[zh]Sync service-accounts-admin.md,ingress-minikube.md,configure-service-account.md

2023-10-27 12:16:21 +08:00 · 2023-10-27 12:16:21 +08:00 · 54a769467f
parent 990e120b6a
commit 54a769467f
4 changed files with 40 additions and 33 deletions
--- a/content/zh-cn/docs/reference/access-authn-authz/service-accounts-admin.md
+++ b/content/zh-cn/docs/reference/access-authn-authz/service-accounts-admin.md
@ -568,33 +568,6 @@ Then, delete the Secret you now know the name of:
 kubectl -n examplens delete secret/example-automated-thing-token-zyxwv
 ```

-<!--
-The control plane spots that the ServiceAccount is missing its Secret,
-and creates a replacement:
-->
-控制平面发现 ServiceAccount 缺少其 Secret，并创建一个替代项：
-
-```shell
-kubectl -n examplens get serviceaccount/example-automated-thing -o yaml
-```
-
-```yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  annotations:
-    kubectl.kubernetes.io/last-applied-configuration: |
-      {"apiVersion":"v1","kind":"ServiceAccount","metadata":{"annotations":{},"name":"example-automated-thing","namespace":"examplens"}}
-  creationTimestamp: "2019-07-21T07:07:07Z"
-  name: example-automated-thing
-  namespace: examplens
-  resourceVersion: "1026"
-  selfLink: /api/v1/namespaces/examplens/serviceaccounts/example-automated-thing
-  uid: f23fd170-66f2-4697-b049-e1e266b7f835
-secrets:
-  - name: example-automated-thing-token-4rdrh
-```
-
 <!--
 ## Clean up

--- a/content/zh-cn/docs/tasks/access-application-cluster/ingress-minikube.md
+++ b/content/zh-cn/docs/tasks/access-application-cluster/ingress-minikube.md
@ -174,6 +174,10 @@ If you haven't already set up a cluster locally, run `minikube start` to create
   http://172.17.0.15:31637
   ```

+   ```shell
+   curl http://172.17.0.15:31637
+   ```
+
   <!--
   The output is similar to:
   -->
--- a/content/zh-cn/docs/tasks/configure-pod-container/configure-service-account.md
+++ b/content/zh-cn/docs/tasks/configure-pod-container/configure-service-account.md
@ -420,6 +420,24 @@ control plane automatically cleans up the long-lived token from that Secret.
 当你删除一个与某 Secret 相关联的 ServiceAccount 时，Kubernetes 的控制面会自动清理该
 Secret 中长期有效的令牌。

+{{< note >}}
+<!--
+If you view the ServiceAccount using:
+
+` kubectl get serviceaccount build-robot -o yaml`
+
+You can't see the `build-robot-secret` Secret in the ServiceAccount API objects
+[`.secrets`](/docs/reference/kubernetes-api/authentication-resources/service-account-v1/) field
+because that field is only populated with auto-generated Secrets.
+-->
+如果你使用以下命令查看 ServiceAccount:
+
+` kubectl get serviceaccount build-robot -o yaml`
+
+在 ServiceAccount API 对象中看不到 `build-robot-secret` Secret，
+[`.secrets`](/zh-cn/docs/reference/kubernetes-api/authentication-resources/service-account-v1/) 字段，
+因为该字段只会填充自动生成的 Secret。
+{{< /note >}}
 <!--
 ## Add ImagePullSecrets to a service account

--- a/content/zh-cn/docs/tasks/configure-pod-container/pull-image-private-registry.md
+++ b/content/zh-cn/docs/tasks/configure-pod-container/pull-image-private-registry.md
@ -66,7 +66,8 @@ docker login
 When prompted, enter your Docker ID, and then the credential you want to use (access token,
 or the password for your Docker ID).

-The login process creates or updates a `config.json` file that holds an authorization token. Review [how Kubernetes interprets this file](/docs/concepts/containers/images#config-json). 
+The login process creates or updates a `config.json` file that holds an authorization token.
+Review [how Kubernetes interprets this file](/docs/concepts/containers/images#config-json).

 View the `config.json` file:
 -->
@ -99,7 +100,9 @@ The output contains a section similar to this:
 {{< note >}}
 <!--
 If you use a Docker credentials store, you won't see that `auth` entry but a `credsStore` entry with the name of the store as value.
-In that case, you can create a secret directly. See [Create a Secret by providing credentials on the command line](#create-a-secret-by-providing-credentials-on-the-command-line).
+In that case, you can create a secret directly. 
+See [Create a Secret by providing credentials on the command line](#create-a-secret-by-providing-credentials-on-the-command-line).
+
 -->
 如果使用 Docker 凭据仓库，则不会看到 `auth` 条目，看到的将是以仓库名称作为值的 `credsStore` 条目。
 在这种情况下，你可以直接创建一个 Secret。
@ -353,9 +356,20 @@ kubectl get pod private-reg

 {{< note >}}
 <!--
-In case the Pod fails to start with the status `ImagePullBackOff`, view the Pod events:
+To use image pull secrets for a Pod (or a Deployment, or other object that
+has a pod template that you are using), you need to make sure that the appropriate
+Secret does exist in the right namespace. The namespace to use is the same
+namespace where you defined the Pod.
 -->
-如果 Pod 以状态 `ImagePullBackOff` 启动失败，查看 Pod 事件：
+要为 Pod（或 Deployment，或其他有 Pod 模板的对象）使用镜像拉取 Secret，
+你需要确保合适的 Secret 确实存在于正确的名字空间中。
+要使用的是你定义 Pod 时所用的名字空间。
+{{< /note >}}
+
+<!--
+Also, in case the Pod fails to start with the status `ImagePullBackOff`, view the Pod events:
+-->
+此外，如果 Pod 启动失败，状态为 `ImagePullBackOff`，查看 Pod 事件：

 ```shell
 kubectl describe pod private-reg
@ -383,8 +397,6 @@ Events:
  ...  FailedToRetrieveImagePullSecret  ...  Unable to retrieve some image pull secrets (<regcred>); attempting to pull the image may not succeed.
 ```

-{{< /note >}}
-
 ## {{% heading "whatsnext" %}}

 <!--