Merge pull request #49258 from windsonsea/gloss

[zh] Update glossary: drain, rbac, addons, replicaset
2024-12-30 15:44:13 +01:00 · 2024-12-30 15:44:13 +01:00 · 2ec33f6d95
parent 2c0aee805d 95fa74ff28
commit 2ec33f6d95
5 changed files with 85 additions and 25 deletions
--- a/content/zh-cn/docs/reference/glossary/addons.md
+++ b/content/zh-cn/docs/reference/glossary/addons.md
@ -23,10 +23,10 @@ tags:
 - tool
 -->

-  <!--
-  Resources that extend the functionality of Kubernetes.
-  -->
-  扩展 Kubernetes 功能的资源。
+<!--
+Resources that extend the functionality of Kubernetes.
+-->
+扩展 Kubernetes 功能的资源。

 <!--more-->

--- a/content/zh-cn/docs/reference/glossary/admission-controller.md
+++ b/content/zh-cn/docs/reference/glossary/admission-controller.md
@ -21,7 +21,7 @@ short_description: >
 aka:
 tags:
 - extension
- security																							 
+- security
 -->

 <!--
--- a/content/zh-cn/docs/reference/glossary/drain.md
+++ b/content/zh-cn/docs/reference/glossary/drain.md
@ -0,0 +1,43 @@
+---
+title: 腾空
+id: drain
+date: 2024-12-27
+full_link:
+short_description: >
+  从 Node 中安全地驱逐 Pod，为节点维护或移除做好准备。
+tags:
+- fundamental
+- operation
+---
+
+<!--
+title: Drain
+id: drain
+date: 2024-12-27
+full_link:
+short_description: >
+  Safely evicts Pods from a Node to prepare for maintenance or removal.
+tags:
+- fundamental
+- operation
+-->
+
+<!--
+The process of safely evicting {{< glossary_tooltip text="Pods" term_id="pod" >}} from a {{< glossary_tooltip text="Node" term_id="node" >}} to prepare it for maintenance or removal from a {{< glossary_tooltip text="cluster" term_id="cluster" >}}.
+-->
+从 {{< glossary_tooltip text="Node" term_id="node" >}} 中安全驱逐
+{{< glossary_tooltip text="Pod" term_id="pod" >}} 的过程，
+为维护或从{{< glossary_tooltip text="集群" term_id="cluster" >}}中移除节点做好准备。
+
+<!--more-->
+
+<!--
+The `kubectl drain` command is used to mark a {{< glossary_tooltip text="Node" term_id="node" >}} as going out of service. 
+When executed, it evicts all {{< glossary_tooltip text="Pods" term_id="pod" >}} from the {{< glossary_tooltip text="Node" term_id="node" >}}. 
+If an eviction request is temporarily rejected, `kubectl drain` retries until all {{< glossary_tooltip text="Pods" term_id="pod" >}} are terminated or a configurable timeout is reached.
+-->
+`kubectl drain` 命令用于将 {{< glossary_tooltip text="Node" term_id="node" >}} 标记为停止服务。
+执行此命令时，它会从 {{< glossary_tooltip text="Node" term_id="node" >}} 驱逐所有
+{{< glossary_tooltip text="Pod" term_id="pod" >}}。 
+如果驱逐请求临时被拒绝，`kubectl drain` 会重试，直到所有
+{{< glossary_tooltip text="Pod" term_id="pod" >}} 被终止或达到可配置的超时时限。
--- a/content/zh-cn/docs/reference/glossary/rbac.md
+++ b/content/zh-cn/docs/reference/glossary/rbac.md
@ -11,13 +11,11 @@ tags:
 - security
 - fundamental
 ---
-
 <!--
---
 title: RBAC (Role-Based Access Control)
 id: rbac
 date: 2018-04-12
-full_link: /zh-cn/docs/reference/access-authn-authz/rbac/
+full_link: /docs/reference/access-authn-authz/rbac/
 short_description: >
  Manages authorization decisions, allowing admins to dynamically configure access policies through the Kubernetes API.

@ -25,7 +23,6 @@ aka:
 tags:
 - security
 - fundamental
---
 -->

 <!--
@ -33,11 +30,33 @@ tags:
 -->
 管理授权决策，允许管理员通过 {{< glossary_tooltip text="Kubernetes API" term_id="kubernetes-api" >}} 动态配置访问策略。

-<!--more--> 
+<!--more-->

 <!--
-RBAC utilizes *roles*, which contain permission rules, and *role bindings*, which grant the permissions defined in a role to a set of users.
+RBAC utilizes four kinds of Kubernetes objects:
+
+Role
+: Defines permission rules in a specific namespace.
+
+ClusterRole
+: Defines permission rules cluster-wide.
+
+RoleBinding
+: Grants the permissions defined in a role to a set of users in a specific namespace.
+
+ClusterRoleBinding
+: Grants the permissions defined in a role to a set of users cluster-wide.
+
+For more information, see [RBAC](/docs/reference/access-authn-authz/rbac/).
 -->
-RBAC 使用 *角色* (包含权限规则)和 *角色绑定* (将角色中定义的权限授予一组用户)。
+RBAC 使用四种类别的 Kubernetes 对象：

+- **Role**：在特定命名空间中定义权限规则。

+- **ClusterRole**：定义集群范围内的权限规则。
+
+- **RoleBinding**：将角色中定义的权限授予特定命名空间中的一组用户。
+
+- **ClusterRoleBinding**：将角色中定义的权限授予集群范围内的一组用户。
+
+更多信息参见 [RBAC](/zh-cn/docs/reference/access-authn-authz/rbac/)。
--- a/content/zh-cn/docs/reference/glossary/replica-set.md
+++ b/content/zh-cn/docs/reference/glossary/replica-set.md
@ -4,7 +4,7 @@ id: replica-set
 date: 2018-04-12
 full_link: /zh-cn/docs/concepts/workloads/controllers/replicaset/
 short_description: >
-  ReplicaSet 是下一代副本控制器。
+  ReplicaSet 确保一次运行指定数量的 Pod 副本。

 aka: 
 tags:
@ -12,34 +12,32 @@ tags:
 - core-object
 - workload
 ---
-
 <!--
---
 title: ReplicaSet
 id: replica-set
 date: 2018-04-12
-full_link: /zh-cn/docs/concepts/workloads/controllers/replicaset/
+full_link: /docs/concepts/workloads/controllers/replicaset/
 short_description: >
-  ReplicaSet is the next-generation Replication Controller.
+ ReplicaSet ensures that a specified number of Pod replicas are running at one time

 aka: 
 tags:
 - fundamental
 - core-object
 - workload
---
 -->

 <!--
- ReplicaSet is the next-generation Replication Controller.
+ A ReplicaSet (aims to) maintain a set of replica Pods running at any given time.
 -->
+ReplicaSet（旨在）在任何给定时间确保运行一组 Pod 副本。

-ReplicaSet 是下一代副本控制器。
-
-<!--more--> 
+<!--more-->

 <!--
-ReplicaSet, like ReplicationController, ensures that a specified number of pods replicas are running at one time. ReplicaSet supports the new set-based selector requirements as described in the labels user guide, whereas a Replication Controller only supports equality-based selector requirements.
+Workload objects such as {{< glossary_tooltip term_id="deployment" >}} make use of ReplicaSets
+to ensure that the configured number of {{< glossary_tooltip term_id="pod" text="Pods" >}} are
+running in your cluster, based on the spec of that ReplicaSet.
 -->
-
-ReplicaSet 就像 ReplicationController 那样，确保一次运行指定数量的 Pod 副本。ReplicaSet 支持新的基于集合的选择器需求（在标签的用户指南中有相关描述），而副本控制器只支持基于等值的选择器需求。
+像 {{< glossary_tooltip term_id="deployment" >}} 这类工作负载对象利用 ReplicaSet
+基于其规约来确保集群中运行的 {{< glossary_tooltip term_id="pod" text="Pod" >}} 数量符合配置要求。