kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

sync zh dual-stack.md

This commit is contained in:
jornshen 2020-12-23 10:27:20 +08:00
parent 2eca0fd9a2
commit 9a0fc83075
4 changed files with 319 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

336
content/zh/docs/concepts/services-networking/dual-stack.md
View File

@ -49,11 +49,11 @@ Enabling IPv4/IPv6 dual-stack on your Kubernetes cluster provides the following
<!--
* Dual-stack Pod networking (a single IPv4 and IPv6 address assignment per Pod)
* IPv4 and IPv6 enabled Services (each Service must be for a single address family)
* IPv4 and IPv6 enabled Services
* Pod off-cluster egress routing (eg. the Internet) via both IPv4 and IPv6 interfaces
-->
* 双协议栈 pod 网络 (每个 pod 分配一个 IPv4 和 IPv6 地址)
* IPv4 和 IPv6 启用的服务 (每个服务必须是一个单独的地址族)
* IPv4 和 IPv6 启用的服务
* Pod 的集群外出口通过 IPv4 和 IPv6 路由
<!--
@ -67,11 +67,14 @@ The following prerequisites are needed in order to utilize IPv4/IPv6 dual-stack
为了使用 IPv4/IPv6 双栈的 Kubernetes 集群,需要满足以下先决条件:
<!--
* Kubernetes 1.16 or later
* Kubernetes 1.20 or later
For information about using dual-stack services with earlier
Kubernetes versions, refer to the documentation for that version
of Kubernetes.
* Provider support for dual-stack networking (Cloud provider or otherwise must be able to provide Kubernetes nodes with routable IPv4/IPv6 network interfaces)
* A network plugin that supports dual-stack (such as Kubenet or Calico)
-->
* Kubernetes 1.16 版本及更高版本
* Kubernetes 1.20 版本及更高版本,有关更早 Kubernetes 版本的使用双栈服务的信息,请参考那个版本的 Kubernetes 文档。
* 提供商支持双协议栈网络(云提供商或其他提供商必须能够为 Kubernetes 节点提供可路由的 IPv4/IPv6 网络接口)
* 支持双协议栈的网络插件(如 Kubenet 或 Calico
@ -101,63 +104,296 @@ To enable IPv4/IPv6 dual-stack, enable the `IPv6DualStack` [feature gate](/docs/
* `--cluster-cidr=<IPv4 CIDR>,<IPv6 CIDR>`
* `--feature-gates="IPv6DualStack=true"`
<!--
An example of an IPv4 CIDR: `10.244.0.0/16` (though you would supply your own address range)
An example of an IPv6 CIDR: `fdXY:IJKL:MNOP:15::/64` (this shows the format but is not a valid address - see [RFC 4193](https://tools.ietf.org/html/rfc4193))
-->
{{< note >}}
IPv4 CIDR 的一个例子:`10.244.0.0/16`(尽管你会提供你自己的地址范围)
IPv6 CIDR 的一个例子:`fdXY:IJKL:MNOP:15::/64`(这里演示的是格式而非有效地址 - 请看 [RFC 4193](https://tools.ietf.org/html/rfc4193)
{{< /note >}}
<!--
## Services
-->
## 服务
<!--
If your cluster has IPv4/IPv6 dual-stack networking enabled, you can create {{< glossary_tooltip text="Services" term_id="service" >}} with either an IPv4 or an IPv6 address. You can choose the address family for the Service's cluster IP by setting a field, `.spec.ipFamily`, on that Service.
You can only set this field when creating a new Service. Setting the `.spec.ipFamily` field is optional and should only be used if you plan to enable IPv4 and IPv6 {{< glossary_tooltip text="Services" term_id="service" >}} and {{< glossary_tooltip text="Ingresses" term_id="ingress" >}} on your cluster. The configuration of this field not a requirement for [egress](#egress-traffic) traffic.
If your cluster has dual-stack enabled, you can create {{< glossary_tooltip text="Services" term_id="service" >}} which can use IPv4, IPv6, or both.
The address family of a Service defaults to the address family of the first service cluster IP range (configured via the `--service-cluster-ip-range` flag to the kube-controller-manager).
When you define a Service you can optionally configure it as dual stack. To specify the behavior you want, you
set the `.spec.ipFamilyPolicy` field to one of the following values:
-->
如果你的集群启用了 IPv4/IPv6 双协议栈网络,则可以使用 IPv4 或 IPv6 地址来创建
{{< glossary_tooltip text="Service" term_id="service" >}}。
你可以通过设置服务的 `.spec.ipFamily` 字段来选择服务的集群 IP 的地址族。
你只能在创建新服务时设置该字段。`.spec.ipFamily` 字段的设置是可选的,
并且仅当你计划在集群上启用 IPv4 和 IPv6 的 {{< glossary_tooltip text="Service" term_id="service" >}}
和 {{< glossary_tooltip text="Ingress" term_id="ingress" >}}。
对于[出口](#出口流量)流量,该字段的配置不是必须的。
服务的地址族默认为第一个服务集群 IP 范围的地址族(通过 kube-controller-manager 的 `--service-cluster-ip-range` 参数配置)
当你定义服务时,可以选择将其配置为双栈。若要指定所需的行为,你可以设置 `.spec.ipFamilyPolicy` 字段为以下值之一:
<!--
The default address family for your cluster is the address family of the first service cluster IP range configured via the `-service-cluster-ip-range` flag to the kube-controller-manager.
* `SingleStack`: Single-stack service. The control plane allocates a cluster IP for the Service, using the first configured service cluster IP range.
* `PreferDualStack`:
* Only used if the cluster has dual-stack enabled. Allocates IPv4 and IPv6 cluster IPs for the Service
* If the cluster does not have dual-stack enabled, this setting follows the same behavior as `SingleStack`.
* `RequireDualStack`: Allocates Service `.spec.ClusterIPs` from both IPv4 and IPv6 address ranges.
* Selects the `.spec.ClusterIP` from the list of `.spec.ClusterIPs` based on the address family of the first element in the `.spec.ipFamilies` array.
* The cluster must have dual-stack networking configured.
-->
* `SingleStack`:单栈服务。控制面使用第一个配置的服务集群 IP 范围为服务分配集群 IP。
* `PreferDualStack`
* 仅当集群启用了双栈时使用。为服务分配 IPv4 和 IPv6 集群 IP。
* 如果集群没有启用双堆栈,则此设置与 `SingleStack` 行为相同。
* `RequireDualStack`:从 IPv4 和 IPv6 的地址范围分配服务的 `.spec.ClusterIPs`
* 从基于在 `.spec.ipFamilies` 数组中第一个元素的地址族的 `.spec.ClusterIPs` 列表中选择 `.spec.ClusterIP`
* 集群必须配置双栈网络
<!--
If you would like to define which IP family to use for single stack or define the order of IP families for dual-stack, you can choose the address families by setting an optional field, `.spec.ipFamilies`, on the Service.
-->
如果你想要定义哪个 IP 族用于单栈或定义双栈 IP 族的顺序,可以通过设置服务上的可选字段 `.spec.ipFamilies` 来选择地址族。
<!--
The `.spec.ipFamilies` field is immutable because the `.spec.ClusterIP` cannot be reallocated on a Service that already exists. If you want to change `.spec.ipFamilies`, delete and recreate the Service.
-->
{{< note >}}
集群的默认地址族是第一个服务集群 IP 范围的地址族,该地址范围通过
`kube-controller-manager` 上的 `--service-cluster-ip-range` 标志设置。
`.spec.ipFamilies` 字段是不可变的,因为系统无法为已经存在的服务重新分配 `.spec.ClusterIP`
如果你想改变 `.spec.ipFamilies`,则需要删除并重新创建服务
{{< /note >}}
<!--
You can set `.spec.ipFamily` to either:
You can set `.spec.ipFamilies` to any of the following array values:
-->
你可以设置 `.spec.ipFamily` 为:
你可以设置 `.spec.ipFamily`以下任何数组值
<!--
* `IPv4`: The API server will assign an IP from a `service-cluster-ip-range` that is `ipv4`
* `IPv6`: The API server will assign an IP from a `service-cluster-ip-range` that is `ipv6`
- `["IPv4"]`
- `["IPv6"]`
- `["IPv4","IPv6"]` (dual stack)
- `["IPv6","IPv4"]` (dual stack)
-->
* `IPv4`API 服务器将从 `service-cluster-ip-range` 中分配 `ipv4` 地址
* `IPv6`API 服务器将从 `service-cluster-ip-range` 中分配 `ipv6` 地址
- `["IPv4"]`
- `["IPv6"]`
- `["IPv4","IPv6"]` (双栈)
- `["IPv6","IPv4"]` (双栈)
<!--
The following Service specification does not include the `ipFamily` field. Kubernetes will assign an IP address (also known as a "cluster IP") from the first configured `service-cluster-ip-range` to this Service.
The first family you list is used for the legacy `.spec.ClusterIP` field.
-->
以下服务规约不包含 `ipFamily` 字段。Kubernetes 将从最初配置的 `service-cluster-ip-range` 范围内分配一个 IP 地址(也称作“集群 IP”给该服务。
{{< codenew file="service/networking/dual-stack-default-svc.yaml" >}}
你所列出的第一个地址族用于原来的 `.spec.ClusterIP` 字段。
<!--
The following Service specification includes the `ipFamily` field. Kubernetes will assign an IPv6 address (also known as a "cluster IP") from the configured `service-cluster-ip-range` to this Service.
-->
以下服务规约包含 `ipFamily` 字段。Kubernetes 将从已配置的 `service-cluster-ip-range` 范围内分配一个 IPv6 地址(也称作“集群 IP”给该服务。
### Dual-stack Service configuration scenarios
{{< codenew file="service/networking/dual-stack-ipv6-svc.yaml" >}}
These examples demonstrate the behavior of various dual-stack Service configuration scenarios.
-->
### 双栈服务配置场景
以下示例演示多种双栈服务配置场景下的行为。
<!--
For comparison, the following Service specification will be assigned an IPV4 address (also known as a "cluster IP") from the configured `service-cluster-ip-range` to this Service.
#### Dual-stack options on new Services
-->
为了进行比较,将从已配置的 `service-cluster-ip-range` 向该服务分配以下 IPV4 地址(也称为“集群 IP”
#### 新服务的双栈选项
{{< codenew file="service/networking/dual-stack-ipv4-svc.yaml" >}}
<!--
1. This Service specification does not explicitly define `.spec.ipFamilyPolicy`. When you create this Service, Kubernetes assigns a cluster IP for the Service from the first configured `service-cluster-ip-range` and sets the `.spec.ipFamilyPolicy` to `SingleStack`. ([Services without selectors](/docs/concepts/services-networking/service/#services-without-selectors) and [headless Services](/docs/concepts/services-networking/service/#headless-services) with selectors will behave in this same way.)
-->
1. 此服务规约中没有显式设定 `.spec.ipFamilyPolicy`。当你创建此服务时Kubernetes
从所配置的第一个 `service-cluster-ip-range` 种为服务分配一个集群IP并设置
`.spec.ipFamilyPolicy``SingleStack`
[无选择算符的服务](/zh/docs/concepts/services-networking/service/#services-without-selectors)和
[无头服务](/zh/docs/concepts/services-networking/service/#headless-services)的行为方式
与此相同。)
{{< codenew file="service/networking/dual-stack-default-svc.yaml" >}}
<!--
1. This Service specification explicitly defines `PreferDualStack` in `.spec.ipFamilyPolicy`. When you create this Service on a dual-stack cluster, Kubernetes assigns both IPv4 and IPv6 addresses for the service. The control plane updates the `.spec` for the Service to record the IP address assignments. The field `.spec.ClusterIPs` is the primary field, and contains both assigned IP addresses; `.spec.ClusterIP` is a secondary field with its value calculated from `.spec.ClusterIPs`.
* For the `.spec.ClusterIP` field, the control plane records the IP address that is from the same address family as the first service cluster IP range.
* On a single-stack cluster, the `.spec.ClusterIPs` and `.spec.ClusterIP` fields both only list one address.
* On a cluster with dual-stack enabled, specifying `RequireDualStack` in `.spec.ipFamilyPolicy` behaves the same as `PreferDualStack`.
-->
2. 此服务规约显式地将 `.spec.ipFamilyPolicy` 设置为 `PreferDualStack`
当你在双栈集群上创建此服务时Kubernetes 会为该服务分配 IPv4 和 IPv6 地址。
控制平面更新服务的 `.spec` 以记录 IP 地址分配。
字段 `.spec.ClusterIPs` 是主要字段,包含两个分配的 IP 地址;`.spec.ClusterIP` 是次要字段,
其取值从 `.spec.ClusterIPs` 计算而来。
{{< codenew file="service/networking/dual-stack-preferred-svc.yaml" >}}
<!--
1. This Service specification explicitly defines `IPv6` and `IPv4` in `.spec.ipFamilies` as well as defining `PreferDualStack` in `.spec.ipFamilyPolicy`. When Kubernetes assigns an IPv6 and IPv4 address in `.spec.ClusterIPs`, `.spec.ClusterIP` is set to the IPv6 address because that is the first element in the `.spec.ClusterIPs` array, overriding the default.
-->
3. 下面的服务规约显式地在 `.spec.ipFamilies` 中指定 `IPv6``IPv4`,并
`.spec.ipFamilyPolicy` 设定为 `PreferDualStack`
当 Kubernetes 为 `.spec.ClusterIPs` 分配一个 IPv6 和一个 IPv4 地址时,
`.spec.ClusterIP` 被设置成 IPv6 地址,因为它是 `.spec.ClusterIPs` 数组中的第一个元素,
覆盖其默认值。
{{< codenew file="service/networking/dual-stack-preferred-ipfamilies-svc.yaml" >}}
<!--
#### Dual-stack defaults on existing Services
-->
#### 现有服务的双栈默认值
<!--
These examples demonstrate the default behavior when dual-stack is newly enabled on a cluster where Services already exist.
-->
下面示例演示了在服务已经存在的集群上新启用双栈时的默认行为。
<!--
1. When dual-stack is enabled on a cluster, existing Services (whether `IPv4` or `IPv6`) are configured by the control plane to set `.spec.ipFamilyPolicy` to `SingleStack` and set `.spec.ipFamilies` to the address family of the existing Service. The existing Service cluster IP will be stored in `.spec.ClusterIPs`.
-->
1. 在集群上启用双栈时,控制面会将现有服务(无论是 `IPv4` 还是 `IPv6`)配置 `.spec.ipFamilyPolicy`
设置为 `SingleStack` 并设置 `.spec.ipFamilies` 为服务的当前地址族。
{{< codenew file="service/networking/dual-stack-default-svc.yaml" >}}
<!--
You can validate this behavior by using kubectl to inspect an existing service.
-->
你可以通过使用 kubectl 检查现有服务来验证此行为。
```shell
kubectl get svc my-service -o yaml
```
```yaml
apiVersion: v1
kind: Service
metadata:
labels:
app: MyApp
name: my-service
spec:
clusterIP: 10.0.197.123
clusterIPs:
- 10.0.197.123
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: MyApp
type: ClusterIP
status:
loadBalancer: {}
```
<!--
1. When dual-stack is enabled on a cluster, existing [headless Services](/docs/concepts/services-networking/service/#headless-services) with selectors are configured by the control plane to set `.spec.ipFamilyPolicy` to `SingleStack` and set `.spec.ipFamilies` to the address family of the first service cluster IP range (configured via the `--service-cluster-ip-range` flag to the kube-controller-manager) even though `.spec.ClusterIP` is set to `None`.
-->
2. 在集群上启用双栈时,带有选择算符的现有
[无头服务](/zh/docs/concepts/services-networking/service/#headless-services)
由控制面设置 `.spec.ipFamilyPolicy``SingleStack`
并设置 `.spec.ipFamilies` 为第一个服务群集 IP 范围的地址族(通过配置 kube-controller-manager 的
`--service-cluster-ip-range` 参数),即使 `.spec.ClusterIP` 的设置值为 `None` 也如此。
{{< codenew file="service/networking/dual-stack-default-svc.yaml" >}}
<!--
You can validate this behavior by using kubectl to inspect an existing headless service with selectors.
-->
你可以通过使用 kubectl 检查带有选择算符的现有无头服务来验证此行为。
```shell
kubectl get svc my-service -o yaml
```
```yaml
apiVersion: v1
kind: Service
metadata:
labels:
app: MyApp
name: my-service
spec:
clusterIP: None
clusterIPs:
- None
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: MyApp
```
<!--
#### Switching Services between single-stack and dual-stack
-->
#### 在单栈和双栈之间切换服务
<!--
Services can be changed from single-stack to dual-stack and from dual-stack to single-stack.
-->
服务可以从单栈更改为双栈,也可以从双栈更改为单栈。
<!--
1. To change a Service from single-stack to dual-stack, change `.spec.ipFamilyPolicy` from `SingleStack` to `PreferDualStack` or `RequireDualStack` as desired. When you change this Service from single-stack to dual-stack, Kubernetes assigns the missing address family so that the Service now has IPv4 and IPv6 addresses.
Edit the Service specification updating the `.spec.ipFamilyPolicy` from `SingleStack` to `PreferDualStack`.
-->
1. 要将服务从单栈更改为双栈,根据需要将 `.spec.ipFamilyPolicy``SingleStack` 改为
`PreferDualStack``RequireDualStack`
当你将此服务从单栈更改为双栈时Kubernetes 将分配缺失的地址族,以便现在该服务具有 IPv4 和 IPv6 地址。
编辑服务规约将 `.spec.ipFamilyPolicy``SingleStack` 改为 `PreferDualStack`
<!--
Before:
-->
之前:
```yaml
spec:
ipFamilyPolicy: SingleStack
```
<!--
After:
-->
之后:
```yaml
spec:
ipFamilyPolicy: PreferDualStack
```
<!--
1. To change a Service from dual-stack to single-stack, change `.spec.ipFamilyPolicy` from `PreferDualStack` or `RequireDualStack` to `SingleStack`. When you change this Service from dual-stack to single-stack, Kubernetes retains only the first element in the `.spec.ClusterIPs` array, and sets `.spec.ClusterIP` to that IP address and sets `.spec.ipFamilies` to the address family of `.spec.ClusterIPs`.
-->
2. 要将服务从双栈更改为单栈,请将 `.spec.ipFamilyPolicy``PreferDualStack``RequireDualStack`
改为 `SingleStack`
当你将此服务从双栈更改为单栈时Kubernetes 只保留 `.spec.ClusterIPs` 数组中的第一个元素,并设置 `.spec.ClusterIP` 为那个 IP 地址,
并设置 `.spec.ipFamilies``.spec.ClusterIPs` 地址族。
<!--
### Headless Services without selector
-->
### 无选择算符的无头服务
<!--
For [Headless Services without selectors](/docs/concepts/services-networking/service/#without-selectors) and without `.spec.ipFamilyPolicy` explicitly set, the `.spec.ipFamilyPolicy` field defaults to `RequireDualStack`.
-->
对于[不带选择算符的无头服务](/zh/docs/concepts/services-networking/service/#without-selectors)
若没有显式设置 `.spec.ipFamilyPolicy`,则 `.spec.ipFamilyPolicy` 字段默认设置为 `RequireDualStack`
<!--
### Type LoadBalancer
@ -165,35 +401,39 @@ For comparison, the following Service specification will be assigned an IPV4 add
### LoadBalancer 类型
<!--
On cloud providers which support IPv6 enabled external load balancers, setting the `type` field to `LoadBalancer` in additional to setting `ipFamily` field to `IPv6` provisions a cloud load balancer for your Service.
To provision a dual-stack load balancer for your Service:
* Set the `.spec.type` field to `LoadBalancer`
* Set `.spec.ipFamilyPolicy` field to `PreferDualStack` or `RequireDualStack`
-->
在支持启用了 IPv6 的外部服务均衡器的云驱动上,除了将 `ipFamily` 字段设置为 `IPv6`
`type` 字段设置为 `LoadBalancer`,为你的服务提供云负载均衡。
要为你的服务提供双栈负载均衡器:
* 将 `.spec.type` 字段设置为 `LoadBalancer`
* 将 `.spec.ipFamilyPolicy` 字段设置为 `PreferDualStack` 或者 `RequireDualStack`
<!--
To use a dual-stack `LoadBalancer` type Service, your cloud provider must support IPv4 and IPv6 load balancers.
-->
{{< note >}}
为了使用双栈的负载均衡器类型服务,你的云驱动必须支持 IPv4 和 IPv6 的负载均衡器。
{{< /note >}}
<!--
## Egress Traffic
-->
## 出口流量
## 出流量
<!--
The use of publicly routable and non-publicly routable IPv6 address blocks is acceptable provided the underlying {{< glossary_tooltip text="CNI" term_id="cni" >}} provider is able to implement the transport. If you have a Pod that uses non-publicly routable IPv6 and want that Pod to reach off-cluster destinations (eg. the public Internet), you must set up IP masquerading for the egress traffic and any replies. The [ip-masq-agent](https://github.com/kubernetes-sigsr/ip-masq-agent) is dual-stack aware, so you can use ip-masq-agent for IP masquerading on dual-stack clusters.
If you want to enable egress traffic in order to reach off-cluster destinations (eg. the public Internet) from a Pod that uses non-publicly routable IPv6 addresses, you need to enable the Pod to use a publicly routed IPv6 address via a mechanism such as transparent proxying or IP masquerading. The [ip-masq-agent](https://github.com/kubernetes-sigs/ip-masq-agent) project supports IP masquerading on dual-stack clusters.
-->
可以使用可公共路由和非可公共路由的 IPv6 地址块,前提是下层的
{{< glossary_tooltip text="CNI" term_id="cni" >}} 提供程序可以实现这种传输。
如果你拥有使用非公共路由 IPv6 地址的 Pod并且希望该 Pod 到达集群外目的
(比如,公共网络),你必须为出口流量和任何响应消息设置 IP 伪装。
[ip-masq-agent](https://github.com/kubernetes-sigs/ip-masq-agent) 可以感知双栈,
所以你可以在双栈集群中使用 ip-masq-agent 来进行 IP 伪装。
如果你要启用出口流量,以便使用非公开路由 IPv6 地址的 Pod 到达集群外地址(例如公网),则需要通过透明代理或 IP 伪装等机制使 Pod 使用公共路由的 IPv6 地址。
[ip-masq-agent](https://github.com/kubernetes-sigs/ip-masq-agent)项目支持在双栈集群上进行 IP 伪装。
<!--
## Known Issues
Ensure your {{< glossary_tooltip text="CNI" term_id="cni" >}} provider supports IPv6.
-->
## 已知问题
<!--
* Kubenet forces IPv4,IPv6 positional reporting of IPs (-cluster-cidr)
-->
* Kubenet 强制 IPv4IPv6 的 IPs 位置报告 (`--cluster-cidr`)
{{< note >}}
确认你的 {{< glossary_tooltip text="CNI" term_id="cni" >}} 驱动支持 IPv6。
{{< /note >}}
## {{% heading "whatsnext" %}}

3
content/zh/examples/service/networking/dual-stack-default-svc.yaml
View File

@ -2,10 +2,11 @@ apiVersion: v1
kind: Service
metadata:
name: my-service
labels:
app: MyApp
spec:
selector:
app: MyApp
ports:
- protocol: TCP
port: 80
targetPort: 9376

16
content/zh/examples/service/networking/dual-stack-preferred-ipfamilies-svc.yaml Normal file
View File

@ -0,0 +1,16 @@
apiVersion: v1
kind: Service
metadata:
name: my-service
labels:
app: MyApp
spec:
ipFamilyPolicy: PreferDualStack
ipFamilies:
- IPv6
- IPv4
selector:
app: MyApp
ports:
- protocol: TCP
port: 80

13
content/zh/examples/service/networking/dual-stack-preferred-svc.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: v1
kind: Service
metadata:
name: my-service
labels:
app: MyApp
spec:
ipFamilyPolicy: PreferDualStack
selector:
app: MyApp
ports:
- protocol: TCP
port: 80