Update ESIPP documentation to reflect new fields #4093
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
| potentially imbalanced traffic spreading. "Cluster" obscures the client source IP and | ||
| may cause a second hop to another node, but should have good overall load-spreading. | ||
| * `Service.Spec.HealthCheckNodePort` - It specifies the healthcheck nodePort for the | ||
| service. If not specified, HealthCheckNodePort is created by the service api backend |
| may cause a second hop to another node, but should have good overall load-spreading. | ||
| * `Service.Spec.HealthCheckNodePort` - It specifies the healthcheck nodePort for the | ||
| service. If not specified, HealthCheckNodePort is created by the service api backend | ||
| with the allocated nodePort. Will use user-specified nodePort value if specified by the |
There was a problem hiding this comment.
Add "It" and "the": "It will use the user-specified..."
| * `Service.Spec.HealthCheckNodePort` - It specifies the healthcheck nodePort for the | ||
| service. If not specified, HealthCheckNodePort is created by the service api backend | ||
| with the allocated nodePort. Will use user-specified nodePort value if specified by the | ||
| client. Only effects when Type is set to LoadBalancer and ExternalTrafficPolicy is set |
There was a problem hiding this comment.
I'm not sure what the meaning of this sentence is. I think you mean:
It is only has an effect when Type is set to "LoadBalancer" and ExternalTrafficPolicy is set to "Local".
There was a problem hiding this comment.
Thanks, this is much better, applied.
| * `service.beta.kubernetes.io/healthcheck-nodeport` annotation <-> `Service.Spec.HealthCheckNodePort` field | ||
|
|
||
| `service.beta.kubernetes.io/external-traffic` annotation has a different set of values | ||
| comparing to `Service.Spec.ExternalTrafficPolicy` field, the values match as follows: |
There was a problem hiding this comment.
suggested edit: "...compared to the `Service.Spec.ExternalTrafficPolicy` field. The values match as follows:"
MrHohn
force-pushed
the
release-1.7-esipp-ga
branch
from
3c9db99
to
9cbed0c
Compare
|
Thanks! Re-pushed commit. |
|
|
||
| This feature can be activated by adding the beta annotation below to the metadata section of the Service Configuration file. | ||
| * `Service.Spec.ExternalTrafficPolicy` - It denotes if this Service desires to route |
There was a problem hiding this comment.
Suggested change: service.spec.externalTrafficPolicy
Specify fields as they appear in YAML/JSON manifests, not in the API:
There was a problem hiding this comment.
Makes sense, change applied.
| source IP and avoids a second hop for LoadBalancer and NodePort type services, but risks | ||
| potentially imbalanced traffic spreading. "Cluster" obscures the client source IP and | ||
| may cause a second hop to another node, but should have good overall load-spreading. | ||
| * `Service.Spec.HealthCheckNodePort` - It specifies the healthcheck nodePort for the |
There was a problem hiding this comment.
service.spec.healthCheckNodePort
| v1.7. Please consider using API fields instead. | ||
|
|
||
| * `service.beta.kubernetes.io/external-traffic` annotation <-> `Service.Spec.ExternalTrafficPolicy` field | ||
| * `service.beta.kubernetes.io/healthcheck-nodeport` annotation <-> `Service.Spec.HealthCheckNodePort` field |
There was a problem hiding this comment.
Same as above, use field names as they appear in the YAML manifests (same below)
| } | ||
| } | ||
| ``` | ||
|
|
||
| Below you could find the deprecated beta annotations. We may stop supporting them after |
There was a problem hiding this comment.
Do not use "we". Suggested rewrite:
Below you could find the deprecated annotations used to enable this feature prior to its stable version. Newer Kubernetes versions may stop supporting these after v1.7. Please update existing applications to
use the fields directly.
There was a problem hiding this comment.
Thanks, this is much better, applied change.
MrHohn
force-pushed
the
release-1.7-esipp-ga
branch
from
9cbed0c
to
2be3c76
Compare
|
|
||
| This feature can be activated by adding the beta annotation below to the metadata section of the Service Configuration file. | ||
| * `service.spec.externalTrafficPolicy` - It denotes if this Service desires to route |
There was a problem hiding this comment.
The starting word "It" seems strange, remove?
There was a problem hiding this comment.
I think you need to add what values the field can take (this is a boolean, right?)
There was a problem hiding this comment.
Yeah it could be either "Local" or "Cluster". Added a sentence to make it clear.
| source IP and avoids a second hop for LoadBalancer and NodePort type services, but risks | ||
| potentially imbalanced traffic spreading. "Cluster" obscures the client source IP and | ||
| may cause a second hop to another node, but should have good overall load-spreading. | ||
| * `service.spec.healthCheckNodePort` - It specifies the healthcheck nodePort for the |
There was a problem hiding this comment.
The starting word "It" seems strange, remove?
There was a problem hiding this comment.
You need to add the values that this can take.
| } | ||
| } | ||
| ``` | ||
|
|
||
| Below you could find the deprecated annotations used to enable this feature |
| @@ -97,20 +99,34 @@ which should produce output like this: | |||
|
|
|||
| The IP address is listed next to `LoadBalancer Ingress`. | |||
|
|
|||
| ## Annotation to modify the LoadBalancer behavior for preservation of Source IP | |||
| In 1.5, a Beta feature has been added that changes the behavior of the external LoadBalancer feature. | |||
| ## Modify the LoadBalancer behavior for preservation of Source IP | |||
There was a problem hiding this comment.
I would make this more direct:
## Preserving the client source IP
| In 1.5, a Beta feature has been added that changes the behavior of the external LoadBalancer feature. | ||
| ## Modify the LoadBalancer behavior for preservation of Source IP | ||
|
|
||
| Due to the implementation of this feature, the source IP for sessions as seen in the target |
|
|
||
| Due to the implementation of this feature, the source IP for sessions as seen in the target | ||
| container will *not be the original source IP* of the client. This is the default behavior as | ||
| of Kubernetes v1.7. However, starting in v1.5, an optional beta feature has been added that |
There was a problem hiding this comment.
Replace starting with "This is the default..."
To enable preservation of the client IP, the following field can be configured in the service spec:
you can delete the version stuff as you already cover it below in the beta etc discussion.
There was a problem hiding this comment.
Makes sense, modified sentences.
MrHohn
force-pushed
the
release-1.7-esipp-ga
branch
from
e26f786
to
7267270
Compare
| load-spreading. "Local" preserves the client source IP and avoids a second hop | ||
| for LoadBalancer and NodePort type services, but risks potentially imbalanced | ||
| traffic spreading. | ||
| * `service.spec.healthCheckNodePort` - specifies the healthcheck nodePort (a 32 |
There was a problem hiding this comment.
16-bit, probably easier just to say (numeric port number)
| } | ||
| } | ||
| ``` | ||
|
|
||
| ### Deprecated Beta annotations |
There was a problem hiding this comment.
### Feature availability
| 1.7+ | supports the full ... |
| 1.5 - 1.6 | Beta ... |
| <1.5 | Unsupported |
There was a problem hiding this comment.
Added availability table.
MrHohn
force-pushed
the
release-1.7-esipp-ga
branch
from
7267270
to
48caf20
Compare
Documentation for kubernetes/enhancements#27.
External Source IP Preservation (ESIPP) is promoted from Beta to GA in 1.7.
/assign @chenopis
cc @bowei @freehan
This change is