Skip to content

Commit be80b5b

Browse files
windsonseawindsonsea
committed
[zh] Sync services-networking/service.md and windows-networking.md
1 parent 7ab46e4 commit be80b5b

File tree

2 files changed

+82
-59
lines changed

2 files changed

+82
-59
lines changed

content/zh-cn/docs/concepts/services-networking/service.md

Lines changed: 58 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -359,12 +359,12 @@ spec:
359359
```
360360

361361
<!--
362-
Because this Service has no selector, the corresponding EndpointSlice (and
363-
legacy Endpoints) objects are not created automatically. You can map the Service
362+
Because this Service has no selector, the corresponding EndpointSlice
363+
objects are not created automatically. You can map the Service
364364
to the network address and port where it's running, by adding an EndpointSlice
365365
object manually. For example:
366366
-->
367-
由于此 Service 没有选择算符,因此不会自动创建对应的 EndpointSlice(和旧版的 Endpoints)对象。
367+
由于此 Service 没有选择算符,因此不会自动创建对应的 EndpointSlice 对象。
368368
你可以通过手动添加 EndpointSlice 对象,将 Service 映射到该服务运行位置的网络地址和端口:
369369

370370
<!--
@@ -539,22 +539,35 @@ EndpointSlice 并在其中存储新的端点信息。
539539
了解有关该 API 的更多信息。
540540

541541
<!--
542-
### Endpoints
542+
### Endpoints (deprecated) {#endpoints}
543+
-->
544+
### Endpoints(已弃用) {#endpoints}
545+
546+
{{< feature-state for_k8s_version="v1.33" state="deprecated" >}}
543547

544-
In the Kubernetes API, an
548+
<!--
549+
The EndpointSlice API is the evolution of the older
545550
[Endpoints](/docs/reference/kubernetes-api/service-resources/endpoints-v1/)
546-
(the resource kind is plural) defines a list of network endpoints, typically
547-
referenced by a Service to define which Pods the traffic can be sent to.
551+
API. The deprecated Endpoints API has several problems relative to
552+
EndpointSlice:
553+
554+
- It does not support dual-stack clusters.
555+
- It does not contain information needed to support newer features, such as
556+
[trafficDistribution](/docs/concepts/services-networking/service/#traffic-distribution).
557+
- It will truncate the list of endpoints if it is too long to fit in a single object.
548558

549-
The EndpointSlice API is the recommended replacement for Endpoints.
559+
Because of this, it is recommended that all clients use the
560+
EndpointSlice API rather than Endpoints.
550561
-->
551-
### Endpoints
562+
EndpointSlice API 是旧版 [Endpoints](/zh-cn/docs/reference/kubernetes-api/service-resources/endpoints-v1/)
563+
API 的演进版本。与 EndpointSlice 相比,已弃用的 Endpoints API 存在以下几个问题:
552564

553-
在 Kubernetes API 中,[Endpoints](/zh-cn/docs/reference/kubernetes-api/service-resources/endpoints-v1/)
554-
(该资源类别为复数形式)定义的是网络端点的列表,通常由 Service 引用,
555-
以定义可以将流量发送到哪些 Pod。
565+
- 不支持双栈集群。
566+
- 不包含支持 [trafficDistribution](/zh-cn/docs/concepts/services-networking/service/#traffic-distribution)
567+
等新特性所需的信息。
568+
- 如果端点列表过长以至于无法放入单个对象中时会被截断。
556569

557-
推荐使用 EndpointSlice API 替换 Endpoints。
570+
因此,推荐所有客户端使用 EndpointSlice API 来替换 Endpoints。
558571

559572
<!--
560573
#### Over-capacity endpoints
@@ -565,7 +578,7 @@ truncates the data in the Endpoints object. Because a Service can be linked
565578
with more than one EndpointSlice, the 1000 backing endpoint limit only
566579
affects the legacy Endpoints API.
567580
-->
568-
#### 超出容量的端点 {#over-capacity-endpoints}
581+
#### 超出容量的端点 {#over-capacity-endpoints}
569582

570583
Kubernetes 限制单个 Endpoints 对象中可以容纳的端点数量。
571584
当一个 Service 拥有 1000 个以上支撑端点时,Kubernetes 会截断 Endpoints 对象中的数据。
@@ -1691,42 +1704,53 @@ Kubernetes 提供的使用虚拟 IP 地址公开服务的机制。
16911704
<!--
16921705
### Traffic distribution
16931706
-->
1694-
### 流量分发
1707+
### 流量分发 {#traffic-distribution}
1708+
1709+
{{< feature-state feature_gate_name="ServiceTrafficDistribution" >}}
16951710

16961711
<!--
16971712
The `.spec.trafficDistribution` field provides another way to influence traffic
16981713
routing within a Kubernetes Service. While traffic policies focus on strict
16991714
semantic guarantees, traffic distribution allows you to express _preferences_
17001715
(such as routing to topologically closer endpoints). This can help optimize for
1701-
performance, cost, or reliability. This optional field can be used if you have
1702-
enabled the `ServiceTrafficDistribution` [feature
1703-
gate](/docs/reference/command-line-tools-reference/feature-gates/) for your
1704-
cluster and all of its nodes. In Kubernetes {{< skew currentVersion >}}, the
1705-
following field value is supported:
1716+
performance, cost, or reliability. In Kubernetes {{< skew currentVersion >}}, the
1717+
following field value is supported:
17061718
-->
17071719
`.spec.trafficDistribution` 字段提供了另一种影响 Kubernetes Service 内流量路由的方法。
17081720
虽然流量策略侧重于严格的语义保证,但流量分发允许你表达一定的**偏好**(例如路由到拓扑上更接近的端点)。
17091721
这一机制有助于优化性能、成本或可靠性。
1710-
如果你为集群及其所有节点启用了 `ServiceTrafficDistribution`
1711-
[特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/),
1712-
则可以使用此可选字段。
17131722
Kubernetes {{< skew currentVersion >}} 支持以下字段值:
17141723

17151724
<!--
17161725
`PreferClose`
1717-
: Indicates a preference for routing traffic to endpoints that are topologically
1718-
proximate to the client. The interpretation of "topologically proximate" may
1719-
vary across implementations and could encompass endpoints within the same
1720-
node, rack, zone, or even region. Setting this value gives implementations
1721-
permission to make different tradeoffs, e.g. optimizing for proximity rather
1722-
than equal distribution of load. Users should not set this value if such
1723-
tradeoffs are not acceptable.
1726+
: Indicates a preference for routing traffic to endpoints that are in the same
1727+
zone as the client.
17241728
-->
17251729
`PreferClose`
1726-
: 表示优先将流量路由到拓扑上最接近客户端的端点。
1727-
“拓扑上邻近”的解释可能因实现而异,并且可能涵盖同一节点、机架、区域甚至区域内的端点。
1728-
设置此值允许实现进行不同的权衡,例如按距离优化而不是平均分配负载。
1729-
如果这种权衡不可接受,用户不应设置此值。
1730+
: 表示优先将流量路由到与客户端处于同一区域中的端点。
1731+
1732+
{{< feature-state feature_gate_name="PreferSameTrafficDistribution" >}}
1733+
1734+
<!--
1735+
Two additional values are available when the `PreferSameTrafficDistribution`
1736+
[feature gate](/docs/reference/command-line-tools-reference/feature-gates/) is
1737+
enabled:
1738+
1739+
`PreferSameZone`
1740+
: This is an alias for `PreferClose` that is clearer about the intended semantics.
1741+
1742+
`PreferSameNode`
1743+
: Indicates a preference for routing traffic to endpoints that are on the same
1744+
node as the client.
1745+
-->
1746+
当 `PreferSameTrafficDistribution`
1747+
[特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/)被启用时,还可以使用两个附加的取值:
1748+
1749+
`PreferSameZone`
1750+
: 这是 `PreferClose` 的别名,但它更清晰地表达了预期的语义。
1751+
1752+
`PreferSameNode`
1753+
: 表示优先将流量路由到与客户端处于同一节点上的端点。
17301754

17311755
<!--
17321756
If the field is not set, the implementation will apply its default routing strategy.

content/zh-cn/docs/concepts/services-networking/windows-networking.md

Lines changed: 24 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -173,6 +173,27 @@ Windows 支持以下 IPAM 选项:
173173
* [azure-vnet-ipam](https://github.com/Azure/azure-container-networking/blob/master/docs/ipam.md)(仅适用于 azure-cni)
174174
* [Windows Server IPAM](https://docs.microsoft.com/zh-cn/windows-server/networking/technologies/ipam/ipam-top)(未设置 IPAM 时的回滚选项)
175175

176+
<!--
177+
## Direct Server Return (DSR) {#dsr}
178+
-->
179+
## 直接服务器返回(DSR){#dsr}
180+
181+
{{< feature-state for_k8s_version="v1.33" state="beta" >}}
182+
183+
<!--
184+
Load balancing mode where the IP address fixups and the LBNAT occurs at the container vSwitch port directly;
185+
service traffic arrives with the source IP set as the originating pod IP.
186+
This provides performance optimizations by allowing the return traffic routed through load balancers
187+
to bypass the load balancer and respond directly to the client;
188+
reducing load on the load balancer and also reducing overall latency.
189+
For more information, read
190+
[Direct Server Return (DSR) in a nutshell](https://techcommunity.microsoft.com/blog/networkingblog/direct-server-return-dsr-in-a-nutshell/693710).
191+
-->
192+
在负载均衡模式中 IP 地址修正和 LBNAT 直接发生在容器 vSwitch 端口;服务流量到达时源 IP 被设置为原始 Pod IP。
193+
这种模式通过允许返回流量绕过负载均衡器,直接响应客户端,从而实现性能优化;
194+
这不仅减轻了负载均衡器的压力,还降低了整体延迟。更多信息请参阅
195+
[Direct Server Return (DSR) 简介](https://techcommunity.microsoft.com/blog/networkingblog/direct-server-return-dsr-in-a-nutshell/693710)
196+
176197
<!--
177198
## Load balancing and Services
178199
@@ -208,7 +229,7 @@ Windows 容器网络与 Linux 网络有着很重要的差异。
208229
| Feature | Description | Minimum Supported Windows OS build | How to enable |
209230
| ------- | ----------- | -------------------------- | ------------- |
210231
| Session affinity | Ensures that connections from a particular client are passed to the same Pod each time. | Windows Server 2022 | Set `service.spec.sessionAffinity` to "ClientIP" |
211-
| Direct Server Return (DSR) | Load balancing mode where the IP address fixups and the LBNAT occurs at the container vSwitch port directly; service traffic arrives with the source IP set as the originating pod IP. | Windows Server 2019 | Set the following flags in kube-proxy: `--feature-gates="WinDSR=true" --enable-dsr=true` |
232+
| Direct Server Return (DSR) | See [DSR](#dsr) notes above. | Windows Server 2019 | Set the following command line argument (assuming version {{< skew currentVersion >}}): ` --enable-dsr=true` |
212233
| Preserve-Destination | Skips DNAT of service traffic, thereby preserving the virtual IP of the target service in packets reaching the backend Pod. Also disables node-node forwarding. | Windows Server, version 1903 | Set `"preserve-destination": "true"` in service annotations and enable DSR in kube-proxy. |
213234
| IPv4/IPv6 dual-stack networking | Native IPv4-to-IPv4 in parallel with IPv6-to-IPv6 communications to, from, and within a cluster | Windows Server 2019 | See [IPv4/IPv6 dual-stack](/docs/concepts/services-networking/dual-stack/#windows-support) |
214235
| Client IP preservation | Ensures that source IP of incoming ingress traffic gets preserved. Also disables node-node forwarding. | Windows Server 2019 | Set `service.spec.externalTrafficPolicy` to "Local" and enable DSR in kube-proxy |
@@ -218,34 +239,12 @@ Windows 容器网络与 Linux 网络有着很重要的差异。
218239
| 功能特性 | 描述 | 支持的 Windows 操作系统最低版本 | 启用方式 |
219240
| ------- | ----------- | -------------------------- | ------------- |
220241
| 会话亲和性 | 确保每次都将来自特定客户端的连接传递到同一个 Pod。 | Windows Server 2022 |`service.spec.sessionAffinity` 设为 “ClientIP” |
221-
| Direct Server Return (DSR) | 在负载均衡模式中 IP 地址修正和 LBNAT 直接发生在容器 vSwitch 端口;服务流量到达时源 IP 设置为原始 Pod IP| Windows Server 2019 | 在 kube-proxy 中设置以下标志:`--feature-gates="WinDSR=true" --enable-dsr=true` |
242+
| Direct Server Return (DSR) | 参见上文 [DSR](#dsr) 说明| Windows Server 2019 | 设置以下命令行参数(假设版本 {{< skew currentVersion >}}):` --enable-dsr=true` |
222243
| 保留目标(Preserve-Destination) | 跳过服务流量的 DNAT,从而在到达后端 Pod 的数据包中保留目标服务的虚拟 IP。也会禁用节点间的转发。 | Windows Server,version 1903 | 在服务注解中设置 `"preserve-destination": "true"` 并在 kube-proxy 中启用 DSR。 |
223244
| IPv4/IPv6 双栈网络 | 进出集群和集群内通信都支持原生的 IPv4 间与 IPv6 间流量 | Windows Server 2019 | 参考 [IPv4/IPv6 双栈](/zh-cn/docs/concepts/services-networking/dual-stack/#windows-support)|
224245
| 客户端 IP 保留 | 确保入站流量的源 IP 得到保留。也会禁用节点间转发。 | Windows Server 2019 |`service.spec.externalTrafficPolicy` 设置为 “Local” 并在 kube-proxy 中启用 DSR。 |
225246
{{< /table >}}
226247

227-
<!--
228-
There are known issue with NodePort Services on overlay networking, if the destination node is running Windows Server 2022.
229-
To avoid the issue entirely, you can configure the service with `externalTrafficPolicy: Local`.
230-
231-
There are known issues with Pod to Pod connectivity on l2bridge network on Windows Server 2022 with KB5005619 or higher installed.
232-
To workaround the issue and restore Pod to Pod connectivity, you can disable the WinDSR feature in kube-proxy.
233-
234-
These issues require OS fixes.
235-
Please follow https://github.com/microsoft/Windows-Containers/issues/204 for updates.
236-
-->
237-
{{< warning >}}
238-
如果目的地节点在运行 Windows Server 2022,则上层网络的 NodePort Service 存在已知问题。
239-
要完全避免此问题,可以使用 `externalTrafficPolicy: Local` 配置服务。
240-
241-
在安装了 KB5005619 的 Windows Server 2022 或更高版本上,采用 L2bridge 网络时
242-
Pod 间连接存在已知问题。
243-
要解决此问题并恢复 Pod 间连接,你可以在 kube-proxy 中禁用 WinDSR 功能。
244-
245-
这些问题需要操作系统修复。
246-
有关更新,请参考 https://github.com/microsoft/Windows-Containers/issues/204。
247-
{{< /warning >}}
248-
249248
<!--
250249
## Limitations
251250
@@ -268,7 +267,7 @@ Windows 节点**不支持**以下网络功能:
268267
* 非 DSR 模式中的本地流量策略(Local Traffic Policy)
269268

270269
<!--
271-
* Outbound communication using the ICMP protocol via the `win-overlay`, `win-bridge`, or using the Azure-CNI plugin.\
270+
* Outbound communication using the ICMP protocol via the `win-overlay`, `win-bridge`, or using the Azure-CNI plugin.
272271
Specifically, the Windows data plane ([VFP](https://www.microsoft.com/research/project/azure-virtual-filtering-platform/))
273272
doesn't support ICMP packet transpositions, and this means:
274273
* ICMP packets directed to destinations within the same network (such as pod to pod communication via ping)

0 commit comments

Comments
 (0)