Update ESIPP docs for new added API fields

kubernetes · Jun 21, 2017 · 9cbed0c · 9cbed0c
1 parent ccd2b46
commit 9cbed0c
Showing 1 changed file with 37 additions and 13 deletions.
diff --git a/docs/tasks/access-application-cluster/create-external-load-balancer.md b/docs/tasks/access-application-cluster/create-external-load-balancer.md
@@ -81,7 +81,9 @@ information through `kubectl`:
 ```bash
     kubectl describe services example-service
 ```
+
 which should produce output like this:
+
 ```bash
     Name:  example-service
     Selector:   app=example
@@ -97,20 +99,34 @@ which should produce output like this:
 
 The IP address is listed next to `LoadBalancer Ingress`.
 
-## Annotation to modify the LoadBalancer behavior for preservation of Source IP
-In 1.5, a Beta feature has been added that changes the behavior of the external LoadBalancer feature.
+## Modify the LoadBalancer behavior for preservation of Source IP
+
+Due to the implementation of this feature, the source IP for sessions as seen in the target
+container will *not be the original source IP* of the client. This is the default behavior as
+of Kubernetes v1.7. However, starting in v1.5, an optional beta feature has been added that
+will preserve the client Source IP for GCE/GKE environments. This feature has been promoted
+to GA in v1.7, with below APIs defined:
 
-This feature can be activated by adding the beta annotation below to the metadata section of the Service Configuration file.
+* `Service.Spec.ExternalTrafficPolicy` - It denotes if this Service desires to route
+external traffic to node-local or cluster-wide endpoints. "Local" preserves the client
+source IP and avoids a second hop for LoadBalancer and NodePort type services, but risks
+potentially imbalanced traffic spreading. "Cluster" obscures the client source IP and
+may cause a second hop to another node, but should have good overall load-spreading.
+* `Service.Spec.HealthCheckNodePort` - It specifies the healthcheck nodePort for the
+service. If not specified, HealthCheckNodePort is created by the service API backend
+with the allocated nodePort. It will use the user-specified nodePort value if specified
+by the client. It only has an effect when Type is set to "LoadBalancer" and
+ExternalTrafficPolicy is set to "Local".
+
+This feature can be activated by setting `externalTrafficPolicy` to "Local" in the
+Service Configuration file.
 
 ```json
     {
       "kind": "Service",
       "apiVersion": "v1",
       "metadata": {
         "name": "example-service",
-        "annotations": {
-            "service.beta.kubernetes.io/external-traffic": "OnlyLocal"
-        }
       },
       "spec": {
         "ports": [{
@@ -120,11 +136,24 @@ This feature can be activated by adding the beta annotation below to the metadat
         "selector": {
           "app": "example"
         },
-        "type": "LoadBalancer"
+        "type": "LoadBalancer",
+        "externalTrafficPolicy": "Local"
       }
     }
 ```
 
+Below you could find the deprecated beta annotations. We may stop supporting them after
+v1.7. Please consider using API fields instead.
+
+* `service.beta.kubernetes.io/external-traffic` annotation <-> `Service.Spec.ExternalTrafficPolicy` field
+* `service.beta.kubernetes.io/healthcheck-nodeport` annotation <-> `Service.Spec.HealthCheckNodePort` field
+
+`service.beta.kubernetes.io/external-traffic` annotation has a different set of values
+compared to the `Service.Spec.ExternalTrafficPolicy` field. The values match as follows:
+
+* "OnlyLocal" for annotation <-> "Local" for field
+* "Global" for annotation <-> "Cluster" for field
+
 **Note that this feature is not currently implemented for all cloudproviders/environments.**
 
 
@@ -138,11 +167,6 @@ It is important to note that the datapath for this functionality is provided by
 
 When the service type is set to `LoadBalancer`, Kubernetes provides functionality equivalent to `type=<ClusterIP>` to pods within the cluster and extends it by programming the (external to Kubernetes) load balancer with entries for the Kubernetes VMs. The Kubernetes service controller automates the creation of the external load balancer, health checks (if needed), firewall rules (if needed) and retrieves the external IP allocated by the cloud provider and populates it in the service object.
 
-## Loss of client source IP for external traffic
-
-Due to the implementation of this feature, the source IP for sessions as seen in the target container will *not be the original source IP* of the client. This is the default behavior as of Kubernetes v1.5. However, starting in v1.5, an optional beta feature has been added
-that will preserve the client Source IP for GCE/GKE environments. This feature will be phased in for other cloud providers in subsequent releases.
-
 ## Caveats and Limitations when preserving source IPs
 
 GCE/AWS load balancers do not provide weights for their target pools. This was not an issue with the old LB
@@ -163,4 +187,4 @@ Internal pod to pod traffic should behave similar to ClusterIP services, with eq
 
 {% endcapture %}
 
-{% include templates/task.md %}
+{% include templates/task.md %}