Kubernetes Prow Robot
GitHub
commit
3523bd9bed
|
|
@ -519,21 +519,34 @@ CRDs converted from `apiextensions.k8s.io/v1beta1` to
|
||||||
`apiextensions.k8s.io/v1` might lack structural schemas, and
|
`apiextensions.k8s.io/v1` might lack structural schemas, and
|
||||||
`spec.preserveUnknownFields` might be `true`.
|
`spec.preserveUnknownFields` might be `true`.
|
||||||
|
|
||||||
For migrated CustomResourceDefinitions where `spec.preserveUnknownFields` is
|
For legacy CustomResourceDefinition objects created as
|
||||||
set, pruning is _not_ enabled and you can store arbitrary data. For best
|
`apiextensions.k8s.io/v1beta1` with `spec.preserveUnknownFields` set to
|
||||||
compatibility, you should update your custom resources to meet an OpenAPI schema,
|
`true`, the following is also true:
|
||||||
and you should set `spec.preserveUnknownFields` true for the
|
|
||||||
CustomResourceDefinition itself.
|
* Pruning is not enabled.
|
||||||
|
* You can store arbitrary data.
|
||||||
|
|
||||||
|
For compatibility with `apiextensions.k8s.io/v1`, update your custom
|
||||||
|
resource definitions to:
|
||||||
|
|
||||||
|
1. Use a structural OpenAPI schema.
|
||||||
|
2. Set `spec.preserveUnknownFields` to `false`.
|
||||||
-->
|
-->
|
||||||
{{< note >}}
|
{{< note >}}
|
||||||
从 `apiextensions.k8s.io/v1beta1` 转换到 `apiextensions.k8s.io/v1` 的 CRD
|
从 `apiextensions.k8s.io/v1beta1` 转换到 `apiextensions.k8s.io/v1` 的 CRD
|
||||||
可能没有结构化的模式定义,因此其 `spec.preserveUnknownFields` 可能为 `true`。
|
可能没有结构化的模式定义,因此其 `spec.preserveUnknownFields` 可能为 `true`。
|
||||||
|
|
||||||
对于迁移而来的 CustomResourceDefinition,如果其 `spec.preserveUnknownFields`
|
对于使用 `apiextensions.k8s.io/v1beta1` 且将 `spec.preserveUnknownFields` 设置为 `true`
|
||||||
被设置为 `true`,则 Kubernetes _不会_ 执行剪裁操作,你可以存储任意数据。
|
创建的旧 CustomResourceDefinition 对象,有以下表现:
|
||||||
要实现最佳的兼容性,你应该更新定制资源以满足某 OpenAPI 模式定义,并且你
|
|
||||||
应该将 CustomResourceDefinition 自身的 `spec.preserveUnknownFields` 设置为
|
* 裁剪未启用。
|
||||||
`true`。
|
* 可以存储任意数据。
|
||||||
|
|
||||||
|
为了与 `apiextensions.k8s.io/v1` 兼容,将你的自定义资源定义更新为:
|
||||||
|
|
||||||
|
1. 使用结构化的 OpenAPI 模式。
|
||||||
|
2. `spec.preserveUnknownFields` 设置为 `false`。
|
||||||
|
|
||||||
{{< /note >}}
|
{{< /note >}}
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
|
|
|
||||||
|
|
@ -41,6 +41,23 @@ by providing the following flags to the kube-apiserver:
|
||||||
--service-account-signing-key-file=/etc/kubernetes/pki/sa.key
|
--service-account-signing-key-file=/etc/kubernetes/pki/sa.key
|
||||||
--api-audiences=system:konnectivity-server
|
--api-audiences=system:konnectivity-server
|
||||||
```
|
```
|
||||||
|
1. Create an egress configuration file such as `admin/konnectivity/egress-selector-configuration.yaml`.
|
||||||
|
1. Set the `--egress-selector-config-file` flag of the API Server to the path of
|
||||||
|
your API Server egress configuration file.
|
||||||
|
1. If you use UDS connection, add volumes config to the kube-apiserver:
|
||||||
|
```yaml
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
volumeMounts:
|
||||||
|
- name: konnectivity-uds
|
||||||
|
mountPath: /etc/kubernetes/konnectivity-server
|
||||||
|
readOnly: false
|
||||||
|
volumes:
|
||||||
|
- name: konnectivity-uds
|
||||||
|
hostPath:
|
||||||
|
path: /etc/kubernetes/konnectivity-server
|
||||||
|
type: DirectoryOrCreate
|
||||||
|
```
|
||||||
-->
|
-->
|
||||||
你需要配置 API 服务器来使用 Konnectivity 服务,并将网络流量定向到集群节点:
|
你需要配置 API 服务器来使用 Konnectivity 服务,并将网络流量定向到集群节点:
|
||||||
|
|
||||||
|
|
@ -55,18 +72,26 @@ by providing the following flags to the kube-apiserver:
|
||||||
--api-audiences=system:konnectivity-server
|
--api-audiences=system:konnectivity-server
|
||||||
```
|
```
|
||||||
|
|
||||||
<!--
|
1. 创建一个出站流量配置文件,比如 `admin/konnectivity/egress-selector-configuration.yaml`。
|
||||||
1. Create an egress configuration file such as `admin/konnectivity/egress-selector-configuration.yaml`.
|
1. 将 API 服务器的 `--egress-selector-config-file` 参数设置为你的 API 服务器的
|
||||||
1. Set the `--egress-selector-config-file` flag of the API Server to the path of
|
|
||||||
your API Server egress configuration file.
|
|
||||||
-->
|
|
||||||
{{< codenew file="admin/konnectivity/egress-selector-configuration.yaml" >}}
|
|
||||||
2. 创建一个出口配置文件比如 `admin/konnectivity/egress-selector-configuration.yaml`。
|
|
||||||
3. 将 API 服务器的 `--egress-selector-config-file` 参数设置为你的 API 服务器的
|
|
||||||
离站流量配置文件路径。
|
离站流量配置文件路径。
|
||||||
|
1. 如果你在使用 UDS 连接,须将卷配置添加到 kube-apiserver:
|
||||||
|
```yaml
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
volumeMounts:
|
||||||
|
- name: konnectivity-uds
|
||||||
|
mountPath: /etc/kubernetes/konnectivity-server
|
||||||
|
readOnly: false
|
||||||
|
volumes:
|
||||||
|
- name: konnectivity-uds
|
||||||
|
hostPath:
|
||||||
|
path: /etc/kubernetes/konnectivity-server
|
||||||
|
type: DirectoryOrCreate
|
||||||
|
```
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
Generate or obtain a certificate and kubeconfig for konnectivity-server.
|
Generate or obtain a certificate and kubeconfig for konnectivity-server.
|
||||||
For example, you can use the OpenSSL command line tool to issue a X.509 certificate,
|
For example, you can use the OpenSSL command line tool to issue a X.509 certificate,
|
||||||
using the cluster CA certificate `/etc/kubernetes/pki/ca.crt` from a control-plane host.
|
using the cluster CA certificate `/etc/kubernetes/pki/ca.crt` from a control-plane host.
|
||||||
-->
|
-->
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue