Merge pull request #36520 from windsonsea/podv1y

[zh] Sync1.25 /kubernetes-api/workload-resources/pod-v1.md
pull/36733/head
Kubernetes Prow Robot 2022-09-10 05:21:24 -07:00 committed by GitHub
commit d703d7b194
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 332 additions and 277 deletions

View File

@ -114,6 +114,21 @@ PodSpec 是对 Pod 的描述。
对资源限制以类似的方式应用于 Init 容器。当前无法添加或删除 Init 容器。无法更新。更多信息:
https://kubernetes.io/zh-cn/docs/concepts/workloads/pods/init-containers/
<!--
- **ephemeralContainers** ([]<a href="{{< ref "../workload-resources/pod-v1#EphemeralContainer" >}}">EphemeralContainer</a>)
*Patch strategy: merge on key `name`*
List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.
-->
- **ephemeralContainers** ([]<a href="{{< ref "../workload-resources/pod-v1#EphemeralContainer" >}}">EphemeralContainer</a>)
**补丁策略:基于 `name` 键合并**
在此 Pod 中运行的临时容器列表。临时容器可以在现有的 Pod 中运行,以执行用户发起的操作,例如调试。
此列表在创建 Pod 时不能指定,也不能通过更新 Pod 规约来修改。
要将临时容器添加到现有 Pod请使用 Pod 的 `ephemeralcontainers` 子资源。
<!--
- **imagePullSecrets** ([]<a href="{{< ref "../common-definitions/local-object-reference#LocalObjectReference" >}}">LocalObjectReference</a>)
@ -155,13 +170,14 @@ PodSpec 是对 Pod 的描述。
- `securityContext.windowsOptions`
<!--
If the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup This is a beta field and requires the IdentifyPodOS feature
If the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup
-->
如果 os 字段设置为 `windows`,则必须不能设置以下字段:
- `spec.hostPID`
- `spec.hostIPC`
- `spec.hostUsers`
- `spec.securityContext.seLinuxOptions`
- `spec.securityContext.seccompProfile`
- `spec.securityContext.fsGroup`
@ -181,8 +197,6 @@ PodSpec 是对 Pod 的描述。
- `spec.containers[*].securityContext.runAsUser`
- `spec.containers[*].securityContext.runAsGroup`
此字段为 Beta 字段,需要启用 `IdentifyPodOS` 特性门控。
<a name="PodOS"></a>
<!--
*PodOS defines the OS parameters of a pod.*
@ -404,6 +418,16 @@ PodSpec 是对 Pod 的描述。
该控制器会阻止用户设置此字段。准入控制器基于 priorityClassName 设置来填充此字段。
字段值越高,优先级越高。
<!--
- **preemptionPolicy** (string)
PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.
-->
- **preemptionPolicy** (string)
preemptionPolicy 是用来抢占优先级较低的 Pod 的策略。取值为 `"Never"`、`"PreemptLowerPriority"` 之一。
如果未设置,则默认为 `"PreemptLowerPriority"`
<!--
- **topologySpreadConstraints** ([]TopologySpreadConstraint)
@ -458,14 +482,15 @@ PodSpec 是对 Pod 的描述。
<!--
- **topologySpreadConstraints.topologyKey** (string), required
TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each \<key, value> as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes match the node selector. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field.
TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each \<key, value> as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field.
-->
- **topologySpreadConstraints.topologyKey** (string),必需
topologyKey 是节点标签的键名。如果节点的标签中包含此键名且键值亦相同,则被认为在相同的拓扑域中。
我们将每个 `<键, 值>` 视为一个 "桶Bucket",并尝试将数量均衡的 Pod 放入每个桶中。
我们定义域Domain为拓扑域的特定实例。此外我们定义候选域Eligible Domain为其节点与节点选择算符匹配的域。
我们定义域Domain为拓扑域的特定实例。
此外我们定义一个候选域Eligible Domain为其节点与 nodeAffinityPolicy 和 nodeTaintsPolicy 的要求匹配的域。
例如,如果 topologyKey 是 `"kubernetes.io/hostname"`,则每个 Node 都是该拓扑的域。
而如果 topologyKey 是 `"topology.kubernetes.io/zone"`,则每个区域都是该拓扑的一个域。
这是一个必填字段。
@ -515,13 +540,28 @@ PodSpec 是对 Pod 的描述。
以确定其相应拓扑域中的 Pod 数量。
<!--
- **topologySpreadConstraints.matchLabelKeys** ([]string)
*Atomic: will be replaced during a merge*
MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.
-->
- **topologySpreadConstraints.matchLabelKeys** ([]string)
**原子性:将在合并期间被替换**
matchLabelKeys 是一组 Pod 标签键,用于通过计算 Pod 分布方式来选择 Pod。
新 Pod 标签中不存在的键将被忽略。这些键用于从新来的 Pod 标签中查找值,这些键值标签与 labelSelector 进行逻辑与运算,
通过计算 Pod 的分布方式来选择现有 Pod 的组。新来的 Pod 标签中不存在的键将被忽略。
null 或空的列表意味着仅与 labelSelector 匹配。
<!--
- **topologySpreadConstraints.minDomains** (int32)
MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule.
For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew.
This is an alpha field and requires enabling MinDomainsInPodTopologySpread feature gate.
This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).
-->
- **topologySpreadConstraints.minDomains** (int32)
@ -545,7 +585,56 @@ PodSpec 是对 Pod 的描述。
在这种情况下,无法调度具有相同 labelSelector 的新 Pod因为如果基于新 Pod 计算的偏差值将为
33-0。将这个 Pod 调度到三个区域中的任何一个,都会违反 maxSkew 约束。
此字段是一个 Alpha 字段,需要启用 MinDomainsInPodTopologySpread 特性门控。
此字段是一个 Beta 字段,需要启用 MinDomainsInPodTopologySpread 特性门控(默认被启用)。
<!--
- **topologySpreadConstraints.nodeAffinityPolicy** (string)
NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
If this value is nil, the behavior is equivalent to the Honor policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
-->
- **topologySpreadConstraints.nodeAffinityPolicy** (string)
nodeAffinityPolicy 表示我们在计算 Pod 拓扑分布偏差时将如何处理 Pod 的 nodeAffinity/nodeSelector。
选项为:
- Honor只有与 nodeAffinity/nodeSelector 匹配的节点才会包括到计算中。
- IgnorenodeAffinity/nodeSelector 被忽略。所有节点均包括到计算中。
如果此值为 nil此行为等同于 Honor 策略。
这是通过 NodeInclusionPolicyInPodTopologySpread 特性标志启用的 Alpha 级别特性。
<!--
- **topologySpreadConstraints.nodeTaintsPolicy** (string)
NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included.
If this value is nil, the behavior is equivalent to the Ignore policy. This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
-->
- **topologySpreadConstraints.nodeTaintsPolicy** (string)
nodeTaintsPolicy 表示我们在计算 Pod 拓扑分布偏差时将如何处理节点污点。选项为:
- Honor包括不带污点的节点以及新来 Pod 具有容忍度且带有污点的节点。
- Ignore节点污点被忽略。包括所有节点。
如果此值为 nil此行为等同于 Ignore 策略。
这是通过 NodeInclusionPolicyInPodTopologySpread 特性标志启用的 Alpha 级别特性。
<!--
- **overhead** (map[string]<a href="{{< ref "../common-definitions/quantity#Quantity" >}}">Quantity</a>)
Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md
-->
- **overhead** (map[string]<a href="{{< ref "../common-definitions/quantity#Quantity" >}}">Quantity</a>)
overhead 表示与用指定 RuntimeClass 运行 Pod 相关的资源开销。
该字段将由 RuntimeClass 准入控制器在准入时自动填充。
如果启用了 RuntimeClass 准入控制器,则不得在 Pod 创建请求中设置 overhead 字段。
RuntimeClass 准入控制器将拒绝已设置 overhead 字段的 Pod 创建请求。
如果在 Pod 规约中配置并选择了 RuntimeClassoverhead 字段将被设置为对应 RuntimeClass 中定义的值,
否则将保持不设置并视为零。更多信息:
https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md
<!--
### Lifecycle
@ -1146,53 +1235,22 @@ PodSpec 是对 Pod 的描述。
如果同时在 SecurityContext 和 PodSecurityContext 中设置,则在 SecurityContext 中指定的值优先。
<!--
### Beta level
### Alpha level
-->
### Beta 级别
### Alpha 级别
<!--
- **ephemeralContainers** ([]<a href="{{< ref "../workload-resources/pod-v1#EphemeralContainer" >}}">EphemeralContainer</a>)
- **hostUsers** (boolean)
*Patch strategy: merge on key `name`*
List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. This field is beta-level and available on clusters that haven't disabled the EphemeralContainers feature gate.
Use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.
-->
- **hostUsers** (boolean)
- **ephemeralContainers** ([]<a href="{{< ref "../workload-resources/pod-v1#EphemeralContainer" >}}">EphemeralContainer</a>)
**补丁策略:基于 `name` 键合并**
在此 Pod 中运行的临时容器列表。临时容器可以在现有的 Pod 中运行,以执行用户发起的操作,例如调试。
此列表在创建 Pod 时不能指定,也不能通过更新 Pod 规约来修改。
要将临时容器添加到现有 Pod请使用 Pod 的 `ephemeralcontainers` 子资源。
此字段是 Beta 级别的,可在尚未禁用 EphemeralContainers 特性门控的集群上使用。
<!--
- **preemptionPolicy** (string)
PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.
-->
- **preemptionPolicy** (string)
PreemptionPolicy 是用来抢占优先级较低的 Pod 的策略。取值为 `"Never"`、`"PreemptLowerPriority"` 之一。
如果未设置,则默认为 `"PreemptLowerPriority"`
<!--
- **overhead** (map[string]<a href="{{< ref "../common-definitions/quantity#Quantity" >}}">Quantity</a>)
Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md
-->
- **overhead** (map[string]<a href="{{< ref "../common-definitions/quantity#Quantity" >}}">Quantity</a>)
overhead 表示与用指定 RuntimeClass 运行 Pod 相关的资源开销。该字段将由 RuntimeClass 准入控制器在准入时自动填充。
如果启用了 RuntimeClass 准入控制器,则不得在 Pod 创建请求中设置 overhead 字段。
RuntimeClass 准入控制器将拒绝已设置 overhead 字段的 Pod 创建请求。
如果在 Pod 规约中配置并选择了 RuntimeClassoverhead 字段将被设置为对应 RuntimeClass
中定义的值,否则将保持未设置并视为零。更多信息:
https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md
使用主机的用户名字空间。可选:默认为 true。如果设置为 true 或不存在,则 Pod 将运行在主机的用户名字空间中,
当 Pod 需要仅对主机用户名字空间可用的一个特性时这会很有用,例如使用 CAP_SYS_MODULE 加载内核模块。
当设置为 false 时,会为该 Pod 创建一个新的用户名字空间。
设置为 false 对于缓解容器逃逸漏洞非常有用,可防止允许实际在主机上没有 root 特权的用户以 root 运行他们的容器。
此字段是 Alpha 级别的字段,只有启用 UserNamespacesSupport 特性的服务器才能使用此字段。
<!--
### Deprecated
@ -1202,7 +1260,7 @@ PodSpec 是对 Pod 的描述。
DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.
-->
### 已弃用
### 已弃用
- **serviceAccount** (string)
@ -1217,8 +1275,7 @@ A single application container that you want to run within a pod.
Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
-->
## Container
## 容器 {#Container}
要在 Pod 中运行的单个应用容器。
@ -1312,7 +1369,7 @@ A single application container that you want to run within a pod.
*Map: unique values on keys `containerPort, protocol` will be kept during a merge*
List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated.
List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.
*ContainerPort represents a network port in a single container.*
-->
@ -1323,9 +1380,10 @@ A single application container that you want to run within a pod.
**映射:键 `containerPort, protocol` 组合的唯一值将在合并期间保留**
要从容器公开的端口列表。在此处公开端口可为系统提供有关容器使用的网络连接的附加信息,但主要是信息性的。
此处不指定端口不会阻止该端口被暴露。
任何侦听容器内默认 `"0.0.0.0"` 地址的端口都可以从网络访问。无法更新。
要从容器暴露的端口列表。此处不指定端口不会阻止该端口被暴露。
任何侦听容器内默认 `"0.0.0.0"` 地址的端口都可以从网络访问。使用策略合并补丁来修改此数组可能会破坏数据。
更多细节请参阅 https://github.com/kubernetes/kubernetes/issues/108255。
无法更新。
<a name="ContainerPort"></a>
**ContainerPort 表示单个容器中的网络端口。**
@ -2236,7 +2294,7 @@ A single application container that you want to run within a pod.
容器运行时是否应在某个 attach 打开 stdin 通道后关闭它。当 stdin 为 true 时stdin 流将在多个 attach 会话中保持打开状态。
如果 stdinOnce 设置为 true则 stdin 在容器启动时打开,在第一个客户端连接到 stdin 之前为空,
然后保持打开并接受数据,直到客户端断开连接,此时 stdin 关闭并保持关闭直到容器重新启动。
如果此标志为 false则从 stdin 读取的容器进程将永远不会收到 EOF。 默认为 false。
如果此标志为 false则从 stdin 读取的容器进程将永远不会收到 EOF。默认为 false。
## EphemeralContainer {#EphemeralContainer}
@ -2244,8 +2302,6 @@ A single application container that you want to run within a pod.
An EphemeralContainer is a temporary container that you may add to an existing Pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not be restarted when they exit or when a Pod is removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the Pod to exceed its resource allocation.
To add an ephemeral container, use the ephemeralcontainers subresource of an existing Pod. Ephemeral containers may not be removed or restarted.
This is a beta feature available on clusters that haven't disabled the EphemeralContainers feature gate.
-->
EphemeralContainer 是一个临时容器,你可以将其添加到现有 Pod 以用于用户发起的活动,例如调试。
临时容器没有资源或调度保证,它们在退出或 Pod 被移除或重新启动时不会重新启动。
@ -2253,8 +2309,6 @@ EphemeralContainer 是一个临时容器,你可以将其添加到现有 Pod
要添加临时容器,请使用现有 Pod 的 `ephemeralcontainers` 子资源。临时容器不能被删除或重新启动。
这是未禁用 EphemeralContainers 特性门控的集群上可用的 Beta 功能。
<hr>
<!--
@ -2750,7 +2804,7 @@ EphemeralContainer 是一个临时容器,你可以将其添加到现有 Pod
可选字段。挂载到容器文件系统的路径,用于写入容器终止消息的文件。
写入的消息旨在成为简短的最终状态,例如断言失败消息。如果超出 4096 字节,将被节点截断。
所有容器的总消息长度将限制为 12 KB。 默认为 `/dev/termination-log`。无法更新。
所有容器的总消息长度将限制为 12 KB。默认为 `/dev/termination-log`。无法更新。
<!--
- **terminationMessagePolicy** (string)
@ -2873,7 +2927,7 @@ EphemeralContainer 是一个临时容器,你可以将其添加到现有 Pod
- **securityContext.readOnlyRootFilesystem** boolean
此容器是否具有只读根文件系统。
默认为 false。 注意,`spec.os.name` 为 "windows" 时不能设置该字段。
默认为 false。注意`spec.os.name` 为 "windows" 时不能设置该字段。
<!--
- **securityContext.procMount** (string)
@ -2895,7 +2949,7 @@ EphemeralContainer 是一个临时容器,你可以将其添加到现有 Pod
- **securityContext.privileged** boolean
以特权模式运行容器。特权容器中的进程本质上等同于主机上的 root。 默认为 false。
以特权模式运行容器。特权容器中的进程本质上等同于主机上的 root。默认为 false。
注意,`spec.os.name` 为 "windows" 时不能设置该字段。
<!--
@ -2907,7 +2961,7 @@ EphemeralContainer 是一个临时容器,你可以将其添加到现有 Pod
- **securityContext.allowPrivilegeEscalation** boolean
allowPrivilegeEscalation 控制进程是否可以获得比其父进程更多的权限。
此布尔值直接控制是否在容器进程上设置 `no_new_privs` 标志。 allowPrivilegeEscalation
此布尔值直接控制是否在容器进程上设置 `no_new_privs` 标志。allowPrivilegeEscalation
在容器处于以下状态时始终为 true
1. 以特权身份运行
@ -3186,7 +3240,7 @@ EphemeralContainer 是一个临时容器,你可以将其添加到现有 Pod
- **ports.protocol** string
端口协议。必须是 `UDP`、`TCP` 或 `SCTP` 之一。 默认为 `TCP`
端口协议。必须是 `UDP`、`TCP` 或 `SCTP` 之一。默认为 `TCP`
<!--
- **resources** (ResourceRequirements)
@ -3633,7 +3687,7 @@ Pod 反亲和性是一组 Pod 间反亲和性调度规则。
- **preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm** (PodAffinityTerm),必需
必需的字段。 一个 Pod 亲和性条件,与相应的权重相关联。
必需的字段。一个 Pod 亲和性条件,与相应的权重相关联。
<a name="PodAffinityTerm"></a>
定义一组 Pod即那些与给定名字空间相关的标签选择算符匹配的 Pod 集合),
@ -3841,7 +3895,7 @@ Probe describes a health check to be performed against a container to determine
容器上要访问的端口的名称或端口号。端口号必须在 1 到 65535 内。名称必须是 IANA_SVC_NAME。
<a name="IntOrString"></a>
`IntOrString` 是一种可以保存 int32 或字符串值的类型。 在 JSON 或 YAML 编组和解组时,
`IntOrString` 是一种可以保存 int32 或字符串值的类型。在 JSON 或 YAML 编组和解组时,
它会生成或使用内部类型。例如,这允许你拥有一个可以接受名称或数字的 JSON 字段。
<!--
@ -3852,7 +3906,7 @@ Probe describes a health check to be performed against a container to determine
- **httpGet.host** string
要连接的主机名,默认为 Pod IP。 你可能想在 `httpHeaders` 中设置 "Host"。
要连接的主机名,默认为 Pod IP。你可能想在 `httpHeaders` 中设置 "Host"。
<!--
- **httpGet.httpHeaders** ([]HTTPHeader)
@ -4048,7 +4102,6 @@ Probe describes a health check to be performed against a container to determine
如果未指定,则默认行为由 gRPC 定义。
## PodStatus {#PodStatus}
<!--
@ -4157,6 +4210,7 @@ PodStatus 表示有关 Pod 状态的信息。状态内容可能会滞后于系
<a name="PodIP"></a>
*IP address information for entries in the (plural) PodIPs field. Each entry includes:
IP: An IP address allocated to the pod. Routable at least within the cluster.*
-->
- **podIPs** []PodIP
@ -4167,8 +4221,9 @@ PodStatus 表示有关 Pod 状态的信息。状态内容可能会滞后于系
Pod 最多可以为 IPv4 和 IPv6 各分配 1 个值。如果尚未分配 IP则此列表为空。
<a name="PodIP"></a>
podIPs 字段中每个条目的 IP 地址信息。每个条目都包含 `ip` 字段,给出分配给 Pod 的 IP 地址。
该 IP 地址至少在集群内可路由。
podIPs 字段中每个条目的 IP 地址信息。每个条目都包含:
`ip` 字段:给出分配给 Pod 的 IP 地址。该 IP 地址至少在集群内可路由。
<!--
- **podIPs.ip** (string)
@ -4272,12 +4327,12 @@ PodStatus 表示有关 Pod 状态的信息。状态内容可能会滞后于系
<!--
- **qosClass** (string)
The Quality of Service (QOS) classification assigned to the pod based on resource requirements See PodQOSClass type for available QOS classes More info: https://git.k8s.io/design-proposals-archive/node/resource-qos.md
The Quality of Service (QOS) classification assigned to the pod based on resource requirements See PodQOSClass type for available QOS classes More info: https://git.k8s.io/community/contributors/design-proposals/node/resource-qos.md
-->
- **qosClass** string
根据资源要求分配给 Pod 的服务质量 (QOS) 分类。有关可用的 QOS 类,请参阅 PodQOSClass 类型。
更多信息: https://git.k8s.io/design-proposals-archive/node/resource-qos.md
更多信息: https://git.k8s.io/community/contributors/design-proposals/node/resource-qos.md
<!--
- **initContainerStatuses** ([]ContainerStatus)
@ -5124,7 +5179,7 @@ PodStatus 表示有关 Pod 状态的信息。状态内容可能会滞后于系
<!--
- **ephemeralContainerStatuses** ([]ContainerStatus)
Status for any ephemeral containers that have run in this pod. This field is beta-level and available on clusters that haven't disabled the EphemeralContainers feature gate.
Status for any ephemeral containers that have run in this pod.
<a name="ContainerStatus"></a>
*ContainerStatus contains details for the current status of this container.*
@ -5132,8 +5187,8 @@ PodStatus 表示有关 Pod 状态的信息。状态内容可能会滞后于系
- **ephemeralContainerStatuses** []ContainerStatus
已在此 Pod 中运行的任何临时容器的状态。
此字段是 Beta 级别的,可在尚未禁用 `EphemeralContainers` 特性门控的集群上使用。
<a name="ContainerStatus"></a>
**ContainerStatus 包含此容器当前状态的详细信息。**
<!--