[zh]Sync reference-2

2022-05-08 13:46:21 +08:00 · 2022-05-08 13:46:21 +08:00 · 678305cd1f
parent 7ac42d25be
commit 678305cd1f
3 changed files with 125 additions and 32 deletions
--- a/content/zh/docs/reference/kubernetes-api/common-definitions/node-selector-requirement.md
+++ b/content/zh/docs/reference/kubernetes-api/common-definitions/node-selector-requirement.md
@ -46,27 +46,11 @@ A node selector requirement is a selector that contains values, a key, and an op
 - **operator** (string), required

  Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
-
-   Possible enum values:
-   - `"DoesNotExist"`
-   - `"Exists"`
-   - `"Gt"`
-   - `"In"`
-   - `"Lt"`
-   - `"NotIn"` 
 -->
 - **operator** (string), 必选

  表示键与一组值的关系的运算符。有效的运算符包括：In、NotIn、Exists、DoesNotExist、Gt 和 Lt。

-  可选值:
-   - `"DoesNotExist"`
-   - `"Exists"`
-   - `"Gt"`
-   - `"In"`
-   - `"Lt"`
-   - `"NotIn"`
-
 <!--
 - **values** ([]string)

--- a/content/zh/docs/reference/labels-annotations-taints/audit-annotations.md
+++ b/content/zh/docs/reference/labels-annotations-taints/audit-annotations.md
@ -133,4 +133,72 @@ See [Auditing](/docs/tasks/debug/debug-cluster/audit/) for more information.

 此注解给出了 Kubernetes 审计日志中 [decision](#authorization-k8s-io-decision) 的原因。

-有关详细信息，请参阅[审计](/zh/docs/tasks/debug/debug-cluster/audit/)。
+有关详细信息，请参阅[审计](/zh/docs/tasks/debug/debug-cluster/audit/)。
+
+## missing-san.invalid-cert.kubernetes.io/$hostname
+
+<!--
+Example: `missing-san.invalid-cert.kubernetes.io/example-svc.example-namespace.svc: "relies on a legacy Common Name field instead of the SAN extension for subject validation"`
+
+Used by Kubernetes version v1.24 and later
+-->
+例子：`missing-san.invalid-cert.kubernetes.io/example-svc.example-namespace.svc: "relies on a legacy Common Name field instead of the SAN extension for subject validation"`
+
+由 Kubernetes v1.24 及更高版本使用
+
+<!--
+This annotation indicates a webhook or aggregated API server
+is using an invalid certificate that is missing `subjectAltNames`.
+Support for these certificates was disabled by default in Kubernetes 1.19,
+and removed in Kubernetes 1.23.
+-->
+此注解表示 webhook 或聚合 API 服务器正在使用缺少 `subjectAltNames` 的无效证书。
+Kubernetes 1.19 已经默认禁用，且 Kubernetes 1.23 已经移除对这些证书的支持。
+
+<!--
+Requests to endpoints using these certificates will fail.
+Services using these certificates should replace them as soon as possible
+to avoid disruption when running in Kubernetes 1.23+ environments.
+-->
+使用这些证书向端点发出的请求将失败。
+使用这些证书的服务应尽快替换它们，以避免在 Kubernetes 1.23+ 环境中运行时中断。
+
+<!--
+There's more information about this in the Go documentation:
+[X.509 CommonName deprecation](https://go.dev/doc/go1.15#commonname).
+-->
+Go 文档中有更多关于此的信息：
+[X.509 CommonName 弃用](https://go.dev/doc/go1.15#commonname)。
+
+## insecure-sha1.invalid-cert.kubernetes.io/$hostname
+
+<!--
+Example: `insecure-sha1.invalid-cert.kubernetes.io/example-svc.example-namespace.svc: "uses an insecure SHA-1 signature"`
+Used by Kubernetes version v1.24 and later
+-->
+
+例子：`insecure-sha1.invalid-cert.kubernetes.io/example-svc.example-namespace.svc: "uses an insecure SHA-1 signature"`
+
+由 Kubernetes v1.24 及更高版本使用
+
+<!--
+This annotation indicates a webhook or aggregated API server
+is using an insecure certificate signed with a SHA-1 hash.
+Support for these insecure certificates is disabled by default in Kubernetes 1.24,
+and will be removed in a future release.
+-->
+此注解表示 webhook 或聚合 API 服务器正在使用使用 SHA-1 签名的不安全证书。
+Kubernetes 1.24 已经默认禁用，并将在未来的版本中删除对这些证书的支持。
+
+<!--
+Services using these certificates should replace them as soon as possible,
+to ensure connections are secured properly and to avoid disruption in future releases.
+-->
+使用这些证书的服务应尽快替换它们，以确保正确保护连接并避免在未来版本中出现中断。
+
+<!--
+There's more information about this in the Go documentation:
+[Rejecting SHA-1 certificates](https://go.dev/doc/go1.18#sha1).
+-->
+Go 文档中有更多关于此的信息：
+[拒绝 SHA-1 证书](https://go.dev/doc/go1.18#sha1)。
--- a/content/zh/docs/reference/tools/_index.md
+++ b/content/zh/docs/reference/tools/_index.md
@ -16,24 +16,22 @@ no_list: true

 <!-- overview -->
 <!-- 
-Kubernetes contains several built-in tools to help you work with the Kubernetes system.
+Kubernetes contains several tools to help you work with the Kubernetes system.
 -->
-Kubernetes 包含多个内置工具来帮助你使用 Kubernetes 系统。
+Kubernetes 包含多种工具来帮助你使用 Kubernetes 系统。


 <!-- body -->

 <!--  
-## Minikube
-
-[`minikube`](https://minikube.sigs.k8s.io/docs/) is a tool that
-runs a single-node Kubernetes cluster locally on your workstation for
-development and testing purposes.
+[`crictl`](https://github.com/kubernetes-sigs/cri-tools) is a command-line
+interface for inspecting and debugging {{<glossary_tooltip term_id="cri" text="CRI">}}-compatible
+container runtimes.
 -->
-## Minikube
+## crictl

-[`minikube`](https://minikube.sigs.k8s.io/docs/)
-是一种在你的工作站上本地运行单节点 Kubernetes 集群的工具，用于开发和测试。
+[`crictl`](https://github.com/kubernetes-sigs/cri-tools)
+是用于检查和调试兼容 {{<glossary_tooltip term_id="cri" text="CRI">}} 的容器运行时的命令行接口。

 <!-- 
 ## Dashboard
@ -51,13 +49,14 @@ to a Kubernetes cluster, troubleshoot them, and manage the cluster and its resou
 <!-- 
 ## Helm

-[`Kubernetes Helm`](https://github.com/kubernetes/helm) is a tool for managing packages of pre-configured
-Kubernetes resources, aka Kubernetes charts.
+[Helm](https://helm.sh/) is a tool for managing packages of pre-configured
+Kubernetes resources. These packages are known as _Helm charts_.
 -->
 ## Helm
+{{% thirdparty-content single="true" %}}

-[`Kubernetes Helm`](https://github.com/kubernetes/helm)
-是一个用于管理预配置 Kubernetes 资源包的工具，也就是 Kubernetes 图表。
+[Helm](https://helm.sh/)
+是一个用于管理预配置 Kubernetes 资源包的工具。这些包被称为“Helm 图表”。

 <!-- 
 Use Helm to:
@ -98,4 +97,46 @@ Use Kompose to:

 * 将 Docker Compose 文件翻译成 Kubernetes 对象
 * 从本地 Docker 开发转到通过 Kubernetes 管理你的应用程序
-* 转换 Docker Compose v1 或 v2 版本的 `yaml` 文件或[分布式应用程序包](https://docs.docker.com/compose/bundles/)
+* 转换 Docker Compose v1 或 v2 版本的 `yaml` 文件或[分布式应用程序包](https://docs.docker.com/compose/bundles/)
+
+## Kui
+
+<!--
+[`Kui`](https://github.com/kubernetes-sigs/kui) is a GUI tool that takes your normal
+`kubectl` command line requests and responds with graphics.
+-->
+[`Kui`](https://github.com/kubernetes-sigs/kui)
+是一个接受你标准的 `kubectl` 命令行请求并以图形响应的 GUI 工具。
+
+<!--
+Kui takes the normal `kubectl` command line requests and responds with graphics. Instead 
+of ASCII tables, Kui provides a GUI rendering with tables that you can sort.
+-->
+Kui 接受标准的 `kubectl` 命令行工具并以图形响应。
+Kui 提供包含可排序表格的 GUI 渲染，而不是 ASCII 表格。
+
+<!--
+Kui lets you:
+
+* Directly click on long, auto-generated resource names instead of copying and pasting
+* Type in `kubectl` commands and see them execute, even sometimes faster than `kubectl` itself
+* Query a {{< glossary_tooltip text="Job" term_id="job">}} and see its execution rendered
+  as a waterfall diagram
+* Click through resources in your cluster using a tabbed UI 
+-->
+Kui 让你能够：
+
+* 直接点击长的、自动生成的资源名称，而不是复制和粘贴
+* 输入 `kubectl` 命令并查看它们的执行，有时甚至比 `kubectl` 本身更快
+* 查询 {{<glossary_tooltip text="Job" term_id="job">}} 并查看其执行渲染为瀑布图
+* 使用选项卡式 UI 在集群中单击资源
+
+## Minikube
+
+<!--
+[`minikube`](https://minikube.sigs.k8s.io/docs/) is a tool that
+runs a single-node Kubernetes cluster locally on your workstation for
+development and testing purposes.
+-->
+[`minikube`](https://minikube.sigs.k8s.io/docs/)
+是一种在你的工作站上本地运行单节点 Kubernetes 集群的工具，用于开发和测试。