Kubernetes v1.21 [alpha]
Service Internal Traffic Policy enables internal traffic restrictions to only route internal traffic to endpoints within the node the traffic originated from. The "internal" traffic here refers to traffic originated from Pods in the current cluster. This can help to reduce costs and improve performance.
Once you have enabled the ServiceInternalTrafficPolicy
feature gate, you can enable an internal-only traffic policy for a Services, by setting its .spec.internalTrafficPolicy
to Local
. This tells kube-proxy to only use node local endpoints for cluster internal traffic.
The following example shows what a Service looks like when you set .spec.internalTrafficPolicy
to Local
:
apiVersion: v1
kind: Service
metadata:
name: my-service
spec:
selector:
app: MyApp
ports:
- protocol: TCP
port: 80
targetPort: 9376
internalTrafficPolicy: Local
The kube-proxy filters the endpoints it routes to based on the spec.internalTrafficPolicy
setting. When it's set to Local
, only node local endpoints are considered. When it's Cluster
or missing, all endpoints are considered. When the feature gate ServiceInternalTrafficPolicy
is enabled, spec.internalTrafficPolicy
defaults to "Cluster".
externalTrafficPolicy
is set to Local
on a Service. It is possible to use both features in the same cluster on different Services, just not on the same Service.
© 2022 The Kubernetes Authors
Documentation Distributed under CC BY 4.0.
https://kubernetes.io/docs/concepts/services-networking/service-traffic-policy/