diff --git a/content/zh-cn/docs/concepts/security/pod-security-policy.md b/content/zh-cn/docs/concepts/security/pod-security-policy.md index 6ea7b7de32..048734bf1f 100644 --- a/content/zh-cn/docs/concepts/security/pod-security-policy.md +++ b/content/zh-cn/docs/concepts/security/pod-security-policy.md @@ -13,6 +13,8 @@ content_type: concept weight: 30 --> + + {{< feature-state for_k8s_version="v1.21" state="deprecated" >}} {{< caution >}} @@ -50,9 +52,9 @@ administrator to control the following: --> ## 什么是 Pod 安全策略? {#what-is-a-pod-security-policy} -**Pod 安全策略(Pod Security Policy)**是集群级别的资源,它能够控制 Pod +**Pod 安全策略(Pod Security Policy)** 是集群级别的资源,它能够控制 Pod 规约中与安全性相关的各个方面。 -[PodSecurityPolicy](/zh-cn/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#podsecuritypolicy-v1beta1-policy) +[PodSecurityPolicy](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#podsecuritypolicy-v1beta1-policy) 对象定义了一组 Pod 运行时必须遵循的条件及相关字段的默认值,只有 Pod 满足这些条件才会被系统接受。 Pod 安全策略允许管理员控制如下操作: @@ -269,7 +271,7 @@ paired with system groups to grant access to all pods run in the namespace: 参阅[角色绑定示例](/zh-cn/docs/reference/access-authn-authz/rbac#role-binding-examples)查看 @@ -310,7 +312,7 @@ PodSecurityPolicy 正在被一个新的、简化的 `PodSecurity` - {{< example file="policy/restricted-psp.yaml" >}}Restricted{{< /example >}} -输出类似于: +输出类似于 ``` kubernetes.io/psp: example @@ -679,18 +681,15 @@ Let's try that again, slightly differently: kubectl-user create deployment pause --image=k8s.gcr.io/pause ``` -输出为: -``` + +```none deployment "pause" created ``` - ```shell kubectl-user get pods ``` -输出为: - ``` No resources found. ``` @@ -699,7 +698,6 @@ No resources found. kubectl-user get events | head -n 2 ``` -输出为: ``` LASTSEEN FIRSTSEEN COUNT NAME KIND SUBOBJECT TYPE REASON SOURCE MESSAGE 1m 2m 15 pause-7774d79b5 ReplicaSet Warning FailedCreate replicaset-controller Error creating: pods "pause-7774d79b5-" is forbidden: no providers available to validate pod request @@ -791,9 +789,7 @@ up separately: kubectl-admin delete psp example ``` -输出类似于: - -```none +``` podsecuritypolicy "example" deleted ``` @@ -1379,5 +1375,5 @@ Refer to the [Sysctl documentation](/docs/tasks/administer-cluster/sysctl-cluste - 参阅 [Pod 安全标准](/zh-cn/docs/concepts/security/pod-security-standards/), 了解策略建议。 -- 阅读 [PodSecurityPolicy 参考](/zh-cn/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#podsecuritypolicy-v1beta1-policy), +- 阅读 [PodSecurityPolicy 参考](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#podsecuritypolicy-v1beta1-policy), 了解 API 细节。 diff --git a/content/zh-cn/docs/reference/glossary/host-aliases.md b/content/zh-cn/docs/reference/glossary/host-aliases.md index a2ef9729ba..03fedb5cdb 100644 --- a/content/zh-cn/docs/reference/glossary/host-aliases.md +++ b/content/zh-cn/docs/reference/glossary/host-aliases.md @@ -2,7 +2,7 @@ title: HostAliases id: HostAliases date: 2019-01-31 -full_link: /zh-cn/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#hostalias-v1-core +full_link: /docs/reference/generated/kubernetes-api/{{< param "version" >}}/#hostalias-v1-core short_description: > 主机别名 (HostAliases) 是一组 IP 地址和主机名的映射,用于注入到 Pod 内的 hosts 文件。 diff --git a/content/zh-cn/docs/reference/glossary/kubelet.md b/content/zh-cn/docs/reference/glossary/kubelet.md index 41b4dea14b..5b2084bd7a 100644 --- a/content/zh-cn/docs/reference/glossary/kubelet.md +++ b/content/zh-cn/docs/reference/glossary/kubelet.md @@ -2,7 +2,7 @@ title: Kubelet id: kubelet date: 2018-04-12 -full_link: /zh-cn/docs/reference/generated/kubelet +full_link: /docs/reference/generated/kubelet short_description: > 一个在集群中每个节点上运行的代理。它保证容器都运行在 Pod 中。 @@ -38,4 +38,3 @@ The kubelet takes a set of PodSpecs that are provided through various mechanisms kubelet 接收一组通过各类机制提供给它的 PodSpecs, 确保这些 PodSpecs 中描述的容器处于运行状态且健康。 kubelet 不会管理不是由 Kubernetes 创建的容器。 -