kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #39613 from windsonsea/servy 

[zh] sync /services-networking/service.md
pull/39640/head
Kubernetes Prow Robot 2023-02-22 22:35:33 -08:00 committed by GitHub
parent 8f656c9414 89d6a54d86
commit 936026ea96
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 151 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

256
content/zh-cn/docs/concepts/services-networking/service.md
View File

@ -29,65 +29,60 @@ weight: 10
{{< glossary_definition term_id="service" length="short" >}}
<!--
With Kubernetes you don't need to modify your application to use an unfamiliar service discovery mechanism.
Kubernetes gives Pods their own IP addresses and a single DNS name for a set of Pods,
and can load-balance across them.
A key aim of Services in Kubernetes is that you don't need to modify your existing
application to use an unfamiliar service discovery mechanism.
You can run code in Pods, whether this is a code designed for a cloud-native world, or
an older app you've containerized. You use a Service to make that set of Pods available
on the network so that clients can interact with it.
-->
使用 Kubernetes你无需修改应用程序去使用不熟悉的服务发现机制。
Kubernetes 为 Pod 提供自己的 IP 地址,并为一组 Pod 提供相同的 DNS 名,
并且可以在它们之间进行负载均衡。
<!-- body -->
Kubernetes 中 Service 的一个关键目标是让你无需修改现有应用程序就能使用不熟悉的服务发现机制。
你可以在 Pod 中运行代码,无需顾虑这是为云原生世界设计的代码,还是为已容器化的老应用程序设计的代码。
你可以使用 Service 让一组 Pod 在网络上可用,让客户端能够与其交互。
<!--
## Motivation
Kubernetes {{< glossary_tooltip term_id="pod" text="Pods" >}} are created and destroyed
to match the desired state of your cluster. Pods are nonpermanent resources.
If you use a {{< glossary_tooltip term_id="deployment" >}} to run your app,
it can create and destroy Pods dynamically.
that Deployment can create and destroy Pods dynamically. From one moment to the next,
you don't know how many of those Pods are working and healthy; you might not even know
what those healthy Pods are named.
Kubernetes {{< glossary_tooltip term_id="pod" text="Pods" >}} are created and destroyed
to match the desired state of your cluster. Pods are emphemeral resources (you should not
expect that an individual Pod is reliable and durable).
-->
如果你使用 {{< glossary_tooltip term_id="deployment" >}} 来运行你的应用,
Deployment 可以动态地创建和销毁 Pod。不管是这一刻还是下一刻
你不知道有多少个这样的 Pod 正在工作以及健康与否;你可能甚至不知道那些健康的 Pod 是如何命名的。
Kubernetes {{< glossary_tooltip term_id="pod" text="Pod" >}} 被创建和销毁以匹配集群的预期状态。
Pod 是临时资源(你不应该期待单个 Pod 既可靠又耐用)。
Each Pod gets its own IP address, however in a Deployment, the set of Pods
running in one moment in time could be different from
the set of Pods running that application a moment later.
<!--
Each Pod gets its own IP address (Kubernetes expects network plugins to ensure this).
For a given Deployment in your cluster, the set of Pods running in one moment in
time could be different from the set of Pods running that application a moment later.
This leads to a problem: if some set of Pods (call them "backends") provides
functionality to other Pods (call them "frontends") inside your cluster,
how do the frontends find out and keep track of which IP address to connect
to, so that the frontend can use the backend part of the workload?
Enter _Services_.
-->
## 动机 {#motivation}
创建和销毁 Kubernetes {{< glossary_tooltip term_id="pod" text="Pod" >}} 以匹配集群的期望状态。
Pod 是非永久性资源。
如果你使用 {{< glossary_tooltip term_id="deployment">}}
来运行你的应用程序,则它可以动态创建和销毁 Pod。
每个 Pod 都有自己的 IP 地址,但是在 Deployment 中,在同一时刻运行的 Pod 集合可能与稍后运行该应用程序的 Pod 集合不同。
每个 Pod 获取其自己的 IP 地址Kubernetes 期待网络插件确保 IP 地址分配)。
对于集群中给定的 Deployment这一刻运行的这组 Pod 可能不同于下一刻运行应用程序的那组 Pod。
这导致了一个问题: 如果一组 Pod称为“后端”为集群内的其他 Pod称为“前端”提供功能
那么前端如何找出并跟踪要连接的 IP 地址,以便前端可以使用提供工作负载的后端部分?
进入 **Service**
<!-- body -->
<!--
## Service resources {#service-resource}
-->
## Service 资源 {#service-resource}
## Services in Kubernetes
<!--
In Kubernetes, a Service is an abstraction which defines a logical set of Pods
and a policy by which to access them (sometimes this pattern is called
a micro-service). The set of Pods targeted by a Service is usually determined
by a {{< glossary_tooltip text="selector" term_id="selector" >}}.
To learn about other ways to define Service endpoints,
see [Services _without_ selectors](#services-without-selectors).
The Service API, part of Kubernetes, is an abstraction to help you expose groups of
Pods over a network. Each Service object defines a logical set of endpoints (usually
these endpoints are Pods) along with a policy about how to make those pods accessible.
-->
Kubernetes Service 定义了这样一种抽象:逻辑上的一组 Pod一种可以访问它们的策略 —— 通常称为微服务。
Service 所针对的 Pod 集合通常是通过{{< glossary_tooltip text="选择算符" term_id="selector" >}}来确定的。
要了解定义服务端点的其他方法,请参阅[不带选择算符的服务](#services-without-selectors)。
## Kubernetes 中的 Service {#service-in-k8s}
Service API 是 Kubernetes 的组成部分,它是一种抽象,帮助你通过网络暴露 Pod 组合。
每个 Service 对象定义一个逻辑组的端点(通常这些端点是 Pod以及如何才能访问这些 Pod 的策略。
<!--
For example, consider a stateless image-processing backend which is running with
@ -105,6 +100,41 @@ The Service abstraction enables this decoupling.
Service 定义的抽象能够解耦这种关联。
<!--
The set of Pods targeted by a Service is usually determined
by a {{< glossary_tooltip text="selector" term_id="selector" >}} that you
define.
To learn about other ways to define Service endpoints,
see [Services _without_ selectors](#services-without-selectors).
-->
Service 针对的这组 Pod 通常由你定义的{{< glossary_tooltip text="选择算符" term_id="selector" >}}来确定。
若想了解定义 Service 端点的其他方式,可以查阅[**不带**选择算符的 Service](#services-without-selectors)。
<!--
If your workload speaks HTTP, you might choose to use an
[Ingress](/docs/concepts/services-networking/ingress/) to control how web traffic
reaches that workload.
Ingress is not a Service type, but it acts as the entry point for your
cluster. An Ingress lets you consolidate your routing rules into a single resource, so
that you can expose multiple components of your workload, running separately in your
cluster, behind a single listener.
-->
如果你的工作负载以 HTTP 通信,你可能会选择使用 [Ingress](/zh-cn/docs/concepts/services-networking/ingress/)
来控制 Web 流量如何到达该工作负载。Ingress 不是一种 Service但它可用作集群的入口点。
Ingress 能让你将路由规则整合到单个资源,这样你就能在单个侦听器之后暴露工作负载的多个组件,在集群中分别运行这些组件。
<!--
The [Gateway](https://gateway-api.sigs.k8s.io/#what-is-the-gateway-api) API for Kubernetes
provides extra capabilities beyond Ingress and Service. You can add Gateway to your cluster -
it is a family of extension APIs, implemented using
{{< glossary_tooltip term_id="CustomResourceDefinition" text="CustomResourceDefinitions" >}} -
and then use these to configure access to network services that are running in your cluster.
-->
Kubernetes 所用的 [Gateway](https://gateway-api.sigs.k8s.io/#what-is-the-gateway-api) API
提供了除 Ingress 和 Service 之外的更多功能。你可以添加 Gateway 到你的集群。Gateway 是使用
{{< glossary_tooltip term_id="CustomResourceDefinition" text="CustomResourceDefinitions" >}}
实现的一系列扩展 API。将 Gateway 添加到你的集群后,就可以使用这些 Gateway 配置如何访问集群中正运行的网络服务。
<!--
### Cloud-native service discovery
@ -120,30 +150,32 @@ balancer in between your application and the backend Pods.
如果你想要在应用程序中使用 Kubernetes API 进行服务发现,则可以查询
{{< glossary_tooltip text="API 服务器" term_id="kube-apiserver" >}}用于匹配 EndpointSlices。
只要服务中的 Pod 集合发生更改Kubernetes 就会为服务更新 EndpointSlices。
只要服务中的这组 Pod 发生变化Kubernetes 就会为服务更新 EndpointSlices。
对于非本机应用程序Kubernetes 提供了在应用程序和后端 Pod 之间放置网络端口或负载均衡器的方法。
<!--
## Defining a Service
A Service in Kubernetes is a REST object, similar to a Pod. Like all of the
REST objects, you can `POST` a Service definition to the API server to create
a new instance.
The name of a Service object must be a valid
[RFC 1035 label name](/docs/concepts/overview/working-with-objects/names#rfc-1035-label-names).
For example, suppose you have a set of Pods where each listens on TCP port 9376
and contains a label `app.kubernetes.io/name=MyApp`:
A Service in Kubernetes is an
{{< glossary_tooltip text="object" term_id="object" >}}
(the same way that a Pod or a ConfigMap is an object). You can create,
view or modify Service definitions using the Kubernetes API. Usually
you use a tool such as `kubectl` to make those API calls for you.
-->
## 定义 Service {#defining-a-service}
Service 在 Kubernetes 中是一个 REST 对象,和 Pod 类似。
像所有的 REST 对象一样Service 定义可以基于 `POST` 方式,请求 API server 创建新的实例。
Service 对象的名称必须是合法的
[RFC 1035 标签名称](/zh-cn/docs/concepts/overview/working-with-objects/names#rfc-1035-label-names)。
Service 在 Kubernetes 中是一个{{< glossary_tooltip text="对象" term_id="object" >}}
(与 Pod 或 ConfigMap 类似的对象)。你可以使用 Kubernetes API 创建、查看或修改 Service 定义。
通常你使用 `kubectl` 这类工具来进行这些 API 调用。
例如,假定有一组 Pod它们对外暴露了 9376 端口,同时还被打上 `app.kubernetes.io/name=MyApp` 标签:
<!--
For example, suppose you have a set of Pods that each listen on TCP port 9376
and are labelled as `app.kubernetes.io/name=MyApp`. You can define a Service to
publish that TCP listener:
-->
例如,假定有一组 Pod每个 Pod 都在侦听 TCP 端口 9376同时还被打上 `app.kubernetes.io/name=MyApp` 标签。
你可以定义一个 Service 来发布 TCP 侦听器。
```yaml
apiVersion: v1
@ -160,25 +192,32 @@ spec:
```
<!--
This specification creates a new Service object named "my-service", which
targets TCP port 9376 on any Pod with the `app.kubernetes.io/name=MyApp` label.
Applying this manifest creates a new Service named "my-service", which
targets TCP port 9376 on any Pod with the `app.kubernetes.io/name: MyApp` label.
Kubernetes assigns this Service an IP address (sometimes called the "cluster IP"),
which is used by the Service proxies
(see [Virtual IP addressing mechanism](#virtual-ip-addressing-mechanism) below).
The controller for the Service selector continuously scans for Pods that
match its selector, and then POSTs any updates to an Endpoint object
also named "my-service".
Kubernetes assigns this Service an IP address (the _cluster IP_),
that is used by the virtual IP address mechanism. For more details on that mechanism,
read [Virtual IPs and Service Proxies](/docs/reference/networking/virtual-ips/).
-->
上述配置创建一个名称为 "my-service" 的 Service 对象,它会将请求代理到使用
TCP 端口 9376并且具有标签 `app.kubernetes.io/name=MyApp` 的 Pod 上
应用上述清单将创建一个名称为 "my-service" 的新 Service它在所有 Pod 上指向
TCP 端口 9376并且具有标签 `app.kubernetes.io/name: MyApp`
Kubernetes 为该服务分配一个 IP 地址(有时称为 “集群 IP”该 IP 地址由服务代理使用。
(请参见下面的[虚拟 IP 寻址机制](#virtual-ip-addressing-mechanism)).
Kubernetes 为该服务分配一个 IP 地址(有时称为 “集群 IP”该 IP 地址由虚拟 IP 地址机制使用。
有关该机制的更多详情,请阅读[虚拟 IP 和服务代理](/zh-cn/docs/reference/networking/virtual-ips/)。
服务选择算符的控制器不断扫描与其选择算符匹配的 Pod然后将所有更新发布到也称为
“my-service” 的 Endpoint 对象。
<!--
The controller for that Service continuously scans for Pods that
match its selector, and then makes any necessary updates to the set of
EndpointSlices for the Service.
-->
Service 的控制器不断扫描与其选择算符匹配的 Pod然后对 Service 的 EndpointSlices 集合执行所有必要的更新。
<!--
The name of a Service object must be a valid
[RFC 1035 label name](/docs/concepts/overview/working-with-objects/names#rfc-1035-label-names).
-->
Service 对象的名称必须是有效的
[RFC 1035 标签名称](/zh-cn/docs/concepts/overview/working-with-objects/names#rfc-1035-label-names)。
{{< note >}}
<!--
@ -262,18 +301,6 @@ but when used with a corresponding set of
{{<glossary_tooltip term_id="endpoint-slice" text="EndpointSlices">}}
objects and without a selector, the Service can abstract other kinds of backends,
including ones that run outside the cluster.
For example:
* You want to have an external database cluster in production, but in your
test environment you use your own databases.
* You want to point your Service to a Service in a different
{{< glossary_tooltip term_id="namespace" >}} or on another cluster.
* You are migrating a workload to Kubernetes. While evaluating the approach,
you run only a portion of your backends in Kubernetes.
In any of these scenarios you can define a Service _without_ a Pod selector.
For example:
-->
### 没有选择算符的 Service {#services-without-selectors}
@ -282,13 +309,27 @@ For example:
对象一起使用且没有选择算符时,
服务也可以为其他类型的后端提供抽象,包括在集群外运行的后端。
<!--
For example:
* You want to have an external database cluster in production, but in your
test environment you use your own databases.
* You want to point your Service to a Service in a different
{{< glossary_tooltip term_id="namespace" >}} or on another cluster.
* You are migrating a workload to Kubernetes. While evaluating the approach,
you run only a portion of your backends in Kubernetes.
-->
例如:
* 希望在生产环境中使用外部的数据库集群,但测试环境使用自己的数据库。
* 希望服务指向另一个 {{< glossary_tooltip term_id="namespace" >}} 中或其它集群中的服务。
* 你正在将工作负载迁移到 Kubernetes。在评估该方法时你仅在 Kubernetes 中运行一部分后端。
在任何这些场景中,都能够定义没有选择算符的 Service。
<!--
In any of these scenarios you can define a Service _without_ specifying a
selector to match Pods. For example:
-->
在任何这些场景中,都能够定义**未**指定与 Pod 匹配的选择算符的 Service。例如
实例:
```yaml
@ -414,12 +455,12 @@ Kubernetes API 服务器被用作调用者可能无权访问的端点的代理
{{< /note >}}
<!--
An ExternalName Service is a special case of Service that does not have
An `ExternalName` Service is a special case of Service that does not have
selectors and uses DNS names instead. For more information, see the
[ExternalName](#externalname) section later in this document.
[ExternalName](#externalname) section.
-->
ExternalName Service 是 Service 的特例,它没有选择算符,是使用 DNS 名称。
有关更多信息,请参阅本文档后面的 [ExternalName](#externalname)。
`ExternalName` Service 是 Service 的特例,它没有选择算符,是使用 DNS 名称。
有关更多信息,请参阅 [ExternalName](#externalname) 一节
<!--
### EndpointSlices
@ -1183,7 +1224,7 @@ In a split-horizon DNS environment you would need two Services to be able to rou
and internal traffic to your endpoints.
To set an internal load balancer, add one of the following annotations to your Service
depending on the cloud Service provider you're using.
depending on the cloud service provider you're using:
-->
#### 内部负载均衡器 {#internal-load-balancer}
@ -1191,7 +1232,7 @@ depending on the cloud Service provider you're using.
在水平分割 DNS 环境中你需要两个服务才能将内部和外部流量都路由到你的端点Endpoints
如要设置内部负载均衡器,请根据你所使用的云运营商,为服务添加以下注解之一
如要设置内部负载均衡器,请根据你所使用的云运营商,为服务添加以下注解之一
{{< tabs name="service_tabs" >}}
{{% tab name="Default" %}}
@ -1779,7 +1820,7 @@ In the example below, "`my-service`" can be accessed by clients on "`80.11.12.10
`externalIPs` 不会被 Kubernetes 管理,它属于集群管理员的职责范畴。
根据 Service 的规定,`externalIPs` 可以同任意的 `ServiceType` 来一起指定。
在上面的例子中,`my-service` 可以在 "`80.11.12.10:80`"(`externalIP:port`) 上被客户端访问。
在上面的例子中,`my-service` 可以在 "`80.11.12.10:80`" (`externalIP:port`) 上被客户端访问。
```yaml
apiVersion: v1
@ -1793,9 +1834,9 @@ spec:
- name: http
protocol: TCP
port: 80
targetPort: 9376
targetPort: 49152
externalIPs:
- 80.11.12.10
- 198.51.100.32
```
<!--
@ -1841,28 +1882,33 @@ Kubernetes 提供的使用虚拟 IP 地址公开服务的机制。
## {{% heading "whatsnext" %}}
<!--
Learn more about the following:
* Follow the [Connecting Applications with Services](/docs/tutorials/services/connect-applications-service/) tutorial
* [Ingress](/docs/concepts/services-networking/ingress/) exposes HTTP and HTTPS routes from outside the cluster to services within the cluster.
* [EndpointSlices](/docs/concepts/services-networking/endpoint-slices/)
Learn more about Services and how they fit into Kubernetes:
* Follow the [Connecting Applications with Services](/docs/tutorials/services/connect-applications-service/) tutorial.
* Read about [Ingress](/docs/concepts/services-networking/ingress/), which
exposes HTTP and HTTPS routes from outside the cluster to Services within
your cluster.
* Read about [Gateway](https://gateway-api.sigs.k8s.io/), an extension to
Kubernetes that provides more flexibility than Ingress.
-->
进一步学习以下章节:
进一步学习 Service 及其在 Kubernetes 中所发挥的作用
* 遵循[使用 Service 连接到应用](/zh-cn/docs/tutorials/services/connect-applications-service/)教程
* [Ingress](/zh-cn/docs/concepts/services-networking/ingress/) 将来自集群外部的 HTTP 和 HTTPS
* 遵循[使用 Service 连接到应用](/zh-cn/docs/tutorials/services/connect-applications-service/)教程
* 阅读 [Ingress](/zh-cn/docs/concepts/services-networking/ingress/) 将来自集群外部的 HTTP 和 HTTPS
请求路由暴露给集群内的服务。
* [EndpointSlice](/zh-cn/docs/concepts/services-networking/endpoint-slices/)
* 阅读 [Gateway](https://gateway-api.sigs.k8s.io/) 作为 Kubernetes 的扩展提供比 Ingress 更大的灵活性。
<!--
For more context:
For more context, read the following:
* [Virtual IPs and Service Proxies](/docs/reference/networking/virtual-ips/)
* [API reference](/docs/reference/kubernetes-api/service-resources/service-v1/) for the Service API
* [API reference](/docs/reference/kubernetes-api/service-resources/endpoints-v1/) for the Endpoints API
* [API reference](/docs/reference/kubernetes-api/service-resources/endpoint-slice-v1/) for the EndpointSlice API
* [EndpointSlices](/docs/concepts/services-networking/endpoint-slices/)
* [Service API reference](/docs/reference/kubernetes-api/service-resources/service-v1/)
* [EndpointSlice API reference](/docs/reference/kubernetes-api/service-resources/endpoint-slice-v1/)
* [Endpoint API reference (legacy)](/docs/reference/kubernetes-api/service-resources/endpoints-v1/)
-->
更多上下文:
更多上下文,可以阅读以下内容
* [虚拟 IP 和 Service 代理](/zh-cn/docs/reference/networking/virtual-ips/)
* [EndpointSlices](/zh-cn/docs/concepts/services-networking/endpoint-slices/)
* Service API 的 [API 参考](/zh-cn/docs/reference/kubernetes-api/service-resources/service-v1/)
* Endpoint API 的 [API 参考](/zh-cn/docs/reference/kubernetes-api/service-resources/endpoints-v1/)
* EndpointSlice API 的 [API 参考](/zh-cn/docs/reference/kubernetes-api/service-resources/endpoint-slice-v1/)
* Endpoint API 的 [API 参考](/zh-cn/docs/reference/kubernetes-api/service-resources/endpoints-v1/)