Merge pull request #47718 from asa3311/sync-zh-146

[zh] sync container-runtimes dual-stack-support high-availability sysctl-cluster
2024-08-29 11:12:29 +01:00 · 2024-08-29 11:12:29 +01:00 · 1c5221a299
parent 100443c8c6 63110f10e2
commit 1c5221a299
4 changed files with 38 additions and 35 deletions
--- a/content/zh-cn/docs/setup/production-environment/container-runtimes.md
+++ b/content/zh-cn/docs/setup/production-environment/container-runtimes.md
@ -240,18 +240,6 @@ the `cgroupDriver` field under `KubeletConfiguration`, kubeadm defaults it to `s
 `KubeletConfiguration` 下设置 `cgroupDriver` 字段，kubeadm 默认使用 `systemd`。
 {{< /note >}}

-<!--
-In Kubernetes v1.28, with the `KubeletCgroupDriverFromCRI`
-[feature gate](/docs/reference/command-line-tools-reference/feature-gates/)
-enabled and a container runtime that supports the `RuntimeConfig` CRI RPC,
-the kubelet automatically detects the appropriate cgroup driver from the runtime,
-and ignores the `cgroupDriver` setting within the kubelet configuration.
-->
-在 Kubernetes v1.28 中，启用 `KubeletCgroupDriverFromCRI`
-[特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/)结合支持
-`RuntimeConfig` CRI RPC 的容器运行时，kubelet 会自动从运行时检测适当的 Cgroup
-驱动程序，并忽略 kubelet 配置中的 `cgroupDriver` 设置。
-
 <!--
 If you configure `systemd` as the cgroup driver for the kubelet, you must also
 configure `systemd` as the cgroup driver for the container runtime. Refer to
@ -263,6 +251,18 @@ the documentation for your container runtime for instructions. For example:
 *  [containerd](#containerd-systemd)
 *  [CRI-O](#cri-o)

+<!--
+In Kubernetes {{< skew currentVersion >}}, with the `KubeletCgroupDriverFromCRI`
+[feature gate](/docs/reference/command-line-tools-reference/feature-gates/)
+enabled and a container runtime that supports the `RuntimeConfig` CRI RPC,
+the kubelet automatically detects the appropriate cgroup driver from the runtime,
+and ignores the `cgroupDriver` setting within the kubelet configuration.
+-->
+在 Kubernetes {{< skew currentVersion >}} 中，启用 `KubeletCgroupDriverFromCRI`
+[特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/)结合支持
+`RuntimeConfig` CRI RPC 的容器运行时，kubelet 会自动从运行时检测适当的 Cgroup
+驱动程序，并忽略 kubelet 配置中的 `cgroupDriver` 设置。
+
 {{< caution >}}
 <!--
 Changing the cgroup driver of a Node that has joined a cluster is a sensitive operation. 
--- a/content/zh-cn/docs/setup/production-environment/tools/kubeadm/dual-stack-support.md
+++ b/content/zh-cn/docs/setup/production-environment/tools/kubeadm/dual-stack-support.md
@ -92,29 +92,30 @@ kubeadm init --pod-network-cidr=10.244.0.0/16,2001:db8:42:0::/56 --service-cidr=

 <!--
 To make things clearer, here is an example kubeadm 
-[configuration file](/docs/reference/config-api/kubeadm-config.v1beta3/) 
+[configuration file](/docs/reference/config-api/kubeadm-config.v1beta4/) 
 `kubeadm-config.yaml` for the primary dual-stack control plane node.
 -->
 为了更便于理解，参看下面的名为 `kubeadm-config.yaml` 的 kubeadm
-[配置文件](/zh-cn/docs/reference/config-api/kubeadm-config.v1beta3/)，
+[配置文件](/zh-cn/docs/reference/config-api/kubeadm-config.v1beta4/)，
 该文件用于双协议栈控制面的主控制节点。

 ```yaml
 ---
-apiVersion: kubeadm.k8s.io/v1beta3
+apiVersion: kubeadm.k8s.io/v1beta4
 kind: ClusterConfiguration
 networking:
  podSubnet: 10.244.0.0/16,2001:db8:42:0::/56
  serviceSubnet: 10.96.0.0/16,2001:db8:42:1::/112
 ---
-apiVersion: kubeadm.k8s.io/v1beta3
+apiVersion: kubeadm.k8s.io/v1beta4
 kind: InitConfiguration
 localAPIEndpoint:
  advertiseAddress: "10.100.0.1"
  bindPort: 6443
 nodeRegistration:
  kubeletExtraArgs:
-    node-ip: 10.100.0.2,fd00:1:2:3::2
+  - name: "node-ip"
+    value: "10.100.0.2,fd00:1:2:3::2"
 ```

 <!--
@ -153,7 +154,7 @@ The `--apiserver-advertise-address` flag does not support dual-stack.

 Before joining a node, make sure that the node has IPv6 routable network interface and allows IPv6 forwarding.

-Here is an example kubeadm [configuration file](/docs/reference/config-api/kubeadm-config.v1beta3/)
+Here is an example kubeadm [configuration file](/docs/reference/config-api/kubeadm-config.v1beta4/)
 `kubeadm-config.yaml` for joining a worker node to the cluster.
 -->
 ### 向双协议栈集群添加节点   {#join-a-node-to-dual-stack-cluster}
@ -161,7 +162,7 @@ Here is an example kubeadm [configuration file](/docs/reference/config-api/kubea
 在添加节点之前，请确保该节点具有 IPv6 可路由的网络接口并且启用了 IPv6 转发。

 下面的名为 `kubeadm-config.yaml` 的 kubeadm
-[配置文件](/zh-cn/docs/reference/config-api/kubeadm-config.v1beta3/)
+[配置文件](/zh-cn/docs/reference/config-api/kubeadm-config.v1beta4/)
 示例用于向集群中添加工作节点。

 <!--
@ -179,22 +180,23 @@ discovery:
    # 请更改上面的认证信息，使之与你的集群中实际使用的令牌和 CA 证书匹配
 nodeRegistration:
  kubeletExtraArgs:
-    node-ip: 10.100.0.3,fd00:1:2:3::3
+  - name: "node-ip"
+    value: "10.100.0.2,fd00:1:2:3::3"
 ```

 <!--
-Also, here is an example kubeadm [configuration file](/docs/reference/config-api/kubeadm-config.v1beta3/)
+Also, here is an example kubeadm [configuration file](/docs/reference/config-api/kubeadm-config.v1beta4/)
 `kubeadm-config.yaml` for joining another control plane node to the cluster.
 -->
 下面的名为 `kubeadm-config.yaml` 的 kubeadm
-[配置文件](/zh-cn/docs/reference/config-api/kubeadm-config.v1beta3/)
+[配置文件](/zh-cn/docs/reference/config-api/kubeadm-config.v1beta4/)
 示例用于向集群中添加另一个控制面节点。

 <!--
 # change auth info above to match the actual token and CA certificate hash for your cluster
 -->
 ```yaml
-apiVersion: kubeadm.k8s.io/v1beta3
+apiVersion: kubeadm.k8s.io/v1beta4
 kind: JoinConfiguration
 controlPlane:
  localAPIEndpoint:
@ -209,7 +211,8 @@ discovery:
    # 请更改上面的认证信息，使之与你的集群中实际使用的令牌和 CA 证书匹配
 nodeRegistration:
  kubeletExtraArgs:
-    node-ip: 10.100.0.4,fd00:1:2:3::4
+  - name: "node-ip"
+    value: "10.100.0.2,fd00:1:2:3::4"
 ```

 <!--
@ -241,15 +244,15 @@ You can deploy a single-stack cluster that has the dual-stack networking feature

 <!--
 To make things more clear, here is an example kubeadm
-[configuration file](/docs/reference/config-api/kubeadm-config.v1beta3/)
+[configuration file](/docs/reference/config-api/kubeadm-config.v1beta4/)
 `kubeadm-config.yaml` for the single-stack control plane node.
 -->
 为了更便于理解，参看下面的名为 `kubeadm-config.yaml` 的 kubeadm
-[配置文件](/zh-cn/docs/reference/config-api/kubeadm-config.v1beta3/)示例，
+[配置文件](/zh-cn/docs/reference/config-api/kubeadm-config.v1beta4/)示例，
 该文件用于单协议栈控制面节点。

 ```yaml
-apiVersion: kubeadm.k8s.io/v1beta3
+apiVersion: kubeadm.k8s.io/v1beta4
 kind: ClusterConfiguration
 networking:
  podSubnet: 10.244.0.0/16
@ -261,8 +264,8 @@ networking:
 <!--
 * [Validate IPv4/IPv6 dual-stack](/docs/tasks/network/validate-dual-stack) networking
 * Read about [Dual-stack](/docs/concepts/services-networking/dual-stack/) cluster networking
-* Learn more about the kubeadm [configuration format](/docs/reference/config-api/kubeadm-config.v1beta3/)
+* Learn more about the kubeadm [configuration format](/docs/reference/config-api/kubeadm-config.v1beta4/)
 -->
 * [验证 IPv4/IPv6 双协议栈](/zh-cn/docs/tasks/network/validate-dual-stack)联网
 * 阅读[双协议栈](/zh-cn/docs/concepts/services-networking/dual-stack/)集群网络
-* 进一步了解 kubeadm [配置格式](/zh-cn/docs/reference/config-api/kubeadm-config.v1beta3/)
+* 进一步了解 kubeadm [配置格式](/zh-cn/docs/reference/config-api/kubeadm-config.v1beta4/)
--- a/content/zh-cn/docs/setup/production-environment/tools/kubeadm/high-availability.md
+++ b/content/zh-cn/docs/setup/production-environment/tools/kubeadm/high-availability.md
@ -310,13 +310,13 @@ option. Your cluster requirements may need a different configuration.
   {{< note >}}
   <!--
   The `kubeadm init` flags `--config` and `--certificate-key` cannot be mixed, therefore if you want
-   to use the [kubeadm configuration](/docs/reference/config-api/kubeadm-config.v1beta3/)
+   to use the [kubeadm configuration](/docs/reference/config-api/kubeadm-config.v1beta4/)
   you must add the `certificateKey` field in the appropriate config locations
   (under `InitConfiguration` and `JoinConfiguration: controlPlane`).
   -->
   在使用 `kubeadm init` 时，标记 `--config` 和 `--certificate-key` 不能混用，
   因此如果你要使用
-   [kubeadm 配置](/zh-cn/docs/reference/config-api/kubeadm-config.v1beta3/)，你必须在相应的配置结构
+   [kubeadm 配置](/zh-cn/docs/reference/config-api/kubeadm-config.v1beta4/)，你必须在相应的配置结构
   （位于 `InitConfiguration` 和 `JoinConfiguration: controlPlane`）添加 `certificateKey` 字段。
   {{< /note >}}

@ -512,7 +512,7 @@ in the kubeadm config file.

   ```yaml
   ---
-   apiVersion: kubeadm.k8s.io/v1beta3
+   apiVersion: kubeadm.k8s.io/v1beta4
   kind: ClusterConfiguration
   kubernetesVersion: stable
   controlPlaneEndpoint: "LOAD_BALANCER_DNS:LOAD_BALANCER_PORT" # change this (see below)
@ -534,7 +534,7 @@ in the kubeadm config file.

   ```yaml
   ---
-   apiVersion: kubeadm.k8s.io/v1beta3
+   apiVersion: kubeadm.k8s.io/v1beta4
   kind: ClusterConfiguration
   kubernetesVersion: stable
   controlPlaneEndpoint: "LOAD_BALANCER_DNS:LOAD_BALANCER_PORT" # change this (see below)
--- a/content/zh-cn/docs/tasks/administer-cluster/sysctl-cluster.md
+++ b/content/zh-cn/docs/tasks/administer-cluster/sysctl-cluster.md
@ -156,12 +156,12 @@ The following sysctls are supported in the _safe_ set:
 There are some exceptions to the set of safe sysctls:

 - The `net.*` sysctls are not allowed with host networking enabled.
- The `net.ipv4.tcp_syncookies` sysctl is not namespaced on Linux kernel version 4.4 or lower.
+- The `net.ipv4.tcp_syncookies` sysctl is not namespaced on Linux kernel version 4.5 or lower.
 -->
 安全 sysctl 参数有一些例外：

 - `net.*` sysctl 参数不允许在启用主机网络的情况下使用。
- `net.ipv4.tcp_syncookies` sysctl 参数在 Linux 内核 4.4 或更低的版本中是无命名空间的。
+- `net.ipv4.tcp_syncookies` sysctl 参数在 Linux 内核 4.5 或更低的版本中是无命名空间的。
 {{< /note >}}

 <!--