From 92d50115a0fc8910839f1f336ac939bca8ed7d7f Mon Sep 17 00:00:00 2001 From: XuzhengChang Date: Wed, 13 Jul 2022 18:29:04 +0800 Subject: [PATCH] [zh-cn]Fix wrong translation of authentication for extension apiserver --- .../docs/tasks/extend-kubernetes/configure-aggregation-layer.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/zh-cn/docs/tasks/extend-kubernetes/configure-aggregation-layer.md b/content/zh-cn/docs/tasks/extend-kubernetes/configure-aggregation-layer.md index 6c2f42129e..730a5392f6 100644 --- a/content/zh-cn/docs/tasks/extend-kubernetes/configure-aggregation-layer.md +++ b/content/zh-cn/docs/tasks/extend-kubernetes/configure-aggregation-layer.md @@ -289,7 +289,7 @@ The Kubernetes apiserver will use the files indicated by `--proxy-client-*-file` 1. The connection must be made using a client certificate that is signed by the CA whose certificate is in `--requestheader-client-ca-file`. 2. The connection must be made using a client certificate whose CN is one of those listed in `--requestheader-allowed-names`. **Note:** You can set this option to blank as `--requestheader-allowed-names=""`. This will indicate to an extension apiserver that _any_ CN is acceptable. --> -Kubernetes apiserver 将使用由 `--proxy-client-*-file` 指示的文件来验证扩展 apiserver。 +Kubernetes apiserver 将使用由 `--proxy-client-*-file` 指示的文件来向扩展 apiserver认证。 为了使合规的扩展 apiserver 能够将该请求视为有效,必须满足以下条件: 1. 连接必须使用由 CA 签署的客户端证书,该证书的证书位于 `--requestheader-client-ca-file` 中。