@@ -3,7 +3,6 @@ title: 虚拟 IP 和服务代理
33content_type : reference
44weight : 50
55---
6-
76<!--
87title: Virtual IPs and Service Proxies
98content_type: reference
@@ -318,8 +317,7 @@ Especially, if kube-proxy's `sync_proxy_rules_duration_seconds` metric
318317indicates an average time much larger than 1 second, then bumping up
319318`minSyncPeriod` may make updates more efficient.
320319-->
321- 默认值 ` 1s ` 适用于大多数集群,
322- 在大型集群中,可能需要将其设置为更大的值。
320+ 默认值 ` 1s ` 适用于大多数集群,在大型集群中,可能需要将其设置为更大的值。
323321(特别是,如果 kube-proxy 的 ` sync_proxy_rules_duration_seconds ` 指标表明平均时间远大于 1 秒,
324322那么提高 ` minSyncPeriod ` 可能会使更新更有效率。)
325323
@@ -394,8 +392,7 @@ _This proxy mode is only available on Linux nodes._
394392In `ipvs` mode, kube-proxy watches Kubernetes Services and EndpointSlices,
395393calls `netlink` interface to create IPVS rules accordingly and synchronizes
396394IPVS rules with Kubernetes Services and EndpointSlices periodically.
397- This control loop ensures that IPVS status matches the desired
398- state.
395+ This control loop ensures that IPVS status matches the desired state.
399396When accessing a Service, IPVS directs traffic to one of the backend Pods.
400397-->
401398在 ` ipvs ` 模式下,kube-proxy 监视 Kubernetes Service 和 EndpointSlice,
@@ -422,22 +419,76 @@ IPVS 代理模式基于 netfilter 回调函数,类似于 iptables 模式,
422419<!--
423420IPVS provides more options for balancing traffic to backend Pods;
424421these are:
425-
426- * `rr`: round-robin
427- * `lc`: least connection (smallest number of open connections)
428- * `dh`: destination hashing
429- * `sh`: source hashing
430- * `sed`: shortest expected delay
431- * `nq`: never queue
432422-->
433423IPVS 为将流量均衡到后端 Pod 提供了更多选择:
434424
435- * ` rr ` :轮询
436- * ` lc ` :最少连接(打开连接数最少)
437- * ` dh ` :目标地址哈希
438- * ` sh ` :源地址哈希
439- * ` sed ` :最短预期延迟
440- * ` nq ` :最少队列
425+ <!--
426+ * `rr` (Round Robin): Traffic is equally distributed amongst the backing servers.
427+
428+ * `wrr` (Weighted Round Robin): Traffic is routed to the backing servers based on
429+ the weights of the servers. Servers with higher weights receive new connections
430+ and get more requests than servers with lower weights.
431+
432+ * `lc` (Least Connection): More traffic is assigned to servers with fewer active connections.
433+ -->
434+ * ` rr ` (轮询):流量被平均分发给后端服务器。
435+
436+ * ` wrr ` (加权轮询):流量基于服务器的权重被路由到后端服务器。
437+ 高权重的服务器接收新的连接并处理比低权重服务器更多的请求。
438+
439+ * ` lc ` (最少连接):将更多流量分配给活跃连接数较少的服务器。
440+
441+ <!--
442+ * `wlc` (Weighted Least Connection): More traffic is routed to servers with fewer connections
443+ relative to their weights, that is, connections divided by weight.
444+
445+ * `lblc` (Locality based Least Connection): Traffic for the same IP address is sent to the
446+ same backing server if the server is not overloaded and available; otherwise the traffic
447+ is sent to servers with fewer connections, and keep it for future assignment.
448+ -->
449+ * ` wlc ` (加权最少连接):将更多流量按照服务器权重分配给连接数较少的服务器,即基于连接数除以权重。
450+
451+ * ` lblc ` (基于地域的最少连接):如果服务器未超载且可用,则针对相同 IP 地址的流量被发送到同一后端服务器;
452+ 否则,流量被发送到连接较少的服务器,并在未来的流量分配中保持这一分配决定。
453+
454+ <!--
455+ * `lblcr` (Locality Based Least Connection with Replication): Traffic for the same IP
456+ address is sent to the server with least connections. If all the backing servers are
457+ overloaded, it picks up one with fewer connections and add it to the target set.
458+ If the target set has not changed for the specified time, the most loaded server
459+ is removed from the set, in order to avoid high degree of replication.
460+ -->
461+ * ` lblcr ` (带副本的基于地域的最少连接):针对相同 IP 地址的流量被发送到连接数最少的服务器。
462+ 如果所有后端服务器都超载,则选择连接较少的服务器并将其添加到目标集中。
463+ 如果目标集在指定时间内未发生变化,则从此集合中移除负载最高的服务器,以避免副本的负载过高。
464+
465+ <!--
466+ * `sh` (Source Hashing): Traffic is sent to a backing server by looking up a statically
467+ assigned hash table based on the source IP addresses.
468+
469+ * `dh` (Destination Hashing): Traffic is sent to a backing server by looking up a
470+ statically assigned hash table based on their destination addresses.
471+ -->
472+ * ` sh ` (源哈希):通过查找基于源 IP 地址的静态分配哈希表,将流量发送到某后端服务器。
473+
474+ * ` dh ` (目标哈希):通过查找基于目标地址的静态分配哈希表,将流量发送到某后端服务器。
475+
476+ <!--
477+ * `sed` (Shortest Expected Delay): Traffic forwarded to a backing server with the shortest
478+ expected delay. The expected delay is `(C + 1) / U` if sent to a server, where `C` is
479+ the number of connections on the server and `U` is the fixed service rate (weight) of
480+ the server.
481+
482+ * `nq` (Never Queue): Traffic is sent to an idle server if there is one, instead of
483+ waiting for a fast one; if all servers are busy, the algorithm falls back to the `sed`
484+ behavior.
485+ -->
486+ * ` sed ` (最短预期延迟):流量被转发到具有最短预期延迟的后端服务器。
487+ 如果流量被发送给服务器,预期延迟为 ` (C + 1) / U ` ,其中 ` C ` 是服务器上的连接数,
488+ ` U ` 是服务器的固定服务速率(权重)。
489+
490+ * ` nq ` (永不排队):流量被发送到一台空闲服务器(如果有的话),而不是等待一台快速服务器;
491+ 如果所有服务器都忙碌,算法将退回到 ` sed ` 行为。
441492
442493{{< note >}}
443494<!--
@@ -506,7 +557,7 @@ apply the packet rewriting directly, rather than placing this burden on the node
506557Pod is running. This is called _direct server return_.
507558-->
508559作为基本操作的替代方案,托管服务后端 Pod 的节点可以直接应用数据包重写,
509- 而不用将此工作交给运行客户端 Pod 的节点来执行。这称为** Direct Server Return(DSR)** 。
560+ 而不用将此工作交给运行客户端 Pod 的节点来执行。这称为 ** Direct Server Return(DSR)** 。
510561
511562<!--
512563To use this, you must run kube-proxy with the `--enable-dsr` command line argument **and**
@@ -518,7 +569,7 @@ are running on the same node.
518569要使用这种技术,你必须使用 ` --enable-dsr ` 命令行参数运行 kube-proxy ** 并** 启用
519570` WinDSR ` [ 特性门控] ( /zh-cn/docs/reference/command-line-tools-reference/feature-gates/ ) 。
520571
521- 即使两个 Pod 在同一节点上运行,Direct Server Return( DSR) 也可优化 Pod 的返回流量。
572+ 即使两个 Pod 在同一节点上运行,DSR 也可优化 Pod 的返回流量。
522573
523574<!--
524575## Session affinity
@@ -610,8 +661,8 @@ Service its own IP address from within the `service-cluster-ip-range`
610661CIDR range that is configured for the {{< glossary_tooltip term_id="kube-apiserver" text="API Server" >}}.
611662-->
612663为了允许你为 Service 选择 IP 地址,我们必须确保没有任何两个 Service 会发生冲突。
613- Kubernetes 通过从为 {{< glossary_tooltip text="API 服务器" term_id="kube-apiserver" >}}
614- 配置的 ` service-cluster-ip-range ` CIDR 范围内为每个 Service 分配自己的 IP 地址来实现这一点。
664+ Kubernetes 通过从为 {{< glossary_tooltip text="API 服务器" term_id="kube-apiserver" >}}配置的
665+ ` service-cluster-ip-range ` CIDR 范围内为每个 Service 分配自己的 IP 地址来实现这一点。
615666
616667<!--
617668#### IP address allocation tracking
@@ -649,8 +700,8 @@ the control plane replaces the existing etcd allocator with a new one, using IPA
649700objects instead of an internal global allocation map. The ClusterIP address
650701associated to each Service will have a referenced IPAddress object.
651702-->
652- 如果你启用 ` MultiCIDRServiceAllocator ` [ 特性门控] ( /zh-cn/docs/reference/command-line-tools-reference/feature-gate/ )
653- 和 [ ` networking.k8s.io/v1alpha1 ` API 组] ( /zh-cn/docs/tasks/administer-cluster/enable-disable-api/ ) ,
703+ 如果你启用 ` MultiCIDRServiceAllocator ` [ 特性门控] ( /zh-cn/docs/reference/command-line-tools-reference/feature-gate/ ) 和
704+ [ ` networking.k8s.io/v1alpha1 ` API 组] ( /zh-cn/docs/tasks/administer-cluster/enable-disable-api/ ) ,
654705控制平面将用一个新的分配器替换现有的 etcd 分配器,使用 IPAddress 对象而不是内部的全局分配映射。
655706与每个 Service 关联的 ClusterIP 地址将有一个对应的 IPAddress 对象。
656707
@@ -681,6 +732,7 @@ the built-in Service API.
681732``` shell
682733kubectl get services
683734```
735+
684736```
685737NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
686738kubernetes ClusterIP 2001:db8:1:2::1 <none> 443/TCP 3d1h
@@ -689,6 +741,7 @@ kubernetes ClusterIP 2001:db8:1:2::1 <none> 443/TCP 3d1h
689741``` shell
690742kubectl get ipaddresses
691743```
744+
692745```
693746NAME PARENTREF
6947472001:db8:1:2::1 services/default/kubernetes
@@ -720,8 +773,7 @@ reduces the risk of a conflict over allocation.
720773-->
721774Kubernetes 优先通过从高段中选择来为 Service 分配动态 IP 地址,
722775这意味着如果要将特定 IP 地址分配给 ` type: ClusterIP ` Service,
723- 则应手动从** 低** 段中分配 IP 地址。
724- 该方法降低了分配导致冲突的风险。
776+ 则应手动从** 低** 段中分配 IP 地址。该方法降低了分配导致冲突的风险。
725777
726778<!--
727779If you disable the `ServiceIPStaticSubrange`
0 commit comments