Merge pull request #47935 from my-git9/pp-9950

[zh-cn] sync manage-resources-containers assign-pod-node pod-lifecycle
2024-09-18 02:00:44 +01:00 · 2024-09-18 02:00:44 +01:00 · 75c426c437
parent 0b1f6a5ea4 035e35ef6a
commit 75c426c437
3 changed files with 74 additions and 27 deletions
--- a/content/zh-cn/docs/concepts/configuration/manage-resources-containers.md
+++ b/content/zh-cn/docs/concepts/configuration/manage-resources-containers.md
@ -497,7 +497,7 @@ If you are administering a cluster or namespace, you can also set
 you may also want to define a [LimitRange](/docs/concepts/policy/limit-range/)
 for additional enforcement.
 If you specify a `spec.containers[].resources.limits.memory` for each Pod,
-then the muximum size of an `emptyDir` volume will be the pod's memory limit.
+then the maximum size of an `emptyDir` volume will be the pod's memory limit.
 -->
 如果你在管理集群或命名空间，还可以设置限制内存使用的 [ResourceQuota](/zh-cn/docs/concepts/policy/resource-quotas/)；
 你可能还希望定义一个 [LimitRange](/zh-cn/docs/concepts/policy/limit-range/) 以施加额外的限制。如果为每个 Pod
@ -905,7 +905,7 @@ that file but the kubelet does not categorize the space as in use.

 {{% tab name="文件系统项目配额" %}}

-{{< feature-state for_k8s_version="v1.15" state="alpha" >}}
+{{< feature-state feature_gate_name="LocalStorageCapacityIsolationFSQuotaMonitoring" >}}

 <!--
 Project quotas are an operating-system level feature for managing
@ -953,21 +953,37 @@ Kubernetes 所使用的项目 ID 始于 `1048576`。
 该文件会继续耗用存储空间。配额跟踪技术能够精确第记录对应存储空间的状态，
 而目录扫描方式会忽略被删除文件所占用的空间。

+<!--
+To use quotas to track a pod's resource usage, the pod must be in 
+a user namespace. Within user namespaces, the kernel restricts changes 
+to projectIDs on the filesystem, ensuring the reliability of storage 
+metrics calculated by quotas.
+-->
+要使用配额来跟踪 Pod 的资源使用情况，Pod 必须位于用户命名空间中。
+在用户命名空间内，内核限制对文件系统上 projectID 的更改，从而确保按配额计算的存储指标的可靠性。
+
 <!--
 If you want to use project quotas, you should:

 * Enable the `LocalStorageCapacityIsolationFSQuotaMonitoring=true`
  [feature gate](/docs/reference/command-line-tools-reference/feature-gates/)
  using the `featureGates` field in the
-  [kubelet configuration](/docs/reference/config-api/kubelet-config.v1beta1/)
-  or the `--feature-gates` command line flag.
+  [kubelet configuration](/docs/reference/config-api/kubelet-config.v1beta1/).
 -->
 如果你希望使用项目配额，你需要：

 * 在 [kubelet 配置](/zh-cn/docs/reference/config-api/kubelet-config.v1beta1/)中使用
-  `featureGates` 字段或者使用 `--feature-gates` 命令行参数启用
+  `featureGates` 字段启用
  `LocalStorageCapacityIsolationFSQuotaMonitoring=true` [特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/)。

+<!--
+* Ensure the `UserNamespacesSupport` 
+  [feature gate](/docs/reference/command-line-tools-reference/feature-gates/)
+  is enabled, and that the kernel, CRI implementation and OCI runtime support user namespaces.
+-->
+* 确保 `UserNamespacesSupport` [特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/)已启用，
+  并且内核、CRI 实现和 OCI 运行时支持用户命名空间。
+
 <!--
 * Ensure that the root filesystem (or optional runtime filesystem)
  has project quotas enabled. All XFS filesystems support project quotas.
@ -996,6 +1012,20 @@ If you want to use project quotas, you should:
 * 确保根文件系统（或者可选的运行时文件系统）在挂载时项目配额特性是被启用了的。
  对于 XFS 和 ext4fs 而言，对应的挂载选项称作 `prjquota`。

+<!--
+If you don't want to use project quotas, you should:
+
+* Disable the `LocalStorageCapacityIsolationFSQuotaMonitoring`
+  [feature gate](/docs/reference/command-line-tools-reference/feature-gates/)
+  using the `featureGates` field in the
+  [kubelet configuration](/docs/reference/config-api/kubelet-config.v1beta1/).
+-->
+如果不想使用项目配额，你应该：
+
+* 使用 [kubelet 配置](/zh-cn/docs/reference/config-api/kubelet-config.v1beta1/)中的
+  `featureGates` 字段禁用 `LocalStorageCapacityIsolationFSQuotaMonitoring`
+  [特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/)。
+
 {{% /tab %}}
 {{< /tabs >}}

--- a/content/zh-cn/docs/concepts/scheduling-eviction/assign-pod-node.md
+++ b/content/zh-cn/docs/concepts/scheduling-eviction/assign-pod-node.md
@ -679,16 +679,16 @@ null `namespaceSelector` matches the namespace of the Pod where the rule is defi
 {{< feature-state feature_gate_name="MatchLabelKeysInPodAffinity" >}}

 {{< note >}}
-<!-- UPDATE THIS WHEN PROMOTING TO BETA -->
+<!-- UPDATE THIS WHEN PROMOTING TO STABLE -->
 <!--
-The `matchLabelKeys` field is an alpha-level field and is disabled by default in
+The `matchLabelKeys` field is an beta-level field and is disabled by default in
 Kubernetes {{< skew currentVersion >}}.
-When you want to use it, you have to enable it via the
+When you want to disable it, you have to disable it explicitly via the
 `MatchLabelKeysInPodAffinity` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/).
 -->
-`matchLabelKeys` 字段是一个 Alpha 级别的字段，在 Kubernetes {{< skew currentVersion >}} 中默认被禁用。
-当你想要使用此字段时，你必须通过 `MatchLabelKeysInPodAffinity`
-[特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/)启用它。
+`matchLabelKeys` 字段是一个 Beta 级别的字段，在 Kubernetes {{< skew currentVersion >}} 中默认被禁用。
+当你想要禁用此字段时，你必须通过 `MatchLabelKeysInPodAffinity`
+[特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/)禁用它。
 {{< /note >}}

 <!--
@ -753,16 +753,16 @@ spec:
 {{< feature-state feature_gate_name="MatchLabelKeysInPodAffinity" >}}

 {{< note >}}
-<!-- UPDATE THIS WHEN PROMOTING TO BETA -->
+<!-- UPDATE THIS WHEN PROMOTING TO STABLE -->
 <!--
-The `mismatchLabelKeys` field is an alpha-level field and is disabled by default in
+The `mismatchLabelKeys` field is an beta-level field and is disabled by default in
 Kubernetes {{< skew currentVersion >}}.
-When you want to use it, you have to enable it via the
+When you want to disable it, you have to disable it explicitly via the
 `MatchLabelKeysInPodAffinity` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/).
 -->
-`mismatchLabelKeys` 字段是一个 Alpha 级别的字段，在 Kubernetes {{< skew currentVersion >}} 中默认被禁用。
-当你想要使用此字段时，你必须通过 `MatchLabelKeysInPodAffinity`
-[特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/)启用它。
+`mismatchLabelKeys` 字段是一个 Beta 级别的字段，在 Kubernetes {{< skew currentVersion >}} 中默认被禁用。
+当你想要禁用此字段时，你必须通过 `MatchLabelKeysInPodAffinity`
+[特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/)禁用它。
 {{< /note >}}

 <!--
--- a/content/zh-cn/docs/concepts/workloads/pods/pod-lifecycle.md
+++ b/content/zh-cn/docs/concepts/workloads/pods/pod-lifecycle.md
@ -219,13 +219,31 @@ Value       | Description

 {{< note >}}
 <!--
-When a Pod is being deleted, it is shown as `Terminating` by some kubectl commands.
-This `Terminating` status is not one of the Pod phases.
+When a pod is failing to start repeatedly, `CrashLoopBackOff` may appear in the `Status` field of some kubectl commands. Similarly, when a pod is being deleted, `Terminating` may appear in the `Status` field of some kubectl commands. 
+
+Make sure not to confuse _Status_, a kubectl display field for user intuition, with the pod's `phase`.
+Pod phase is an explicit part of the Kubernetes data model and of the
+[Pod API](/docs/reference/kubernetes-api/workload-resources/pod-v1/).
+-->
+当 Pod 反复启动失败时，某些 kubectl 命令的 `Status` 字段中可能会出现 `CrashLoopBackOff`。
+同样，当 Pod 被删除时，某些 kubectl 命令的 `Status` 字段中可能会出现 `Terminating`。
+
+确保不要将 **Status**（kubectl 用于用户直觉的显示字段）与 Pod 的 `phase` 混淆。
+Pod 阶段（phase）是 Kubernetes 数据模型和
+[Pod API](/zh-cn/docs/reference/kubernetes-api/workload-resources/pod-v1/)
+的一个明确的部分。
+
+```console
+NAMESPACE               NAME               READY   STATUS             RESTARTS   AGE
+alessandras-namespace   alessandras-pod    0/1     CrashLoopBackOff   200        2d9h
+```
+
+---
+
+<!--
 A Pod is granted a term to terminate gracefully, which defaults to 30 seconds.
 You can use the flag `--force` to [terminate a Pod by force](/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination-forced).
 -->
-当一个 Pod 被删除时，执行一些 kubectl 命令会展示这个 Pod 的状态为 `Terminating`（终止）。
-这个 `Terminating` 状态并不是 Pod 阶段之一。
 Pod 被赋予一个可以体面终止的期限，默认为 30 秒。
 你可以使用 `--force` 参数来[强制终止 Pod](/zh-cn/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination-forced)。
 {{< /note >}}
@ -897,7 +915,7 @@ specify a liveness probe, and specify a `restartPolicy` of Always or OnFailure.
 <!--
 #### When should you use a readiness probe?
 -->
-#### 何时该使用就绪态探针?      {#when-should-you-use-a-readiness-probe}
+#### 何时该使用就绪态探针？      {#when-should-you-use-a-readiness-probe}

 <!--
 If you'd like to start sending traffic to a Pod only when a probe succeeds,
@ -1227,7 +1245,8 @@ documentation for
 [deleting Pods from a StatefulSet](/docs/tasks/run-application/force-delete-stateful-set-pod/).
 -->
 如果你需要强制删除 StatefulSet 的 Pod，
-请参阅[从 StatefulSet 中删除 Pod](/zh-cn/docs/tasks/run-application/force-delete-stateful-set-pod/) 的任务文档。
+请参阅[从 StatefulSet 中删除 Pod](/zh-cn/docs/tasks/run-application/force-delete-stateful-set-pod/)
+的任务文档。

 <!--
 ### Pod shutdown and sidecar containers {##termination-with-sidecars}
@ -1295,8 +1314,7 @@ Additionally, PodGC cleans up any Pods which satisfy any of the following condit
   [`node.kubernetes.io/out-of-service`](/docs/reference/labels-annotations-taints/#node-kubernetes-io-out-of-service),
   when the `NodeOutOfServiceVolumeDetach` feature gate is enabled.

-When the `PodDisruptionConditions` feature gate is enabled, along with
-cleaning up the Pods, PodGC will also mark them as failed if they are in a non-terminal
+Along with cleaning up the Pods, PodGC will also mark them as failed if they are in a non-terminal
 phase. Also, PodGC adds a Pod disruption condition when cleaning up an orphan Pod.
 See [Pod disruption conditions](/docs/concepts/workloads/pods/disruptions#pod-disruption-conditions)
 for more details.
@ -1309,8 +1327,7 @@ for more details.
   绑定到有 [`node.kubernetes.io/out-of-service`](/zh-cn/docs/reference/labels-annotations-taints/#node-kubernetes-io-out-of-service)
   污点的未就绪节点。

-若启用 `PodDisruptionConditions` 特性门控，在清理 Pod 的同时，
-如果它们处于非终止状态阶段，PodGC 也会将它们标记为失败。
+在清理 Pod 的同时，如果它们处于非终止状态阶段，PodGC 也会将它们标记为失败。
 此外，PodGC 在清理孤儿 Pod 时会添加 Pod 干扰状况。参阅
 [Pod 干扰状况](/zh-cn/docs/concepts/workloads/pods/disruptions#pod-disruption-conditions) 了解更多详情。