Merge pull request #49258 from windsonsea/gloss

[zh] Update glossary: drain, rbac, addons, replicaset
pull/47975/merge
Kubernetes Prow Robot 2024-12-30 15:44:13 +01:00 committed by GitHub
commit 2ec33f6d95
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 85 additions and 25 deletions

View File

@ -0,0 +1,43 @@
---
title: 腾空
id: drain
date: 2024-12-27
full_link:
short_description: >
从 Node 中安全地驱逐 Pod为节点维护或移除做好准备。
tags:
- fundamental
- operation
---
<!--
title: Drain
id: drain
date: 2024-12-27
full_link:
short_description: >
Safely evicts Pods from a Node to prepare for maintenance or removal.
tags:
- fundamental
- operation
-->
<!--
The process of safely evicting {{< glossary_tooltip text="Pods" term_id="pod" >}} from a {{< glossary_tooltip text="Node" term_id="node" >}} to prepare it for maintenance or removal from a {{< glossary_tooltip text="cluster" term_id="cluster" >}}.
-->
从 {{< glossary_tooltip text="Node" term_id="node" >}} 中安全驱逐
{{< glossary_tooltip text="Pod" term_id="pod" >}} 的过程,
为维护或从{{< glossary_tooltip text="集群" term_id="cluster" >}}中移除节点做好准备。
<!--more-->
<!--
The `kubectl drain` command is used to mark a {{< glossary_tooltip text="Node" term_id="node" >}} as going out of service.
When executed, it evicts all {{< glossary_tooltip text="Pods" term_id="pod" >}} from the {{< glossary_tooltip text="Node" term_id="node" >}}.
If an eviction request is temporarily rejected, `kubectl drain` retries until all {{< glossary_tooltip text="Pods" term_id="pod" >}} are terminated or a configurable timeout is reached.
-->
`kubectl drain` 命令用于将 {{< glossary_tooltip text="Node" term_id="node" >}} 标记为停止服务。
执行此命令时,它会从 {{< glossary_tooltip text="Node" term_id="node" >}} 驱逐所有
{{< glossary_tooltip text="Pod" term_id="pod" >}}。
如果驱逐请求临时被拒绝,`kubectl drain` 会重试,直到所有
{{< glossary_tooltip text="Pod" term_id="pod" >}} 被终止或达到可配置的超时时限。

View File

@ -11,13 +11,11 @@ tags:
- security
- fundamental
---
<!--
---
title: RBAC (Role-Based Access Control)
id: rbac
date: 2018-04-12
full_link: /zh-cn/docs/reference/access-authn-authz/rbac/
full_link: /docs/reference/access-authn-authz/rbac/
short_description: >
Manages authorization decisions, allowing admins to dynamically configure access policies through the Kubernetes API.
@ -25,7 +23,6 @@ aka:
tags:
- security
- fundamental
---
-->
<!--
@ -36,8 +33,30 @@ tags:
<!--more-->
<!--
RBAC utilizes *roles*, which contain permission rules, and *role bindings*, which grant the permissions defined in a role to a set of users.
RBAC utilizes four kinds of Kubernetes objects:
Role
: Defines permission rules in a specific namespace.
ClusterRole
: Defines permission rules cluster-wide.
RoleBinding
: Grants the permissions defined in a role to a set of users in a specific namespace.
ClusterRoleBinding
: Grants the permissions defined in a role to a set of users cluster-wide.
For more information, see [RBAC](/docs/reference/access-authn-authz/rbac/).
-->
RBAC 使用 *角色* (包含权限规则)和 *角色绑定* (将角色中定义的权限授予一组用户)。
RBAC 使用四种类别的 Kubernetes 对象:
- **Role**:在特定命名空间中定义权限规则。
- **ClusterRole**:定义集群范围内的权限规则。
- **RoleBinding**:将角色中定义的权限授予特定命名空间中的一组用户。
- **ClusterRoleBinding**:将角色中定义的权限授予集群范围内的一组用户。
更多信息参见 [RBAC](/zh-cn/docs/reference/access-authn-authz/rbac/)。

View File

@ -4,7 +4,7 @@ id: replica-set
date: 2018-04-12
full_link: /zh-cn/docs/concepts/workloads/controllers/replicaset/
short_description: >
ReplicaSet 是下一代副本控制器
ReplicaSet 确保一次运行指定数量的 Pod 副本
aka:
tags:
@ -12,34 +12,32 @@ tags:
- core-object
- workload
---
<!--
---
title: ReplicaSet
id: replica-set
date: 2018-04-12
full_link: /zh-cn/docs/concepts/workloads/controllers/replicaset/
full_link: /docs/concepts/workloads/controllers/replicaset/
short_description: >
ReplicaSet is the next-generation Replication Controller.
ReplicaSet ensures that a specified number of Pod replicas are running at one time
aka:
tags:
- fundamental
- core-object
- workload
---
-->
<!--
ReplicaSet is the next-generation Replication Controller.
A ReplicaSet (aims to) maintain a set of replica Pods running at any given time.
-->
ReplicaSet 是下一代副本控制器。
ReplicaSet旨在在任何给定时间确保运行一组 Pod 副本。
<!--more-->
<!--
ReplicaSet, like ReplicationController, ensures that a specified number of pods replicas are running at one time. ReplicaSet supports the new set-based selector requirements as described in the labels user guide, whereas a Replication Controller only supports equality-based selector requirements.
Workload objects such as {{< glossary_tooltip term_id="deployment" >}} make use of ReplicaSets
to ensure that the configured number of {{< glossary_tooltip term_id="pod" text="Pods" >}} are
running in your cluster, based on the spec of that ReplicaSet.
-->
ReplicaSet 就像 ReplicationController 那样,确保一次运行指定数量的 Pod 副本。ReplicaSet 支持新的基于集合的选择器需求(在标签的用户指南中有相关描述),而副本控制器只支持基于等值的选择器需求。
像 {{< glossary_tooltip term_id="deployment" >}} 这类工作负载对象利用 ReplicaSet
基于其规约来确保集群中运行的 {{< glossary_tooltip term_id="pod" text="Pod" >}} 数量符合配置要求。