kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

sync configure-upgrade-etc kubeadm-certs verify-signed-artifacts

pull/43354/head
xin gu 2023-10-07 13:12:46 +08:00
parent 9d88e756e7
commit dd7930f5d7
3 changed files with 16 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
content/zh-cn/docs/tasks/administer-cluster/configure-upgrade-etcd.md
View File

@ -21,6 +21,17 @@ weight: 270
{{< include "task-tutorial-prereqs.md" >}} {{< version-check >}} {{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
<!--
You need to have a Kubernetes cluster, and the kubectl command-line tool must
be configured to communicate with your cluster. It is recommended to run this
task on a cluster with at least two nodes that are not acting as control plane
nodes . If you do not already have a cluster, you can create one by using
[minikube](https://minikube.sigs.k8s.io/docs/tutorials/multi_node/).
-->
你需要有一个 Kubernetes 集群,并且必须配置 kubectl 命令行工具以与你的集群通信。
建议在至少有两个不充当控制平面的节点上运行此任务。如果你还没有集群,
你可以使用 [minikube](https://minikube.sigs.k8s.io/docs/tutorials/multi_node/) 创建一个。
<!-- steps --> <!-- steps -->
<!-- <!--

5
content/zh-cn/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md
View File

@ -607,13 +607,14 @@ IP 或域名请求服务证书。
During cluster creation, kubeadm signs the certificate in the `admin.conf` to have During cluster creation, kubeadm signs the certificate in the `admin.conf` to have
`Subject: O = system:masters, CN = kubernetes-admin`. `Subject: O = system:masters, CN = kubernetes-admin`.
[`system:masters`](/docs/reference/access-authn-authz/rbac/#user-facing-roles) [`system:masters`](/docs/reference/access-authn-authz/rbac/#user-facing-roles)
is a break-glass, super user group that bypasses the authorization layer (e.g. RBAC). is a break-glass, super user group that bypasses the authorization layer (for example,
[RBAC](/docs/reference/access-authn-authz/rbac/)).
Sharing the `admin.conf` with additional users is **not recommended**! Sharing the `admin.conf` with additional users is **not recommended**!
--> -->
在集群创建过程中kubeadm 对 `admin.conf` 中的证书进行签名时,将其配置为 在集群创建过程中kubeadm 对 `admin.conf` 中的证书进行签名时,将其配置为
`Subject: O = system:masters, CN = kubernetes-admin` `Subject: O = system:masters, CN = kubernetes-admin`
[`system:masters`](/zh-cn/docs/reference/access-authn-authz/rbac/#user-facing-roles) [`system:masters`](/zh-cn/docs/reference/access-authn-authz/rbac/#user-facing-roles)
是一个例外的超级用户组,可以绕过鉴权层(例如 RBAC 是一个例外的超级用户组,可以绕过鉴权层(例如 [RBAC](/zh-cn/docs/reference/access-authn-authz/rbac/))。
强烈建议不要将 `admin.conf` 文件与任何人共享。 强烈建议不要将 `admin.conf` 文件与任何人共享。
<!-- <!--

4
content/zh-cn/docs/tasks/administer-cluster/verify-signed-artifacts.md
View File

@ -22,13 +22,13 @@ You will need to have the following tools installed:
- `cosign` ([install guide](https://docs.sigstore.dev/cosign/installation/)) - `cosign` ([install guide](https://docs.sigstore.dev/cosign/installation/))
- `curl` (often provided by your operating system) - `curl` (often provided by your operating system)
- `jq` ([download jq](https://stedolan.github.io/jq/download/)) - `jq` ([download jq](https://jqlang.github.io/jq/download/))
--> -->
你需要安装以下工具: 你需要安装以下工具:
- `cosign`[安装指南](https://docs.sigstore.dev/cosign/installation/) - `cosign`[安装指南](https://docs.sigstore.dev/cosign/installation/)
- `curl`(通常由你的操作系统提供) - `curl`(通常由你的操作系统提供)
- `jq`[下载 jq](https://stedlan.github.io/jq/download/) - `jq`[下载 jq](https://jqlang.github.io/jq/download/)
<!-- <!--