may need to use basic (password) auth.  Apiserver can be configured to accept basic auth,
-    but your cluster may not be configured to accept basic auth.
-  - Some web apps may not work, particularly those with client side javascript that construct urls in a
-    way that is unaware of the proxy path prefix.
--->
-### 使用 web 浏览器访问运行在集群上的服务
-
-你可以在浏览器地址栏中输入 apiserver 代理 URL。但是：
+上一节介绍了如何连接到 Kubernetes API 服务器。
+有关连接到 Kubernetes 集群上运行的其他服务的信息，请参阅[访问集群服务](/zh/docs/tasks/administer-cluster/access-cluster-services/)。
 
-- Web 浏览器通常不能传递令牌，因此你可能需要使用基本（密码）身份验证。
-  Apiserver 可以配置为接受基本身份验证，但你的集群可能未进行配置。
-- 某些 Web 应用程序可能无法运行，尤其是那些使用客户端 javascript 
-  以不知道代理路径前缀的方式构建 URL 的应用程序。
 
 <!--
 ## Requesting redirects
