From 0df1710f9abe92d6752eed039bb0f56e9c3fd579 Mon Sep 17 00:00:00 2001 From: Oliver Teichmann Date: Fri, 4 Nov 2022 09:15:04 +0100 Subject: [PATCH 01/25] Update cheatsheet.md Add syntax to remove labels --- content/en/docs/reference/kubectl/cheatsheet.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/en/docs/reference/kubectl/cheatsheet.md b/content/en/docs/reference/kubectl/cheatsheet.md index 51f3df6d105..1e9f5506e0e 100644 --- a/content/en/docs/reference/kubectl/cheatsheet.md +++ b/content/en/docs/reference/kubectl/cheatsheet.md @@ -266,6 +266,7 @@ kubectl expose rc nginx --port=80 --target-port=8000 kubectl get pod mypod -o yaml | sed 's/\(image: myimage\):.*$/\1:v4/' | kubectl replace -f - kubectl label pods my-pod new-label=awesome # Add a Label +kubectl label pods my-pod new-label- # Remove a label kubectl annotate pods my-pod icon-url=http://goo.gl/XXBTWq # Add an annotation kubectl autoscale deployment foo --min=2 --max=10 # Auto scale a deployment "foo" ``` From 87129a2a6905599936b8c6658546892eb6bc17ce Mon Sep 17 00:00:00 2001 From: "Mr. Erlison" Date: Sat, 5 Nov 2022 14:29:41 -0300 Subject: [PATCH 02/25] Add pt-br/docs/reference/glossary/csi.md Signed-off-by: Mr. Erlison --- content/pt-br/docs/reference/glossary/csi.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 content/pt-br/docs/reference/glossary/csi.md diff --git a/content/pt-br/docs/reference/glossary/csi.md b/content/pt-br/docs/reference/glossary/csi.md new file mode 100644 index 00000000000..ea49fdc6b45 --- /dev/null +++ b/content/pt-br/docs/reference/glossary/csi.md @@ -0,0 +1,20 @@ +--- +title: Interface de Armazenamento de Contêiner +id: csi +date: 2018-06-25 +full_link: /pt-br/docs/concepts/storage/volumes/#csi +short_description: > + A Interface de Armazenamento de Contêiner (Container Storage Interface - CSI) define um padrão de interface para expor sistemas de armazenamento a contêineres. + +aka: +tags: +- storage +--- + A Interface de Armazenamento de Contêiner (Container Storage Interface - CSI) define um padrão de interface para expor sistemas de armazenamento a contêineres. + + + +O CSI permite que os fornecedores criem plugins personalizados de armazenamento para o Kubernetes sem adicioná-los ao repositório Kubernetes (plugins fora da árvore). Para usar um driver CSI de um provedor de armazenamento, você deve primeiro [implantá-lo no seu cluster](https://kubernetes-csi.github.io/docs/deploying.html). Você poderá então criar uma {{< glossary_tooltip text="Classe de Armazenamento" term_id="storage-class" >}} que use esse driver CSI. + +* [CSI na documentação do Kubernetes](/pt-br/docs/concepts/storage/volumes/#csi) +* [Lista de drivers CSI disponíveis](https://kubernetes-csi.github.io/docs/drivers.html) From 4e24d1083842c6b05dd1ae753163c23c574cd97e Mon Sep 17 00:00:00 2001 From: "Mr. Erlison" Date: Sat, 19 Nov 2022 09:20:49 -0300 Subject: [PATCH 03/25] Add italic and remove dash from the acronym Signed-off-by: Mr. Erlison --- content/pt-br/docs/reference/glossary/csi.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/content/pt-br/docs/reference/glossary/csi.md b/content/pt-br/docs/reference/glossary/csi.md index ea49fdc6b45..49395b5d535 100644 --- a/content/pt-br/docs/reference/glossary/csi.md +++ b/content/pt-br/docs/reference/glossary/csi.md @@ -10,11 +10,13 @@ aka: tags: - storage --- - A Interface de Armazenamento de Contêiner (Container Storage Interface - CSI) define um padrão de interface para expor sistemas de armazenamento a contêineres. + A Interface de Armazenamento de Contêiner (_Container Storage Interface_, CSI) define um padrão de interface para expor sistemas de armazenamento a contêineres. -O CSI permite que os fornecedores criem plugins personalizados de armazenamento para o Kubernetes sem adicioná-los ao repositório Kubernetes (plugins fora da árvore). Para usar um driver CSI de um provedor de armazenamento, você deve primeiro [implantá-lo no seu cluster](https://kubernetes-csi.github.io/docs/deploying.html). Você poderá então criar uma {{< glossary_tooltip text="Classe de Armazenamento" term_id="storage-class" >}} que use esse driver CSI. +O CSI permite que os fornecedores criem plugins personalizados de armazenamento para o Kubernetes sem adicioná-los ao repositório Kubernetes (plugins fora da árvore). +Para usar um driver CSI de um provedor de armazenamento, você deve primeiro [instalá-lo no seu cluster](https://kubernetes-csi.github.io/docs/deploying.html). +Você poderá então criar uma {{< glossary_tooltip text="Classe de Armazenamento" term_id="storage-class" >}} que use esse driver CSI. * [CSI na documentação do Kubernetes](/pt-br/docs/concepts/storage/volumes/#csi) * [Lista de drivers CSI disponíveis](https://kubernetes-csi.github.io/docs/drivers.html) From 1a5ffad2f73a0f58615a5f15f2c229bff4bdbdcf Mon Sep 17 00:00:00 2001 From: "Mr. Erlison" Date: Sat, 19 Nov 2022 09:22:26 -0300 Subject: [PATCH 04/25] Add italic and remove dash from the acronym Signed-off-by: Mr. Erlison --- content/pt-br/docs/reference/glossary/csi.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/pt-br/docs/reference/glossary/csi.md b/content/pt-br/docs/reference/glossary/csi.md index 49395b5d535..51f71544904 100644 --- a/content/pt-br/docs/reference/glossary/csi.md +++ b/content/pt-br/docs/reference/glossary/csi.md @@ -4,7 +4,7 @@ id: csi date: 2018-06-25 full_link: /pt-br/docs/concepts/storage/volumes/#csi short_description: > - A Interface de Armazenamento de Contêiner (Container Storage Interface - CSI) define um padrão de interface para expor sistemas de armazenamento a contêineres. + A Interface de Armazenamento de Contêiner (_Container Storage Interface_, CSI) define um padrão de interface para expor sistemas de armazenamento a contêineres. aka: tags: From 707d3699ad0e562e8af20433df312907ca1d053c Mon Sep 17 00:00:00 2001 From: Shubham Kuchhal Date: Tue, 22 Nov 2022 13:37:49 +0530 Subject: [PATCH 05/25] Append triple backticks with shell for code snippet --- .../access-authn-authz/certificate-signing-requests.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/reference/access-authn-authz/certificate-signing-requests.md b/content/en/docs/reference/access-authn-authz/certificate-signing-requests.md index 6a6da8655a9..3a8bf58c939 100644 --- a/content/en/docs/reference/access-authn-authz/certificate-signing-requests.md +++ b/content/en/docs/reference/access-authn-authz/certificate-signing-requests.md @@ -268,7 +268,7 @@ The certificate value is in Base64-encoded format under `status.certificate`. Export the issued certificate from the CertificateSigningRequest. -``` +```shell kubectl get csr myuser -o jsonpath='{.status.certificate}'| base64 -d > myuser.crt ``` From 98901958d205bfee076af692244fca5237046da8 Mon Sep 17 00:00:00 2001 From: NitishKumar06 Date: Sat, 19 Nov 2022 13:38:24 +0530 Subject: [PATCH 06/25] PSP deprecation blog article linked to v 1.25 release blog --- .../2021-04-06-PodSecurityPolicy-Past-Present-and-Future.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/content/en/blog/_posts/2021-04-06-PodSecurityPolicy-Past-Present-and-Future.md b/content/en/blog/_posts/2021-04-06-PodSecurityPolicy-Past-Present-and-Future.md index 73043a67e00..a55cc5b6027 100644 --- a/content/en/blog/_posts/2021-04-06-PodSecurityPolicy-Past-Present-and-Future.md +++ b/content/en/blog/_posts/2021-04-06-PodSecurityPolicy-Past-Present-and-Future.md @@ -4,6 +4,10 @@ title: "PodSecurityPolicy Deprecation: Past, Present, and Future" date: 2021-04-06 slug: podsecuritypolicy-deprecation-past-present-and-future --- +***Update 2022/08/23:*** +*With the release of Kubernetes v1.25, PodSecurityPolicy has been removed. This now-historical blog post documents the beginning of the removal process.* + +*The release blog has more information about the removal of PSP [here](https://kubernetes.io/blog/2022/08/23/kubernetes-v1-25-release/#pod-security-changes).* **Author:** Tabitha Sable (Kubernetes SIG Security) From a380758e14d95d2366ac62199ae199056f3b28ef Mon Sep 17 00:00:00 2001 From: NitishKumar06 Date: Wed, 23 Nov 2022 12:20:44 +0530 Subject: [PATCH 07/25] Revise PSP deprecation blog article to note that PSP is now removed - 02 --- ...21-04-06-PodSecurityPolicy-Past-Present-and-Future.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/content/en/blog/_posts/2021-04-06-PodSecurityPolicy-Past-Present-and-Future.md b/content/en/blog/_posts/2021-04-06-PodSecurityPolicy-Past-Present-and-Future.md index a55cc5b6027..0f75a90a28a 100644 --- a/content/en/blog/_posts/2021-04-06-PodSecurityPolicy-Past-Present-and-Future.md +++ b/content/en/blog/_posts/2021-04-06-PodSecurityPolicy-Past-Present-and-Future.md @@ -4,13 +4,12 @@ title: "PodSecurityPolicy Deprecation: Past, Present, and Future" date: 2021-04-06 slug: podsecuritypolicy-deprecation-past-present-and-future --- -***Update 2022/08/23:*** -*With the release of Kubernetes v1.25, PodSecurityPolicy has been removed. This now-historical blog post documents the beginning of the removal process.* - -*The release blog has more information about the removal of PSP [here](https://kubernetes.io/blog/2022/08/23/kubernetes-v1-25-release/#pod-security-changes).* - **Author:** Tabitha Sable (Kubernetes SIG Security) +{{% pageinfo color="primary" %}} +**Update:** *With the release of Kubernetes v1.25, PodSecurityPolicy has been removed.* *You can read more information about the removal of PodSecurityPolicy in the [Kubernetes 1.25 release notes](/blog/2022/08/23/kubernetes-v1-25-release/#pod-security-changes).* +{{% /pageinfo %}} + PodSecurityPolicy (PSP) is being deprecated in Kubernetes 1.21, to be released later this week. This starts the countdown to its removal, but doesn’t change anything else. PodSecurityPolicy will continue to be fully functional for several more releases before being removed completely. In the meantime, we are developing a replacement for PSP that covers key use cases more easily and sustainably. What are Pod Security Policies? Why did we need them? Why are they going away, and what’s next? How does this affect you? These key questions come to mind as we prepare to say goodbye to PSP, so let’s walk through them together. We’ll start with an overview of how features get removed from Kubernetes. From e100cf80c420c251aeba9a25abcced6906a2e521 Mon Sep 17 00:00:00 2001 From: Shubham Kuchhal Date: Fri, 25 Nov 2022 16:56:50 +0530 Subject: [PATCH 08/25] Added shell for code snippet. --- .../access-authn-authz/certificate-signing-requests.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/en/docs/reference/access-authn-authz/certificate-signing-requests.md b/content/en/docs/reference/access-authn-authz/certificate-signing-requests.md index 3a8bf58c939..c2acd154c0b 100644 --- a/content/en/docs/reference/access-authn-authz/certificate-signing-requests.md +++ b/content/en/docs/reference/access-authn-authz/certificate-signing-requests.md @@ -295,20 +295,20 @@ The last step is to add this user into the kubeconfig file. First, you need to add new credentials: -``` +```shell kubectl config set-credentials myuser --client-key=myuser.key --client-certificate=myuser.crt --embed-certs=true ``` Then, you need to add the context: -``` +```shell kubectl config set-context myuser --cluster=kubernetes --user=myuser ``` To test it, change the context to `myuser`: -``` +```shell kubectl config use-context myuser ``` From 2862fc791a28503fc113f5febae9c750ee2c2878 Mon Sep 17 00:00:00 2001 From: Arhell Date: Sat, 26 Nov 2022 01:05:41 +0200 Subject: [PATCH 09/25] [fr] Fix feature state for ExpandCSIVolumes --- content/fr/docs/concepts/storage/persistent-volumes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/fr/docs/concepts/storage/persistent-volumes.md b/content/fr/docs/concepts/storage/persistent-volumes.md index 1f149bb6e55..f4fc315a20f 100644 --- a/content/fr/docs/concepts/storage/persistent-volumes.md +++ b/content/fr/docs/concepts/storage/persistent-volumes.md @@ -242,7 +242,7 @@ Au lieu de cela, un volume existant est redimensionné. #### Redimensionnement de volume CSI -{{< feature-state for_k8s_version="v1.16" state="beta" >}} +{{< feature-state for_k8s_version="v1.24" state="stable" >}} La prise en charge du redimensionnement des volumes CSI est activée par défaut, mais elle nécessite également un pilote CSI spécifique pour prendre en charge le redimensionnement des volumes. Reportez-vous à la documentation du pilote CSI spécifique pour plus d'informations. From b319f844db4f471d6ea9c7427a8db015937170e3 Mon Sep 17 00:00:00 2001 From: Michael Date: Sat, 26 Nov 2022 13:33:24 +0800 Subject: [PATCH 10/25] Replace an image with mermaid --- .../horizontal-pod-autoscale.md | 25 ++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/content/en/docs/tasks/run-application/horizontal-pod-autoscale.md b/content/en/docs/tasks/run-application/horizontal-pod-autoscale.md index 590bd6d7999..97da59dcdd6 100644 --- a/content/en/docs/tasks/run-application/horizontal-pod-autoscale.md +++ b/content/en/docs/tasks/run-application/horizontal-pod-autoscale.md @@ -47,7 +47,30 @@ horizontal pod autoscaling. ## How does a HorizontalPodAutoscaler work? -{{< figure src="/images/docs/horizontal-pod-autoscaler.svg" caption="HorizontalPodAutoscaler controls the scale of a Deployment and its ReplicaSet" class="diagram-medium">}} +{{< mermaid >}} +graph BT + +hpa[Horizontal Pod Autoscaler] --> scale[Scale] + +subgraph rc[RC / Deployment] + scale +end + +scale -.-> pod1[Pod 1] +scale -.-> pod2[Pod 2] +scale -.-> pod3[Pod N] + +classDef hpa fill:#D5A6BD,stroke:#1E1E1D,stroke-width:1px,color:#1E1E1D; +classDef rc fill:#F9CB9C,stroke:#1E1E1D,stroke-width:1px,color:#1E1E1D; +classDef scale fill:#B6D7A8,stroke:#1E1E1D,stroke-width:1px,color:#1E1E1D; +classDef pod fill:#9FC5E8,stroke:#1E1E1D,stroke-width:1px,color:#1E1E1D; +class hpa hpa; +class rc rc; +class scale scale; +class pod1,pod2,pod3 pod +{{< /mermaid >}} + +Figure 1. HorizontalPodAutoscaler controls the scale of a Deployment and its ReplicaSet Kubernetes implements horizontal pod autoscaling as a control loop that runs intermittently (it is not a continuous process). The interval is set by the From 113a5d9251911e3d12733c0adf2e0e907ec90fec Mon Sep 17 00:00:00 2001 From: windsonsea Date: Sun, 27 Nov 2022 10:47:16 +0800 Subject: [PATCH 11/25] [zh] sync service-topology.md --- .../services-networking/service-topology.md | 41 +++++++++---------- 1 file changed, 19 insertions(+), 22 deletions(-) diff --git a/content/zh-cn/docs/concepts/services-networking/service-topology.md b/content/zh-cn/docs/concepts/services-networking/service-topology.md index e899786565d..648dff570d3 100644 --- a/content/zh-cn/docs/concepts/services-networking/service-topology.md +++ b/content/zh-cn/docs/concepts/services-networking/service-topology.md @@ -1,7 +1,7 @@ --- title: 使用拓扑键实现拓扑感知的流量路由 content_type: concept -weight: 10 +weight: 150 --- @@ -52,14 +52,12 @@ to endpoints within the same zone. By setting `topologyKeys` on a Service, you're able to define a policy for routing traffic based upon the Node labels for the originating and destination Nodes. --> -## 拓扑感知的流量路由 +## 拓扑感知的流量路由 {#topology-aware-traffic-routing} -默认情况下,发往 `ClusterIP` 或者 `NodePort` 服务的流量可能会被路由到 -服务的任一后端的地址。Kubernetes 1.7 允许将“外部”流量路由到接收到流量的 -节点上的 Pod。对于 `ClusterIP` 服务,无法完成同节点优先的路由,你也无法 -配置集群优选路由到同一可用区中的端点。 -通过在 Service 上配置 `topologyKeys`,你可以基于来源节点和目标节点的 -标签来定义流量路由策略。 +默认情况下,发往 `ClusterIP` 或者 `NodePort` 服务的流量可能会被路由到服务的任一后端的地址。 +Kubernetes 1.7 允许将“外部”流量路由到接收到流量的节点上的 Pod。对于 `ClusterIP` +服务,无法完成同节点优先的路由,你也无法配置集群优选路由到同一可用区中的端点。 +通过在 Service 上配置 `topologyKeys`,你可以基于来源节点和目标节点的标签来定义流量路由策略。 -## 示例 +## 示例 {#examples} 以下是使用服务拓扑功能的常见示例。 @@ -192,7 +190,7 @@ The following are common examples of using the Service Topology feature. A Service that only routes to node local endpoints. If no endpoints exist on the node, traffic is dropped: --> -### 仅节点本地端点 +### 仅节点本地端点 {#only-node-local-endpoints} 仅路由到节点本地端点的一种服务。如果节点上不存在端点,流量则被丢弃: @@ -217,7 +215,7 @@ spec: A Service that prefers node local Endpoints but falls back to cluster wide endpoints if node local endpoints do not exist: --> -### 首选节点本地端点 +### 首选节点本地端点 {#prefer-node-local-endpoints} 首选节点本地端点,如果节点本地端点不存在,则回退到集群范围端点的一种服务: @@ -243,7 +241,7 @@ spec: A Service that prefers zonal then regional endpoints. If no endpoints exist in either, traffic is dropped. --> -### 仅地域或区域端点 +### 仅地域或区域端点 {#only-zonal-or-regional-endpoints} 首选地域端点而不是区域端点的一种服务。 如果以上两种范围内均不存在端点, 流量则被丢弃。 @@ -270,10 +268,9 @@ spec: A Service that prefers node local, zonal, then regional endpoints but falls back to cluster wide endpoints. --> -### 优先选择节点本地端点、地域端点,然后是区域端点 +### 优先选择节点本地端点、地域端点,然后是区域端点 {#prefer-node-local-zonal-then-regional-endpoints} -优先选择节点本地端点,地域端点,然后是区域端点,最后才是集群范围端点的 -一种服务。 +优先选择节点本地端点,地域端点,然后是区域端点,最后才是集群范围端点的一种服务。 ```yaml apiVersion: v1 @@ -297,9 +294,9 @@ spec: ## {{% heading "whatsnext" %}} -* 阅读关于[启用服务拓扑](/zh-cn/docs/tasks/administer-cluster/enabling-service-topology/) -* 阅读[用服务连接应用程序](/zh-cn/docs/concepts/services-networking/connect-applications-service/) +* 阅读关于[拓扑感知提示](/zh-cn/docs/concepts/services-networking/topology-aware-hints/) +* 阅读[使用 Service 连接到应用](/zh-cn/docs/tutorials/services/connect-applications-service/) From f4dce2247e17e53e7805532a8a2e3c34fb807bfb Mon Sep 17 00:00:00 2001 From: windsonsea Date: Sun, 27 Nov 2022 10:51:50 +0800 Subject: [PATCH 12/25] [zh] Remove enabling-service-topology.md --- .../enabling-service-topology.md | 86 ------------------- 1 file changed, 86 deletions(-) delete mode 100644 content/zh-cn/docs/tasks/administer-cluster/enabling-service-topology.md diff --git a/content/zh-cn/docs/tasks/administer-cluster/enabling-service-topology.md b/content/zh-cn/docs/tasks/administer-cluster/enabling-service-topology.md deleted file mode 100644 index 102fcc6adb8..00000000000 --- a/content/zh-cn/docs/tasks/administer-cluster/enabling-service-topology.md +++ /dev/null @@ -1,86 +0,0 @@ ---- -title: 开启服务拓扑 -content_type: task -min-kubernetes-server-version: 1.17 ---- - - - -{{< feature-state for_k8s_version="v1.21" state="deprecated" >}} - - -这项功能,特别是 Alpha 状态的 `topologyKeys` 字段,在 Kubernetes v1.21 中已经弃用。 -在 Kubernetes v1.21 -加入的[拓扑感知提示](/zh-cn/docs/concepts/services-networking/topology-aware-hints/)提供了类似的功能。 - - -**服务拓扑(Service Topology)** 使 {{< glossary_tooltip term_id="service">}} -能够根据集群中的 Node 拓扑来路由流量。 -比如,服务可以指定将流量优先路由到与客户端位于同一节点或者同一可用区域的端点上。 - -## {{% heading "prerequisites" %}} - -{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}} - - -需要满足下列先决条件,才能启用拓扑感知的服务路由: - -* Kubernetes 1.17 或更高版本 -* 配置 {{< glossary_tooltip text="kube-proxy" term_id="kube-proxy" >}} 以 iptables 或者 IPVS 模式运行 - - - - -## 启用服务拓扑 {#enable-service-topology} - -{{< feature-state for_k8s_version="v1.21" state="deprecated" >}} - - -要启用服务拓扑,需要为所有 Kubernetes 组件启用 `ServiceTopology` -[特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/): - -``` ---feature-gates="ServiceTopology=true` -``` - -## {{% heading "whatsnext" %}} - - -* 阅读[拓扑感知提示](/zh-cn/docs/concepts/services-networking/topology-aware-hints/),该技术是用来替换 `topologyKeys` 字段的。 -* 阅读[端点切片](/zh-cn/docs/concepts/services-networking/endpoint-slices) -* 阅读[服务拓扑](/zh-cn/docs/concepts/services-networking/service-topology)概念 -* 阅读[使用 Service 连接到应用](/zh-cn/docs/tutorials/services/connect-applications-service/) \ No newline at end of file From a9ca2eb1c2449186dc5431c164870ac363facc90 Mon Sep 17 00:00:00 2001 From: suning0 Date: Wed, 9 Nov 2022 00:10:11 +0800 Subject: [PATCH 13/25] [zh-cn]Update architecture/controller.md [zh-cn]Update architecture/controller.md --- .../zh-cn/docs/concepts/architecture/controller.md | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/content/zh-cn/docs/concepts/architecture/controller.md b/content/zh-cn/docs/concepts/architecture/controller.md index 2703c82d69b..343cc05e99c 100644 --- a/content/zh-cn/docs/concepts/architecture/controller.md +++ b/content/zh-cn/docs/concepts/architecture/controller.md @@ -4,6 +4,12 @@ content_type: concept weight: 30 --- + + -这里,很重要的一点是,控制器做出了一些变更以使得事物更接近你的期望状态, +这里的重点是,控制器做出了一些变更以使得事物更接近你的期望状态, 之后将当前状态报告给集群的 API 服务器。 其他控制回路可以观测到所汇报的数据的这种变化并采取其各自的行动。 From 3d44dd66107906eed60ea4b66e35af16f1090728 Mon Sep 17 00:00:00 2001 From: "xin.li" Date: Sun, 27 Nov 2022 16:34:42 +0800 Subject: [PATCH 14/25] [zh]sync concepts/architecture/cgroups.md/cri.md Signed-off-by: xin.li --- content/zh-cn/docs/concepts/architecture/cgroups.md | 4 ++-- content/zh-cn/docs/concepts/architecture/cri.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/content/zh-cn/docs/concepts/architecture/cgroups.md b/content/zh-cn/docs/concepts/architecture/cgroups.md index 56eb9424d42..54e85e7e88a 100644 --- a/content/zh-cn/docs/concepts/architecture/cgroups.md +++ b/content/zh-cn/docs/concepts/architecture/cgroups.md @@ -17,7 +17,7 @@ constrain resources that are allocated to processes. The {{< glossary_tooltip text="kubelet" term_id="kubelet" >}} and the underlying container runtime need to interface with cgroups to enforce -[resource mangement for pods and containers](/docs/concepts/configuration/manage-resources-containers/) which +[resource management for pods and containers](/docs/concepts/configuration/manage-resources-containers/) which includes cpu/memory requests and limits for containerized workloads. There are two versions of cgroups in Linux: cgroup v1 and cgroup v2. cgroup v2 is @@ -204,7 +204,7 @@ cgroup v2 使用一个与 cgroup v1 不同的 API,因此如果有任何应用 -容器使应用和底层的主机基础设施解耦,降低了应用在不同云环境或者操作系统上的部署难度,便于应用扩展。 \ No newline at end of file +容器使应用和底层的主机基础设施解耦,降低了应用在不同云环境或者操作系统上的部署难度,便于应用扩展。 +在容器内运行的应用程序称为容器化应用程序。 将这些应用程序及其依赖项捆绑到容器映像中的过程称为容器化。 \ No newline at end of file From 8cf386eeada78581ad602f16f59680f6746a26ce Mon Sep 17 00:00:00 2001 From: "xin.li" Date: Sun, 30 Oct 2022 19:02:42 +0800 Subject: [PATCH 17/25] [zh-cn]sync concepts/overview/_index.md Signed-off-by: xin.li --- content/zh-cn/docs/concepts/overview/_index.md | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/content/zh-cn/docs/concepts/overview/_index.md b/content/zh-cn/docs/concepts/overview/_index.md index 6987182f714..51d28eb4be3 100644 --- a/content/zh-cn/docs/concepts/overview/_index.md +++ b/content/zh-cn/docs/concepts/overview/_index.md @@ -148,7 +148,7 @@ Containers are a good way to bundle and run your applications. In a production e 如果此行为交由给系统处理,是不是会更容易一些? 这就是 Kubernetes 要来做的事情! Kubernetes 为你提供了一个可弹性运行分布式系统的框架。 @@ -166,7 +166,7 @@ Kubernetes can expose a container using the DNS name or using their own IP addre --> * **服务发现和负载均衡** - Kubernetes 可以使用 DNS 名称或自己的 IP 地址来曝露容器。 + Kubernetes 可以使用 DNS 名称或自己的 IP 地址来暴露容器。 如果进入容器的流量很大, Kubernetes 可以负载均衡并分配网络流量,从而使部署稳定。 @@ -249,8 +249,7 @@ Kubernetes: * 不提供应用程序级别的服务作为内置服务,例如中间件(例如消息中间件)、 数据处理框架(例如 Spark)、数据库(例如 MySQL)、缓存、集群存储系统 (例如 Ceph)。这样的组件可以在 Kubernetes 上运行,并且/或者可以由运行在 - Kubernetes 上的应用程序通过可移植机制 - (例如[开放服务代理](https://openservicebrokerapi.org/))来访问。 + Kubernetes 上的应用程序通过可移植机制(例如[开放服务代理](https://openservicebrokerapi.org/))来访问。 @@ -294,12 +294,11 @@ spec: - "*" ``` - ## {{% heading "whatsnext" %}} -* 阅读关于[启用服务拓扑](/zh-cn/docs/tasks/administer-cluster/enabling-service-topology/) -* 阅读[用服务连接应用程序](/zh-cn/docs/concepts/services-networking/connect-applications-service/) +* 阅读关于[拓扑感知提示](/zh-cn/docs/concepts/services-networking/topology-aware-hints/) +* 阅读[使用 Service 连接到应用](/zh-cn/docs/tutorials/services/connect-applications-service/) From ba1e0ab3f0f959d2c3b88dac8121752f574cba74 Mon Sep 17 00:00:00 2001 From: Gao Qian Date: Mon, 28 Nov 2022 01:09:24 -0500 Subject: [PATCH 21/25] [zh-cn] Updated encrypt-data.md Signed-off-by: Gao Qian --- content/zh-cn/docs/tasks/administer-cluster/encrypt-data.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/content/zh-cn/docs/tasks/administer-cluster/encrypt-data.md b/content/zh-cn/docs/tasks/administer-cluster/encrypt-data.md index 0eb80172926..533a1481095 100644 --- a/content/zh-cn/docs/tasks/administer-cluster/encrypt-data.md +++ b/content/zh-cn/docs/tasks/administer-cluster/encrypt-data.md @@ -350,11 +350,15 @@ program to retrieve the contents of your Secret. 3. 验证存储的密钥前缀是否为 `k8s:enc:aescbc:v1:`,这表明 `aescbc` provider 已加密结果数据。 + 确认 `etcd` 中显示的密钥名称和上述 `EncryptionConfiguration` 中指定的密钥名称一致。 + 在此例中,你可以看到在 `etcd` 和 `EncryptionConfiguration` 中使用了名为 `key1` 的加密密钥。 4. 通过 API 检索,验证 Secret 是否被正确解密: From ee25d327903ab3fe6bad78af6c082075a210b20f Mon Sep 17 00:00:00 2001 From: Gao Qian Date: Mon, 28 Nov 2022 02:35:36 -0500 Subject: [PATCH 22/25] [zh-cn] Updated static-pod.md Signed-off-by: Gao Qian --- .../zh-cn/docs/tasks/configure-pod-container/static-pod.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/content/zh-cn/docs/tasks/configure-pod-container/static-pod.md b/content/zh-cn/docs/tasks/configure-pod-container/static-pod.md index 6f3a6c5d1c2..6e0f6c07e8f 100644 --- a/content/zh-cn/docs/tasks/configure-pod-container/static-pod.md +++ b/content/zh-cn/docs/tasks/configure-pod-container/static-pod.md @@ -67,6 +67,13 @@ The `spec` of a static Pod cannot refer to other API objects {{< glossary_tooltip text="Secret" term_id="secret" >}} 等)。 {{< /note >}} +{{< note >}} + +静态 Pod 不支持[临时容器](/zh-cn/docs/concepts/workloads/pods/ephemeral-containers/)。 +{{< /note >}} + ## {{% heading "prerequisites" %}} {{< include "task-tutorial-prereqs.md" >}} {{< version-check >}} From cadef8107957e1022f6de959a659a084cc100382 Mon Sep 17 00:00:00 2001 From: Natali Vlatko Date: Mon, 28 Nov 2022 12:45:03 +0100 Subject: [PATCH 23/25] Update all chairs/TLs to add to SECURITY_CONTACTS --- SECURITY_CONTACTS | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/SECURITY_CONTACTS b/SECURITY_CONTACTS index 839e7bed14e..45a06ee063d 100644 --- a/SECURITY_CONTACTS +++ b/SECURITY_CONTACTS @@ -11,5 +11,9 @@ # INSTRUCTIONS AT https://kubernetes.io/security/ divya-mohan0209 -jimangel +reylejano sftim +tengqm +onlydole +kbhawkey +natalisucks From f846940c01958879a4fdfa4c1b7fe1f963b29bf4 Mon Sep 17 00:00:00 2001 From: suning0 Date: Sun, 27 Nov 2022 17:07:51 +0800 Subject: [PATCH 24/25] ephemeral-container.md [zh-cn]Update ephemeral-container.md --- content/zh-cn/docs/reference/glossary/ephemeral-container.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/content/zh-cn/docs/reference/glossary/ephemeral-container.md b/content/zh-cn/docs/reference/glossary/ephemeral-container.md index cc8efd79374..591c85b3f53 100644 --- a/content/zh-cn/docs/reference/glossary/ephemeral-container.md +++ b/content/zh-cn/docs/reference/glossary/ephemeral-container.md @@ -31,6 +31,8 @@ A {{< glossary_tooltip term_id="container" >}} type that you can temporarily run 如果想要调查运行中有问题的 Pod,可以向该 Pod 添加一个临时容器(Ephemeral Container)并进行诊断。 临时容器没有资源或调度保证,因此不应该使用它们来运行任何部分的工作负荷本身。 +{{{< glossary_tooltip text="静态 Pod" term_id="static-pod" >}} 不支持临时容器。 From a3e46b2f1bf24da65f26685067f7366999e4808a Mon Sep 17 00:00:00 2001 From: Gao Qian Date: Mon, 28 Nov 2022 20:36:46 -0500 Subject: [PATCH 25/25] [zh-cn] Updated dns-pod-service.md Signed-off-by: Gao Qian --- .../services-networking/dns-pod-service.md | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/content/zh-cn/docs/concepts/services-networking/dns-pod-service.md b/content/zh-cn/docs/concepts/services-networking/dns-pod-service.md index 82b36504f94..a24fce895b2 100644 --- a/content/zh-cn/docs/concepts/services-networking/dns-pod-service.md +++ b/content/zh-cn/docs/concepts/services-networking/dns-pod-service.md @@ -384,13 +384,15 @@ following Pod-specific DNS policies. These policies are specified in the See [related discussion](/docs/tasks/administer-cluster/dns-custom-nameservers) for more details. - "`ClusterFirst`": Any DNS query that does not match the configured cluster - domain suffix, such as "`www.kubernetes.io`", is forwarded to the upstream - nameserver inherited from the node. Cluster administrators may have extra + domain suffix, such as "`www.kubernetes.io`", is forwarded to an upstream + nameserver by the DNS server. Cluster administrators may have extra stub-domain and upstream DNS servers configured. See [related discussion](/docs/tasks/administer-cluster/dns-custom-nameservers) for details on how DNS queries are handled in those cases. - "`ClusterFirstWithHostNet`": For Pods running with hostNetwork, you should - explicitly set its DNS policy "`ClusterFirstWithHostNet`". + explicitly set its DNS policy to "`ClusterFirstWithHostNet`". Otherwise, Pods + running with hostNetwork and `"ClusterFirst"` will fallback to the behavior + of the `"Default"` policy. - Note: This is not supported on Windows. See [below](#dns-windows) for details - "`None`": It allows a Pod to ignore DNS settings from the Kubernetes environment. All DNS settings are supposed to be provided using the @@ -405,11 +407,12 @@ DNS 策略可以逐个 Pod 来设定。目前 Kubernetes 支持以下特定 Pod - "`Default`": Pod 从运行所在的节点继承名称解析配置。 参考[相关讨论](/zh-cn/docs/tasks/administer-cluster/dns-custom-nameservers)获取更多信息。 - "`ClusterFirst`": 与配置的集群域后缀不匹配的任何 DNS 查询(例如 "www.kubernetes.io") - 都将转发到从节点继承的上游名称服务器。集群管理员可能配置了额外的存根域和上游 DNS 服务器。 + 都会由 DNS 服务器转发到上游名称服务器。集群管理员可能配置了额外的存根域和上游 DNS 服务器。 参阅[相关讨论](/zh-cn/docs/tasks/administer-cluster/dns-custom-nameservers) 了解在这些场景中如何处理 DNS 查询的信息。 -- "`ClusterFirstWithHostNet`":对于以 hostNetwork 方式运行的 Pod,应显式设置其 DNS 策略 - "`ClusterFirstWithHostNet`"。 +- "`ClusterFirstWithHostNet`": 对于以 hostNetwork 方式运行的 Pod,应将其 DNS 策略显式设置为 + "`ClusterFirstWithHostNet`"。否则,以 hostNetwork 方式和 `"ClusterFirst"` 策略运行的 + Pod 将会做出回退至 `"Default"` 策略的行为。 - 注意:这在 Windows 上不支持。 有关详细信息,请参见[下文](#dns-windows)。 - "`None`": 此设置允许 Pod 忽略 Kubernetes 环境中的 DNS 设置。Pod 会使用其 `dnsConfig` 字段所提供的 DNS 设置。