Kubernetes Prow Robot
GitHub
commit
b608cc1066
|
|
@ -22,14 +22,16 @@ configuration files. After your clusters, users, and contexts are defined in
|
|||
one or more configuration files, you can quickly switch between clusters by using the
|
||||
`kubectl config use-context` command.
|
||||
-->
|
||||
本文展示如何使用配置文件来配置对多个集群的访问。 在将集群、用户和上下文定义在一个或多个配置文件中之后,用户可以使用 `kubectl config use-context` 命令快速地在集群之间进行切换。
|
||||
本文展示如何使用配置文件来配置对多个集群的访问。
|
||||
在将集群、用户和上下文定义在一个或多个配置文件中之后,用户可以使用
|
||||
`kubectl config use-context` 命令快速地在集群之间进行切换。
|
||||
|
||||
{{< note >}}
|
||||
<!--
|
||||
A file that is used to configure access to a cluster is sometimes called
|
||||
a *kubeconfig file*. This is a generic way of referring to configuration files.
|
||||
It does not mean that there is a file named `kubeconfig`.
|
||||
-->
|
||||
{{< note >}}
|
||||
用于配置集群访问的文件有时被称为 *kubeconfig 文件*。
|
||||
这是一种引用配置文件的通用方式,并不意味着存在一个名为 `kubeconfig` 的文件。
|
||||
{{< /note >}}
|
||||
|
|
@ -63,6 +65,7 @@ kubectl 的版本应该与集群的 API 服务器
|
|||
[使用同一次版本号](/zh/releases/version-skew-policy/#kubectl)。
|
||||
|
||||
<!-- steps -->
|
||||
|
||||
<!--
|
||||
## Define clusters, users, and contexts
|
||||
|
||||
|
|
@ -76,16 +79,16 @@ to the scratch cluster requires authentication by username and password.
|
|||
Create a directory named `config-exercise`. In your
|
||||
`config-exercise` directory, create a file named `config-demo` with this content:
|
||||
-->
|
||||
## 定义集群、用户和上下文
|
||||
## 定义集群、用户和上下文 {#define-clusters-users-and-contexts}
|
||||
|
||||
假设用户有两个集群,一个用于正式开发工作,一个用于其它临时用途(scratch)。
|
||||
在 `development` 集群中,前端开发者在名为 `frontend` 的名字空间下工作,
|
||||
存储开发者在名为 `storage` 的名字空间下工作。 在 `scratch` 集群中,
|
||||
开发人员可能在默认名字空间下工作,也可能视情况创建附加的名字空间。
|
||||
存储开发者在名为 `storage` 的名字空间下工作。在 `scratch` 集群中,
|
||||
开发人员可能在默认名字空间下工作,也可能视情况创建附加的名字空间。
|
||||
访问开发集群需要通过证书进行认证。
|
||||
访问其它临时用途的集群需要通过用户名和密码进行认证。
|
||||
|
||||
创建名为 `config-exercise` 的目录。 在
|
||||
创建名为 `config-exercise` 的目录。在
|
||||
`config-exercise` 目录中,创建名为 `config-demo` 的文件,其内容为:
|
||||
|
||||
```yaml
|
||||
|
|
@ -139,16 +142,16 @@ kubectl config --kubeconfig=config-demo set-credentials developer --client-certi
|
|||
kubectl config --kubeconfig=config-demo set-credentials experimenter --username=exp --password=some-password
|
||||
```
|
||||
|
||||
{{< note >}}
|
||||
<!--
|
||||
- To delete a user you can run `kubectl --kubeconfig=config-demo config unset users.<name>`
|
||||
- To remove a cluster, you can run `kubectl --kubeconfig=config-demo config unset clusters.<name>`
|
||||
- To remove a context, you can run `kubectl --kubeconfig=config-demo config unset contexts.<name>`
|
||||
-->
|
||||
|
||||
注意:
|
||||
- 要删除用户,可以运行 `kubectl --kubeconfig=config-demo config unset users.<name>`
|
||||
- 要删除集群,可以运行 `kubectl --kubeconfig=config-demo config unset clusters.<name>`
|
||||
- 要删除上下文,可以运行 `kubectl --kubeconfig=config-demo config unset contexts.<name>`
|
||||
{{< /note >}}
|
||||
|
||||
<!--
|
||||
Add context details to your configuration file:
|
||||
|
|
@ -165,7 +168,7 @@ kubectl config --kubeconfig=config-demo set-context exp-scratch --cluster=scratc
|
|||
Open your `config-demo` file to see the added details. As an alternative to opening the
|
||||
`config-demo` file, you can use the `config view` command.
|
||||
-->
|
||||
打开 `config-demo` 文件查看添加的详细信息。 也可以使用 `config view`
|
||||
打开 `config-demo` 文件查看添加的详细信息。也可以使用 `config view`
|
||||
命令进行查看:
|
||||
|
||||
```shell
|
||||
|
|
@ -355,7 +358,7 @@ kubectl config --kubeconfig=config-demo view --minify
|
|||
In your `config-exercise` directory, create a file named `config-demo-2` with this content:
|
||||
-->
|
||||
|
||||
## 创建第二个配置文件
|
||||
## 创建第二个配置文件 {#create-a-second-configuration-file}
|
||||
|
||||
在 `config-exercise` 目录中,创建名为 `config-demo-2` 的文件,其中包含以下内容:
|
||||
|
||||
|
|
@ -384,7 +387,7 @@ See whether you have an environment variable named `KUBECONFIG`. If so, save the
|
|||
current value of your `KUBECONFIG` environment variable, so you can restore it later.
|
||||
For example:
|
||||
-->
|
||||
## 设置 KUBECONFIG 环境变量
|
||||
## 设置 KUBECONFIG 环境变量 {#set-the-kubeconfig-environment-variable}
|
||||
|
||||
查看是否有名为 `KUBECONFIG` 的环境变量。
|
||||
如有,保存 `KUBECONFIG` 环境变量当前的值,以便稍后恢复。
|
||||
|
|
@ -414,12 +417,12 @@ Temporarily append two paths to your `KUBECONFIG` environment variable. For exam
|
|||
在 Windows 中以分号分隔。
|
||||
如果有 `KUBECONFIG` 环境变量,请熟悉列表中的配置文件。
|
||||
|
||||
临时添加两条路径到 `KUBECONFIG` 环境变量中。 例如:
|
||||
临时添加两条路径到 `KUBECONFIG` 环境变量中。例如:
|
||||
|
||||
### Linux
|
||||
|
||||
```shell
|
||||
export KUBECONFIG=$KUBECONFIG:config-demo:config-demo-2
|
||||
export KUBECONFIG=$KUBECONFIG:config-demo:config-demo-2
|
||||
```
|
||||
|
||||
### Windows PowerShell
|
||||
|
|
@ -489,7 +492,7 @@ Go to `$HOME/.kube`, and see what files are there. Typically, there is a file na
|
|||
`config`. There might also be other configuration files in this directory. Briefly
|
||||
familiarize yourself with the contents of these files.
|
||||
-->
|
||||
## 探索 $HOME/.kube 目录
|
||||
## 探索 $HOME/.kube 目录 {#explore-the-home-kube-directory}
|
||||
|
||||
如果用户已经拥有一个集群,可以使用 `kubectl` 与集群进行交互,
|
||||
那么很可能在 `$HOME/.kube` 目录下有一个名为 `config` 的文件。
|
||||
|
|
@ -504,7 +507,7 @@ If you have a `$HOME/.kube/config` file, and it's not already listed in your
|
|||
`KUBECONFIG` environment variable, append it to your `KUBECONFIG` environment variable now.
|
||||
For example:
|
||||
-->
|
||||
## 将 $HOME/.kube/config 追加到 KUBECONFIG 环境变量中
|
||||
## 将 $HOME/.kube/config 追加到 KUBECONFIG 环境变量中 {#append-home-kube-config-to-your-kubeconfig-environment-variable}
|
||||
|
||||
如果有 `$HOME/.kube/config` 文件,并且还未列在 `KUBECONFIG` 环境变量中,
|
||||
那么现在将它追加到 `KUBECONFIG` 环境变量中。
|
||||
|
|
@ -535,11 +538,11 @@ kubectl config view
|
|||
<!--
|
||||
## Clean up
|
||||
|
||||
Return your `KUBECONFIG` environment variable to its original value. For example:
|
||||
Return your `KUBECONFIG` environment variable to its original value. For example:<br>
|
||||
-->
|
||||
## 清理
|
||||
## 清理 {#clean-up}
|
||||
|
||||
将 `KUBECONFIG` 环境变量还原为原始值。 例如:
|
||||
将 `KUBECONFIG` 环境变量还原为原始值。例如:
|
||||
|
||||
### Linux
|
||||
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ object.
|
|||
Create a namespace so that the resources you create in this exercise are
|
||||
isolated from the rest of your cluster.
|
||||
-->
|
||||
## 创建命名空间
|
||||
## 创建命名空间 {#create-a-namespace}
|
||||
|
||||
创建一个命名空间以便本例中创建的资源和集群中的其余部分相隔离。
|
||||
|
||||
|
|
@ -47,7 +47,7 @@ kubectl create namespace quota-object-example
|
|||
|
||||
Here is the configuration file for a ResourceQuota object:
|
||||
-->
|
||||
## 创建 ResourceQuota
|
||||
## 创建 ResourceQuota {#create-a-resourcequota}
|
||||
|
||||
下面是一个 ResourceQuota 对象的配置文件:
|
||||
|
||||
|
|
@ -96,7 +96,7 @@ status:
|
|||
|
||||
Here is the configuration file for a PersistentVolumeClaim object:
|
||||
-->
|
||||
## 创建 PersistentVolumeClaim
|
||||
## 创建 PersistentVolumeClaim {#create-a-persistentvolumeclaim}
|
||||
|
||||
下面是一个 PersistentVolumeClaim 对象的配置文件:
|
||||
|
||||
|
|
@ -135,7 +135,7 @@ pvc-quota-demo Pending
|
|||
|
||||
Here is the configuration file for a second PersistentVolumeClaim:
|
||||
-->
|
||||
## 尝试创建第二个 PersistentVolumeClaim
|
||||
## 尝试创建第二个 PersistentVolumeClaim {#attempt-to-create-a-second-persistentvolumeclaim}
|
||||
|
||||
下面是第二个 PersistentVolumeClaim 的配置文件:
|
||||
|
||||
|
|
@ -147,8 +147,9 @@ Attempt to create the second PersistentVolumeClaim:
|
|||
尝试创建第二个 PersistentVolumeClaim:
|
||||
|
||||
```shell
|
||||
kubectl create -f https://k8s.io/examples/admin/resource/quota-objects-pvc-2.yaml --namespace=quota-object-example
|
||||
kubectl apply -f https://k8s.io/examples/admin/resource/quota-objects-pvc-2.yaml --namespace=quota-object-example
|
||||
```
|
||||
|
||||
<!--
|
||||
The output shows that the second PersistentVolumeClaim was not created,
|
||||
because it would have exceeded the quota for the namespace.
|
||||
|
|
@ -167,11 +168,14 @@ used: persistentvolumeclaims=1, limited: persistentvolumeclaims=1
|
|||
These are the strings used to identify API resources that can be constrained
|
||||
by quotas:
|
||||
-->
|
||||
## 说明
|
||||
## 说明 {#notes}
|
||||
|
||||
下面这些字符串可被用来标识那些能被配额限制的 API 资源:
|
||||
|
||||
<table>
|
||||
<!--
|
||||
<tr><th>String</th><th>API Object</th></tr>
|
||||
-->
|
||||
<tr><th>字符串</th><th>API 对象</th></tr>
|
||||
<tr><td>"pods"</td><td>Pod</td></tr>
|
||||
<tr><td>"services"</td><td>Service</td></tr>
|
||||
|
|
@ -180,7 +184,13 @@ by quotas:
|
|||
<tr><td>"secrets"</td><td>Secret</td></tr>
|
||||
<tr><td>"configmaps"</td><td>ConfigMap</td></tr>
|
||||
<tr><td>"persistentvolumeclaims"</td><td>PersistentVolumeClaim</td></tr>
|
||||
<!--
|
||||
<tr><td>"services.nodeports"</td><td>Service of type NodePort</td></tr>
|
||||
-->
|
||||
<tr><td>"services.nodeports"</td><td>NodePort 类型的 Service</td></tr>
|
||||
<!--
|
||||
<tr><td>"services.loadbalancers"</td><td>Service of type LoadBalancer</td></tr>
|
||||
-->
|
||||
<tr><td>"services.loadbalancers"</td><td>LoadBalancer 类型的 Service</td></tr>
|
||||
</table>
|
||||
|
||||
|
|
@ -189,7 +199,7 @@ by quotas:
|
|||
|
||||
Delete your namespace:
|
||||
-->
|
||||
## 清理
|
||||
## 清理 {#clean-up}
|
||||
|
||||
删除你的命名空间:
|
||||
|
||||
|
|
@ -202,20 +212,20 @@ kubectl delete namespace quota-object-example
|
|||
<!--
|
||||
### For cluster administrators
|
||||
|
||||
* [Configure Default Memory Requests and Limits for a Namespace](/docs/tasks/administer-cluster/memory-default-namespace/)
|
||||
* [Configure Default Memory Requests and Limits for a Namespace](/docs/tasks/administer-cluster/manage-resources/memory-default-namespace/)
|
||||
|
||||
* [Configure Default CPU Requests and Limits for a Namespace](/docs/tasks/administer-cluster/cpu-default-namespace/)
|
||||
* [Configure Default CPU Requests and Limits for a Namespace](/docs/tasks/administer-cluster/manage-resources/cpu-default-namespace/)
|
||||
|
||||
* [Configure Minimum and Maximum Memory Constraints for a Namespace](/docs/tasks/administer-cluster/memory-constraint-namespace/)
|
||||
* [Configure Minimum and Maximum Memory Constraints for a Namespace](/docs/tasks/administer-cluster/manage-resources/memory-constraint-namespace/)
|
||||
|
||||
* [Configure Minimum and Maximum CPU Constraints for a Namespace](/docs/tasks/administer-cluster/cpu-constraint-namespace/)
|
||||
* [Configure Minimum and Maximum CPU Constraints for a Namespace](/docs/tasks/administer-cluster/manage-resources/cpu-constraint-namespace/)
|
||||
|
||||
* [Configure Memory and CPU Quotas for a Namespace](/docs/tasks/administer-cluster/quota-memory-cpu-namespace/)
|
||||
* [Configure Memory and CPU Quotas for a Namespace](/docs/tasks/administer-cluster/manage-resources/quota-memory-cpu-namespace/)
|
||||
|
||||
* [Configure a Pod Quota for a Namespace](/docs/tasks/administer-cluster/quota-pod-namespace/)
|
||||
* [Configure a Pod Quota for a Namespace](/docs/tasks/administer-cluster/manage-resources/quota-pod-namespace/)
|
||||
-->
|
||||
|
||||
### 集群管理员参考
|
||||
### 集群管理员参考 {#for-cluster-administrators}
|
||||
|
||||
* [为命名空间配置默认的内存请求和限制](/zh/docs/tasks/administer-cluster/manage-resources/memory-default-namespace/)
|
||||
* [为命名空间配置默认的 CPU 请求和限制](/zh/docs/tasks/administer-cluster/manage-resources/cpu-default-namespace/)
|
||||
|
|
@ -234,7 +244,7 @@ kubectl delete namespace quota-object-example
|
|||
* [Configure Quality of Service for Pods](/docs/tasks/configure-pod-container/quality-service-pod/)
|
||||
-->
|
||||
|
||||
### 应用开发者参考
|
||||
### 应用开发者参考 {#for-app-developers}
|
||||
|
||||
* [为容器和 Pod 分配内存资源](/zh/docs/tasks/configure-pod-container/assign-memory-resource/)
|
||||
* [为容器和 Pod 分配 CPU 资源](/zh/docs/tasks/configure-pod-container/assign-cpu-resource/)
|
||||
|
|
|
|||
|
|
@ -78,7 +78,7 @@ v1beta1.metrics.k8s.io
|
|||
Create a namespace so that the resources you create in this exercise are
|
||||
isolated from the rest of your cluster.
|
||||
-->
|
||||
## 创建命名空间
|
||||
## 创建命名空间 {#create-a-namespace}
|
||||
|
||||
创建一个命名空间,以便将本练习中创建的资源与集群的其余部分隔离。
|
||||
|
||||
|
|
@ -96,7 +96,7 @@ In this exercise, you create a Pod that has one Container. The Container has a m
|
|||
request of 100 MiB and a memory limit of 200 MiB. Here's the configuration file
|
||||
for the Pod:
|
||||
-->
|
||||
## 指定内存请求和限制
|
||||
## 指定内存请求和限制 {#specify-a-memory-request-and-a-memory-limit}
|
||||
|
||||
要为容器指定内存请求,请在容器资源清单中包含 `resources:requests` 字段。
|
||||
同理,要指定内存限制,请包含 `resources:limits`。
|
||||
|
|
@ -196,7 +196,7 @@ its limit, the Container becomes a candidate for termination. If the Container c
|
|||
consume memory beyond its limit, the Container is terminated. If a terminated Container can be
|
||||
restarted, the kubelet restarts it, as with any other type of runtime failure.
|
||||
-->
|
||||
## 超过容器限制的内存
|
||||
## 超过容器限制的内存 {#exceed-a-container-s-memory-limit}
|
||||
|
||||
当节点拥有足够的可用内存时,容器可以使用其请求的内存。
|
||||
但是,容器不允许使用超过其限制的内存。
|
||||
|
|
@ -260,7 +260,7 @@ The output shows that the Container was killed because it is out of memory (OOM)
|
|||
-->
|
||||
输出结果显示:由于内存溢出(OOM),容器已被杀掉:
|
||||
|
||||
```shell
|
||||
```yaml
|
||||
lastState:
|
||||
terminated:
|
||||
containerID: 65183c1877aaec2e8427bc95609cc52677a454b56fcb24340dbd22917c23b10f
|
||||
|
|
@ -352,7 +352,7 @@ of a Pod as having a memory request and limit. The memory request for the Pod is
|
|||
sum of the memory requests for all the Containers in the Pod. Likewise, the memory
|
||||
limit for the Pod is the sum of the limits of all the Containers in the Pod.
|
||||
-->
|
||||
## 超过整个节点容量的内存
|
||||
## 超过整个节点容量的内存 {#specify-a-memory-request-that-is-too-big-for-your-nodes}
|
||||
|
||||
内存请求和限制是与容器关联的,但将 Pod 视为具有内存请求和限制,也是很有用的。
|
||||
Pod 的内存请求是 Pod 中所有容器的内存请求之和。
|
||||
|
|
@ -419,7 +419,7 @@ The output shows that the Container cannot be scheduled because of insufficient
|
|||
-->
|
||||
输出结果显示:由于节点内存不足,该容器无法被调度:
|
||||
|
||||
```shell
|
||||
```
|
||||
Events:
|
||||
... Reason Message
|
||||
------ -------
|
||||
|
|
@ -433,14 +433,14 @@ The memory resource is measured in bytes. You can express memory as a plain inte
|
|||
fixed-point integer with one of these suffixes: E, P, T, G, M, K, Ei, Pi, Ti, Gi, Mi, Ki.
|
||||
For example, the following represent approximately the same value:
|
||||
-->
|
||||
## 内存单位
|
||||
## 内存单位 {#memory-units}
|
||||
|
||||
内存资源的基本单位是字节(byte)。你可以使用这些后缀之一,将内存表示为
|
||||
纯整数或定点整数:E、P、T、G、M、K、Ei、Pi、Ti、Gi、Mi、Ki。
|
||||
例如,下面是一些近似相同的值:
|
||||
|
||||
```shell
|
||||
128974848, 129e6, 129M , 123Mi
|
||||
```
|
||||
128974848, 129e6, 129M, 123Mi
|
||||
```
|
||||
|
||||
<!--
|
||||
|
|
@ -457,7 +457,7 @@ kubectl delete pod memory-demo-3 --namespace=mem-example
|
|||
|
||||
If you do not specify a memory limit for a Container, one of the following situations applies:
|
||||
-->
|
||||
## 如果你没有指定内存限制
|
||||
## 如果你没有指定内存限制 {#if-you-do-not-specify-a-memory-limit}
|
||||
|
||||
如果你没有为一个容器指定内存限制,则自动遵循以下情况之一:
|
||||
|
||||
|
|
@ -486,7 +486,7 @@ cluster, you can make efficient use of the memory resources available on your cl
|
|||
Nodes. By keeping a Pod's memory request low, you give the Pod a good chance of being
|
||||
scheduled. By having a memory limit that is greater than the memory request, you accomplish two things:
|
||||
-->
|
||||
## 内存请求和限制的目的
|
||||
## 内存请求和限制的目的 {#motivation-for-memory-requests-and-limits}
|
||||
|
||||
通过为集群中运行的容器配置内存请求和限制,你可以有效利用集群节点上可用的内存资源。
|
||||
通过将 Pod 的内存请求保持在较低水平,你可以更好地安排 Pod 调度。
|
||||
|
|
@ -504,7 +504,7 @@ scheduled. By having a memory limit that is greater than the memory request, you
|
|||
|
||||
Delete your namespace. This deletes all the Pods that you created for this task:
|
||||
-->
|
||||
## 清理
|
||||
## 清理 {#clean-up}
|
||||
|
||||
删除命名空间。下面的命令会删除你根据这个任务创建的所有 Pod:
|
||||
|
||||
|
|
@ -521,7 +521,7 @@ kubectl delete namespace mem-example
|
|||
|
||||
* [Configure Quality of Service for Pods](/docs/tasks/configure-pod-container/quality-service-pod/)
|
||||
-->
|
||||
### 应用开发者扩展阅读
|
||||
### 应用开发者扩展阅读 {#for-app-developers}
|
||||
|
||||
* [为容器和 Pod 分配 CPU 资源](/zh/docs/tasks/configure-pod-container/assign-cpu-resource/)
|
||||
|
||||
|
|
@ -545,7 +545,7 @@ kubectl delete namespace mem-example
|
|||
|
||||
* [Configure Quotas for API Objects](/docs/tasks/administer-cluster/quota-api-object/)
|
||||
-->
|
||||
### 集群管理员扩展阅读
|
||||
### 集群管理员扩展阅读 {#for-cluster-administrators}
|
||||
|
||||
* [为命名空间配置默认的内存请求和限制](/zh/docs/tasks/administer-cluster/manage-resources/memory-default-namespace/)
|
||||
* [为命名空间配置默认的 CPU 请求和限制](/zh/docs/tasks/administer-cluster/manage-resources/cpu-default-namespace/)
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ weight: 20
|
|||
<!--
|
||||
This page shows how to use the `runAsUserName` setting for Pods and containers that will run on Windows nodes. This is roughly equivalent of the Linux-specific `runAsUser` setting, allowing you to run applications in a container as a different username than the default.
|
||||
-->
|
||||
本页展示如何为运行为在 Windows 节点上运行的 Pod 和容器配置 `RunAsUserName` 。
|
||||
本页展示如何为运行为在 Windows 节点上运行的 Pod 和容器配置 `RunAsUserName`。
|
||||
大致相当于 Linux 上的 `runAsUser`,允许在容器中以与默认值不同的用户名运行应用。
|
||||
|
||||
## {{% heading "prerequisites" %}}
|
||||
|
|
@ -32,11 +32,11 @@ You need to have a Kubernetes cluster and the kubectl command-line tool must be
|
|||
## Set the Username for a Pod
|
||||
|
||||
To specify the username with which to execute the Pod's container processes, include the
|
||||
`securityContext` field ([PodSecurityContext](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#podsecuritycontext-v1-core))
|
||||
in the Pod specification, and within it, the `windowsOptions`
|
||||
`securityContext` field ([PodSecurityContext](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#podsecuritycontext-v1-core))
|
||||
in the Pod specification, and within it, the `windowsOptions`
|
||||
([WindowsSecurityContextOptions](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#windowssecuritycontextoptions-v1-core)) field containing the `runAsUserName` field.
|
||||
-->
|
||||
## 为 Pod 设置 Username
|
||||
## 为 Pod 设置 Username {#set-the-username-for-a-pod}
|
||||
|
||||
要指定运行 Pod 容器时所使用的用户名,请在 Pod 声明中包含 `securityContext`
|
||||
([PodSecurityContext](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#podsecuritycontext-v1-core)) 字段,
|
||||
|
|
@ -102,21 +102,21 @@ The output should be:
|
|||
|
||||
输出结果应该是这样:
|
||||
|
||||
```shell
|
||||
```
|
||||
ContainerUser
|
||||
```
|
||||
|
||||
<!--
|
||||
## Set the Username for a Container
|
||||
|
||||
To specify the username with which to execute a Container's processes, include the `securityContext` field
|
||||
([SecurityContext](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#securitycontext-v1-core))
|
||||
in the Container manifest, and within it, the
|
||||
`windowsOptions` ([WindowsSecurityContextOptions](/docs/reference/generated/kubernetes-api/{{< param
|
||||
To specify the username with which to execute a Container's processes, include the `securityContext` field
|
||||
([SecurityContext](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#securitycontext-v1-core))
|
||||
in the Container manifest, and within it, the
|
||||
`windowsOptions` ([WindowsSecurityContextOptions](/docs/reference/generated/kubernetes-api/{{< param
|
||||
"version" >}}/#windowssecuritycontextoptions-v1-core)) field containing the `runAsUserName` field.
|
||||
-->
|
||||
|
||||
## 为容器设置 Username
|
||||
## 为容器设置 Username {#set-the-username-for-a-container}
|
||||
|
||||
要指定运行容器时所使用的用户名,请在容器清单中包含 `securityContext`
|
||||
([SecurityContext](/zh/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#securitycontext-v1-core))
|
||||
|
|
@ -186,7 +186,7 @@ ContainerAdministrator
|
|||
|
||||
In order to use this feature, the value set in the `runAsUserName` field must be a valid username. It must have the following format: `DOMAIN\USER`, where `DOMAIN\` is optional. Windows user names are case insensitive. Additionally, there are some restrictions regarding the `DOMAIN` and `USER`:
|
||||
-->
|
||||
## Windows Username 的局限性
|
||||
## Windows Username 的局限性 {#windows-username-limitations}
|
||||
|
||||
想要使用此功能,在 `runAsUserName` 字段中设置的值必须是有效的用户名。
|
||||
它必须是 `DOMAIN\USER` 这种格式,其中 `DOMAIN\` 是可选的。
|
||||
|
|
@ -218,10 +218,10 @@ For more information about these limtations, check [here](https://support.micros
|
|||
## {{% heading "whatsnext" %}}
|
||||
|
||||
<!--
|
||||
* [Guide for scheduling Windows containers in Kubernetes](/docs/setup/production-environment/windows/user-guide-windows-containers/)
|
||||
* [Managing Workload Identity with Group Managed Service Accounts (GMSA)](/docs/setup/production-environment/windows/user-guide-windows-containers/#managing-workload-identity-with-group-managed-service-accounts)
|
||||
* [Guide for scheduling Windows containers in Kubernetes](/docs/concepts/windows/user-guide/)
|
||||
* [Managing Workload Identity with Group Managed Service Accounts (GMSA)](/docs/concepts/windows/user-guide/#managing-workload-identity-with-group-managed-service-accounts)
|
||||
* [Configure GMSA for Windows pods and containers](/docs/tasks/configure-pod-container/configure-gmsa/)
|
||||
-->
|
||||
* [Kubernetes 中调度 Windows 容器的指南](/zh/docs/setup/production-environment/windows/user-guide-windows-containers/)
|
||||
* [使用组托管服务帐户(GMSA)管理工作负载身份](/zh/docs/setup/production-environment/windows/user-guide-windows-containers/#managing-workload-identity-with-group-managed-service-accounts)
|
||||
* [Kubernetes 中调度 Windows 容器的指南](/zh/docs/concepts/windows/user-guide/)
|
||||
* [使用组托管服务帐户(GMSA)管理工作负载身份](/zh/docs/concepts/windows/user-guide/#managing-workload-identity-with-group-managed-service-accounts)
|
||||
* [Windows 下 pod 和容器的 GMSA 配置](/zh/docs/tasks/configure-pod-container/configure-gmsa/)
|
||||
|
|
|
|||
|
|
@ -70,7 +70,7 @@ field should be stored in a file named `annotations`.
|
|||
`/etc/podinfo` 目录。
|
||||
|
||||
查看 `downwardAPI` 下面的 `items` 数组。
|
||||
每个数组元素都是一个
|
||||
每个数组元素都是一个
|
||||
[DownwardAPIVolumeFile](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#downwardapivolumefile-v1-core)
|
||||
对象。
|
||||
第一个元素指示 Pod 的 `metadata.labels` 字段的值保存在名为 `labels` 的文件中。
|
||||
|
|
@ -112,7 +112,7 @@ kubectl logs kubernetes-downwardapi-volume-example
|
|||
```
|
||||
|
||||
<!--
|
||||
The output shows the contents of the labels file and the annotations file:
|
||||
The output shows the contents of the `labels` file and the `annotations` file:
|
||||
-->
|
||||
输出显示 `labels` 和 `annotations` 文件的内容:
|
||||
|
||||
|
|
@ -158,7 +158,7 @@ zone="us-est-coast"
|
|||
<!--
|
||||
Similarly, view the `annotations` file:
|
||||
-->
|
||||
同样,查看`annotations`文件:
|
||||
同样,查看 `annotations` 文件:
|
||||
|
||||
```shell
|
||||
/# cat /etc/podinfo/annotations
|
||||
|
|
@ -167,7 +167,7 @@ Similarly, view the `annotations` file:
|
|||
<!--
|
||||
View the files in the `/etc/podinfo` directory:
|
||||
-->
|
||||
查看`/etc/podinfo`目录下的文件:
|
||||
查看 `/etc/podinfo` 目录下的文件:
|
||||
|
||||
```shell
|
||||
/# ls -laR /etc/podinfo
|
||||
|
|
@ -191,7 +191,7 @@ lrwxrwxrwx ... Feb 6 21:47 ..data -> ..2982_06_02_21_47_53.299460680
|
|||
lrwxrwxrwx ... Feb 6 21:47 annotations -> ..data/annotations
|
||||
lrwxrwxrwx ... Feb 6 21:47 labels -> ..data/labels
|
||||
|
||||
/etc/podinfo/..2982_06_02_21_47_53.299460680:
|
||||
/etc/..2982_06_02_21_47_53.299460680:
|
||||
total 8
|
||||
-rw-r--r-- ... Feb 6 21:47 annotations
|
||||
-rw-r--r-- ... Feb 6 21:47 labels
|
||||
|
|
@ -217,6 +217,9 @@ receive Downward API updates.
|
|||
Downward API,则该容器无法收到更新事件。
|
||||
{{< /note >}}
|
||||
|
||||
<!--
|
||||
Exit the shell:
|
||||
-->
|
||||
退出 Shell:
|
||||
|
||||
```shell
|
||||
|
|
@ -277,7 +280,7 @@ Get a shell into the container that is running in your Pod:
|
|||
-->
|
||||
打开一个 Shell,进入 Pod 中运行的容器:
|
||||
|
||||
```
|
||||
```shell
|
||||
kubectl exec -it kubernetes-downwardapi-volume-example-2 -- sh
|
||||
```
|
||||
|
||||
|
|
@ -408,7 +411,7 @@ basis. For more information, see
|
|||
## 投射键名到指定路径并且指定文件权限 {#project-keys-to-specific-paths-and-file-permissions}
|
||||
|
||||
你可以将键名投射到指定路径并且指定每个文件的访问权限。
|
||||
更多信息,请参阅[Secrets](/zh/docs/concepts/configuration/secret/).
|
||||
更多信息,请参阅 [Secret](/zh/docs/concepts/configuration/secret/)。
|
||||
|
||||
<!--
|
||||
## Motivation for the Downward API
|
||||
|
|
|
|||
|
|
@ -1,10 +1,14 @@
|
|||
---
|
||||
reviewers:
|
||||
- eparis
|
||||
- pmorie
|
||||
title: 使用 ConfigMap 来配置 Redis
|
||||
content_type: tutorial
|
||||
---
|
||||
<!--
|
||||
reviewers:
|
||||
- eparis
|
||||
- pmorie
|
||||
title: Configuring Redis using a ConfigMap
|
||||
content_type: tutorial
|
||||
-->
|
||||
|
||||
<!-- overview -->
|
||||
|
||||
|
|
@ -118,7 +122,7 @@ You should see the following output:
|
|||
-->
|
||||
你应该可以看到以下输出:
|
||||
|
||||
```shell
|
||||
```
|
||||
NAME READY STATUS RESTARTS AGE
|
||||
pod/redis 1/1 Running 0 8s
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue