[zh] Sync storage pages for ephemeral-volumes.md
* Sync with english version in '[en] Remove redundant feature gate introductions'(#27663) Signed-off-by: ydFu <ader.ydfu@gmail.com>
This commit is contained in:
ydFu
parent
a22aa8fd4f
commit
2644caf717
|
|
@ -141,6 +141,7 @@ CSI ephemeral volumes are only supported by a subset of CSI drivers.
|
||||||
The Kubernetes CSI [Drivers list](https://kubernetes-csi.github.io/docs/drivers.html)
|
The Kubernetes CSI [Drivers list](https://kubernetes-csi.github.io/docs/drivers.html)
|
||||||
shows which drivers support ephemeral volumes.
|
shows which drivers support ephemeral volumes.
|
||||||
-->
|
-->
|
||||||
|
|
||||||
该特性需要启用参数 `CSIInlineVolume`
|
该特性需要启用参数 `CSIInlineVolume`
|
||||||
[特性门控(feature gate)](/zh/docs/reference/command-line-tools-reference/feature-gates/)。
|
[特性门控(feature gate)](/zh/docs/reference/command-line-tools-reference/feature-gates/)。
|
||||||
该参数从 Kubernetes 1.16 开始默认启用。
|
该参数从 Kubernetes 1.16 开始默认启用。
|
||||||
|
|
@ -158,7 +159,7 @@ Conceptually, CSI ephemeral volumes are similar to `configMap`,
|
||||||
scheduled onto a node. Kubernetes has no concept of rescheduling Pods
|
scheduled onto a node. Kubernetes has no concept of rescheduling Pods
|
||||||
anymore at this stage. Volume creation has to be unlikely to fail,
|
anymore at this stage. Volume creation has to be unlikely to fail,
|
||||||
otherwise Pod startup gets stuck. In particular, [storage capacity
|
otherwise Pod startup gets stuck. In particular, [storage capacity
|
||||||
aware Pod scheduling](/docs/concepts/storage-capacity/) is *not*
|
aware Pod scheduling](/docs/concepts/storage/storage-capacity/) is *not*
|
||||||
supported for these volumes. They are currently also not covered by
|
supported for these volumes. They are currently also not covered by
|
||||||
the storage resource usage limits of a Pod, because that is something
|
the storage resource usage limits of a Pod, because that is something
|
||||||
that kubelet can only enforce for storage that it manages itself.
|
that kubelet can only enforce for storage that it manages itself.
|
||||||
|
|
@ -218,19 +219,22 @@ As a cluster administrator, you can use a [PodSecurityPolicy](/docs/concepts/pol
|
||||||
-->
|
-->
|
||||||
### 通用临时卷 {#generic-ephemeral-volumes}
|
### 通用临时卷 {#generic-ephemeral-volumes}
|
||||||
|
|
||||||
{{< feature-state for_k8s_version="v1.19" state="alpha" >}}
|
{{< feature-state for_k8s_version="v1.21" state="beta" >}}
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
This feature requires the `GenericEphemeralVolume` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) to be
|
This feature requires the `GenericEphemeralVolume` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) to be
|
||||||
enabled. Because this is an alpha feature, it is disabled by default.
|
enabled. Because this is a beta feature, it is enabled by default.
|
||||||
-->
|
-->
|
||||||
这个特性需要启用 `GenericEphemeralVolume`
|
这个特性需要启用 `GenericEphemeralVolume`
|
||||||
[特性门控](/zh/docs/reference/command-line-tools-reference/feature-gates/)。
|
[特性门控](/zh/docs/reference/command-line-tools-reference/feature-gates/)。
|
||||||
因为这是一个alpha特性,默认禁用。
|
因为这是一个 beta 特性,默认情况下启用。
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
Generic ephemeral volumes are similar to `emptyDir` volumes, just more
|
Generic ephemeral volumes are similar to `emptyDir` volumes in the
|
||||||
flexible:
|
sense that they provide a per-pod directory for scratch data that is
|
||||||
|
usually empty after provisioning. But they may also have additional
|
||||||
|
features:
|
||||||
|
|
||||||
- Storage can be local or network-attached.
|
- Storage can be local or network-attached.
|
||||||
- Volumes can have a fixed size that Pods are not able to exceed.
|
- Volumes can have a fixed size that Pods are not able to exceed.
|
||||||
- Volumes may have some initial data, depending on the driver and
|
- Volumes may have some initial data, depending on the driver and
|
||||||
|
|
@ -240,11 +244,13 @@ flexible:
|
||||||
([snapshotting](/docs/concepts/storage/volume-snapshots/),
|
([snapshotting](/docs/concepts/storage/volume-snapshots/),
|
||||||
[cloning](/docs/concepts/storage/volume-pvc-datasource/),
|
[cloning](/docs/concepts/storage/volume-pvc-datasource/),
|
||||||
[resizing](/docs/concepts/storage/persistent-volumes/#expanding-persistent-volumes-claims),
|
[resizing](/docs/concepts/storage/persistent-volumes/#expanding-persistent-volumes-claims),
|
||||||
and [storage capacity tracking](/docs/concepts/storage-capacity/).
|
and [storage capacity tracking](/docs/concepts/storage/storage-capacity/).
|
||||||
|
|
||||||
Example:
|
Example:
|
||||||
-->
|
-->
|
||||||
通用临时卷类似于 `emptyDir` 卷,但更加灵活:
|
通用临时卷与 `emptyDir` 卷类似,因为它们为暂存数据提供了一个 per-pod 的目录,该目录通常在置备后为空。
|
||||||
|
但他们可能还会有其他特征:
|
||||||
|
|
||||||
- 存储可以是本地的,也可以是网络连接的。
|
- 存储可以是本地的,也可以是网络连接的。
|
||||||
- 卷可以有固定的大小,pod不能超量使用。
|
- 卷可以有固定的大小,pod不能超量使用。
|
||||||
- 卷可能有一些初始数据,这取决于驱动程序和参数。
|
- 卷可能有一些初始数据,这取决于驱动程序和参数。
|
||||||
|
|
@ -408,23 +414,28 @@ two choices:
|
||||||
集群管理员必须意识到这一点。
|
集群管理员必须意识到这一点。
|
||||||
如果这不符合他们的安全模型,他们有两种选择:
|
如果这不符合他们的安全模型,他们有两种选择:
|
||||||
<!--
|
<!--
|
||||||
- Explicitly disable the feature through the feature gate, to avoid
|
- Explicitly disable the feature through the feature gate.
|
||||||
being surprised when some future Kubernetes version enables it
|
|
||||||
by default.
|
|
||||||
- Use a [Pod Security
|
- Use a [Pod Security
|
||||||
Policy](/docs/concepts/policy/pod-security-policy/) where the
|
Policy](/docs/concepts/policy/pod-security-policy/) where the
|
||||||
`volumes` list does not contain the `ephemeral` volume type.
|
`volumes` list does not contain the `ephemeral` volume type
|
||||||
|
(deprecated in Kubernetes 1.21).
|
||||||
|
- Use an [admission webhook](/docs/reference/access-authn-authz/extensible-admission-controllers/)
|
||||||
|
which rejects objects like Pods that have a generic ephemeral
|
||||||
|
volume.
|
||||||
-->
|
-->
|
||||||
- 通过特性门控显式禁用该特性,可以避免将来的 Kubernetes 版本默认启用时带来混乱。
|
- 通过特性门控显式禁用该特性。
|
||||||
- 当`卷`列表不包含 `ephemeral` 卷类型时,使用
|
- 当`卷`列表不包含 `ephemeral` 卷类型时,使用
|
||||||
[Pod 安全策略](/zh/docs/concepts/policy/pod-security-policy/)。
|
[Pod 安全策略](/zh/docs/concepts/policy/pod-security-policy/)
|
||||||
|
(在 Kubernetes 1.21 中已弃用)。
|
||||||
|
- 使用[准入 Webhook](/zh/docs/reference/access-authn-authz/extensible-admission-controllers/)
|
||||||
|
拒绝像 Pod 这样具有通用临时卷。
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
The normal namespace quota for PVCs in a namespace still applies, so
|
The normal [namespace quota for PVCs](/docs/concepts/policy/resource-quotas/#storage-resource-quota) still applies, so
|
||||||
even if users are allowed to use this new mechanism, they cannot use
|
even if users are allowed to use this new mechanism, they cannot use
|
||||||
it to circumvent other policies.
|
it to circumvent other policies.
|
||||||
-->
|
-->
|
||||||
在一个命名空间中,用于 PVCs 的常规命名空间配额仍然适用,
|
在一个命名空间中,用于 PVCs 的常规命名空间配额[用于 PVCs 的常规命名空间配额](/zh/docs/concepts/policy/resource-quotas/#storage-resource-quota)仍然适用,
|
||||||
因此即使允许用户使用这种新机制,他们也不能使用它来规避其他策略。
|
因此即使允许用户使用这种新机制,他们也不能使用它来规避其他策略。
|
||||||
|
|
||||||
## {{% heading "whatsnext" %}}
|
## {{% heading "whatsnext" %}}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue