Merge pull request #48822 from my-git9/pp-24144

[zh-cn]sync and improve volumes.md
pull/48867/head
Kubernetes Prow Robot 2024-11-27 01:04:56 +00:00 committed by GitHub
commit b6408350a5
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 126 additions and 19 deletions

View File

@ -497,7 +497,7 @@ to mount in a Pod. You can specify single or multiple target world wide names (W
using the parameter `targetWWNs` in your Volume configuration. If multiple WWNs are specified,
targetWWNs expect that those WWNs are from multi-path connections.
-->
### fc (光纤通道) {#fc}
### fc(光纤通道) {#fc}
`fc` 卷类型允许将现有的光纤通道块存储卷挂载到 Pod 中。
可以使用卷配置中的参数 `targetWWNs` 来指定单个或多个目标 WWNWorld Wide Names
@ -591,12 +591,12 @@ You can restrict the use of `gitRepo` volumes in your cluster using
[ValidatingAdmissionPolicy](/docs/reference/access-authn-authz/validating-admission-policy/).
You can use the following Common Expression Language (CEL) expression as
part of a policy to reject use of `gitRepo` volumes:
`has(object.spec.volumes) || !object.spec.volumes.exists(v, has(v.gitRepo))`.
`!has(object.spec.volumes) || !object.spec.volumes.exists(v, has(v.gitRepo))`.
-->
你可以使用 [ValidatingAdmissionPolicy](/zh-cn/docs/reference/access-authn-authz/validating-admission-policy/)
这类[策略](/zh-cn/docs/concepts/policy/)来限制在你的集群中使用 `gitRepo` 卷。
你可以使用以下通用表达语言CEL表达式作为策略的一部分以拒绝使用 `gitRepo` 卷:
`has(object.spec.volumes) || !object.spec.volumes.exists(v, has(v.gitRepo))`。
`!has(object.spec.volumes) || !object.spec.volumes.exists(v, has(v.gitRepo))`。
{{< /warning >}}
<!--
@ -788,19 +788,38 @@ root 身份运行进程,或者修改主机上的文件权限,以便能够从
-->
#### hostPath 配置示例
{{< tabs name="hostpath_examples" >}}
<!--
Linux node
---
# This manifest mounts /data/foo on the host as /foo inside the
# single container that runs within the hostpath-example-linux Pod.
#
# The mount into the container is read-only.
apiVersion: v1
kind: Pod
metadata:
name: hostpath-example-linux
spec:
os: { name: linux }
nodeSelector:
kubernetes.io/os: linux
containers:
- name: example-container
image: registry.k8s.io/test-webserver
volumeMounts:
- mountPath: /foo
name: example-volume
readOnly: true
volumes:
- name: example-volume
# mount /data/foo, but only if that directory already exists
# directory location on host
# this field is optional
hostPath:
path: /data/foo # directory location on host
type: Directory # this field is optional
-->
{{< tabs name="hostpath_examples" >}}
{{< tab name="Linux 节点" codelang="yaml" >}}
---
# 此清单将主机上的 /data/foo 挂载为 hostpath-example-linux Pod 中运行的单个容器内的 /foo
@ -831,15 +850,32 @@ spec:
<!--
Windows node
---
# This manifest mounts C:\Data\foo on the host as C:\foo, inside the
# single container that runs within the hostpath-example-windows Pod.
#
# The mount into the container is read-only.
apiVersion: v1
kind: Pod
metadata:
name: hostpath-example-windows
spec:
os: { name: windows }
nodeSelector:
kubernetes.io/os: windows
containers:
- name: example-container
image: microsoft/windowsservercore:1709
volumeMounts:
- name: example-volume
mountPath: "C:\\foo"
readOnly: true
volumes:
# mount C:\Data\foo from the host, but only if that directory already exists
# directory location on host
# this field is optional
- name: example-volume
hostPath:
path: "C:\\Data\\foo" # directory location on host
type: Directory # this field is optional
-->
{{< tab name="Windows 节点" codelang="yaml" >}}
---
@ -899,7 +935,34 @@ Here's the example manifest:
以下是清单示例:
<!--
```yaml
apiVersion: v1
kind: Pod
metadata:
name: test-webserver
spec:
os: { name: linux }
nodeSelector:
kubernetes.io/os: linux
containers:
- name: test-webserver
image: registry.k8s.io/test-webserver:latest
volumeMounts:
- mountPath: /var/local/aaa
name: mydir
- mountPath: /var/local/aaa/1.txt
name: myfile
volumes:
- name: mydir
hostPath:
# Ensure the file directory is created.
path: /var/local/aaa
type: DirectoryOrCreate
- name: myfile
hostPath:
path: /var/local/aaa/1.txt
type: FileOrCreate
```
-->
```yaml
apiVersion: v1
@ -1307,7 +1370,25 @@ Here is an example Pod referencing a pre-provisioned Portworx volume:
下面是一个引用预先配备的 Portworx 卷的示例 Pod
<!--
```yaml
apiVersion: v1
kind: Pod
metadata:
name: test-portworx-volume-pod
spec:
containers:
- image: registry.k8s.io/test-webserver
name: test-container
volumeMounts:
- mountPath: /mnt
name: pxvol
volumes:
- name: pxvol
# This Portworx volume must already exist.
portworxVolume:
volumeID: "pxvol"
fsType: "<fs-type>"
```
-->
```yaml
apiVersion: v1
@ -1432,7 +1513,7 @@ receive Secret updates.
<!--
For more details, see [Configuring Secrets](/docs/concepts/configuration/secret/).
-->
更多详情请参考[配置 Secrets](/zh-cn/docs/concepts/configuration/secret/)。
更多详情请参考[配置 Secret](/zh-cn/docs/concepts/configuration/secret/)。
<!--
### vsphereVolume (deprecated) {#vspherevolume}
@ -1612,7 +1693,33 @@ The host directory `/var/log/pods/pod1` is mounted at `/logs` in the container.
宿主机目录 `/var/log/pods/pod1` 被挂载到容器的 `/logs` 中。
<!--
```yaml
apiVersion: v1
kind: Pod
metadata:
name: pod1
spec:
containers:
- name: container1
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
image: busybox:1.28
command: [ "sh", "-c", "while [ true ]; do echo 'Hello'; sleep 10; done | tee -a /logs/hello.txt" ]
volumeMounts:
- name: workdir1
mountPath: /logs
# The variable expansion uses round brackets (not curly brackets).
subPathExpr: $(POD_NAME)
restartPolicy: Never
volumes:
- name: workdir1
hostPath:
path: /var/log/pods
```
-->
```yaml
apiVersion: v1