kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

[zh-cn] sync content-guide content-organization kubeadm-certs 

Signed-off-by: xin.li <xin.li@daocloud.io>
pull/41435/head
xin.li 2023-06-03 11:34:21 +08:00
parent 90c074940b
commit 72772a4028
3 changed files with 67 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
content/zh-cn/docs/contribute/style/content-guide.md
View File

@ -71,17 +71,21 @@ Kubernetes 网站(包括其文档)源代码位于
<!--
### Third party content
Kubernetes documentation includes applied examples of projects in the Kubernetes project&mdash;projects that live in the [kubernetes](https://github.com/kubernetes) and
Kubernetes documentation includes applied examples of projects in the Kubernetes
project&mdash;projects that live in the [kubernetes](https://github.com/kubernetes) and
[kubernetes-sigs](https://github.com/kubernetes-sigs) GitHub organizations.
Links to active content in the Kubernetes project are always allowed.
Kubernetes requires some third party content to function. Examples include container runtimes (containerd, CRI-O, Docker),
[networking policy](/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/) (CNI plugins), [Ingress controllers](/docs/concepts/services-networking/ingress-controllers/), and [logging](/docs/concepts/cluster-administration/logging/).
[networking policy](/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/) (CNI plugins),
[Ingress controllers](/docs/concepts/services-networking/ingress-controllers/),
and [logging](/docs/concepts/cluster-administration/logging/).
Docs can link to third-party open source software (OSS) outside the Kubernetes project only if it's necessary for Kubernetes to function.
Docs can link to third-party open source software (OSS) outside the Kubernetes
project only if it's necessary for Kubernetes to function.
-->
### 第三方内容 {#third-party-content}
### 第三方内容 {#third-party-content}
Kubernetes 文档包含 Kubernetes 项目下的多个项目的应用示例。
这里的 Kubernetes 项目指的是 [Kubernetes](https://github.com/kubernetes) 和

63
content/zh-cn/docs/contribute/style/content-organization.md
View File

@ -32,7 +32,9 @@ concept.
### Page Order
The documentation side menu, the documentation page browser etc. are listed using Hugo's default sort order, which sorts by weight (from 1), date (newest first), and finally by the link title.
The documentation side menu, the documentation page browser etc. are listed using
Hugo's default sort order, which sorts by weight (from 1), date (newest first),
and finally by the link title.
Given that, if you want to move a page or a section up, set a weight in the page's front matter:
-->
@ -51,8 +53,11 @@ weight: 10
```
<!--
For page weights, it can be smart not to use 1, 2, 3 ..., but some other interval, say 10, 20, 30... This allows you to insert pages where you want later.
Additionally, each weight within the same directory (section) should not be overlapped with the other weights. This makes sure that content is always organized correctly, especially in localized content.
For page weights, it can be smart not to use 1, 2, 3 ..., but some other interval,
say 10, 20, 30... This allows you to insert pages where you want later.
Additionally, each weight within the same directory (section) should not be
overlapped with the other weights. This makes sure that content is always
organized correctly, especially in localized content.
-->
{{< note >}}
对于页面的权重,不建议使用连续的数值,比如 1、2、3...,而应采用其他间隔的数值,比如 10、20、30...
@ -64,7 +69,8 @@ Additionally, each weight within the same directory (section) should not be over
<!--
### Documentation Main Menu
The `Documentation` main menu is built from the sections below `docs/` with the `main_menu` flag set in front matter of the `_index.md` section content file:
The `Documentation` main menu is built from the sections below `docs/` with
the `main_menu` flag set in front matter of the `_index.md` section content file:
-->
### 文档主菜单
@ -76,7 +82,8 @@ main_menu: true
```
<!--
Note that the link title is fetched from the page's `linkTitle`, so if you want it to be something different than the title, change it in the content file:
Note that the link title is fetched from the page's `linkTitle`, so if you want
it to be something different than the title, change it in the content file:
-->
注意,链接标题来自页面的 `linkTitle` 字段,因此如果希望它与页面标题不同,请在内容文件中更改它:
@ -87,7 +94,9 @@ linkTitle: Title used in links
```
<!--
The above needs to be done per language. If you don't see your section in the menu, it is probably because it is not identified as a section by Hugo. Create a `_index.md` content file in the section folder.
The above needs to be done per language. If you don't see your section in the menu,
it is probably because it is not identified as a section by Hugo. Create a
`_index.md` content file in the section folder.
-->
{{< note >}}
你需要分别针对每种语言完成上述操作。如果在菜单中没有看到你的章节,这可能是因为它没有被 Hugo 识别为一个章节。
@ -103,11 +112,12 @@ It will show all sections and their pages.
If you don't want to list a section or page, set the `toc_hide` flag to `true` in front matter:
When you navigate to a section that has content, the specific section or page (e.g. `_index.md`) is shown. Else, the first page inside that section is shown.
When you navigate to a section that has content, the specific section or page
(e.g. `_index.md`) is shown. Else, the first page inside that section is shown.
-->
### 文档侧方菜单
文档侧方菜单是基于 `docs/` 下面的 **当前章节的内容树** 构建的。
文档侧方菜单是基于 `docs/` 下面的**当前章节的内容树**构建的。
菜单默认显示所有的章节和它们的页面。
@ -123,11 +133,12 @@ toc_hide: true
<!--
### Documentation Browser
The page browser on the documentation home page is built using all the sections and pages that are directly below the `docs section`.
The page browser on the documentation home page is built using all the sections
and pages that are directly below the `docs section`.
If you don't want to list a section or page, set the `toc_hide` flag to `true` in front matter:
-->
### 文档浏览器 {#documentation-browser}
### 文档浏览器 {#documentation-browser}
文档主页上的页面浏览器是基于 `docs section` 下一层的所有章节和页面构建的。
@ -140,7 +151,9 @@ toc_hide: true
<!--
### The Main Menu
The site links in the top-right menu -- and also in the footer -- are built by page-lookups. This is to make sure that the page actually exists. So, if the `case-studies` section does not exist in a site (language), it will not be linked to.
The site links in the top-right menu -- and also in the footer -- are built by
page-lookups. This is to make sure that the page actually exists. So, if the
`case-studies` section does not exist in a site (language), it will not be linked to.
-->
### 主菜单
@ -151,9 +164,12 @@ The site links in the top-right menu -- and also in the footer -- are built by p
<!--
## Page Bundles
In addition to standalone content pages (Markdown files), Hugo supports [Page Bundles](https://gohugo.io/content-management/page-bundles/).
In addition to standalone content pages (Markdown files), Hugo supports
[Page Bundles](https://gohugo.io/content-management/page-bundles/).
One example is [Custom Hugo Shortcodes](/docs/contribute/style/hugo-shortcodes/). It is considered a `leaf bundle`. Everything below the directory, including the `index.md`, will be part of the bundle. This also includes page-relative links, images that can be processed etc.:
One example is [Custom Hugo Shortcodes](/docs/contribute/style/hugo-shortcodes/).
It is considered a `leaf bundle`. Everything below the directory, including the `index.md`,
will be part of the bundle. This also includes page-relative links, images that can be processed etc.:
-->
## 页面包
@ -173,7 +189,8 @@ zh-cn/docs/home/contribute/includes
```
<!--
Another widely used example is the `includes` bundle. It sets `headless: true` in front matter, which means that it does not get its own URL. It is only used in other pages.
Another widely used example is the `includes` bundle. It sets `headless: true` in
front matter, which means that it does not get its own URL. It is only used in other pages.
-->
另一个广泛使用的例子是 `includes` 包。
这类包在页面头部设置 `headless: true`,意味着它没有得到自己的 URL。它只用于其他页面。
@ -192,9 +209,13 @@ zh-cn/includes
<!--
Some important notes to the files in the bundles:
* For translated bundles, any missing non-content files will be inherited from languages above. This avoids duplication.
* All the files in a bundle are what Hugo calls `Resources` and you can provide metadata per language, such as parameters and title, even if it does not supports front matter (YAML files etc.). See [Page Resources Metadata](https://gohugo.io/content-management/page-resources/#page-resources-metadata).
* The value you get from `.RelPermalink` of a `Resource` is page-relative. See [Permalinks](https://gohugo.io/content-management/urls/#permalinks).
* For translated bundles, any missing non-content files will be inherited from
languages above. This avoids duplication.
* All the files in a bundle are what Hugo calls `Resources` and you can provide
metadata per language, such as parameters and title, even if it does not supports front
matter (YAML files etc.). See [Page Resources Metadata](https://gohugo.io/content-management/page-resources/#page-resources-metadata).
* The value you get from `.RelPermalink` of a `Resource` is page-relative.
See [Permalinks](https://gohugo.io/content-management/urls/#permalinks).
-->
有关包中文件的一些重要说明:
@ -208,11 +229,13 @@ Some important notes to the files in the bundles:
<!--
## Styles
The [SASS](https://sass-lang.com/) source of the stylesheets for this site is stored in `assets/sass` and is automatically built by Hugo.
The [SASS](https://sass-lang.com/) source of the stylesheets for this site is
stored in `assets/sass` and is automatically built by Hugo.
-->
## 样式 {#styles}
## 样式 {#styles}
本网站的样式表的 [SASS](https://sass-lang.com/) 源文件存放在 `src/sass` 下面,并通过 Hugo 自动构建。
本网站的样式表的 [SASS](https://sass-lang.com/) 源文件存放在 `src/sass` 下面,
并通过 Hugo 自动构建。
## {{% heading "whatsnext" %}}

30
content/zh-cn/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md
View File

@ -39,7 +39,7 @@ By default, kubeadm generates all the certificates needed for a cluster to run.
You can override this behavior by providing your own certificates.
-->
## 使用自定义的证书 {#custom-certificates}
## 使用自定义的证书 {#custom-certificates}
默认情况下kubeadm 会生成运行一个集群所需的全部证书。
你可以通过提供你自己的证书来改变这个行为策略。
@ -72,7 +72,7 @@ this condition and activates the "External CA" mode. kubeadm will proceed withou
CA key on disk.
-->
## 外部 CA 模式 {#external-ca-mode}
## 外部 CA 模式 {#external-ca-mode}
只提供了 `ca.crt` 文件但是不提供 `ca.key` 文件也是可以的
(这只对 CA 根证书可用,其它证书不可用)。
@ -90,14 +90,15 @@ point to the CA certificate and key.
[PKI certificates and requirements](/docs/setup/best-practices/certificates/) includes guidance on
setting up a cluster to use an external CA.
-->
[PKI 证书和要求](/zh-cn/docs/setup/best-practices/certificates/)包括集群使用外部 CA 的设置指南。
[PKI 证书和要求](/zh-cn/docs/setup/best-practices/certificates/)包括集群使用外部
CA 的设置指南。
<!--
## Check certificate expiration
You can use the `check-expiration` subcommand to check when certificates expire:
-->
## 检查证书是否过期 {#check-certificate-expiration}
## 检查证书是否过期 {#check-certificate-expiration}
你可以使用 `check-expiration` 子命令来检查证书何时过期
@ -110,7 +111,7 @@ The output is similar to this:
-->
输出类似于以下内容:
```
```console
CERTIFICATE EXPIRES RESIDUAL TIME CERTIFICATE AUTHORITY EXTERNALLY MANAGED
admin.conf Dec 30, 2020 23:36 UTC 364d no
apiserver Dec 30, 2020 23:36 UTC 364d ca no
@ -258,13 +259,14 @@ the Pod and the certificate renewal for the component can complete.
-->
此命令用 CA或者 front-proxy-CA )证书和存储在 `/etc/kubernetes/pki` 中的密钥执行更新。
执行完此命令之后你需要重启控制面 Pods。因为动态证书重载目前还不被所有组件和证书支持,所有这项操作是必须的。
[静态 Pods](/zh-cn/docs/tasks/configure-pod-container/static-pod/) 是被本地 kubelet 而不是 API Server 管理,
所以 kubectl 不能用来删除或重启他们。
执行完此命令之后你需要重启控制面 Pod。因为动态证书重载目前还不被所有组件和证书支持所有这项操作是必须的。
[静态 Pod](/zh-cn/docs/tasks/configure-pod-container/static-pod/) 是被本地 kubelet
而不是 API 服务器管理,所以 kubectl 不能用来删除或重启他们。
要重启静态 Pod 你可以临时将清单文件从 `/etc/kubernetes/manifests/` 移除并等待 20 秒
(参考 [KubeletConfiguration 结构](/zh-cn/docs/reference/config-api/kubelet-config.v1beta1/) 中的`fileCheckFrequency` 值)。
如果 Pod 不在清单目录里kubelet 将会终止它。
在另一个 `fileCheckFrequency` 周期之后你可以将文件移回去,为了组件可以完成 kubelet 将重新创建 Pod 和证书更新。
(参考 [KubeletConfiguration 结构](/zh-cn/docs/reference/config-api/kubelet-config.v1beta1/)中的
`fileCheckFrequency` 值)。如果 Pod 不在清单目录里kubelet 将会终止它。
在另一个 `fileCheckFrequency` 周期之后你可以将文件移回去kubelet 可以完成 Pod
的重建,而组件的证书更新操作也得以完成。
{{< warning >}}
<!--
@ -494,7 +496,7 @@ serverTLSBootstrap: true
If you have already created the cluster you must adapt it by doing the following:
- Find and edit the `kubelet-config-{{< skew currentVersion >}}` ConfigMap in the `kube-system` namespace.
In that ConfigMap, the `kubelet` key has a
[KubeletConfiguration](/docs/reference/config-api/kubelet-config.v1beta1/#kubelet-config-k8s-io-v1beta1-KubeletConfiguration)
[KubeletConfiguration](/docs/reference/config-api/kubelet-config.v1beta1/)
document as its value. Edit the KubeletConfiguration document to set `serverTLSBootstrap: true`.
- On each node, add the `serverTLSBootstrap: true` field in `/var/lib/kubelet/config.yaml`
and restart the kubelet with `systemctl restart kubelet`
@ -504,7 +506,7 @@ and restart the kubelet with `systemctl restart kubelet`
- 找到 `kube-system` 名字空间中名为 `kubelet-config-{{< skew currentVersion >}}`
的 ConfigMap 并编辑之。
在该 ConfigMap 中,`kubelet` 键下面有一个
[KubeletConfiguration](/zh-cn/docs/reference/config-api/kubelet-config.v1beta1/#kubelet-config-k8s-io-v1beta1-KubeletConfiguration)
[KubeletConfiguration](/zh-cn/docs/reference/config-api/kubelet-config.v1beta1/)
文档作为其取值。编辑该 KubeletConfiguration 文档以设置
`serverTLSBootstrap: true`
- 在每个节点上,在 `/var/lib/kubelet/config.yaml` 文件中添加
@ -533,7 +535,7 @@ CSR证书签名请求不能被 kube-controller-manager 中默认的签名
kubectl get csr
```
```none
```console
NAME AGE SIGNERNAME REQUESTOR CONDITION
csr-9wvgt 112s kubernetes.io/kubelet-serving system:node:worker-1 Pending
csr-lz97v 1m58s kubernetes.io/kubelet-serving system:node:control-plane-1 Pending