diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/kube-apiserver.md b/content/zh-cn/docs/reference/command-line-tools-reference/kube-apiserver.md index bc754c6a5f..d9cd7f4036 100644 --- a/content/zh-cn/docs/reference/command-line-tools-reference/kube-apiserver.md +++ b/content/zh-cn/docs/reference/command-line-tools-reference/kube-apiserver.md @@ -2,7 +2,6 @@ title: kube-apiserver content_type: tool-reference weight: 30 -auto_generated: true --- ## {{% heading "synopsis" %}} @@ -91,6 +90,19 @@ The map from metric-label to value allow-list of this label. The key's format is

+ +--allow-metric-labels-manifest string + + +

+ +包含允许列表映射的清单文件的路径。此文件的格式与 --allow-metric-labels 相同。 +请注意,--allow-metric-labels 标志将覆盖清单文件。 +

+ + --allow-privileged @@ -553,6 +565,20 @@ API group and version used for serializing audit events written to webhook. + +--authentication-config string + + +

+ +用于配置 JWT 令牌验证器的身份验证配置文件。注意:此特性自 v1.29 起处于 Alpha 阶段。 +需要设置 --feature-gate=StructuredAuthenticationConfiguration=true 才能启用此特性。 +此特性与 oidc-* 标志互斥。 +

+ + --authentication-token-webhook-cache-ttl duration     2m0s @@ -592,6 +618,20 @@ The API version of the authentication.k8s.io TokenReview to send to and expect f + +--authorization-config string + + +

+ +用于配置鉴权链的鉴权配置文件。注意:此特性自 v1.29 起处于 Alpha 阶段。 +需要将 --feature-gate=StructuredAuthorizationConfiguration=true 特性标志设置为 true 才能启用此特性。 +此特性与其他 --authorization-mode和--authorization-webhook-* 标志互斥。 +

+ + --authorization-mode strings     默认值:"AlwaysAllow" @@ -726,30 +766,6 @@ client-ca 文件中的授权机构之一签名的客户端证书的请求进行 - ---cloud-config string - - - - -云厂商配置文件的路径。空字符串表示无配置文件。 - - - - ---cloud-provider string - - - - -云服务提供商。空字符串表示没有云厂商。 - - - --cloud-provider-gce-l7lb-src-cidrs cidrs     默认值:"130.211.0.0/22,35.191.0.0/16" @@ -953,12 +969,9 @@ Enables the generic garbage collector. MUST be synced with the corresponding fla -如果为 true 且启用了 APIPriorityAndFairness 特性门控, -则使用增强的处理程序替换 max-in-flight 处理程序, +如果为 true,则使用增强的处理程序替换 max-in-flight 处理程序, 以便根据优先级和公平性完成排队和调度。 @@ -1188,8 +1201,6 @@ comma-separated 'key=True|False' pairs

一组 key=value 对,用来描述测试性/试验性功能的特性门控。可选项有:
-APIListChunking=true|false (BETA - 默认值=true)
-APIPriorityAndFairness=true|false (BETA - 默认值=true)
APIResponseCompression=true|false (BETA - 默认值=true)
APIServerIdentity=true|false (BETA - 默认值=true)
APIServerTracing=true|false (BETA - 默认值=true)
@@ -1322,11 +1342,11 @@ CPUManagerPolicyBetaOptions=true|false (BETA - 默认值=true)
CPUManagerPolicyOptions=true|false (BETA - 默认值=true)
CRDValidationRatcheting=true|false (ALPHA - 默认值=false)
CSIMigrationPortworx=true|false (BETA - 默认值=false)
-CSINodeExpandSecret=true|false (BETA - 默认值=true)
CSIVolumeHealth=true|false (ALPHA - 默认值=false)
CloudControllerManagerWebhook=true|false (ALPHA - 默认值=false)
-CloudDualStackNodeIPs=true|false (ALPHA - 默认值=false)
+CloudDualStackNodeIPs=true|false (BETA - 默认值=true)
ClusterTrustBundle=true|false (ALPHA - 默认值=false)
+ClusterTrustBundleProjection=true|false (ALPHA - 默认值=false)
ComponentSLIs=true|false (BETA - 默认值=true)
ConsistentListFromCache=true|false (ALPHA - 默认值=false)
ContainerCheckpoint=true|false (ALPHA - 默认值=false)
@@ -1334,10 +1354,10 @@ ContextualLogging=true|false (ALPHA - 默认值=false)
CronJobsScheduledAnnotation=true|false (BETA - 默认值=true)
CrossNamespaceVolumeDataSource=true|false (ALPHA - 默认值=false)
CustomCPUCFSQuotaPeriod=true|false (ALPHA - 默认值=false)
-CustomResourceValidationExpressions=true|false (BETA - 默认值=true)
-DevicePluginCDIDevices=true|false (ALPHA - 默认值=false)
-DisableCloudProviders=true|false (ALPHA - 默认值=false)
-DisableKubeletCloudCredentialProviders=true|false (ALPHA - 默认值=false)
+DevicePluginCDIDevices=true|false (BETA - 默认值=true)
+DisableCloudProviders=true|false (BETA - 默认值=true)
+DisableKubeletCloudCredentialProviders=true|false (BETA - 默认值=true)
+DisableNodeKubeProxyVersion=true|false (ALPHA - 默认值=false)
DynamicResourceAllocation=true|false (ALPHA - 默认值=false)
ElasticIndexedJob=true|false (BETA - 默认值=true)
EventedPLEG=true|false (BETA - 默认值=false)
@@ -1346,6 +1366,7 @@ GracefulNodeShutdownBasedOnPodPriority=true|false (BETA - 默认值=true)
HPAContainerMetrics=true|false (BETA - 默认值=true)
HPAScaleToZero=true|false (ALPHA - 默认值=false)
HonorPVReclaimPolicy=true|false (ALPHA - 默认值=false)
+ImageMaximumGCAge=true|false (ALPHA - 默认值=false)
InPlacePodVerticalScaling=true|false (ALPHA - 默认值=false)
InTreePluginAWSUnregister=true|false (ALPHA - 默认值=false)
InTreePluginAzureDiskUnregister=true|false (ALPHA - 默认值=false)
@@ -1354,74 +1375,84 @@ InTreePluginGCEUnregister=true|false (ALPHA - 默认值=false)
InTreePluginOpenStackUnregister=true|false (ALPHA - 默认值=false)
InTreePluginPortworxUnregister=true|false (ALPHA - 默认值=false)
InTreePluginvSphereUnregister=true|false (ALPHA - 默认值=false)
-JobBackoffLimitPerIndex=true|false (ALPHA - 默认值=false)
+JobBackoffLimitPerIndex=true|false (BETA - 默认值=true)
JobPodFailurePolicy=true|false (BETA - 默认值=true)
-JobPodReplacementPolicy=true|false (ALPHA - 默认值=false)
-JobReadyPods=true|false (BETA - 默认值=true)
-KMSv2=true|false (BETA - 默认值=true)
-KMSv2KDF=true|false (BETA - 默认值=false)
+JobPodReplacementPolicy=true|false (BETA - 默认值=true)
KubeProxyDrainingTerminatingNodes=true|false (ALPHA - 默认值=false)
KubeletCgroupDriverFromCRI=true|false (ALPHA - 默认值=false)
KubeletInUserNamespace=true|false (ALPHA - 默认值=false)
KubeletPodResourcesDynamicResources=true|false (ALPHA - 默认值=false)
KubeletPodResourcesGet=true|false (ALPHA - 默认值=false)
+KubeletSeparateDiskGC=true|false (ALPHA - 默认值=false)
KubeletTracing=true|false (BETA - 默认值=true)
-LegacyServiceAccountTokenCleanUp=true|false (ALPHA - 默认值=false)
+LegacyServiceAccountTokenCleanUp=true|false (BETA - 默认值=true)
+LoadBalancerIPMode=true|false (ALPHA - 默认值=false)
LocalStorageCapacityIsolationFSQuotaMonitoring=true|false (ALPHA - 默认值=false)
LogarithmicScaleDown=true|false (BETA - 默认值=true)
LoggingAlphaOptions=true|false (ALPHA - 默认值=false)
LoggingBetaOptions=true|false (BETA - 默认值=true)
+MatchLabelKeysInPodAffinity=true|false (ALPHA - 默认值=false)
MatchLabelKeysInPodTopologySpread=true|false (BETA - 默认值=true)
MaxUnavailableStatefulSet=true|false (ALPHA - 默认值=false)
MemoryManager=true|false (BETA - 默认值=true)
MemoryQoS=true|false (ALPHA - 默认值=false)
MinDomainsInPodTopologySpread=true|false (BETA - 默认值=true)
-MultiCIDRRangeAllocator=true|false (ALPHA - 默认值=false)
MultiCIDRServiceAllocator=true|false (ALPHA - 默认值=false)
+NFTablesProxyMode=true|false (ALPHA - 默认值=false)
NewVolumeManagerReconstruction=true|false (BETA - 默认值=true)
NodeInclusionPolicyInPodTopologySpread=true|false (BETA - 默认值=true)
NodeLogQuery=true|false (ALPHA - 默认值=false)
NodeSwap=true|false (BETA - 默认值=false)
OpenAPIEnums=true|false (BETA - 默认值=true)
PDBUnhealthyPodEvictionPolicy=true|false (BETA - 默认值=true)
-PersistentVolumeLastPhaseTransitionTime=true|false (ALPHA - 默认值=false)
+PersistentVolumeLastPhaseTransitionTime=true|false (BETA - 默认值=true)
PodAndContainerStatsFromCRI=true|false (ALPHA - 默认值=false)
PodDeletionCost=true|false (BETA - 默认值=true)
PodDisruptionConditions=true|false (BETA - 默认值=true)
-PodHostIPs=true|false (ALPHA - 默认值=false)
+PodHostIPs=true|false (BETA - 默认值=true)
PodIndexLabel=true|false (BETA - 默认值=true)
-PodReadyToStartContainersCondition=true|false (ALPHA - 默认值=false)
+PodLifecycleSleepAction=true|false (ALPHA - 默认值=false)
+PodReadyToStartContainersCondition=true|false (BETA - 默认值=true)
PodSchedulingReadiness=true|false (BETA - 默认值=true)
ProcMountType=true|false (ALPHA - 默认值=false)
QOSReserved=true|false (ALPHA - 默认值=false)
-ReadWriteOncePod=true|false (BETA - 默认值=true)
RecoverVolumeExpansionFailure=true|false (ALPHA - 默认值=false)
-RemainingItemCount=true|false (BETA - 默认值=true)
RotateKubeletServerCertificate=true|false (BETA - 默认值=true)
+RuntimeClassInImageCriApi=true|false (ALPHA - 默认值=false)
SELinuxMountReadWriteOncePod=true|false (BETA - 默认值=true)
-SchedulerQueueingHints=true|false (BETA - 默认值=true)
+SchedulerQueueingHints=true|false (BETA - 默认值=false)
SecurityContextDeny=true|false (ALPHA - 默认值=false)
-ServiceNodePortStaticSubrange=true|false (BETA - 默认值=true)
-SidecarContainers=true|false (ALPHA - 默认值=false)
+SeparateTaintEvictionController=true|false (BETA - 默认值=true)
+ServiceAccountTokenJTI=true|false (ALPHA - 默认值=false)
+ServiceAccountTokenNodeBinding=true|false (ALPHA - 默认值=false)
+ServiceAccountTokenNodeBindingValidation=true|false (ALPHA - 默认值=false)
+ServiceAccountTokenPodNodeInfo=true|false (ALPHA - 默认值=false)
+SidecarContainers=true|false (BETA - 默认值=true)
SizeMemoryBackedVolumes=true|false (BETA - 默认值=true)
-SkipReadOnlyValidationGCE=true|false (ALPHA - 默认值=false)
StableLoadBalancerNodeSet=true|false (BETA - 默认值=true)
StatefulSetAutoDeletePVC=true|false (BETA - 默认值=true)
StatefulSetStartOrdinal=true|false (BETA - 默认值=true)
StorageVersionAPI=true|false (ALPHA - 默认值=false)
StorageVersionHash=true|false (BETA - 默认值=true)
+StructuredAuthenticationConfiguration=true|false (ALPHA - 默认值=false)
+StructuredAuthorizationConfiguration=true|false (ALPHA - 默认值=false)
TopologyAwareHints=true|false (BETA - 默认值=true)
TopologyManagerPolicyAlphaOptions=true|false (ALPHA - 默认值=false)
TopologyManagerPolicyBetaOptions=true|false (BETA - 默认值=true)
TopologyManagerPolicyOptions=true|false (BETA - 默认值=true)
+TranslateStreamCloseWebsocketRequests=true|false (ALPHA - 默认值=false)
+UnauthenticatedHTTP2DOSMitigation=true|false (BETA - 默认值=true)
UnknownVersionInteroperabilityProxy=true|false (ALPHA - 默认值=false)
+UserNamespacesPodSecurityStandards=true|false (ALPHA - 默认值=false)
UserNamespacesSupport=true|false (ALPHA - 默认值=false)
ValidatingAdmissionPolicy=true|false (BETA - 默认值=false)
+VolumeAttributesClass=true|false (ALPHA - 默认值=false)
VolumeCapacityPriority=true|false (ALPHA - 默认值=false)
WatchList=true|false (ALPHA - 默认值=false)
WinDSR=true|false (ALPHA - 默认值=false)
WinOverlay=true|false (BETA - 默认值=true)
-WindowsHostNetwork=true|false (ALPHA - 默认值=true) +WindowsHostNetwork=true|false (ALPHA - 默认值=true)
+ZeroLimitedNominalConcurrencyShares=true|false (BETA - 默认值=false)