kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

sync encrypt-data kms-provider connect-applications-service 

Update encrypt-data.md

Update encrypt-data.md
pull/46455/head
xin gu 2024-05-19 20:17:39 +08:00
parent fa12882dbb
commit 59b9257dc0
3 changed files with 13 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
content/zh-cn/docs/tasks/administer-cluster/encrypt-data.md
View File

@ -1294,10 +1294,17 @@ API server.
<!-- <!--
To allow automatic reloading, configure the API server to run with: To allow automatic reloading, configure the API server to run with:
`--encryption-provider-config-automatic-reload=true` `--encryption-provider-config-automatic-reload=true`.
When enabled, file changes are polled every minute to observe the modifications.
The `apiserver_encryption_config_controller_automatic_reload_last_timestamp_seconds`
metric identifies when the new config becomes effective. This allows
encryption keys to be rotated without restarting the API server.
--> -->
要允许自动重新加载, 要允许自动重新加载,
可使用 `--encryption-provider-config-automatic-reload=true` 运行 API 服务器。 可使用 `--encryption-provider-config-automatic-reload=true` 运行 API 服务器。
该功能启用后,每分钟会轮询文件变化以监测修改情况。
`apiserver_encryption_config_controller_automatic_reload_last_timestamp_seconds` 指标用于标识新配置生效的时间。
这种设置可以在不重启 API 服务器的情况下轮换加密密钥。
## {{% heading "whatsnext" %}} ## {{% heading "whatsnext" %}}

8
content/zh-cn/docs/tasks/administer-cluster/kms-provider.md
View File

@ -540,12 +540,12 @@ defined in a CustomResourceDefinition, your cluster must be running Kubernetes v
providers: providers:
- kms: - kms:
name: myKmsPluginFoo name: myKmsPluginFoo
endpoint: unix:///tmp/socketfile.sock endpoint: unix:///tmp/socketfile-foo.sock
cachesize: 100 cachesize: 100
timeout: 3s timeout: 3s
- kms: - kms:
name: myKmsPluginBar name: myKmsPluginBar
endpoint: unix:///tmp/socketfile.sock endpoint: unix:///tmp/socketfile-bar.sock
cachesize: 100 cachesize: 100
timeout: 3s timeout: 3s
``` ```
@ -564,12 +564,12 @@ defined in a CustomResourceDefinition, your cluster must be running Kubernetes v
- kms: - kms:
apiVersion: v2 apiVersion: v2
name: myKmsPluginFoo name: myKmsPluginFoo
endpoint: unix:///tmp/socketfile.sock endpoint: unix:///tmp/socketfile-foo.sock
timeout: 3s timeout: 3s
- kms: - kms:
apiVersion: v2 apiVersion: v2
name: myKmsPluginBar name: myKmsPluginBar
endpoint: unix:///tmp/socketfile.sock endpoint: unix:///tmp/socketfile-bar.sock
timeout: 3s timeout: 3s
``` ```

2
content/zh-cn/docs/tutorials/services/connect-applications-service.md
View File

@ -185,7 +185,7 @@ As mentioned previously, a Service is backed by a group of Pods. These Pods are
exposed through exposed through
{{<glossary_tooltip term_id="endpoint-slice" text="EndpointSlices">}}. {{<glossary_tooltip term_id="endpoint-slice" text="EndpointSlices">}}.
The Service's selector will be evaluated continuously and the results will be POSTed The Service's selector will be evaluated continuously and the results will be POSTed
to an EndpointSlice that is connected to the Service using a to an EndpointSlice that is connected to the Service using
{{< glossary_tooltip text="labels" term_id="label" >}}. {{< glossary_tooltip text="labels" term_id="label" >}}.
When a Pod dies, it is automatically removed from the EndpointSlices that contain it When a Pod dies, it is automatically removed from the EndpointSlices that contain it
as an endpoint. New Pods that match the Service's selector will automatically get added as an endpoint. New Pods that match the Service's selector will automatically get added