kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

sync configure-cgroup-driver configure-service-account configure-pdb

pull/47490/head
xin gu 2024-08-14 14:48:19 +08:00
parent eef1a3524f
commit 77647cd269
3 changed files with 9 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
content/zh-cn/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver.md
View File

@ -90,7 +90,7 @@ A minimal example of configuring the field explicitly:
```yaml
# kubeadm-config.yaml
kind: ClusterConfiguration
apiVersion: kubeadm.k8s.io/v1beta3
apiVersion: kubeadm.k8s.io/v1beta4
kubernetesVersion: v1.21.0
---
kind: KubeletConfiguration

14
content/zh-cn/docs/tasks/configure-pod-container/configure-service-account.md
View File

@ -301,23 +301,25 @@ token might be shorter, or could even be longer).
你可以使用 `kubectl create token` 命令的 `--duration` 参数来请求特定的令牌有效期
(实际签发的令牌的有效期可能会稍短一些,也可能会稍长一些)。
{{< feature-state feature_gate_name="ServiceAccountTokenNodeBinding" >}}
<!--
When the `ServiceAccountTokenNodeBinding` and `ServiceAccountTokenNodeBindingValidation`
features are enabled and the `KUBECTL_NODE_BOUND_TOKENS` environment variable is set to `true`,
it is possible to create a service account token that is directly bound to a `Node`:
features are enabled, and using `kubectl` v1.31 or later, it is possible to create a service
account token that is directly bound to a Node:
-->
当启用了 `ServiceAccountTokenNodeBinding``ServiceAccountTokenNodeBindingValidation`
特性,并`KUBECTL_NODE_BOUND_TOKENS` 环境变量设置为 `true` 时,
特性,并使用 v1.31 或更高版本的 `kubectl` 时,
可以创建一个直接绑定到 `Node` 的服务账号令牌:
```shell
KUBECTL_NODE_BOUND_TOKENS=true kubectl create token build-robot --bound-object-kind Node --bound-object-name node-001 --bound-object-uid 123...456
kubectl create token build-robot --bound-object-kind Node --bound-object-name node-001 --bound-object-uid 123...456
```
<!--
The token will be valid until it expires or either the associated `Node` or service account are deleted.
The token will be valid until it expires or either the associated Node or service account are deleted.
-->
此令牌将有效直至其过期或关联的 `Node` 或服务账户被删除。
此令牌将有效直至其过期或关联的 Node 或服务账户被删除。
{{< note >}}
<!--

12
content/zh-cn/docs/tasks/run-application/configure-pdb.md
View File

@ -431,18 +431,6 @@ These pods are tracked via `.status.currentHealthy` field in the PDB status.
{{< feature-state feature_gate_name="PDBUnhealthyPodEvictionPolicy" >}}
{{< note >}}
<!--
This feature is enabled by default. You can disable it by disabling the `PDBUnhealthyPodEvictionPolicy`
[feature gate](/docs/reference/command-line-tools-reference/feature-gates/)
on the [API server](/docs/reference/command-line-tools-reference/kube-apiserver/).
-->
此特性默认启用,你可以通过在
[API 服务器](/zh-cn/docs/reference/command-line-tools-reference/kube-apiserver/)上禁用
`PDBUnhealthyPodEvictionPolicy`
[特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/)来禁用它。
{{< /note >}}
<!--
PodDisruptionBudget guarding an application ensures that `.status.currentHealthy` number of pods
does not fall below the number specified in `.status.desiredHealthy` by disallowing eviction of healthy pods.