kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #47939 from my-git9/pp-24166 

[zh-cn]sync network-policy-v1 resource-quota-v1 endpoints-v1 kubeadm-config.v1beta3
pull/47979/head
Kubernetes Prow Robot 2024-09-18 02:04:43 +01:00 committed by GitHub
parent 59a2d2e619 03b03cb204
commit de3200a402
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 83 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
content/zh-cn/docs/reference/config-api/kubeadm-config.v1beta3.md
View File

@ -27,11 +27,11 @@ This version improves on the v1beta2 format by fixing some minor issues and addi
<ul>
<li>The deprecated &quot;ClusterConfiguration.useHyperKubeImage&quot; field has been removed.
Kubeadm no longer supports the hyperkube image.</li>
<li>The &quot;ClusterConfiguration.DNS.Type&quot; field has been removed since CoreDNS is the only supported
<li>The &quot;ClusterConfiguration.dns.Type&quot; field has been removed since CoreDNS is the only supported
DNS server type by kubeadm.</li>
<li>Include &quot;datapolicy&quot; tags on the fields that hold secrets.
This would result in the field values to be omitted when API structures are printed with klog.</li>
<li>Add &quot;InitConfiguration.SkipPhases&quot;, &quot;JoinConfiguration.SkipPhases&quot; to allow skipping
<li>Add &quot;InitConfiguration.skipPhases&quot;, &quot;JoinConfiguration.skipPhases&quot; to allow skipping
a list of phases during kubeadm init/join command execution.</li>
-->
<ul>
@ -44,11 +44,11 @@ kubeadm 所支持的唯一 DNS 服务器类型。</li>
<li>添加了 &quot;InitConfiguration.skipPhases&quot;&quot;JoinConfiguration.skipPhases&quot;
以允许在执行 <code>kubeadm init/join</code> 命令时略过某些阶段。</li>
<!--
<li>Add &quot;InitConfiguration.NodeRegistration.ImagePullPolicy&quot; and &quot;JoinConfiguration.NodeRegistration.ImagePullPolicy&quot;
<li>Add &quot;InitConfiguration.nodeRegistration.imagePullPolicy&quot; and &quot;JoinConfiguration.nodeRegistration.imagePullPolicy&quot;
to allow specifying the images pull policy during kubeadm &quot;init&quot; and &quot;join&quot;.
The value must be one of &quot;Always&quot;, &quot;Never&quot; or &quot;IfNotPresent&quot;.
&quot;IfNotPresent&quot; is the default, which has been the existing behavior prior to this addition.</li>
<li>Add &quot;InitConfiguration.Patches.Directory&quot;, &quot;JoinConfiguration.Patches.Directory&quot; to allow
<li>Add &quot;InitConfiguration.patches.directory&quot;, &quot;JoinConfiguration.patches.directory&quot; to allow
the user to configure a directory from which to take patches for components deployed by kubeadm.</li>
<li>Move the BootstrapToken* API and related utilities out of the &quot;kubeadm&quot; API group to a new group
&quot;bootstraptoken&quot;. The kubeadm API version v1beta3 no longer contains the BootstrapToken* structures.</li>
@ -496,7 +496,7 @@ for, so other administrators can know its purpose.
</td>
</tr>
<tr><td><code>expires</code><br/>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#time-v1-meta"><code>meta/v1.Time</code></a>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#time-v1-meta"><code>meta/v1.Time</code></a>
</td>
<td>
<!--
@ -1531,7 +1531,7 @@ HostPathMount contains elements describing volumes that are mounted from the hos
</td>
</tr>
<tr><td><code>pathType</code><br/>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#hostpathtype-v1-core"><code>core/v1.HostPathType</code></a>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#hostpathtype-v1-core"><code>core/v1.HostPathType</code></a>
</td>
<td>
<!--
@ -1827,7 +1827,7 @@ This information will be annotated to the Node API object, for later re-use.
</td>
</tr>
<tr><td><code>taints</code> <B><!--[Required]-->[必需]</B><br/>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#taint-v1-core"><code>[]core/v1.Taint</code></a>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#taint-v1-core"><code>[]core/v1.Taint</code></a>
</td>
<td>
<!--
@ -1880,7 +1880,7 @@ the current node is registered, e.g.
</td>
</tr>
<tr><td><code>imagePullPolicy</code><br/>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#pullpolicy-v1-core"><code>core/v1.PullPolicy</code></a>
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#pullpolicy-v1-core"><code>core/v1.PullPolicy</code></a>
</td>
<td>
<!--

42
content/zh-cn/docs/reference/kubernetes-api/policy-resources/network-policy-v1.md
View File

@ -6,7 +6,7 @@ api_metadata:
content_type: "api_reference"
description: "NetworkPolicy 描述针对一组 Pod 所允许的网络流量。"
title: "NetworkPolicy"
weight: 3
weight: 4
---
<!--
api_metadata:
@ -16,7 +16,7 @@ api_metadata:
content_type: "api_reference"
description: "NetworkPolicy describes what network traffic is allowed for a set of Pods."
title: "NetworkPolicy"
weight: 3
weight: 4
auto_generated: true
-->
@ -74,20 +74,26 @@ NetworkPolicySpec 定义特定 NetworkPolicy 所需的所有信息.
<!--
- **policyTypes** ([]string)
*Atomic: will be replaced during a merge*
policyTypes is a list of rule types that the NetworkPolicy relates to. Valid options are ["Ingress"], ["Egress"], or ["Ingress", "Egress"]. If this field is not specified, it will default based on the existence of ingress or egress rules; policies that contain an egress section are assumed to affect egress, and all policies (whether or not they contain an ingress section) are assumed to affect ingress. If you want to write an egress-only policy, you must explicitly specify policyTypes [ "Egress" ]. Likewise, if you want to write a policy that specifies that no egress is allowed, you must specify a policyTypes value that include "Egress" (since such a policy would not include an egress section and would otherwise default to just [ "Ingress" ]). This field is beta-level in 1.8
-->
- **policyTypes** ([]string)
**原子:将在合并期间被替换**
policyTypes 是 NetworkPolicy 相关的规则类型列表。有效选项为 `[“Ingress”]`、`[“Egress”]` 或 `[“Ingress” “Egress”]`
如果不指定此字段,则默认值取决是否存在 Ingress 或 Egress 规则;规则里包含 Egress 部分的策略将会影响出站流量,
并且所有策略(无论它们是否包含 Ingress 部分)都将会影响 入站流量。
如果要仅定义出站流量策略,则必须明确指定 `[ "Egress" ]`
同样,如果要定义一个指定拒绝所有出站流量的策略,则必须指定一个包含 “Egress” 的 policyTypes 值
同样,如果要定义一个指定拒绝所有出站流量的策略,则必须指定一个包含 `Egress` 的 policyTypes 值
(因为这样不包含 Egress 部分的策略,将会被默认为只有 [ "Ingress" ] )。此字段在 1.8 中为 Beta。
<!--
- **ingress** ([]NetworkPolicyIngressRule)
*Atomic: will be replaced during a merge*
ingress is a list of ingress rules to be applied to the selected pods. Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic source is the pod's local node, OR if the traffic matches at least one ingress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy does not allow any traffic (and serves solely to ensure that the pods it selects are isolated by default)
<a name="NetworkPolicyIngressRule"></a>
@ -95,6 +101,8 @@ NetworkPolicySpec 定义特定 NetworkPolicy 所需的所有信息.
-->
- **ingress** ([]NetworkPolicyIngressRule)
**原子:将在合并期间被替换**
ingress 是应用到所选 Pod 的入站规则列表。在没有被任何 NetworkPolicy 选择到 Pod 的情况下(同时假定集群策略允许对应流量),
或者如果流量源是 Pod 的本地节点,或者流量与所有 NetworkPolicy 中的至少一个入站规则Ingress) 匹配,
则进入 Pod 的流量是被允许的。如果此字段为空,则此 NetworkPolicy 不允许任何入站流量
@ -107,6 +115,8 @@ NetworkPolicySpec 定义特定 NetworkPolicy 所需的所有信息.
<!--
- **ingress.from** ([]NetworkPolicyPeer)
*Atomic: will be replaced during a merge*
from is a list of sources which should be able to access the pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all sources (traffic not restricted by source). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the from list.
<a name="NetworkPolicyPeer"></a>
@ -115,6 +125,8 @@ NetworkPolicySpec 定义特定 NetworkPolicy 所需的所有信息.
- **ingress.from** ([]NetworkPolicyPeer)
**原子:将在合并期间被替换**
from 是流量来源列表,列表中的来源可以访问被此规则选中的 Pod。此列表中的流量来源使用逻辑或操作进行组合。
如果此字段为空值或缺失(未设置),
则此规则匹配所有流量来源(也即允许所有入站流量)。如果此字段存在并且至少包含一项来源,则仅当流量与来自列表中的至少一项匹配时,
@ -147,6 +159,8 @@ NetworkPolicySpec 定义特定 NetworkPolicy 所需的所有信息.
cidr is a string representing the IPBlock Valid examples are "192.168.1.0/24" or "2001:db8::/64"
- **ingress.from.ipBlock.except** ([]string)
*Atomic: will be replaced during a merge*
except is a slice of CIDRs that should not be included within an IPBlock Valid examples are "192.168.1.0/24" or "2001:db8::/64" Except values will be rejected if they are outside the cidr range
-->
@ -157,6 +171,8 @@ NetworkPolicySpec 定义特定 NetworkPolicy 所需的所有信息.
- **ingress.from.ipBlock.except** ([]string)
**原子:将在合并期间被替换**
except 是一个由 CIDR 范围组成的列表,其中指定的 CIDR 都应排除在此 IP 区块范围之外。
例如 `"192.168.1.0/24"``"2001:db8::/64"`
如果 except 字段的值超出 ipBlock.cidr 的范围则被视为无效策略。
@ -197,6 +213,8 @@ NetworkPolicySpec 定义特定 NetworkPolicy 所需的所有信息.
<!--
- **ingress.ports** ([]NetworkPolicyPort)
*Atomic: will be replaced during a merge*
ports is a list of ports which should be made accessible on the pods selected for this rule. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.
<a name="NetworkPolicyPort"></a>
@ -205,6 +223,8 @@ NetworkPolicySpec 定义特定 NetworkPolicy 所需的所有信息.
- **ingress.ports** ([]NetworkPolicyPort)
**原子:将在合并期间被替换**
ports 是在此规则选中的 Pod 上应可访问的端口列表。此列表中的个项目使用逻辑或操作组合。如果此字段为空或缺失,
则此规则匹配所有端口(进入流量可访问任何端口)。
如果此字段存在并且包含至少一个有效值,则此规则仅在流量至少匹配列表中的一个端口时才允许访问。
@ -253,6 +273,8 @@ NetworkPolicySpec 定义特定 NetworkPolicy 所需的所有信息.
<!--
- **egress** ([]NetworkPolicyEgressRule)
*Atomic: will be replaced during a merge*
egress is a list of egress rules to be applied to the selected pods. Outgoing traffic is allowed if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic matches at least one egress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy limits all outgoing traffic (and serves solely to ensure that the pods it selects are isolated by default). This field is beta-level in 1.8
<a name="NetworkPolicyEgressRule"></a>
@ -260,6 +282,8 @@ NetworkPolicySpec 定义特定 NetworkPolicy 所需的所有信息.
-->
- **egress** ([]NetworkPolicyEgressRule)
**原子:将在合并期间被替换**
egress 是应用到所选 Pod 的出站规则的列表。如果没有 NetworkPolicy 选中指定 Pod并且其他集群策略也允许出口流量
或者在所有通过 podSelector 选中了某 Pod 的 NetworkPolicy 中,至少有一条出站规则与出站流量匹配,
则该 Pod 的出站流量是被允许的。
@ -273,6 +297,8 @@ NetworkPolicySpec 定义特定 NetworkPolicy 所需的所有信息.
<!--
- **egress.to** ([]NetworkPolicyPeer)
*Atomic: will be replaced during a merge*
to is a list of destinations for outgoing traffic of pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all destinations (traffic not restricted by destination). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the to list.
<a name="NetworkPolicyPeer"></a>
@ -281,6 +307,8 @@ NetworkPolicySpec 定义特定 NetworkPolicy 所需的所有信息.
- **egress.to** ([]NetworkPolicyPeer)
**原子:将在合并期间被替换**
to 是针对此规则所选择的 Pod 的出口流量的目的地列表。此列表中的目的地使用逻辑或操作进行组合。如果此字段为空或缺失,
则此规则匹配所有目的地(流量不受目的地限制)。如果此字段存在且至少包含一项目的地,则仅当流量与目标列表中的至少一个匹配时,
此规则才允许出口流量。
@ -312,6 +340,8 @@ NetworkPolicySpec 定义特定 NetworkPolicy 所需的所有信息.
cidr is a string representing the IPBlock Valid examples are "192.168.1.0/24" or "2001:db8::/64"
- **egress.to.ipBlock.except** ([]string)
*Atomic: will be replaced during a merge*
except is a slice of CIDRs that should not be included within an IPBlock Valid examples are "192.168.1.0/24" or "2001:db8::/64" Except values will be rejected if they are outside the cidr range
-->
@ -321,6 +351,8 @@ NetworkPolicySpec 定义特定 NetworkPolicy 所需的所有信息.
cidr 是用来表达 IP 组块的字符串,例如 `"192.168.1.0/24"``"2001:db8::/64"`
- **egress.to.ipBlock.except** ([]string)
**原子:将在合并期间被替换**
except 定义不应包含在 ipBlock 内的 CIDR 范围列表。例如 `"192.168.1.0/24"``"2001:db8::/64"`
如果 except 的值超出 ipBlock.cidr 的范围则被拒绝。
@ -362,6 +394,8 @@ NetworkPolicySpec 定义特定 NetworkPolicy 所需的所有信息.
<!--
- **egress.ports** ([]NetworkPolicyPort)
*Atomic: will be replaced during a merge*
ports is a list of destination ports for outgoing traffic. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.
<a name="NetworkPolicyPort"></a>
@ -370,6 +404,8 @@ NetworkPolicySpec 定义特定 NetworkPolicy 所需的所有信息.
- **egress.ports** ([]NetworkPolicyPort)
**原子:将在合并期间被替换**
ports 是出站流量目的地的端口列表。此列表中的各个项目使用逻辑或操作进行组合。如果此字段为空或缺失,
则此规则匹配所有端口(可访问出口流量目的地的任何端口)。如果此字段存在并且包含至少一个有效值,
则此规则仅在流量与列表中的至少一个端口匹配时才允许访问。

23
content/zh-cn/docs/reference/kubernetes-api/policy-resources/resource-quota-v1.md
View File

@ -6,7 +6,7 @@ api_metadata:
content_type: "api_reference"
description: "ResourceQuota 设置每个命名空间强制执行的聚合配额限制。"
title: "ResourceQuota"
weight: 2
weight: 3
---
<!-- a
@ -17,7 +17,7 @@ api_metadata:
content_type: "api_reference"
description: "ResourceQuota sets aggregate quota restrictions enforced per namespace."
title: "ResourceQuota"
weight: 2
weight: 3
auto_generated: true
-->
@ -95,13 +95,16 @@ ResourceQuotaSpec 定义为 Quota 强制执行所需的硬限制。
*A scope selector represents the AND of the selectors represented by the scoped-resource selector requirements.*
-->
scope 选择算符表示的是由限定范围的资源选择算符进行 **逻辑与** 计算得出的结果。
scope 选择算符表示的是由限定范围的资源选择算符进行**逻辑与**运算得出的结果。
- **scopeSelector.matchExpressions** ([]ScopedResourceSelectorRequirement)
<!--
<!--
*Atomic: will be replaced during a merge*
A list of scope selector requirements by scope of the resources.
-->
**原子:将在合并期间被替换**
按资源范围划分的范围选择算符需求列表。
@ -130,9 +133,12 @@ ResourceQuotaSpec 定义为 Quota 强制执行所需的硬限制。
- **scopeSelector.matchExpressions.values** ([]string)
<!--
<!--
*Atomic: will be replaced during a merge*
An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
-->
**原子:将在合并期间被替换**
字符串值数组。
如果操作符是 In 或 NotInvalues 数组必须是非空的。
@ -141,10 +147,14 @@ ResourceQuotaSpec 定义为 Quota 强制执行所需的硬限制。
- **scopes** ([]string)
<!--
<!--
*Atomic: will be replaced during a merge*
A collection of filters that must match each object tracked by a quota. If not specified, the quota matches all objects.
-->
**原子:将在合并期间被替换**
一个匹配被配额跟踪的所有对象的过滤器集合。
如果没有指定,则默认匹配所有对象。
@ -841,4 +851,3 @@ DELETE /api/v1/namespaces/{namespace}/resourcequotas
200 (<a href="{{< ref "../common-definitions/status#Status" >}}">Status</a>): OK
401: Unauthorized

22
content/zh-cn/docs/reference/kubernetes-api/service-resources/endpoints-v1.md
View File

@ -29,7 +29,7 @@ auto_generated: true
<!--
Endpoints is a collection of endpoints that implement the actual service. Example:
-->
Endpoints 是实现实际服务的端点的集合。举例:
Endpoints 是实现实际服务的端点的集合。举例
Name: "mysvc",
Subsets: [
@ -60,8 +60,13 @@ Endpoints 是实现实际服务的端点的集合。举例:
- **subsets** ([]EndpointSubset)
<!--
*Atomic: will be replaced during a merge*
The set of all endpoints is the union of all subsets. Addresses are placed into subsets according to the IPs they share. A single address with multiple ports, some of which are ready and some of which are not (because they come from different containers) will result in the address being displayed in different subsets for the different ports. No address will appear in both Addresses and NotReadyAddresses in the same subset. Sets of addresses and ports that comprise a service.
-->
**Atomic将在合并期间被替换**
所有端点的集合是所有 subsets 的并集。不同地址会根据其 IP 地址被放入不同子集。
对于具有多个端口的单个地址,如果其中一些端口已就绪,而另一些端口未就绪(因为它们来自不同的容器),
将导致地址显示在不同端口的不同子集中。
@ -82,7 +87,7 @@ Endpoints 是实现实际服务的端点的集合。举例:
<!--
The resulting set of endpoints can be viewed as:
-->
则最终的端点集可以看作:
则最终的端点集可以看作
a: [ 10.10.1.1:8675, 10.10.2.2:8675 ],
@ -92,9 +97,13 @@ Endpoints 是实现实际服务的端点的集合。举例:
- **subsets.addresses** ([]EndpointAddress)
<!--
*Atomic: will be replaced during a merge*
IP addresses which offer the related ports that are marked as ready. These endpoints should be considered safe for load balancers and clients to utilize.
-->
**Atomic将在合并期间被替换**
提供标记为就绪的相关端口的 IP 地址。
这些端点应该被认为是负载均衡器和客户端可以安全使用的。
@ -145,11 +154,14 @@ Endpoints 是实现实际服务的端点的集合。举例:
- **subsets.notReadyAddresses** ([]EndpointAddress)
<!--
*Atomic: will be replaced during a merge*
IP addresses which offer the related ports but are not currently marked as ready because they have not yet finished starting, have recently failed a readiness check, or have recently failed a liveness check.
<a name="EndpointAddress"></a>
*EndpointAddress is a tuple that describes single IP address.*
-->
**Atomic将在合并期间被替换**
提供相关端口但由于尚未完成启动、最近未通过就绪态检查或最近未通过活跃性检查而被标记为当前未就绪的 IP 地址。
<a name="EndpointAddress"></a>
@ -194,9 +206,13 @@ Endpoints 是实现实际服务的端点的集合。举例:
- **subsets.ports** ([]EndpointPort)
<!--
*Atomic: will be replaced during a merge*
Port numbers available on the related IP addresses.
-->
**Atomic将在合并期间被替换**
相关 IP 地址上可用的端口号。
<!--
@ -248,6 +264,7 @@ Endpoints 是实现实际服务的端点的集合。举例:
* Kubernetes-defined prefixed names:
* 'kubernetes.io/h2c' - HTTP/2 over cleartext as described in https://www.rfc-editor.org/rfc/rfc7540
* 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-
* 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
* 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
@ -258,6 +275,7 @@ Endpoints 是实现实际服务的端点的集合。举例:
* Kubernetes 定义的前缀名称
* 'kubernetes.io/h2c' - HTTP/2 明文,如 https://www.rfc-editor.org/rfc/rfc7540 中所述
* HTTP/2 通过明文预先了解知识,如 https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- 中所述
* 'kubernetes.io/ws' - WebSocket 明文,如 https://www.rfc-editor.org/rfc/rfc6455 中所述
* 'kubernetes.io/wss' - WebSocket TLS 传输方式,如 https://www.rfc-editor.org/rfc/rfc6455 中所述