kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #43838 from katcosgrove/merged-main-dev-1.29 

Merged main dev 1.29
pull/43870/head
Kubernetes Prow Robot 2023-11-07 00:31:04 +01:00 committed by GitHub
parent 9af50f2198 270468a15a
commit 6fde6637f2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
27 changed files with 727 additions and 409 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
content/en/docs/concepts/cluster-administration/addons.md
View File

@ -54,6 +54,9 @@ installation instructions. The list does not try to be exhaustive.
and bare metal workloads.
* [Flannel](https://github.com/flannel-io/flannel#deploying-flannel-manually) is
an overlay network provider that can be used with Kubernetes.
* [Gateway API](/docs/concepts/services-networking/gateway/) is an open source project managed by
the [SIG Network](https://github.com/kubernetes/community/tree/master/sig-network) community and
provides an expressive, extensible, and role-oriented API for modeling service networking.
* [Knitter](https://github.com/ZTE/Knitter/) is a plugin to support multiple network
interfaces in a Kubernetes pod.
* [Multus](https://github.com/k8snetworkplumbingwg/multus-cni) is a Multi plugin for

2
content/en/docs/concepts/services-networking/_index.md
View File

@ -54,6 +54,8 @@ Kubernetes networking addresses four concerns:
to be reachable from outside your cluster.
- [Ingress](/docs/concepts/services-networking/ingress/) provides extra functionality
specifically for exposing HTTP applications, websites and APIs.
- [Gateway API](/docs/concepts/services-networking/gateway/) is an {{<glossary_tooltip text="add-on" term_id="addons">}}
that provides an expressive, extensible, and role-oriented family of API kinds for modeling service networking.
- You can also use Services to
[publish services only for consumption inside your cluster](/docs/concepts/services-networking/service-traffic-policy/).

206
content/en/docs/concepts/services-networking/gateway.md Normal file
View File

@ -0,0 +1,206 @@
---
title: Gateway API
content_type: concept
description: >-
Gateway API is a family of API kinds that provide dynamic infrastructure provisioning
and advanced traffic routing.
weight: 55
---
<!-- overview -->
Make network services available by using an extensible, role-oriented, protocol-aware configuration
mechanism. [Gateway API](https://gateway-api.sigs.k8s.io/) is an {{<glossary_tooltip text="add-on" term_id="addons">}}
containing API [kinds](https://gateway-api.sigs.k8s.io/references/spec/) that provide dynamic infrastructure
provisioning and advanced traffic routing.
<!-- body -->
## Design principles
The following principles shaped the design and architecture of Gateway API:
* __Role-oriented:__ Gateway API kinds are modeled after organizational roles that are
responsible for managing Kubernetes service networking:
* __Infrastructure Provider:__ Manages infrastructure that allows multiple isolated clusters
to serve multiple tenants, e.g. a cloud provider.
* __Cluster Operator:__ Manages clusters and is typically concerned with policies, network
access, application permissions, etc.
* __Application Developer:__ Manages an application running in a cluster and is typically
concerned with application-level configuration and [Service](/docs/concepts/services-networking/service/)
composition.
* __Portable:__ Gateway API specifications are defined as [custom resources](docs/concepts/extend-kubernetes/api-extension/custom-resources)
and are supported by many [implementations](https://gateway-api.sigs.k8s.io/implementations/).
* __Expressive:__ Gateway API kinds support functionality for common traffic routing use cases
such as header-based matching, traffic weighting, and others that were only possible in
[Ingress](/docs/concepts/services-networking/ingress/) by using custom annotations.
* __Extensible:__ Gateway allows for custom resources to be linked at various layers of the API.
This makes granular customization possible at the appropriate places within the API structure.
## Resource model
Gateway API has three stable API kinds:
* __GatewayClass:__ Defines a set of gateways with common configuration and managed by a controller
that implements the class.
* __Gateway:__ Defines an instance of traffic handling infrastructure, such as cloud load balancer.
* __HTTPRoute:__ Defines HTTP-specific rules for mapping traffic from a Gateway listener to a
representation of backend network endpoints. These endpoints are often represented as a
{{<glossary_tooltip text="Service" term_id="service">}}.
Gateway API is organized into different API kinds that have interdependent relationships to support
the role-oriented nature of organizations. A Gateway object is associated with exactly one GatewayClass;
the GatewayClass describes the gateway controller responsible for managing Gateways of this class.
One or more route kinds such as HTTPRoute, are then associated to Gateways. A Gateway can filter the routes
that may be attached to its `listeners`, forming a bidirectional trust model with routes.
The following figure illustrates the relationships of the three stable Gateway API kinds:
{{< figure src="/docs/images/gateway-kind-relationships.svg" alt="A figure illustrating the relationships of the three stable Gateway API kinds" class="diagram-medium" >}}
### GatewayClass {#api-kind-gateway-class}
Gateways can be implemented by different controllers, often with different configurations. A Gateway
must reference a GatewayClass that contains the name of the controller that implements the
class.
A minimal GatewayClass example:
```yaml
apiVersion: gateway.networking.k8s.io/v1
kind: GatewayClass
metadata:
name: example-class
spec:
controllerName: example.com/gateway-controller
```
In this example, a controller that has implemented Gateway API is configured to manage GatewayClasses
with the controller name `example.com/gateway-controller`. Gateways of this class will be managed by
the implementation's controller.
See the [GatewayClass](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1.GatewayClass)
reference for a full definition of this API kind.
### Gateway {#api-kind-gateway}
A Gateway describes an instance of traffic handling infrastructure. It defines a network endpoint
that can be used for processing traffic, i.e. filtering, balancing, splitting, etc. for backends
such as a Service. For example, a Gateway may represent a cloud load balancer or an in-cluster proxy
server that is configured to accept HTTP traffic.
A minimal Gateway resource example:
```yaml
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: example-gateway
spec:
gatewayClassName: example-class
listeners:
- name: http
protocol: HTTP
port: 80
```
In this example, an instance of traffic handling infrastructure is programmed to listen for HTTP
traffic on port 80. Since the `addresses` field is unspecified, an address or hostname is assigned
to the Gateway by the implementation's controller. This address is used as a network endpoint for
processing traffic of backend network endpoints defined in routes.
See the [Gateway](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1.Gateway)
reference for a full definition of this API kind.
### HTTPRoute {#api-kind-httproute}
The HTTPRoute kind specifies routing behavior of HTTP requests from a Gateway listener to backend network
endpoints. For a Service backend, an implementation may represent the backend network endpoint as a Service
IP or the backing Endpoints of the Service. An HTTPRoute represents configuration that is applied to the
underlying Gateway implementation. For example, defining a new HTTPRoute may result in configuring additional
traffic routes in a cloud load balancer or in-cluster proxy server.
A minimal HTTPRoute example:
```yaml
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: example-httproute
spec:
parentRefs:
- name: example-gateway
hostnames:
- "www.example.com"
rules:
- matches:
- path:
type: PathPrefix
value: /login
backendRefs:
- name: example-svc
port: 8080
```
In this example, HTTP traffic from Gateway `example-gateway` with the Host: header set to `www.example.com`
and the request path specified as `/login` will be routed to Service `example-svc` on port `8080`.
See the [HTTPRoute](https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1.HTTPRoute)
reference for a full definition of this API kind.
## Request flow
Here is a simple example of HTTP traffic being routed to a Service by using a Gateway and an HTTPRoute:
{{< figure src="/docs/images/gateway-request-flow.svg" alt="A diagram that provides an example of HTTP traffic being routed to a Service by using a Gateway and an HTTPRoute" class="diagram-medium" >}}
In this example, the request flow for a Gateway implemented as a reverse proxy is:
1. The client starts to prepare an HTTP request for the URL `http://www.example.com`
2. The client's DNS resolver queries for the destination name and learns a mapping to
one or more IP addresses associated with the Gateway.
3. The client sends a request to the Gateway IP address; the reverse proxy receives the HTTP
request and uses the Host: header to match a configuration that was derived from the Gateway
and attached HTTPRoute.
4. Optionally, the reverse proxy can perform request header and/or path matching based
on match rules of the HTTPRoute.
5. Optionally, the reverse proxy can modify the request; for example, to add or remove headers,
based on filter rules of the HTTPRoute.
6. Lastly, the reverse proxy forwards the request to one or more backends.
## Conformance
Gateway API covers a broad set of features and is widely implemented. This combination requires
clear conformance definitions and tests to ensure that the API provides a consistent experience
wherever it is used.
See the [conformance](https://gateway-api.sigs.k8s.io/concepts/conformance/) documentation to
understand details such as release channels, support levels, and running conformance tests.
## Migrating from Ingress
Gateway API is the successor to the [Ingress](/docs/concepts/services-networking/ingress/) API.
However, it does not include the Ingress kind. As a result, a one-time conversion from your existing
Ingress resources to Gateway API resources is necessary.
Refer to the [ingress migration](https://gateway-api.sigs.k8s.io/guides/migrating-from-ingress/#migrating-from-ingress)
guide for details on migrating Ingress resources to Gateway API resources.
## {{% heading "whatsnext" %}}
Instead of Gateway API resources being natively implemented by Kubernetes, the specifications
are defined as [Custom Resources](docs/concepts/extend-kubernetes/api-extension/custom-resources)
supported by a wide range of [implementations](https://gateway-api.sigs.k8s.io/implementations/).
[Install](https://gateway-api.sigs.k8s.io/guides/#installing-gateway-api) the Gateway API CRDs or
follow the installation instructions of your selected implementation. After installing an
implementation, use the [Getting Started](https://gateway-api.sigs.k8s.io/guides/) guide to help
you quickly start working with Gateway API.
{{< note >}}
Make sure to review the documentation of your selected implementation to understand any caveats.
{{< /note >}}
Refer to the [API specification](https://gateway-api.sigs.k8s.io/reference/spec/) for additional
details of all Gateway API kinds.

4
content/en/docs/concepts/services-networking/ingress.md
View File

@ -15,6 +15,10 @@ weight: 30
{{< feature-state for_k8s_version="v1.19" state="stable" >}}
{{< glossary_definition term_id="ingress" length="all" >}}
{{< note >}}
Ingress is frozen. New features are being added to the [Gateway API](/docs/concepts/services-networking/gateway/).
{{< /note >}}
<!-- body -->
## Terminology

2
content/en/docs/concepts/services-networking/service.md
View File

@ -1027,7 +1027,7 @@ Learn more about Services and how they fit into Kubernetes:
* Read about [Ingress](/docs/concepts/services-networking/ingress/), which
exposes HTTP and HTTPS routes from outside the cluster to Services within
your cluster.
* Read about [Gateway](https://gateway-api.sigs.k8s.io/), an extension to
* Read about [Gateway](/docs/concepts/services-networking/gateway/), an extension to
Kubernetes that provides more flexibility than Ingress.
For more context, read the following:

22
content/en/docs/concepts/storage/volumes.md
View File

@ -222,9 +222,8 @@ to learn more.
### emptyDir {#emptydir}
An `emptyDir` volume is first created when a Pod is assigned to a node, and
exists as long as that Pod is running on that node. As the name says, the
`emptyDir` volume is initially empty. All containers in the Pod can read and write the same
For a Pod that defines an `emptyDir` volume, the volume is created when the Pod is assigned to a node.
As the name says, the `emptyDir` volume is initially empty. All containers in the Pod can read and write the same
files in the `emptyDir` volume, though that volume can be mounted at the same
or different paths in each container. When a Pod is removed from a node for
any reason, the data in the `emptyDir` is deleted permanently.
@ -1235,24 +1234,7 @@ in `Container.volumeMounts`. Its values are:
(unmounted) by the containers on termination.
{{< /warning >}}
### Configuration
Before mount propagation can work properly on some deployments (CoreOS,
RedHat/Centos, Ubuntu) mount share must be configured correctly in
Docker as shown below.
Edit your Docker's `systemd` service file. Set `MountFlags` as follows:
```shell
MountFlags=shared
```
Or, remove `MountFlags=slave` if present. Then restart the Docker daemon:
```shell
sudo systemctl daemon-reload
sudo systemctl restart docker
```
## {{% heading "whatsnext" %}}

1
content/en/docs/images/gateway-kind-relationships.svg Normal file
View File

File diff suppressed because one or more lines are too long
Side by Side

After

Width:  |  Height:  |  Size: 6.6 KiB

1
content/en/docs/images/gateway-request-flow.svg Normal file
View File

File diff suppressed because one or more lines are too long
Side by Side

After

Width:  |  Height:  |  Size: 32 KiB

20
content/en/docs/reference/glossary/gateway.md Normal file
View File

@ -0,0 +1,20 @@
---
title: Gateway API
id: gateway-api
date: 2023-10-19
full_link: /docs/concepts/services-networking/gateway/
short_description: >
An API for modeling service networking in Kubernetes.
aka:
tags:
- networking
- architecture
- extension
---
A family of API kinds for modeling service networking in Kubernetes.
<!--more-->
Gateway API provides a family of extensible, role-oriented, protocol-aware
API kinds for modeling service networking in Kubernetes.

11
content/en/docs/reference/using-api/server-side-apply.md
View File

@ -214,17 +214,6 @@ Here's an example of a Server-Side Apply message body (fully specified intent):
of a **patch** request to a valid `v1/configmaps` resource, and with the
appropriate request `Content-Type`).
## Server-Side Apply for custom resources {#custom-resources}
By default, Server-Side Apply treats
{{< glossary_tooltip term_id="CustomResourceDefinition" text="custom resources" >}}
as unstructured data. All keys are treated the same as if they were struct fields for
a built-in API, and all lists are considered atomic.
If the CustomResourceDefinition defines a
[schema](/docs/reference/kubernetes-api/extend-resources/custom-resource-definition-v1/#JSONSchemaProps)
that contains annotations as defined in [Merge strategy](#merge-strategy),
then these annotations will be used when merging objects of this type.
## Operations in scope for field management {#apply-and-update}

2
content/es/_index.html
View File

@ -4,6 +4,8 @@ abstract: "Automatización del despliegue, escalado y administración de contene
cid: home
---
{{< site-searchbar >}}
{{< blocks/section id="oceanNodes" >}}
{{% blocks/feature image="flower" %}}
### Kubernetes (K8s) es una plataforma de código abierto para automatizar la implementación, el escalado y la administración de aplicaciones en contenedores.

1
content/pt-br/_index.html
View File

@ -4,6 +4,7 @@ abstract: "Implantação, dimensionamento e gerenciamento automatizado de contê
cid: home
---
{{< site-searchbar >}}
{{< blocks/section id="oceanNodes" >}}
{{% blocks/feature image="flower" %}}

2
content/zh-cn/docs/reference/access-authn-authz/certificate-signing-requests.md
View File

@ -878,7 +878,7 @@ O is the group that this user will belong to. You can refer to
```shell
openssl genrsa -out myuser.key 2048
openssl req -new -key myuser.key -out myuser.csr
openssl req -new -key myuser.key -out myuser.csr -subj "/CN=myuser"
```
<!--

37
content/zh-cn/docs/reference/access-authn-authz/validating-admission-policy.md
View File

@ -551,47 +551,10 @@ CEL 表达式可以访问按 CEL 变量来组织的 Admission 请求/响应的
<!--
The `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from
the root of the object. No other metadata properties are accessible.
Only property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible.
Accessible property names are escaped according to the following rules when accessed in the
expression:
-->
总是可以从对象的根访问的属性有 `apiVersion`、`kind`、`metadata.name` 和 `metadata.generateName`
其他元数据属性不能访问。
只有符合 `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` 形式的属性名称是可访问的。
可访问的属性名称在表达式中被访问时,根据以下规则进行转义:
| 转义序列 | 属性名称等效 |
| ----------------------- | -----------------------|
| `__underscores__` | `__` |
| `__dot__` | `.` |
| `__dash__` | `-` |
| `__slash__` | `/` |
| `__{keyword}__` | [CEL 保留关键字](https://github.com/google/cel-spec/blob/v0.6.0/doc/langdef.md#syntax) |
{{< note >}}
<!--
A **CEL reserved** keyword only needs to be escaped if the token is an exact match
for the reserved keyword.
For example, `int` in the word “sprint” would not be escaped.
-->
**CEL 保留**关键字仅在字符串与保留关键字完全匹配时才需要转义。
例如,单词 “sprint” 中的 `int` 不需要被转义。
{{< /note >}}
<!--
Examples on escaping:
-->
转义示例:
| 属性名 | 具有转义属性名称的规则 |
| ----------- | --------------------------------- |
| namespace | `self.__namespace__ > 0` |
| x-prop | `self.x__dash__prop > 0` |
| redact\_\_d | `self.redact__underscores__d > 0` |
| string | `self.startsWith('kube')` |
<!--
Equality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1].
Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type:

18
content/zh-cn/docs/reference/command-line-tools-reference/feature-gates.md
View File

@ -234,7 +234,7 @@ For a reference to old feature gates that are removed, please refer to
| `SELinuxMountReadWriteOncePod` | `false` | Alpha | 1.25 | 1.26 |
| `SELinuxMountReadWriteOncePod` | `false` | Beta | 1.27 | 1.27 |
| `SELinuxMountReadWriteOncePod` | `true` | Beta | 1.28 | |
| `SchedulerQueueingHints` | `false` | Alpha | 1.28 | |
| `SchedulerQueueingHints` | `true` | Beta | 1.28 | |
| `SecurityContextDeny` | `false` | Alpha | 1.27 | |
| `ServiceNodePortStaticSubrange` | `false` | Alpha | 1.27 | 1.27 |
| `ServiceNodePortStaticSubrange` | `true` | Beta | 1.28 | |
@ -1252,17 +1252,19 @@ Each feature gate is designed for enabling/disabling a specific feature:
- `SELinuxMountReadWriteOncePod`: Speeds up container startup by allowing kubelet to mount volumes
for a Pod directly with the correct SELinux label instead of changing each file on the volumes
recursively. The initial implementation focused on ReadWriteOncePod volumes.
- `SchedulerQueueingHints`: Enables the scheduler's _queueing hints_ enhancement,
- `SchedulerQueueingHints`: Enables [the scheduler's _queueing hints_ enhancement](https://github.com/kubernetes/enhancements/blob/master/keps/sig-scheduling/4247-queueinghint/README.md),
which benefits to reduce the useless requeueing.
- `SeccompDefault`: Enables the use of `RuntimeDefault` as the default seccomp profile
for all workloads.
The seccomp profile is specified in the `securityContext` of a Pod and/or a Container.
The scheduler retries scheduling pods if something changes in the cluster that could make the pod scheduled.
Queueing hints are internal signals that allow the scheduler to filter the changes in the cluster
that are relevant to the unscheduled pod, based on previous scheduling attempts.
-->
- `SELinuxMountReadWriteOncePod`:通过允许 kubelet 直接用正确的 SELinux
标签为 Pod 挂载卷而不是以递归方式更改这些卷上的每个文件来加速容器启动。最初的实现侧重 ReadWriteOncePod 卷。
- `SchedulerQueueingHints`:启用调度器的**排队提示**增强功能,有助于减少无效的重新排队。
- `SeccompDefault`: 允许将所有工作负载的默认 seccomp 配置文件为 `RuntimeDefault`
seccomp 配置在 Pod 或者容器的 `securityContext` 字段中指定。
- `SchedulerQueueingHints`:启用[调度器的**排队提示**增强功能](https://github.com/kubernetes/enhancements/blob/master/keps/sig-scheduling/4247-queueinghint/README.md)
有助于减少无效的重新排队。调度器会在集群中发生可能导致 Pod 被重新调度的变化时,
尝试重新进行 Pod 的调度。排队提示是一些内部信号,
用于帮助调度器基于先前的调度尝试来筛选集群中与未调度的 Pod 相关的变化。
<!--
- `SecurityContextDeny`: This gate signals that the `SecurityContextDeny` admission controller is deprecated.
- `ServerSideApply`: Enables the [Sever Side Apply (SSA)](/docs/reference/using-api/server-side-apply/)

530
content/zh-cn/docs/reference/config-api/kube-proxy-config.v1alpha1.md
View File

@ -18,6 +18,260 @@ auto_generated: true
- [KubeProxyConfiguration](#kubeproxy-config-k8s-io-v1alpha1-KubeProxyConfiguration)
## `ClientConnectionConfiguration` {#ClientConnectionConfiguration}
<!--
**Appears in:**
-->
**出现在:**
- [KubeProxyConfiguration](#kubeproxy-config-k8s-io-v1alpha1-KubeProxyConfiguration)
- [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1beta3-KubeSchedulerConfiguration)
- [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1-KubeSchedulerConfiguration)
- [GenericControllerManagerConfiguration](#controllermanager-config-k8s-io-v1alpha1-GenericControllerManagerConfiguration)
<!--
ClientConnectionConfiguration contains details for constructing a client.
-->
ClientConnectionConfiguration 包含构造客户端所需要的细节信息。
<table class="table">
<thead><tr><th width="30%"><!--Field-->字段</th><th><!--Description-->描述</th></tr></thead>
<tbody>
<tr><td><code>kubeconfig</code> <B><!--[Required]-->[必需]</B><br/>
<code>string</code>
</td>
<td>
<!--
kubeconfig is the path to a KubeConfig file.
-->
<p><code>kubeconfig</code> 字段是指向一个 KubeConfig 文件的路径。</p>
</td>
</tr>
<tr><td><code>acceptContentTypes</code> <B><!--[Required]-->[必需]</B><br/>
<code>string</code>
</td>
<td>
<!--
acceptContentTypes defines the Accept header sent by clients when connecting to a server, overriding the
default value of 'application/json'. This field will control all connections to the server used by a particular client.
-->
<p><code>acceptContentTypes</code> 字段定义客户端在连接到服务器时所发送的 Accept 头部字段。
此设置值会覆盖默认配置 'application/json'。
此字段会控制某特定客户端与指定服务器的所有链接。</p>
</td>
</tr>
<tr><td><code>contentType</code> <B><!--[Required]-->[必需]</B><br/>
<code>string</code>
</td>
<td>
<!--
contentType is the content type used when sending data to the server from this client.
-->
<p><code>contentType</code> 字段是从此客户端向服务器发送数据时使用的内容类型Content Type</p>
</td>
</tr>
<tr><td><code>qps</code> <B><!--[Required]-->[必需]</B><br/>
<code>float32</code>
</td>
<td>
<!--
qps controls the number of queries per second allowed for this connection.
-->
<p><code>qps</code> 字段控制此连接上每秒钟可以发送的查询请求个数。</p>
</td>
</tr>
<tr><td><code>burst</code> <B><!--[Required]-->[必需]</B><br/>
<code>int32</code>
</td>
<td>
<!--
burst allows extra queries to accumulate when a client is exceeding its rate.
-->
<p><code>burst</code> 字段允许客户端超出其速率限制时可以临时累积的额外查询个数。</p>
</td>
</tr>
</tbody>
</table>
## `DebuggingConfiguration` {#DebuggingConfiguration}
<!--
**Appears in:**
-->
**出现在:**
- [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1beta3-KubeSchedulerConfiguration)
- [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1-KubeSchedulerConfiguration)
- [GenericControllerManagerConfiguration](#controllermanager-config-k8s-io-v1alpha1-GenericControllerManagerConfiguration)
<!--
DebuggingConfiguration holds configuration for Debugging related features.
-->
DebuggingConfiguration 包含调试相关功能的配置。
<table class="table">
<thead><tr><th width="30%"><!--Field-->字段</th><th><!--Description-->描述</th></tr></thead>
<tbody>
<tr><td><code>enableProfiling</code> <B>[Required]</B><br/>
<code>bool</code>
</td>
<td>
<!--
enableProfiling enables profiling via web interface host:port/debug/pprof/
-->
<p><code>enableProfiling</code> 字段通过位于 <code>host:port/debug/pprof/</code>
的 Web 接口启用性能分析。</p>
</td>
</tr>
<tr><td><code>enableContentionProfiling</code> <B>[Required]</B><br/>
<code>bool</code>
</td>
<td>
<!--
enableContentionProfiling enables block profiling, if
enableProfiling is true.
-->
<p><code>enableContentionProfiling</code> 字段在 <code>enableProfiling</code>
为 true 时启用阻塞分析。</p>
</td>
</tr>
</tbody>
</table>
## `LeaderElectionConfiguration` {#LeaderElectionConfiguration}
<!--
**Appears in:**
-->
**出现在:**
- [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1beta3-KubeSchedulerConfiguration)
- [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1-KubeSchedulerConfiguration)
- [GenericControllerManagerConfiguration](#controllermanager-config-k8s-io-v1alpha1-GenericControllerManagerConfiguration)
<!--
LeaderElectionConfiguration defines the configuration of leader election
clients for components that can run with leader election enabled.
-->
LeaderElectionConfiguration 为能够支持领导者选举的组件定义其领导者选举客户端的配置。
<table class="table">
<thead><tr><th width="30%"><!--Field-->字段</th><th><!--Description-->描述</th></tr></thead>
<tbody>
<tr><td><code>leaderElect</code> <B><!--[Required]-->[必需]</B><br/>
<code>bool</code>
</td>
<td>
<!--
leaderElect enables a leader election client to gain leadership
before executing the main loop. Enable this when running replicated
components for high availability.
-->
<p>
<code>leaderElect</code> 字段允许领导者选举客户端在进入主循环执行之前先获得领导者角色。
运行多副本组件时启用此功能有助于提高可用性。
</p>
</td>
</tr>
<tr><td><code>leaseDuration</code> <B><!--[Required]-->[必需]</B><br/>
<a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
</td>
<td>
<!--
leaseDuration is the duration that non-leader candidates will wait
after observing a leadership renewal until attempting to acquire
leadership of a led but unrenewed leader slot. This is effectively the
maximum duration that a leader can be stopped before it is replaced
by another candidate. This is only applicable if leader election is
enabled.
-->
<p>
<code>leaseDuration</code> 字段是非领导角色候选者在观察到需要领导席位更新时要等待的时间;
只有经过所设置时长才可以尝试去获得一个仍处于领导状态但需要被刷新的席位。
这里的设置值本质上意味着某个领导者在被另一个候选者替换掉之前可以停止运行的最长时长。
只有当启用了领导者选举时此字段有意义。
</p>
</td>
</tr>
<tr><td><code>renewDeadline</code> <B><!--[Required]-->[必需]</B><br/>
<a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
</td>
<td>
<!--
renewDeadline is the interval between attempts by the acting master to
renew a leadership slot before it stops leading. This must be less
than or equal to the lease duration. This is only applicable if leader
election is enabled.
-->
<p>
<code>renewDeadline</code> 字段设置的是当前领导者在停止扮演领导角色之前需要刷新领导状态的时间间隔。
此值必须小于或等于租约期限的长度。只有到启用了领导者选举时此字段才有意义。
</p>
</td>
</tr>
<tr><td><code>retryPeriod</code> <B><!--[Required]-->[必需]</B><br/>
<a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
</td>
<td>
<!--
retryPeriod is the duration the clients should wait between attempting
acquisition and renewal of a leadership. This is only applicable if
leader election is enabled.
-->
<p>
<code>retryPeriod</code> 字段是客户端在连续两次尝试获得或者刷新领导状态之间需要等待的时长。
只有当启用了领导者选举时此字段才有意义。
</p>
</td>
</tr>
<tr><td><code>resourceLock</code> <B><!--[Required]-->[必需]</B><br/>
<code>string</code>
</td>
<td>
<!--
resourceLock indicates the resource object type that will be used to lock
during leader election cycles.
-->
<p><code>resourceLock</code> 字段给出在领导者选举期间要作为锁来使用的资源对象类型。</p>
</td>
</tr>
<tr><td><code>resourceName</code> <B><!--[Required]-->[必需]</B><br/>
<code>string</code>
</td>
<td>
<!--
resourceName indicates the name of resource object that will be used to lock
during leader election cycles.
-->
<p><code>resourceName</code> 字段给出在领导者选举期间要作为锁来使用的资源对象名称。</p>
</td>
</tr>
<tr><td><code>resourceNamespace</code> <B><!--[Required]-->[必需]</B><br/>
<code>string</code>
</td>
<td>
<!--
resourceNamespace indicates the namespace of resource object that will be used to lock
during leader election cycles.
-->
<p><code>resourceNamespace</code> 字段给出在领导者选举期间要作为锁来使用的资源对象所在名字空间。</p>
</td>
</tr>
</tbody>
</table>
## `KubeProxyConfiguration` {#kubeproxy-config-k8s-io-v1alpha1-KubeProxyConfiguration}
<!--
@ -280,6 +534,21 @@ DetectLocal contains optional configuration settings related to DetectLocalMode.
<p><code>detectLocal</code> 字段包含与 DetectLocalMode 相关的可选配置设置。</p>
</td>
</tr>
<tr><td><code>logging</code> <B><!--[Required]-->[必需]</B><br/>
<a href="#LoggingConfiguration"><code>LoggingConfiguration</code></a>
</td>
<td>
<!--
logging specifies the options of logging.
Refer to <a href="https://github.com/kubernetes/component-base/blob/master/logs/options.go">Logs Options</a>
for more information.
-->
<p><code>logging</code> 字段指定记录日志的选项。更多细节参阅
<a href="https://github.com/kubernetes/component-base/blob/master/logs/options.go">Logs Options</a></p>
</td>
</tr>
</tbody>
</table>
@ -724,264 +993,3 @@ will exit with an error.
-->
<p>如果代理模式未被指定,将使用最佳可用的代理模式(目前在 Linux 上是 <code>iptables</code>,在 Windows 上是 <code>kernelspace</code>)。
如果不能使用选定的代理模式(由于缺少内核支持、缺少用户空间组件等),则 kube-proxy 将出错并退出。</p>
## `ClientConnectionConfiguration` {#ClientConnectionConfiguration}
<!--
**Appears in:**
-->
**出现在:**
- [KubeProxyConfiguration](#kubeproxy-config-k8s-io-v1alpha1-KubeProxyConfiguration)
- [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1beta2-KubeSchedulerConfiguration)
- [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1beta3-KubeSchedulerConfiguration)
- [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1-KubeSchedulerConfiguration)
- [GenericControllerManagerConfiguration](#controllermanager-config-k8s-io-v1alpha1-GenericControllerManagerConfiguration)
<!--
ClientConnectionConfiguration contains details for constructing a client.
-->
ClientConnectionConfiguration 包含构造客户端所需要的细节信息。
<table class="table">
<thead><tr><th width="30%"><!--Field-->字段</th><th><!--Description-->描述</th></tr></thead>
<tbody>
<tr><td><code>kubeconfig</code> <B><!--[Required]-->[必需]</B><br/>
<code>string</code>
</td>
<td>
<!--
kubeconfig is the path to a KubeConfig file.
-->
<p><code>kubeconfig</code> 字段是指向一个 KubeConfig 文件的路径。</p>
</td>
</tr>
<tr><td><code>acceptContentTypes</code> <B><!--[Required]-->[必需]</B><br/>
<code>string</code>
</td>
<td>
<!--
acceptContentTypes defines the Accept header sent by clients when connecting to a server, overriding the
default value of 'application/json'. This field will control all connections to the server used by a particular client.
-->
<p><code>acceptContentTypes</code> 字段定义客户端在连接到服务器时所发送的 Accept 头部字段。
此设置值会覆盖默认配置 'application/json'。
此字段会控制某特定客户端与指定服务器的所有链接。</p>
</td>
</tr>
<tr><td><code>contentType</code> <B><!--[Required]-->[必需]</B><br/>
<code>string</code>
</td>
<td>
<!--
contentType is the content type used when sending data to the server from this client.
-->
<p><code>contentType</code> 字段是从此客户端向服务器发送数据时使用的内容类型Content Type</p>
</td>
</tr>
<tr><td><code>qps</code> <B><!--[Required]-->[必需]</B><br/>
<code>float32</code>
</td>
<td>
<!--
qps controls the number of queries per second allowed for this connection.
-->
<p><code>qps</code> 字段控制此连接上每秒钟可以发送的查询请求个数。</p>
</td>
</tr>
<tr><td><code>burst</code> <B><!--[Required]-->[必需]</B><br/>
<code>int32</code>
</td>
<td>
<!--
burst allows extra queries to accumulate when a client is exceeding its rate.
-->
<p><code>burst</code> 字段允许客户端超出其速率限制时可以临时累积的额外查询个数。</p>
</td>
</tr>
</tbody>
</table>
## `DebuggingConfiguration` {#DebuggingConfiguration}
<!--
**Appears in:**
-->
**出现在:**
- [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1beta2-KubeSchedulerConfiguration)
- [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1beta3-KubeSchedulerConfiguration)
- [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1-KubeSchedulerConfiguration)
- [GenericControllerManagerConfiguration](#controllermanager-config-k8s-io-v1alpha1-GenericControllerManagerConfiguration)
<!--
DebuggingConfiguration holds configuration for Debugging related features.
-->
DebuggingConfiguration 包含调试相关功能的配置。
<table class="table">
<thead><tr><th width="30%"><!--Field-->字段</th><th><!--Description-->描述</th></tr></thead>
<tbody>
<tr><td><code>enableProfiling</code> <B>[Required]</B><br/>
<code>bool</code>
</td>
<td>
<!--
enableProfiling enables profiling via web interface host:port/debug/pprof/
-->
<p><code>enableProfiling</code> 字段通过位于 <code>host:port/debug/pprof/</code>
的 Web 接口启用性能分析。</p>
</td>
</tr>
<tr><td><code>enableContentionProfiling</code> <B>[Required]</B><br/>
<code>bool</code>
</td>
<td>
<!--
enableContentionProfiling enables lock c
enableProfiling is true.
-->
<p><code>enableContentionProfiling</code> 字段在 <code>enableProfiling</code>
为 true 时启用阻塞分析。</p>
</td>
</tr>
</tbody>
</table>
## `LeaderElectionConfiguration` {#LeaderElectionConfiguration}
<!--
**Appears in:**
-->
**出现在:**
- [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1beta2-KubeSchedulerConfiguration)
- [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1beta3-KubeSchedulerConfiguration)
- [KubeSchedulerConfiguration](#kubescheduler-config-k8s-io-v1-KubeSchedulerConfiguration)
- [GenericControllerManagerConfiguration](#controllermanager-config-k8s-io-v1alpha1-GenericControllerManagerConfiguration)
<!--
LeaderElectionConfiguration defines the configuration of leader election
clients for components that can run with leader election enabled.
-->
LeaderElectionConfiguration 为能够支持领导者选举的组件定义其领导者选举客户端的配置。
<table class="table">
<thead><tr><th width="30%"><!--Field-->字段</th><th><!--Description-->描述</th></tr></thead>
<tbody>
<tr><td><code>leaderElect</code> <B><!--[Required]-->[必需]</B><br/>
<code>bool</code>
</td>
<td>
<!--
leaderElect enables a leader election client to gain leadership
before executing the main loop. Enable this when running replicated
components for high availability.
-->
<p>
<code>leaderElect</code> 字段允许领导者选举客户端在进入主循环执行之前先获得领导者角色。
运行多副本组件时启用此功能有助于提高可用性。
</p>
</td>
</tr>
<tr><td><code>leaseDuration</code> <B><!--[Required]-->[必需]</B><br/>
<a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
</td>
<td>
<!--
leaseDuration is the duration that non-leader candidates will wait
after observing a leadership renewal until attempting to acquire
leadership of a led but unrenewed leader slot. This is effectively the
maximum duration that a leader can be stopped before it is replaced
by another candidate. This is only applicable if leader election is
enabled.
-->
<p>
<code>leaseDuration</code> 字段是非领导角色候选者在观察到需要领导席位更新时要等待的时间;
只有经过所设置时长才可以尝试去获得一个仍处于领导状态但需要被刷新的席位。
这里的设置值本质上意味着某个领导者在被另一个候选者替换掉之前可以停止运行的最长时长。
只有当启用了领导者选举时此字段有意义。
</p>
</td>
</tr>
<tr><td><code>renewDeadline</code> <B><!--[Required]-->[必需]</B><br/>
<a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
</td>
<td>
<!--
renewDeadline is the interval between attempts by the acting master to
renew a leadership slot before it stops leading. This must be less
than or equal to the lease duration. This is only applicable if leader
election is enabled.
-->
<p>
<code>renewDeadline</code> 字段设置的是当前领导者在停止扮演领导角色之前需要刷新领导状态的时间间隔。
此值必须小于或等于租约期限的长度。只有到启用了领导者选举时此字段才有意义。
</p>
</td>
</tr>
<tr><td><code>retryPeriod</code> <B><!--[Required]-->[必需]</B><br/>
<a href="https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration"><code>meta/v1.Duration</code></a>
</td>
<td>
<!--
retryPeriod is the duration the clients should wait between attempting
acquisition and renewal of a leadership. This is only applicable if
leader election is enabled.
-->
<p>
<code>retryPeriod</code> 字段是客户端在连续两次尝试获得或者刷新领导状态之间需要等待的时长。
只有当启用了领导者选举时此字段才有意义。
</p>
</td>
</tr>
<tr><td><code>resourceLock</code> <B><!--[Required]-->[必需]</B><br/>
<code>string</code>
</td>
<td>
<!--
resourceLock indicates the resource object type that will be used to lock
during leader election cycles.
-->
<p><code>resourceLock</code> 字段给出在领导者选举期间要作为锁来使用的资源对象类型。</p>
</td>
</tr>
<tr><td><code>resourceName</code> <B><!--[Required]-->[必需]</B><br/>
<code>string</code>
</td>
<td>
<!--
resourceName indicates the name of resource object that will be used to lock
during leader election cycles.
-->
<p><code>resourceName</code> 字段给出在领导者选举期间要作为锁来使用的资源对象名称。</p>
</td>
</tr>
<tr><td><code>resourceNamespace</code> <B><!--[Required]-->[必需]</B><br/>
<code>string</code>
</td>
<td>
<!--
resourceNamespace indicates the namespace of resource object that will be used to lock
during leader election cycles.
-->
<p><code>resourceNamespace</code> 字段给出在领导者选举期间要作为锁来使用的资源对象所在名字空间。</p>
</td>
</tr>
</tbody>
</table>

2
content/zh-cn/docs/reference/config-api/kubeadm-config.v1beta3.md
View File

@ -843,7 +843,7 @@ uploaded in a Secret in the cluster during the <code>uploadcerts init</code> pha
The list of phases can be obtained with the <code>kubeadm init --help</code> command.
The flag &quot;--skip-phases&quot; takes precedence over this field.</p>
-->
<p><code>skipPhases</code> 是命令执行过程中略过的阶段Phases
<p><code>skipPhases</code> 是命令执行过程中略过的阶段Phases
通过执行命令 <code>kubeadm init --help</code> 可以获得阶段的列表。
参数标志 &quot;--skip-phases&quot; 优先于此字段的设置。</p>
</td>

4
content/zh-cn/docs/reference/glossary/container-runtime-interface.md
View File

@ -33,11 +33,11 @@ The main protocol for the communication between the {{< glossary_tooltip text="k
<!--
The Kubernetes Container Runtime Interface (CRI) defines the main
[gRPC](https://grpc.io) protocol for the communication between the
[cluster components](/docs/concepts/overview/components/#node-components)
[node components](/docs/concepts/overview/components/#node-components)
{{< glossary_tooltip text="kubelet" term_id="kubelet" >}} and
{{< glossary_tooltip text="container runtime" term_id="container-runtime" >}}.
-->
Kubernetes 容器运行时接口Container Runtime InterfaceCRI定义了主要 [gRPC](https://grpc.io) 协议,
用于[集群组件](/zh-cn/docs/concepts/overview/components/#node-components)
用于[节点组件](/zh-cn/docs/concepts/overview/components/#node-components)
{{< glossary_tooltip text="kubelet" term_id="kubelet" >}}
和{{< glossary_tooltip text="容器运行时" term_id="container-runtime" >}}之间的通信。

10
content/zh-cn/docs/reference/kubectl/cheatsheet.md
View File

@ -378,7 +378,7 @@ kubectl get pods --field-selector=status.phase=Running
kubectl get nodes -o jsonpath='{.items[*].status.addresses[?(@.type=="ExternalIP")].address}'
# List Names of Pods that belong to Particular RC
# "jq" command useful for transformations that are too complex for jsonpath, it can be found at https://stedolan.github.io/jq/
# "jq" command useful for transformations that are too complex for jsonpath, it can be found at https://jqlang.github.io/jq/
sel=${$(kubectl get rc my-rc --output=json | jq -j '.spec.selector | to_entries | .[] | "\(.key)=\(.value),"')%?}
echo $(kubectl get pods --selector=$sel --output=jsonpath={.items..metadata.name})
@ -389,6 +389,9 @@ kubectl get pods --show-labels
JSONPATH='{range .items[*]}{@.metadata.name}:{range @.status.conditions[*]}{@.type}={@.status};{end}{end}' \
&& kubectl get nodes -o jsonpath="$JSONPATH" | grep "Ready=True"
# Check which nodes are ready with custom-columns
kubectl get node -o custom-columns='NODE_NAME:.metadata.name,STATUS:.status.conditions[?(@.type=="Ready")].status'
# Output decoded secrets without external tools
kubectl get secret my-secret -o go-template='{{range $k,$v := .data}}{{"### "}}{{$k}}{{"\n"}}{{$v|base64decode}}{{"\n\n"}}{{end}}'
@ -466,7 +469,7 @@ kubectl get pods --field-selector=status.phase=Running
kubectl get nodes -o jsonpath='{.items[*].status.addresses[?(@.type=="ExternalIP")].address}'
# 列出属于某个特定 RC 的 Pod 的名称
# 在转换对于 jsonpath 过于复杂的场合,"jq" 命令很有用;可以在 https://stedolan.github.io/jq/ 找到它
# 在转换对于 jsonpath 过于复杂的场合,"jq" 命令很有用;可以在 https://jqlang.github.io/jq/ 找到它
sel=${$(kubectl get rc my-rc --output=json | jq -j '.spec.selector | to_entries | .[] | "\(.key)=\(.value),"')%?}
echo $(kubectl get pods --selector=$sel --output=jsonpath={.items..metadata.name})
@ -476,6 +479,9 @@ kubectl get pods --show-labels
# 检查哪些节点处于就绪状态
JSONPATH='{range .items[*]}{@.metadata.name}:{range @.status.conditions[*]}{@.type}={@.status};{end}{end}' \
&& kubectl get nodes -o jsonpath="$JSONPATH" | grep "Ready=True"
# 使用自定义列检查哪些节点处于就绪状态
kubectl get node -o custom-columns='NODE_NAME:.metadata.name,STATUS:.status.conditions[?(@.type=="Ready")].status'
# 不使用外部工具来输出解码后的 Secret
kubectl get secret my-secret -o go-template='{{range $k,$v := .data}}{{"### "}}{{$k}}{{"\n"}}{{$v|base64decode}}{{"\n\n"}}{{end}}'

19
content/zh-cn/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-v1.md
View File

@ -1766,6 +1766,25 @@ PersistentVolumeStatus 是持久卷的当前状态。
<hr>
<!--
- **lastPhaseTransitionTime** (Time)
lastPhaseTransitionTime is the time the phase transitioned from one to another and automatically
resets to current time everytime a volume phase transitions. This is an alpha field and requires
enabling PersistentVolumeLastPhaseTransitionTime feature.
<a name="Time"></a>
*Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON.
Wrappers are provided for many of the factory methods that the time package offers.*
-->
- **lastPhaseTransitionTime** (Time)
lastPhaseTransitionTime 是从一个阶段转换到另一个阶段的时间,每次卷阶段转换时都会自动重置为当前时间。
这是一个 Alpha 字段,需要启用 PersistentVolumeLastPhaseTransitionTime 特性。
<a name="Time"></a>
**Time 是 time.Time 的包装器,支持正确编组为 YAML 和 JSON它为 time 包提供的许多工厂方法提供了包装器。**
<!--
- **message** (string)
message is a human-readable message indicating details about why the volume is in this state.

4
content/zh-cn/docs/reference/kubernetes-api/extend-resources/mutating-webhook-configuration-v1.md
View File

@ -272,13 +272,13 @@ MutatingWebhookConfiguration 描述准入 Webhook 的配置,该 Webhook 可接
- 如果 failurePolicy=Ignore忽略错误并跳过该 webhook。
<!--
This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.
This is an beta feature and managed by the AdmissionWebhookMatchConditions feature gate.
<a name="MatchCondition"></a>
*MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook.*
-->
这是一个 Alpha 功能特性,由 AdmissionWebhookMatchConditions 特性门控管理。
这是一个 Beta 功能特性,由 AdmissionWebhookMatchConditions 特性门控管理。
<a name="MatchCondition"></a>
**MatchCondition 表示将请求发送到 Webhook 之前必须满足的条件。**

4
content/zh-cn/docs/reference/kubernetes-api/extend-resources/validating-webhook-configuration-v1.md
View File

@ -266,12 +266,12 @@ ValidatingWebhookConfiguration 描述准入 Webhook 的配置,该 Webhook 可
- 如果 failurePolicy=Ignore忽略错误并跳过该 webhook。
<!--
This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.
This is an beta feature and managed by the AdmissionWebhookMatchConditions feature gate.
<a name="MatchCondition"></a>
*MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook.*
-->
这是一个 Alpha 功能特性,由 AdmissionWebhookMatchConditions 特性门控管理。
这是一个 Beta 功能特性,由 AdmissionWebhookMatchConditions 特性门控管理。
<a name="MatchCondition"></a>
**MatchCondition 表示将请求发送到 Webhook 之前必须满足的条件。**

87
content/zh-cn/docs/reference/kubernetes-api/service-resources/service-v1.md
View File

@ -130,9 +130,9 @@ ServiceSpec 描述用户在服务上创建的属性。
在 Service 所针对的 Pod 上要访问的端口号或名称。
编号必须在 1 到 65535 的范围内。名称必须是 IANA_SVC_NAME。
如果此值是一个字符串,将在目标 Pod 的容器端口中作为命名端口进行查找。
如果未指定字段,则使用 "port” 字段的值(直接映射)。
如果未指定字段,则使用 `port` 字段的值(直接映射)。
对于 clusterIP 为 None 的服务,此字段将被忽略,
应忽略不设或设置为 "port” 字段的取值。
应忽略不设或设置为 `port` 字段的取值。
更多信息: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service
<a name="IntOrString"></a>
@ -179,13 +179,32 @@ ServiceSpec 描述用户在服务上创建的属性。
- **ports.appProtocol** (string)
<!--
The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol.
<!--
The application protocol for this port. This is used as a hint for implementations to offer
richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax.
Valid values are either:
-->
此端口的应用协议,遵循标准的 Kubernetes 标签语法,无前缀名称按照 IANA 标准服务名称
(参见 RFC-6335 和 https://www.iana.org/assignments/service-names
非标准协议应该使用前缀名称,如 mycompany.com/my-custom-protocol。
此端口的应用协议,用作实现的提示,为他们理解的协议提供更丰富的行为。此字段遵循标准
Kubernetes 标签语法,有效值包括:
<!--
* Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names).
* Kubernetes-defined prefixed names:
* 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540
* 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
* 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
* Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.
-->
* 无前缀协议名称 - 保留用于 IANA 标准服务名称(根据 RFC-6335 和 https://www.iana.org/assignments/service-names
* Kubernetes 定义的前缀名称:
* 'kubernetes.io/h2c' - HTTP/2 明文传输,如 https://www.rfc-editor.org/rfc/rfc7540 中所述。
* 'kubernetes.io/ws' - 基于明文的 WebSocket如 https://www.rfc-editor.org/rfc/rfc6455 中所述。
* 'kubernetes.io/wss' - 基于 TLS 的 WebSocket如 https://www.rfc-editor.org/rfc/rfc6455 中所述。
* 其他协议应使用实现定义的前缀名称,例如 mycompany.com/my-custom-protocol。
- **type** (string)
@ -195,12 +214,12 @@ ServiceSpec 描述用户在服务上创建的属性。
type 确定 Service 的公开方式。默认为 ClusterIP。
有效选项为 ExternalName、ClusterIP、NodePort 和 LoadBalancer。
“ClusterIP” 为端点分配一个集群内部 IP 地址用于负载均衡。
`ClusterIP` 为端点分配一个集群内部 IP 地址用于负载均衡。
Endpoints 由 selector 确定,如果未设置 selector则需要通过手动构造 Endpoints 或 EndpointSlice 的对象来确定。
如果 clusterIP 为 “None”,则不分配虚拟 IP并且 Endpoints 作为一组端点而不是虚拟 IP 发布。
“NodePort” 建立在 ClusterIP 之上,并在每个节点上分配一个端口,该端口路由到与 clusterIP 相同的 Endpoints。
“LoadBalancer” 基于 NodePort 构建并创建一个外部负载均衡器(如果当前云支持),该负载均衡器路由到与 clusterIP 相同的 Endpoints。
“externalName” 将此 Service 别名为指定的 externalName。其他几个字段不适用于 ExternalName Service。
如果 clusterIP 为 `None`,则不分配虚拟 IP并且 Endpoints 作为一组端点而不是虚拟 IP 发布。
`NodePort` 建立在 ClusterIP 之上,并在每个节点上分配一个端口,该端口路由到与 clusterIP 相同的 Endpoints。
`LoadBalancer` 基于 NodePort 构建并创建一个外部负载均衡器(如果当前云支持),该负载均衡器路由到与 clusterIP 相同的 Endpoints。
`externalName` 将此 Service 别名为指定的 externalName。其他几个字段不适用于 ExternalName Service。
更多信息: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
- **ipFamilies** ([]string)
@ -245,7 +264,6 @@ ServiceSpec 描述用户在服务上创建的属性。
ipFamilies 和 clusterIPs 字段取决于此字段的值。
更新服务设置类型为 ExternalName 时,此字段将被擦除。
- **clusterIP** (string)
<!--
@ -317,13 +335,17 @@ ServiceSpec 描述用户在服务上创建的属性。
- **loadBalancerIP** (string)
<!--
Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was under-specified and its meaning varies across implementations, and it cannot support dual-stack. As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available. This field may be removed in a future API version.
Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider
supports specifying the loadBalancerIP when a load balancer is created.
This field will be ignored if the cloud-provider does not support the feature.
Deprecated: This field was under-specified and its meaning varies across implementations.
Using it is non-portable and it may not support dual-stack. Users are encouraged to use
implementation-specific annotations when available.
-->
仅适用于服务类型: LoadBalancer。此功能取决于底层云提供商是否支持负载均衡器。
仅适用于服务类型LoadBalancer。此功能取决于底层云提供商是否支持负载均衡器。
如果云提供商不支持该功能,该字段将被忽略。
已弃用: 该字段信息不足,且其含义因实现而异,而且不支持双栈。
从 Kubernetes v1.24 开始,鼓励用户在可用时使用特定于实现的注释。在未来的 API 版本中可能会删除此字段
已弃用:该字段信息不足,且其含义因实现而异。此字段是不可移植的,并且可能不支持双栈。
我们鼓励用户在可用时使用特定于实现的注解
- **loadBalancerSourceRanges** ([]string)
@ -358,7 +380,7 @@ ServiceSpec 描述用户在服务上创建的属性。
externalName 是发现机制将返回的外部引用,作为此服务的别名(例如 DNS CNAME 记录)。
不涉及代理。必须是小写的 RFC-1123 主机名 (https://tools.ietf.org/html/rfc1123)
并且要求 `type`“ExternalName”
并且要求 `type``ExternalName`
- **externalTrafficPolicy** (string)
@ -620,6 +642,19 @@ ServiceStatus 表示 Service 的当前状态。
-->
ip 是为基于 IP 的负载均衡器 Ingress 点(通常是 GCE 或 OpenStack 负载均衡器)设置的。
- **loadBalancer.ingress.ipMode** (string)
<!--
IPMode specifies how the load-balancer IP behaves, and may only be specified when the ip field is specified.
Setting this to "VIP" indicates that traffic is delivered to the node with the destination set to the load-balancer's IP and port.
Setting this to "Proxy" indicates that traffic is delivered to the node or pod with the destination set to the node's IP and node
port or the pod's IP and port. Service implementations may use this information to adjust traffic routing.
-->
ipMode 指定负载平衡器 IP 的行为方式,并且只能在设置了 ip 字段时指定。
将其设置为 `VIP` 表示流量将传送到节点,并将目标设置为负载均衡器的 IP 和端口。
将其设置为 `Proxy` 表示将流量传送到节点或 Pod并将目标设置为节点的 IP 和节点端口或 Pod 的 IP 和端口。
服务实现可以使用此信息来调整流量路由。
- **loadBalancer.ingress.ports** ([]PortStatus)
@ -627,7 +662,7 @@ ServiceStatus 表示 Service 的当前状态。
*Atomic: will be replaced during a merge*
-->
**Atomic: 将在合并期间被替换**
**Atomic将在合并期间被替换**
<!--
Ports is a list of records of service ports If used, every port defined in the service should have an entry in it -->
@ -658,7 +693,7 @@ ServiceStatus 表示 Service 的当前状态。
Protocol is the protocol of the service port of which status is recorded here The supported values are: "TCP", "UDP", "SCTP"
-->
protocol 是所记录的服务端口状态的协议。支持的值为:“TCP”、”UDP”、“SCTP”
protocol 是所记录的服务端口状态的协议。支持的值为:`TCP`、`UDP`、`SCTP`
- **loadBalancer.ingress.ports.error** (string)
@ -670,7 +705,7 @@ ServiceStatus 表示 Service 的当前状态。
-->
error 是记录 Service 端口的问题。
错误的格式应符合以下规则:
错误的格式应符合以下规则
- 内置错误原因应在此文件中指定,应使用 CamelCase 名称。
- 云提供商特定错误原因的名称必须符合格式 foo.example.com/CamelCase。
@ -686,7 +721,7 @@ ServiceList 包含一个 Service 列表。
- **apiVersion**: v1
- **kind**: Service 列表
- **kind**Service 列表
- **metadata** (<a href="{{< ref "../common-definitions/list-meta#ListMeta" >}}">ListMeta</a>)
@ -861,7 +896,7 @@ GET /api/v1/namespaces/{namespace}/services
<a href="{{< ref "../common-parameters/common-parameters#sendInitialEvents" >}}">sendInitialEvents</a>
-->
- **sendInitialEvents** (**查询参数**): boolean
- **sendInitialEvents** (**查询参数**)boolean
<a href="{{< ref "../common-parameters/common-parameters#sendInitialEvents" >}}">sendInitialEvents</a>
@ -982,7 +1017,7 @@ POST /api/v1/namespaces/{namespace}/services
<a href="{{< ref "../common-parameters/common-parameters#namespace" >}}">namespace</a>
- **body**: <a href="{{< ref "../service-resources/service-v1#Service" >}}">Service</a>,必需
- **body**<a href="{{< ref "../service-resources/service-v1#Service" >}}">Service</a>,必需
- **dryRun****查询参数**string

104
content/zh-cn/docs/reference/networking/virtual-ips.md
View File

@ -3,7 +3,6 @@ title: 虚拟 IP 和服务代理
content_type: reference
weight: 50
---
<!--
title: Virtual IPs and Service Proxies
content_type: reference
@ -318,8 +317,7 @@ Especially, if kube-proxy's `sync_proxy_rules_duration_seconds` metric
indicates an average time much larger than 1 second, then bumping up
`minSyncPeriod` may make updates more efficient.
-->
默认值 `1s` 适用于大多数集群,
在大型集群中,可能需要将其设置为更大的值。
默认值 `1s` 适用于大多数集群,在大型集群中,可能需要将其设置为更大的值。
(特别是,如果 kube-proxy 的 `sync_proxy_rules_duration_seconds` 指标表明平均时间远大于 1 秒,
那么提高 `minSyncPeriod` 可能会使更新更有效率。)
@ -394,8 +392,7 @@ _This proxy mode is only available on Linux nodes._
In `ipvs` mode, kube-proxy watches Kubernetes Services and EndpointSlices,
calls `netlink` interface to create IPVS rules accordingly and synchronizes
IPVS rules with Kubernetes Services and EndpointSlices periodically.
This control loop ensures that IPVS status matches the desired
state.
This control loop ensures that IPVS status matches the desired state.
When accessing a Service, IPVS directs traffic to one of the backend Pods.
-->
`ipvs` 模式下kube-proxy 监视 Kubernetes Service 和 EndpointSlice
@ -422,22 +419,76 @@ IPVS 代理模式基于 netfilter 回调函数,类似于 iptables 模式,
<!--
IPVS provides more options for balancing traffic to backend Pods;
these are:
* `rr`: round-robin
* `lc`: least connection (smallest number of open connections)
* `dh`: destination hashing
* `sh`: source hashing
* `sed`: shortest expected delay
* `nq`: never queue
-->
IPVS 为将流量均衡到后端 Pod 提供了更多选择:
* `rr`:轮询
* `lc`:最少连接(打开连接数最少)
* `dh`:目标地址哈希
* `sh`:源地址哈希
* `sed`:最短预期延迟
* `nq`:最少队列
<!--
* `rr` (Round Robin): Traffic is equally distributed amongst the backing servers.
* `wrr` (Weighted Round Robin): Traffic is routed to the backing servers based on
the weights of the servers. Servers with higher weights receive new connections
and get more requests than servers with lower weights.
* `lc` (Least Connection): More traffic is assigned to servers with fewer active connections.
-->
* `rr`(轮询):流量被平均分发给后端服务器。
* `wrr`(加权轮询):流量基于服务器的权重被路由到后端服务器。
高权重的服务器接收新的连接并处理比低权重服务器更多的请求。
* `lc`(最少连接):将更多流量分配给活跃连接数较少的服务器。
<!--
* `wlc` (Weighted Least Connection): More traffic is routed to servers with fewer connections
relative to their weights, that is, connections divided by weight.
* `lblc` (Locality based Least Connection): Traffic for the same IP address is sent to the
same backing server if the server is not overloaded and available; otherwise the traffic
is sent to servers with fewer connections, and keep it for future assignment.
-->
* `wlc`(加权最少连接):将更多流量按照服务器权重分配给连接数较少的服务器,即基于连接数除以权重。
* `lblc`(基于地域的最少连接):如果服务器未超载且可用,则针对相同 IP 地址的流量被发送到同一后端服务器;
否则,流量被发送到连接较少的服务器,并在未来的流量分配中保持这一分配决定。
<!--
* `lblcr` (Locality Based Least Connection with Replication): Traffic for the same IP
address is sent to the server with least connections. If all the backing servers are
overloaded, it picks up one with fewer connections and add it to the target set.
If the target set has not changed for the specified time, the most loaded server
is removed from the set, in order to avoid high degree of replication.
-->
* `lblcr`(带副本的基于地域的最少连接):针对相同 IP 地址的流量被发送到连接数最少的服务器。
如果所有后端服务器都超载,则选择连接较少的服务器并将其添加到目标集中。
如果目标集在指定时间内未发生变化,则从此集合中移除负载最高的服务器,以避免副本的负载过高。
<!--
* `sh` (Source Hashing): Traffic is sent to a backing server by looking up a statically
assigned hash table based on the source IP addresses.
* `dh` (Destination Hashing): Traffic is sent to a backing server by looking up a
statically assigned hash table based on their destination addresses.
-->
* `sh`(源哈希):通过查找基于源 IP 地址的静态分配哈希表,将流量发送到某后端服务器。
* `dh`(目标哈希):通过查找基于目标地址的静态分配哈希表,将流量发送到某后端服务器。
<!--
* `sed` (Shortest Expected Delay): Traffic forwarded to a backing server with the shortest
expected delay. The expected delay is `(C + 1) / U` if sent to a server, where `C` is
the number of connections on the server and `U` is the fixed service rate (weight) of
the server.
* `nq` (Never Queue): Traffic is sent to an idle server if there is one, instead of
waiting for a fast one; if all servers are busy, the algorithm falls back to the `sed`
behavior.
-->
* `sed`(最短预期延迟):流量被转发到具有最短预期延迟的后端服务器。
如果流量被发送给服务器,预期延迟为 `(C + 1) / U`,其中 `C` 是服务器上的连接数,
`U` 是服务器的固定服务速率(权重)。
* `nq`(永不排队):流量被发送到一台空闲服务器(如果有的话),而不是等待一台快速服务器;
如果所有服务器都忙碌,算法将退回到 `sed` 行为。
{{< note >}}
<!--
@ -506,7 +557,7 @@ apply the packet rewriting directly, rather than placing this burden on the node
Pod is running. This is called _direct server return_.
-->
作为基本操作的替代方案,托管服务后端 Pod 的节点可以直接应用数据包重写,
而不用将此工作交给运行客户端 Pod 的节点来执行。这称为**Direct Server ReturnDSR**。
而不用将此工作交给运行客户端 Pod 的节点来执行。这称为 **Direct Server ReturnDSR**
<!--
To use this, you must run kube-proxy with the `--enable-dsr` command line argument **and**
@ -518,7 +569,7 @@ are running on the same node.
要使用这种技术,你必须使用 `--enable-dsr` 命令行参数运行 kube-proxy **并**启用
`WinDSR` [特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/)。
即使两个 Pod 在同一节点上运行Direct Server ReturnDSR也可优化 Pod 的返回流量。
即使两个 Pod 在同一节点上运行DSR 也可优化 Pod 的返回流量。
<!--
## Session affinity
@ -610,8 +661,8 @@ Service its own IP address from within the `service-cluster-ip-range`
CIDR range that is configured for the {{< glossary_tooltip term_id="kube-apiserver" text="API Server" >}}.
-->
为了允许你为 Service 选择 IP 地址,我们必须确保没有任何两个 Service 会发生冲突。
Kubernetes 通过从为 {{< glossary_tooltip text="API 服务器" term_id="kube-apiserver" >}}
配置的 `service-cluster-ip-range` CIDR 范围内为每个 Service 分配自己的 IP 地址来实现这一点。
Kubernetes 通过从为 {{< glossary_tooltip text="API 服务器" term_id="kube-apiserver" >}}配置的
`service-cluster-ip-range` CIDR 范围内为每个 Service 分配自己的 IP 地址来实现这一点。
<!--
#### IP address allocation tracking
@ -649,8 +700,8 @@ the control plane replaces the existing etcd allocator with a new one, using IPA
objects instead of an internal global allocation map. The ClusterIP address
associated to each Service will have a referenced IPAddress object.
-->
如果你启用 `MultiCIDRServiceAllocator` [特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gate/)
[`networking.k8s.io/v1alpha1` API 组](/zh-cn/docs/tasks/administer-cluster/enable-disable-api/)
如果你启用 `MultiCIDRServiceAllocator` [特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gate/)
[`networking.k8s.io/v1alpha1` API 组](/zh-cn/docs/tasks/administer-cluster/enable-disable-api/)
控制平面将用一个新的分配器替换现有的 etcd 分配器,使用 IPAddress 对象而不是内部的全局分配映射。
与每个 Service 关联的 ClusterIP 地址将有一个对应的 IPAddress 对象。
@ -681,6 +732,7 @@ the built-in Service API.
```shell
kubectl get services
```
```
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 2001:db8:1:2::1 <none> 443/TCP 3d1h
@ -689,6 +741,7 @@ kubernetes ClusterIP 2001:db8:1:2::1 <none> 443/TCP 3d1h
```shell
kubectl get ipaddresses
```
```
NAME PARENTREF
2001:db8:1:2::1 services/default/kubernetes
@ -720,8 +773,7 @@ reduces the risk of a conflict over allocation.
-->
Kubernetes 优先通过从高段中选择来为 Service 分配动态 IP 地址,
这意味着如果要将特定 IP 地址分配给 `type: ClusterIP` Service
则应手动从**低**段中分配 IP 地址。
该方法降低了分配导致冲突的风险。
则应手动从**低**段中分配 IP 地址。该方法降低了分配导致冲突的风险。
<!--
If you disable the `ServiceIPStaticSubrange`

4
content/zh-cn/docs/reference/node/_index.md
View File

@ -15,6 +15,7 @@ This section contains the following reference topics about nodes:
* the kubelet's [checkpoint API](/docs/reference/node/kubelet-checkpoint-api/)
* a list of [Articles on dockershim Removal and on Using CRI-compatible Runtimes](/docs/reference/node/topics-on-dockershim-and-cri-compatible-runtimes/)
* [Node `.status` information](/docs/reference/node/node-status/)
You can also read node reference details from elsewhere in the
Kubernetes documentation, including:
@ -26,7 +27,8 @@ Kubernetes documentation, including:
* Kubelet 的 [Checkpoint API](/zh-cn/docs/reference/node/kubelet-checkpoint-api/)
* 一系列[关于 dockershim 移除和使用兼容 CRI 运行时的文章](/zh-cn/docs/reference/node/topics-on-dockershim-and-cri-compatible-runtimes/)
* [节点 `.status` 信息](/zh-cn/docs/reference/node/node-status/)
*
你还可以从 Kubernetes 文档的其他地方阅读节点的详细参考信息,包括:
* [节点指标数据](/zh-cn/docs/reference/instrumentation/node-metrics)。

4
content/zh-cn/docs/reference/setup-tools/kubeadm/kubeadm-init.md
View File

@ -635,10 +635,10 @@ kubeadm init phase upload-certs --upload-certs --config=SOME_YAML_FILE
{{< note >}}
<!--
A predefined `certificateKey` can be provided in `InitConfiguration` when passing the
[configuration file](https://kubernetes.io/docs/reference/config-api/kubeadm-config.v1beta3/) with `--config`.
[configuration file](/docs/reference/config-api/kubeadm-config.v1beta3/) with `--config`.
-->
在使用 `--config`
传递[配置文件](https://kubernetes.io/zh-cn/docs/reference/config-api/kubeadm-config.v1beta3/)时,
传递[配置文件](/zh-cn/docs/reference/config-api/kubeadm-config.v1beta3/)时,
可以在 `InitConfiguration` 中提供预定义的 `certificateKey`
{{< /note >}}

32
content/zh-cn/docs/tutorials/stateful-application/basic-stateful-set.md
View File

@ -42,7 +42,6 @@ following Kubernetes concepts:
* [Headless Services](/docs/concepts/services-networking/service/#headless-services)
* [PersistentVolumes](/docs/concepts/storage/persistent-volumes/)
* [PersistentVolume Provisioning](https://github.com/kubernetes/examples/tree/master/staging/persistent-volume-provisioning/)
* [StatefulSets](/docs/concepts/workloads/controllers/statefulset/)
* The [kubectl](/docs/reference/kubectl/kubectl/) command line tool
-->
* [Pod](/zh-cn/docs/concepts/workloads/pods/)
@ -50,18 +49,39 @@ following Kubernetes concepts:
* [Headless Service](/zh-cn/docs/concepts/services-networking/service/#headless-services)
* [PersistentVolumes](/zh-cn/docs/concepts/storage/persistent-volumes/)
* [PersistentVolume Provisioning](https://github.com/kubernetes/examples/tree/master/staging/persistent-volume-provisioning/)
* [StatefulSet](/zh-cn/docs/concepts/workloads/controllers/statefulset/)
* [kubectl](/zh-cn/docs/reference/kubectl/kubectl/) 命令行工具
{{% include "task-tutorial-prereqs.md" %}}
<!--
You should configure `kubectl` to use a context that uses the `default`
namespace.
If you are using an existing cluster, make sure that it's OK to use that
cluster's default namespace to practice. Ideally, practice in a cluster
that doesn't run any real workloads.
It's also useful to read the concept page about [StatefulSets](/docs/concepts/workloads/controllers/statefulset/).
-->
你应该配置 `kubectl` 的上下文使用 `default` 命名空间。
如果你使用的是现有集群,请确保可以使用该集群的 `default` 命名空间进行练习。
理想情况下,在没有运行任何实际工作负载的集群中进行练习。
阅读有关 [StatefulSet](/zh-cn/docs/concepts/workloads/controllers/statefulset/)
的概念页面也很有用。
{{< note >}}
<!--
This tutorial assumes that your cluster is configured to dynamically provision
PersistentVolumes. If your cluster is not configured to do so, you
PersistentVolumes. You'll also need to have a [default StorageClass](/docs/concepts/storage/storage-classes/#default-storageclass).
If your cluster is not configured to provision storage dynamically, you
will have to manually provision two 1 GiB volumes prior to starting this
tutorial.
tutorial and
set up your cluster so that those PersistentVolumes map to the
PersistentVolumeClaim templates that the StatefulSet defines.
-->
本教程假设你的集群被配置为动态制备 PersistentVolume 卷。
如果没有这样配置,在开始本教程之前,你需要手动准备 2 个 1 GiB 的存储卷。
本教程假设你的集群被配置为动态制备 PersistentVolume 卷,
且有一个[默认 StorageClass](/zh-cn/docs/concepts/storage/storage-classes/#default-storageclass)。
如果没有这样配置,在开始本教程之前,你需要手动准备 2 个 1 GiB 的存储卷,
以便这些 PersistentVolume 可以映射到 StatefulSet 定义的 PersistentVolumeClaim 模板。
{{< /note >}}
## {{% heading "objectives" %}}