sync encrypt-data kms-provider connect-applications-service

Update encrypt-data.md Update encrypt-data.md
2024-05-19 20:17:39 +08:00 · 2024-05-19 20:17:39 +08:00 · 59b9257dc0
parent fa12882dbb
commit 59b9257dc0
3 changed files with 13 additions and 6 deletions
--- a/content/zh-cn/docs/tasks/administer-cluster/encrypt-data.md
+++ b/content/zh-cn/docs/tasks/administer-cluster/encrypt-data.md
@ -1294,10 +1294,17 @@ API server.

 <!--
 To allow automatic reloading, configure the API server to run with:
-`--encryption-provider-config-automatic-reload=true`
+`--encryption-provider-config-automatic-reload=true`.
+When enabled, file changes are polled every minute to observe the modifications.
+The `apiserver_encryption_config_controller_automatic_reload_last_timestamp_seconds`
+metric identifies when the new config becomes effective. This allows
+encryption keys to be rotated without restarting the API server.
 -->
 要允许自动重新加载，
 可使用 `--encryption-provider-config-automatic-reload=true` 运行 API 服务器。
+该功能启用后，每分钟会轮询文件变化以监测修改情况。
+`apiserver_encryption_config_controller_automatic_reload_last_timestamp_seconds` 指标用于标识新配置生效的时间。
+这种设置可以在不重启 API 服务器的情况下轮换加密密钥。

 ## {{% heading "whatsnext" %}}

--- a/content/zh-cn/docs/tasks/administer-cluster/kms-provider.md
+++ b/content/zh-cn/docs/tasks/administer-cluster/kms-provider.md
@ -540,12 +540,12 @@ defined in a CustomResourceDefinition, your cluster must be running Kubernetes v
       providers:
         - kms:
             name: myKmsPluginFoo
-             endpoint: unix:///tmp/socketfile.sock
+             endpoint: unix:///tmp/socketfile-foo.sock
             cachesize: 100
             timeout: 3s
         - kms:
             name: myKmsPluginBar
-             endpoint: unix:///tmp/socketfile.sock
+             endpoint: unix:///tmp/socketfile-bar.sock
             cachesize: 100
             timeout: 3s
   ```
@ -564,12 +564,12 @@ defined in a CustomResourceDefinition, your cluster must be running Kubernetes v
         - kms:
             apiVersion: v2
             name: myKmsPluginFoo
-             endpoint: unix:///tmp/socketfile.sock
+             endpoint: unix:///tmp/socketfile-foo.sock
             timeout: 3s
         - kms:
             apiVersion: v2
             name: myKmsPluginBar
-             endpoint: unix:///tmp/socketfile.sock
+             endpoint: unix:///tmp/socketfile-bar.sock
             timeout: 3s
   ```

--- a/content/zh-cn/docs/tutorials/services/connect-applications-service.md
+++ b/content/zh-cn/docs/tutorials/services/connect-applications-service.md
@ -185,7 +185,7 @@ As mentioned previously, a Service is backed by a group of Pods. These Pods are
 exposed through
 {{<glossary_tooltip term_id="endpoint-slice" text="EndpointSlices">}}.
 The Service's selector will be evaluated continuously and the results will be POSTed
-to an EndpointSlice that is connected to the Service using a
+to an EndpointSlice that is connected to the Service using
 {{< glossary_tooltip text="labels" term_id="label" >}}.
 When a Pod dies, it is automatically removed from the EndpointSlices that contain it
 as an endpoint. New Pods that match the Service's selector will automatically get added