|
| 1 | +--- |
| 2 | +title: 服务内部流量策略 |
| 3 | +content_type: concept |
| 4 | +weight: 45 |
| 5 | +--- |
| 6 | +<!-- |
| 7 | +--- |
| 8 | +reviewers: |
| 9 | +- maplain |
| 10 | +title: Service Internal Traffic Policy |
| 11 | +content_type: concept |
| 12 | +weight: 45 |
| 13 | +--- |
| 14 | +--> |
| 15 | + |
| 16 | +<!-- overview --> |
| 17 | + |
| 18 | +{{< feature-state for_k8s_version="v1.21" state="alpha" >}} |
| 19 | + |
| 20 | +<!-- |
| 21 | +_Service Internal Traffic Policy_ enables internal traffic restrictions to only route |
| 22 | +internal traffic to endpoints within the node the traffic originated from. The |
| 23 | +"internal" traffic here refers to traffic originated from Pods in the current |
| 24 | +cluster. This can help to reduce costs and improve performance. |
| 25 | +--> |
| 26 | +_服务内部流量策略_ 开启了内部流量限制,只路由内部流量到和发起方处于相同节点的服务端点。 |
| 27 | +这里的”内部“流量指当前集群中的 Pod 所发起的流量。 |
| 28 | +这种机制有助于节省开销,提升效率。 |
| 29 | + |
| 30 | +<!-- body --> |
| 31 | + |
| 32 | +<!-- |
| 33 | +## Using Service Internal Traffic Policy |
| 34 | +--> |
| 35 | +## 使用服务内部流量策略 {#using-service-internal-traffic-policy} |
| 36 | + |
| 37 | +<!-- |
| 38 | +Once you have enabled the `ServiceInternalTrafficPolicy` |
| 39 | +[feature gate](/docs/reference/command-line-tools-reference/feature-gates/), |
| 40 | +you can enable an internal-only traffic policy for a |
| 41 | +{{< glossary_tooltip text="Services" term_id="service" >}}, by setting its |
| 42 | +`.spec.internalTrafficPolicy` to `Local`. |
| 43 | +This tells kube-proxy to only use node local endpoints for cluster internal traffic. |
| 44 | +--> |
| 45 | +一旦你启用了 `ServiceInternalTrafficPolicy` 这个 |
| 46 | +[特性门控](/zh/docs/reference/command-line-tools-reference/feature-gates/), |
| 47 | +你就可以通过将 {{< glossary_tooltip text="Services" term_id="service" >}} 的 |
| 48 | +`.spec.internalTrafficPolicy` 项设置为 `Local`, |
| 49 | +来为它指定一个内部专用的流量策略。 |
| 50 | +此设置就相当于告诉 kube-proxy 对于集群内部流量只能使用本地的服务端口。 |
| 51 | + |
| 52 | +<!-- |
| 53 | +For pods on nodes with no endpoints for a given Service, the Service |
| 54 | +behaves as if it has zero endpoints (for Pods on this node) even if the service |
| 55 | +does have endpoints on other nodes. |
| 56 | +--> |
| 57 | +{{< note >}} |
| 58 | +如果某节点上的 Pod 均不提供指定 Service 的服务端点, |
| 59 | +即使该 Service 在其他节点上有可用的服务端点, |
| 60 | +Service 的行为看起来也像是它只有 0 个服务端点(只针对此节点上的 Pod)。 |
| 61 | +{{< /note >}} |
| 62 | + |
| 63 | +<!-- |
| 64 | +The following example shows what a Service looks like when you set |
| 65 | +`.spec.internalTrafficPolicy` to `Local`: |
| 66 | +--> |
| 67 | +以下示例展示了把 Service 的 `.spec.internalTrafficPolicy` 项设为 `Local` 时, |
| 68 | +Service 的样子: |
| 69 | + |
| 70 | + |
| 71 | +```yaml |
| 72 | +apiVersion: v1 |
| 73 | +kind: Service |
| 74 | +metadata: |
| 75 | + name: my-service |
| 76 | +spec: |
| 77 | + selector: |
| 78 | + app: MyApp |
| 79 | + ports: |
| 80 | + - protocol: TCP |
| 81 | + port: 80 |
| 82 | + targetPort: 9376 |
| 83 | + internalTrafficPolicy: Local |
| 84 | +``` |
| 85 | +
|
| 86 | +<!-- |
| 87 | +## How it works |
| 88 | +--> |
| 89 | +## 工作原理 {#how-it-works} |
| 90 | +
|
| 91 | +<!-- |
| 92 | +The kube-proxy filters the endpoints it routes to based on the |
| 93 | +`spec.internalTrafficPolicy` setting. When it's set to `Local`, only node local |
| 94 | +endpoints are considered. When it's `Cluster` or missing, all endpoints are |
| 95 | +considered. |
| 96 | +When the [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) |
| 97 | +`ServiceInternalTrafficPolicy` is enabled, `spec.internalTrafficPolicy` defaults to "Cluster". |
| 98 | +--> |
| 99 | +kube-proxy 基于 `spec.internalTrafficPolicy` 的设置来过滤路由的目标服务端点。 |
| 100 | +当它的值设为 `Local` 时,只选择节点本地的服务端点。 |
| 101 | +当它的值设为 `Cluster` 或缺省时,则选择所有的服务端点。 |
| 102 | +启用[特性门控](/zh/docs/reference/command-line-tools-reference/feature-gates/) |
| 103 | +`ServiceInternalTrafficPolicy` 后, |
| 104 | +`spec.internalTrafficPolicy` 的值默认设为 `Cluster`。 |
| 105 | + |
| 106 | +<!-- |
| 107 | +## Constraints |
| 108 | +--> |
| 109 | +## 限制 {#constraints} |
| 110 | + |
| 111 | +<!-- |
| 112 | +* Service Internal Traffic Policy is not used when `externalTrafficPolicy` is set |
| 113 | + to `Local` on a Service. It is possible to use both features in the same cluster |
| 114 | + on different Services, just not on the same Service. |
| 115 | +--> |
| 116 | +* 在一个Service上,当 `externalTrafficPolicy` 已设置为 `Local`时,服务内部流量策略无法使用。 |
| 117 | + 换句话说,在一个集群的不同 Service 上可以同时使用这两个特性,但在一个 Service 上不行。 |
| 118 | + |
| 119 | +## {{% heading "whatsnext" %}} |
| 120 | + |
| 121 | +<!-- |
| 122 | +* Read about [enabling Topology Aware Hints](/docs/tasks/administer-cluster/enabling-topology-aware-hints) |
| 123 | +* Read about [Service External Traffic Policy](/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip) |
| 124 | +* Read [Connecting Applications with Services](/docs/concepts/services-networking/connect-applications-service/) |
| 125 | +--> |
| 126 | +* 请阅读[启用拓扑感知提示](/zh/docs/tasks/administer-cluster/enabling-topology-aware-hints) |
| 127 | +* 请阅读[Service 的外部流量策略](/zh/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip) |
| 128 | +* 请阅读[用 Service 连接应用](/zh/docs/concepts/services-networking/connect-applications-service/) |
0 commit comments