kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #43729 from my-git9/path-21928 

[zh-cn] sync resource-quotas configure-redis-using-configmap tutorials/security/* hello-minikube
pull/43743/head
Kubernetes Prow Robot 2023-10-30 12:42:53 +01:00 committed by GitHub
parent a1b238524d 82306fdfa9
commit 287e6635a4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 56 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
content/zh-cn/docs/concepts/policy/resource-quotas.md
View File

@ -752,11 +752,11 @@ from getting scheduled in a failure domain.
<!--
Using this scope operators can prevent certain namespaces (`foo-ns` in the example below)
from having pods that use cross-namespace pod affinity by creating a resource quota object in
that namespace with `CrossNamespaceAffinity` scope and hard limit of 0:
that namespace with `CrossNamespacePodAffinity` scope and hard limit of 0:
-->
使用此作用域操作符可以避免某些名字空间(例如下面例子中的 `foo-ns`)运行特别的 Pod
这类 Pod 使用跨名字空间的 Pod 亲和性约束,在该名字空间中创建了作用域为
`CrossNamespaceAffinity` 的、硬性约束为 0 的资源配额对象。
`CrossNamespacePodAffinity` 的、硬性约束为 0 的资源配额对象。
```yaml
apiVersion: v1
@ -769,17 +769,18 @@ spec:
pods: "0"
scopeSelector:
matchExpressions:
- scopeName: CrossNamespaceAffinity
- scopeName: CrossNamespacePodAffinity
operator: Exists
```
<!--
If operators want to disallow using `namespaces` and `namespaceSelector` by default, and
only allow it for specific namespaces, they could configure `CrossNamespaceAffinity`
only allow it for specific namespaces, they could configure `CrossNamespacePodAffinity`
as a limited resource by setting the kube-apiserver flag --admission-control-config-file
to the path of the following configuration file:
-->
如果集群运维人员希望默认禁止使用 `namespaces``namespaceSelector`
而仅仅允许在特定名字空间中这样做,他们可以将 `CrossNamespaceAffinity`
而仅仅允许在特定名字空间中这样做,他们可以将 `CrossNamespacePodAffinity`
作为一个被约束的资源。方法是为 `kube-apiserver` 设置标志
`--admission-control-config-file`,使之指向如下的配置文件:
@ -794,15 +795,16 @@ plugins:
limitedResources:
- resource: pods
matchScopes:
- scopeName: CrossNamespaceAffinity
- scopeName: CrossNamespacePodAffinity
operator: Exists
```
<!--
With the above configuration, pods can use `namespaces` and `namespaceSelector` in pod affinity only
if the namespace where they are created have a resource quota object with
`CrossNamespaceAffinity` scope and a hard limit greater than or equal to the number of pods using those fields.
`CrossNamespacePodAffinity` scope and a hard limit greater than or equal to the number of pods using those fields.
-->
基于上面的配置,只有名字空间中包含作用域为 `CrossNamespaceAffinity`
基于上面的配置,只有名字空间中包含作用域为 `CrossNamespacePodAffinity`
且硬性约束大于或等于使用 `namespaces``namespaceSelector` 字段的 Pod
个数时,才可以在该名字空间中继续创建在其 Pod 亲和性规则中设置 `namespaces`
`namespaceSelector` 的新 Pod。

29
content/zh-cn/docs/tutorials/configuration/configure-redis-using-configmap.md
View File

@ -13,33 +13,25 @@ content_type: tutorial
<!-- overview -->
<!--
This page provides a real world example of how to configure Redis using a ConfigMap and builds upon the [Configure a Pod to Use a ConfigMap](/docs/tasks/configure-pod-container/configure-pod-configmap/) task.
This page provides a real world example of how to configure Redis using a ConfigMap and
builds upon the [Configure a Pod to Use a ConfigMap](/docs/tasks/configure-pod-container/configure-pod-configmap/) task.
-->
这篇文档基于[配置 Pod 以使用 ConfigMap](/zh-cn/docs/tasks/configure-pod-container/configure-pod-configmap/)
这个任务,提供了一个使用 ConfigMap 来配置 Redis 的真实案例。
## {{% heading "objectives" %}}
<!--
* Create a ConfigMap with Redis configuration values
* Create a Redis Pod that mounts and uses the created ConfigMap
* Verify that the configuration was correctly applied.
-->
* 使用 Redis 配置的值创建一个 ConfigMap
* 创建一个 Redis Pod挂载并使用创建的 ConfigMap
* 验证配置已经被正确应用
## {{% heading "prerequisites" %}}
{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
<!--
@ -49,11 +41,8 @@ This page provides a real world example of how to configure Redis using a Config
* 此页面上显示的示例适用于 `kubectl` 1.14 及以上的版本。
* 理解[配置 Pod 以使用 ConfigMap](/zh-cn/docs/tasks/configure-pod-container/configure-pod-configmap/)。
<!-- lessoncontent -->
<!--
## Real World Example: Configuring Redis using a ConfigMap
@ -81,7 +70,7 @@ EOF
<!--
Apply the ConfigMap created above, along with a Redis pod manifest:
-->
应用上面创建的 ConfigMap 以及 Redis pod 清单:
应用上面创建的 ConfigMap 以及 Redis Pod 清单:
```shell
kubectl apply -f example-redis-config.yaml
@ -109,7 +98,7 @@ ConfigMap above as `/redis-master/redis.conf` inside the Pod.
这样做的最终效果是将上面 `example-redis-config` 配置中 `data.redis-config`
的数据作为 Pod 中的 `/redis-master/redis.conf` 公开。
{{< codenew file="pods/config/redis-pod.yaml" >}}
{{% code_sample file="pods/config/redis-pod.yaml" %}}
<!--
Examine the created objects:
@ -210,12 +199,12 @@ Now let's add some configuration values to the `example-redis-config` ConfigMap:
-->
现在,向 `example-redis-config` ConfigMap 添加一些配置:
{{< codenew file="pods/config/example-redis-config.yaml" >}}
{{% code_sample file="pods/config/example-redis-config.yaml" %}}
<!--
Apply the updated ConfigMap:
-->
应用更新的 ConfigMap:
应用更新的 ConfigMap
```shell
kubectl apply -f example-redis-config.yaml
@ -366,11 +355,7 @@ kubectl delete pod/redis configmap/example-redis-config
## {{% heading "whatsnext" %}}
<!--
* Learn more about [ConfigMaps](/docs/tasks/configure-pod-container/configure-pod-configmap/).
-->
* 了解有关 [ConfigMaps](/zh-cn/docs/tasks/configure-pod-container/configure-pod-configmap/) 的更多信息。
* 了解有关 [ConfigMap](/zh-cn/docs/tasks/configure-pod-container/configure-pod-configmap/) 的更多信息。

26
content/zh-cn/docs/tutorials/hello-minikube.md
View File

@ -88,6 +88,7 @@ Open the Kubernetes dashboard. You can do this two different ways:
Open a **new** terminal, and run:
-->
打开一个**新的**终端,然后运行:
```shell
# 启动一个新的终端,并保持此命令运行。
minikube dashboard
@ -241,6 +242,25 @@ Deployment 是管理 Pod 创建和扩展的推荐方法。
kubectl config view
```
<!--
1. View application logs for a container in a pod.
-->
1. 查看 Pod 中容器的应用程序日志。
```shell
kubectl logs hello-node-5f76cf6ccf-br9b5
```
<!--
The output is similar to:
-->
输出类似于:
```
I0911 09:19:26.677397 1 log.go:195] Started HTTP server on port 8080
I0911 09:19:26.677586 1 log.go:195] Started UDP server on port 8081
```
{{< note >}}
<!--
For more information about `kubectl` commands, see the [kubectl overview](/docs/reference/kubectl/).
@ -332,7 +352,8 @@ Kubernetes [*Service*](/docs/concepts/services-networking/service/).
<!--
## Enable addons
The minikube tool includes a set of built-in {{< glossary_tooltip text="addons" term_id="addons" >}} that can be enabled, disabled and opened in the local Kubernetes environment.
The minikube tool includes a set of built-in {{< glossary_tooltip text="addons" term_id="addons" >}}
hat can be enabled, disabled and opened in the local Kubernetes environment.
1. List the currently supported addons:
-->
@ -487,11 +508,12 @@ If you want to use minikube again to learn more about Kubernetes, you don't need
## {{% heading "whatsnext" %}}
<!--
* Tutorial to _[deploy your first app on Kubernetes with kubectl](/docs/tutorials/kubernetes-basics/deploy-app/deploy-intro/)_.
* Learn more about [Deployment objects](/docs/concepts/workloads/controllers/deployment/).
* Learn more about [Deploying applications](/docs/tasks/run-application/run-stateless-application-deployment/).
* Learn more about [Service objects](/docs/concepts/services-networking/service/).
-->
* **[使用 kubectl 在 Kubernetes 上部署你的第一个应用程序](/zh-cn/docs/tutorials/kubernetes-basics/deploy-app/deploy-intro/)**教程。
* 进一步了解 [Deployment 对象](/zh-cn/docs/concepts/workloads/controllers/deployment/)。
* 进一步了解[部署应用](/zh-cn/docs/tasks/run-application/run-stateless-application-deployment/)。
* 进一步了解 [Service 对象](/zh-cn/docs/concepts/services-networking/service/)。

4
content/zh-cn/docs/tutorials/security/apparmor.md
View File

@ -203,7 +203,7 @@ AppArmor 目前处于 Beta 阶段,因此选项以注解形式设定。
AppArmor profiles are specified *per-container*. To specify the AppArmor profile to run a Pod
container with, add an annotation to the Pod's metadata:
-->
AppArmor 配置文件是按 **逐个容器** 的形式来设置的。
AppArmor 配置文件是按**逐个容器**的形式来设置的。
要指定用来运行 Pod 容器的 AppArmor 配置文件,请向 Pod 的 metadata 添加注解:
```yaml
@ -329,7 +329,7 @@ Next, we'll run a simple "Hello AppArmor" pod with the deny-write profile:
-->
接下来,我们将运行一个带有拒绝写入配置文件的简单 “Hello AppArmor” Pod
{{< codenew file="pods/security/hello-apparmor.yaml" >}}
{{% code_sample file="pods/security/hello-apparmor.yaml" %}}
```shell
kubectl create -f ./hello-apparmor.yaml

10
content/zh-cn/docs/tutorials/security/cluster-level-pss.md
View File

@ -45,12 +45,12 @@ Pod 安全是一个准入控制器,当新的 Pod 被创建时,它会根据 K
<!--
Install the following on your workstation:
- [KinD](https://kind.sigs.k8s.io/docs/user/quick-start/#installation)
- [kind](https://kind.sigs.k8s.io/docs/user/quick-start/#installation)
- [kubectl](/docs/tasks/tools/)
-->
在你的工作站中安装以下内容:
- [KinD](https://kind.sigs.k8s.io/docs/user/quick-start/#installation)
- [kind](https://kind.sigs.k8s.io/docs/user/quick-start/#installation)
- [kubectl](/zh-cn/docs/tasks/tools/)
<!--
@ -368,11 +368,11 @@ following:
{{<note>}}
<!--
If you use Docker Desktop with KinD on macOS, you can
If you use Docker Desktop with *kind* on macOS, you can
add `/tmp` as a Shared Directory under the menu item
**Preferences > Resources > File Sharing**.
-->
如果你在 macOS 上使用 Docker Desktop 和 KinD
如果你在 macOS 上使用 Docker Desktop 和 kind
你可以在菜单项 **Preferences > Resources > File Sharing**
下添加 `/tmp` 作为共享目录。
{{</note>}}
@ -411,7 +411,7 @@ following:
<!--
1. Point kubectl to the cluster:
-->
6. 将 kubectl 指向集群
6. 将 kubectl 指向集群
```shell
kubectl cluster-info --context kind-psa-with-cluster-pss

16
content/zh-cn/docs/tutorials/security/seccomp.md
View File

@ -123,13 +123,13 @@ into the cluster.
{{< tabs name="tab_with_code" >}}
{{< tab name="audit.json" >}}
{{< codenew file="pods/security/seccomp/profiles/audit.json" >}}
{{% code_sample file="pods/security/seccomp/profiles/audit.json" %}}
{{< /tab >}}
{{< tab name="violation.json" >}}
{{< codenew file="pods/security/seccomp/profiles/violation.json" >}}
{{% code_sample file="pods/security/seccomp/profiles/violation.json" %}}
{{< /tab >}}
{{< tab name="fine-grained.json" >}}
{{< codenew file="pods/security/seccomp/profiles/fine-grained.json" >}}
{{% code_sample file="pods/security/seccomp/profiles/fine-grained.json" %}}
{{< /tab >}}
{{< /tabs >}}
@ -170,7 +170,7 @@ onto a node.
Kind 在 Docker 中运行 Kubernetes因此集群的每个节点都是一个容器。
这允许将文件挂载到每个容器的文件系统中,类似于将文件加载到节点上。
{{< codenew file="pods/security/seccomp/kind.yaml" >}}
{{% code_sample file="pods/security/seccomp/kind.yaml" %}}
<!--
Download that example kind configuration, and save it to a file named `kind.yaml`:
@ -298,7 +298,7 @@ for all its containers:
-->
这是一个 Pod 的清单,它要求其所有容器使用 `RuntimeDefault` seccomp 配置文件:
{{< codenew file="pods/security/seccomp/ga/default-pod.yaml" >}}
{{% code_sample file="pods/security/seccomp/ga/default-pod.yaml" %}}
<!--
Create that Pod:
@ -346,7 +346,7 @@ Here's a manifest for that Pod:
这是该 Pod 的清单:
{{< codenew file="pods/security/seccomp/ga/audit-pod.yaml" >}}
{{% code_sample file="pods/security/seccomp/ga/audit-pod.yaml" %}}
{{< note >}}
<!--
@ -515,7 +515,7 @@ The manifest for this demonstration is:
此演示的清单是:
{{< codenew file="pods/security/seccomp/ga/violation-pod.yaml" >}}
{{% code_sample file="pods/security/seccomp/ga/violation-pod.yaml" %}}
<!--
Attempt to create the Pod in the cluster:
@ -585,7 +585,7 @@ The manifest for this example is:
此示例的清单是:
{{< codenew file="pods/security/seccomp/ga/fine-pod.yaml" >}}
{{% code_sample file="pods/security/seccomp/ga/fine-pod.yaml" %}}
<!--
Create the Pod in your cluster: