kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #47304 from hacktivist123/merged-main-dev-1.31 

Merged main dev 1.31
This commit is contained in:
Kubernetes Prow Robot 2024-07-30 05:03:16 -07:00 committed by GitHub
parent e17eed9ee4 e6d2e1499d
commit 6c7b885047
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
58 changed files with 4249 additions and 209 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@ -1,11 +1,6 @@
<!--
Hello!
Remember to ADD A DESCRIPTION and delete this note before submitting
your pull request. The description should explain what will change,
and why.
PLEASE title the FIRST commit appropriately, so that if you squash all
your commits into one, the combined commit message makes sense.
For overall help on editing and submitting pull requests, visit:
@ -20,5 +15,24 @@
If you're documenting a feature that will be part of a future release, see
https://kubernetes.io/docs/contribute/new-content/new-features/ for advice.
-->
### Description
<!--
Remember to ADD A DESCRIPTION and delete this note before submitting
your pull request. The description should explain what will change,
and why.
-->
### Issue
<!--
If this pull request resolves an open issue, please link the issue in the PR
description so it will automatically close when the PR is merged.
See the GitHub documentation for more details and other options:
https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword
-->
Closes: #

1
OWNERS_ALIASES
View File

@ -127,6 +127,7 @@ aliases:
- bells17
- inductor
- nasa9084
- Okabe-Junya
sig-docs-ja-reviews: # PR reviews for Japanese content
- atoato88
- bells17

2
content/bn/examples/service/networking/example-ingress.yaml
View File

@ -2,8 +2,6 @@ apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: example-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
ingressClassName: nginx
rules:

2
content/de/docs/reference/glossary/cloud-controller-manager.md
View File

@ -11,7 +11,7 @@ tags:
- architecture
- operation
---
Eine Kubernetes {{< glossary_tooltip text="Control Plane" term_id="control-plane" >}} Komponente, die Cloud spezifische Kontrolllogik einbettet. Der [Cloud Controller Manager](/docs/concepts/architecture/cloud-controller/) lässt Sie Ihr Cluster in die Cloud Provider API einbinden, und trennt die Komponenten die mit der Cloud Platform interagieren von Komponenten, die nur mit Ihrem Cluster interagieren.
Eine Kubernetes {{< glossary_tooltip text="Control Plane" term_id="control-plane" >}} Komponente, die Cloud spezifische Kontrolllogik einbettet. Der Cloud Controller Manager lässt Sie Ihr Cluster in die Cloud Provider API einbinden, und trennt die Komponenten die mit der Cloud Platform interagieren von Komponenten, die nur mit Ihrem Cluster interagieren.
<!--more-->

2
content/en/docs/concepts/configuration/secret.md
View File

@ -524,7 +524,7 @@ have Kubernetes make the value of that Secret be available as a file inside
the filesystem of one or more of the Pod's containers.
For instructions, refer to
[Distribute credentials securely using Secrets](/docs/tasks/inject-data-application/distribute-credentials-secure/#create-a-pod-that-has-access-to-the-secret-data-through-a-volume).
[Create a Pod that has access to the secret data through a Volume](/docs/tasks/inject-data-application/distribute-credentials-secure/#create-a-pod-that-has-access-to-the-secret-data-through-a-volume).
When a volume contains data from a Secret, and that Secret is updated, Kubernetes tracks
this and updates the data in the volume, using an eventually-consistent approach.

9
content/en/docs/concepts/containers/container-lifecycle-hooks.md
View File

@ -64,11 +64,10 @@ When a Container lifecycle management hook is called,
the Kubernetes management system executes the handler according to the hook action,
`httpGet` , `tcpSocket` and `sleep` are executed by the kubelet process, and `exec` is executed in the container.
Hook handler calls are synchronous within the context of the Pod containing the Container.
This means that for a `PostStart` hook,
the Container ENTRYPOINT and hook fire asynchronously.
However, if the hook takes too long to run or hangs,
the Container cannot reach a `running` state.
The `PostStart` hook handler call is initiated when a container is created,
meaning the container ENTRYPOINT and the `PostStart` hook are triggered simultaneously.
However, if the `PostStart` hook takes too long to execute or if it hangs,
it can prevent the container from transitioning to a `running` state.
`PreStop` hooks are not executed asynchronously from the signal to stop the Container; the hook must
complete its execution before the TERM signal can be sent. If a `PreStop` hook hangs during

6
content/en/docs/concepts/extend-kubernetes/api-extension/custom-resources.md
View File

@ -161,8 +161,9 @@ The [CustomResourceDefinition](/docs/tasks/extend-kubernetes/custom-resources/cu
API resource allows you to define custom resources.
Defining a CRD object creates a new custom resource with a name and schema that you specify.
The Kubernetes API serves and handles the storage of your custom resource.
The name of a CRD object must be a valid
[DNS subdomain name](/docs/concepts/overview/working-with-objects/names#dns-subdomain-names).
The name of the CRD object itself must be a valid
[DNS subdomain name](/docs/concepts/overview/working-with-objects/names#dns-subdomain-names) derived from the defined resource name and its API group; see [how to create a CRD](/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions#create-a-customresourcedefinition) for more details.
Further, the name of an object whose kind/resource is defined by a CRD must also be a valid DNS subdomain name.
This frees you from writing your own API server to handle the custom resource,
but the generic nature of the implementation means you have less flexibility than with
@ -223,6 +224,7 @@ Aggregated APIs offer more advanced API features and customization of other feat
| strategic-merge-patch | The new endpoints support PATCH with `Content-Type: application/strategic-merge-patch+json`. Useful for updating objects that may be modified both locally, and by the server. For more information, see ["Update API Objects in Place Using kubectl patch"](/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/) | No | Yes |
| Protocol Buffers | The new resource supports clients that want to use Protocol Buffers | No | Yes |
| OpenAPI Schema | Is there an OpenAPI (swagger) schema for the types that can be dynamically fetched from the server? Is the user protected from misspelling field names by ensuring only allowed fields are set? Are types enforced (in other words, don't put an `int` in a `string` field?) | Yes, based on the [OpenAPI v3.0 validation](/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#validation) schema (GA in 1.16). | Yes |
| Instance Name | Does this extension mechanism impose any constraints on the names of objects whose kind/resource is defined this way? | Yes, such an object's name must be a valid DNS subdomain name. | No |
### Common Features

4
content/en/docs/concepts/workloads/pods/_index.md
View File

@ -132,7 +132,7 @@ Kubernetes. In the future, this list may be expanded.
In Kubernetes v{{< skew currentVersion >}}, the value of `.spec.os.name` does not affect
how the {{< glossary_tooltip text="kube-scheduler" term_id="kube-scheduler" >}}
picks a Pod to run a node. In any cluster where there is more than one operating system for
picks a node for the Pod to run on. In any cluster where there is more than one operating system for
running nodes, you should set the
[kubernetes.io/os](/docs/reference/labels-annotations-taints/#kubernetes-io-os)
label correctly on each node, and define pods with a `nodeSelector` based on the operating system
@ -410,4 +410,4 @@ To understand the context for why Kubernetes wraps a common Pod API in other res
* [Borg](https://research.google.com/pubs/pub43438.html)
* [Marathon](https://mesosphere.github.io/marathon/docs/rest-api.html)
* [Omega](https://research.google/pubs/pub41684/)
* [Tupperware](https://engineering.fb.com/data-center-engineering/tupperware/).
* [Tupperware](https://engineering.fb.com/data-center-engineering/tupperware/).

4
content/en/docs/reference/command-line-tools-reference/feature-gates/container-checkpoint.md
View File

@ -9,6 +9,10 @@ stages:
- stage: alpha
defaultValue: false
fromVersion: "1.25"
toVersion: "1.29"
- stage: beta
defaultValue: true
fromVersion: "1.30"
---
Enables the kubelet `checkpoint` API.
See [Kubelet Checkpoint API](/docs/reference/node/kubelet-checkpoint-api/) for more details.

6
content/en/docs/reference/command-line-tools-reference/feature-gates/evented-pleg.md
View File

@ -8,11 +8,7 @@ _build:
stages:
- stage: alpha
defaultValue: false
fromVersion: "1.26"
toVersion: "1.26"
- stage: beta
defaultValue: false
fromVersion: "1.27"
fromVersion: "1.25"
---
Enable support for the kubelet to receive container life cycle events from the
{{< glossary_tooltip text="container runtime" term_id="container-runtime" >}} via

0
content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources-dynamice-resources.md → content/en/docs/reference/command-line-tools-reference/feature-gates/kubelet-pod-resources-dynamic-resources.md
View File

16
content/en/docs/reference/command-line-tools-reference/feature-gates/mutating-admission-policy.md Normal file
View File

@ -0,0 +1,16 @@
---
title: MutatingAdmissionPolicy
content_type: feature_gate
_build:
list: never
render: false
stages:
- stage: alpha
defaultValue: false
fromVersion: "1.30"
---
In Kubernetes {{< skew currentVersion >}}, this feature gate has no effect.
A future release of Kubernetes may use this feature gate to enable
the MutatingAdmissionPolicy in admission chain.

7
content/en/docs/reference/command-line-tools-reference/feature-gates/name-generation-retries.md → content/en/docs/reference/command-line-tools-reference/feature-gates/retry-generate-name.md
View File

@ -1,19 +1,14 @@
---
title: RetryGenerateName
content_type: feature_gate
_build:
list: never
render: false
stages:
- stage: alpha
- stage: alpha
defaultValue: false
fromVersion: "1.30"
toVersion: "1.30"
- stage: beta
defaultValue: true
fromVersion: "1.31"
---
Enables retrying of object creation when the
{{< glossary_tooltip text="API server" term_id="kube-apiserver" >}}

13
content/en/docs/reference/command-line-tools-reference/feature-gates/watch-from-storage-without-resource-version.md Normal file
View File

@ -0,0 +1,13 @@
---
title: WatchFromStorageWithoutResourceVersion
content_type: feature_gate
_build:
list: never
render: false
stages:
- stage: beta
defaultValue: false
fromVersion: "1.30"
---
Enables watches without `resourceVersion` to be served from storage.

6
content/en/docs/reference/command-line-tools-reference/feature-gates/zero-limited-nominal-concurrency-shares.md
View File

@ -9,7 +9,11 @@ stages:
- stage: beta
defaultValue: false
fromVersion: "1.29"
toVersion: "1.29"
- stage: stable
defaultValue: true
fromVersion: "1.30"
---
Allow [Priority & Fairness](/docs/concepts/cluster-administration/flow-control/)
Allow [priority & fairness](/docs/concepts/cluster-administration/flow-control/)
in the API server to use a zero value for the `nominalConcurrencyShares` field of
the `limited` section of a priority level.

65
content/en/docs/reference/instrumentation/metrics.md
View File

@ -8,7 +8,7 @@ description: >-
## Metrics (v1.30)
<!-- (auto-generated 2024 Apr 24) -->
<!-- (auto-generated 2024 Jul 02) -->
<!-- (auto-generated v1.30) -->
This page details the metrics that different Kubernetes components export. You can query the metrics endpoint for these
components using an HTTP scrape, and fetch the current metrics data in Prometheus format.
@ -53,6 +53,20 @@ Stable metrics observe strict API contracts and no labels can be added or remove
<li data-type="gauge"><label class="metric_detail">Type:</label> <span class="metric_type">Gauge</span></li>
<li class="metric_labels_varying"><label class="metric_detail">Labels:</label><span class="metric_label">component</span><span class="metric_label">group</span><span class="metric_label">resource</span><span class="metric_label">scope</span><span class="metric_label">subresource</span><span class="metric_label">verb</span><span class="metric_label">version</span></li></ul>
</div><div class="metric" data-stability="stable">
<div class="metric_name">apiserver_request_duration_seconds</div>
<div class="metric_help">Response latency distribution in seconds for each verb, dry run value, group, version, resource, subresource, scope and component.</div>
<ul>
<li><label class="metric_detail">Stability Level:</label><span class="metric_stability_level">STABLE</span></li>
<li data-type="histogram"><label class="metric_detail">Type:</label> <span class="metric_type">Histogram</span></li>
<li class="metric_labels_varying"><label class="metric_detail">Labels:</label><span class="metric_label">component</span><span class="metric_label">dry_run</span><span class="metric_label">group</span><span class="metric_label">resource</span><span class="metric_label">scope</span><span class="metric_label">subresource</span><span class="metric_label">verb</span><span class="metric_label">version</span></li></ul>
</div><div class="metric" data-stability="stable">
<div class="metric_name">apiserver_request_total</div>
<div class="metric_help">Counter of apiserver requests broken out for each verb, dry run value, group, version, resource, scope, component, and HTTP response code.</div>
<ul>
<li><label class="metric_detail">Stability Level:</label><span class="metric_stability_level">STABLE</span></li>
<li data-type="counter"><label class="metric_detail">Type:</label> <span class="metric_type">Counter</span></li>
<li class="metric_labels_varying"><label class="metric_detail">Labels:</label><span class="metric_label">code</span><span class="metric_label">component</span><span class="metric_label">dry_run</span><span class="metric_label">group</span><span class="metric_label">resource</span><span class="metric_label">scope</span><span class="metric_label">subresource</span><span class="metric_label">verb</span><span class="metric_label">version</span></li></ul>
</div><div class="metric" data-stability="stable">
<div class="metric_name">apiserver_requested_deprecated_apis</div>
<div class="metric_help">Gauge of deprecated APIs that have been requested, broken out by API group, version, resource, subresource, and removed_release.</div>
<ul>
@ -522,6 +536,20 @@ Alpha metrics do not have any API guarantees. These metrics must be used at your
<li data-type="histogram"><label class="metric_detail">Type:</label> <span class="metric_type">Histogram</span></li>
<li class="metric_labels_varying"><label class="metric_detail">Labels:</label><span class="metric_label">jwt_issuer_hash</span><span class="metric_label">result</span></li></ul>
</div><div class="metric" data-stability="alpha">
<div class="metric_name">apiserver_authorization_config_controller_automatic_reload_last_timestamp_seconds</div>
<div class="metric_help">Timestamp of the last automatic reload of authorization configuration split by status and apiserver identity.</div>
<ul>
<li><label class="metric_detail">Stability Level:</label><span class="metric_stability_level">ALPHA</span></li>
<li data-type="gauge"><label class="metric_detail">Type:</label> <span class="metric_type">Gauge</span></li>
<li class="metric_labels_varying"><label class="metric_detail">Labels:</label><span class="metric_label">apiserver_id_hash</span><span class="metric_label">status</span></li></ul>
</div><div class="metric" data-stability="alpha">
<div class="metric_name">apiserver_authorization_config_controller_automatic_reloads_total</div>
<div class="metric_help">Total number of automatic reloads of authorization configuration split by status and apiserver identity.</div>
<ul>
<li><label class="metric_detail">Stability Level:</label><span class="metric_stability_level">ALPHA</span></li>
<li data-type="counter"><label class="metric_detail">Type:</label> <span class="metric_type">Counter</span></li>
<li class="metric_labels_varying"><label class="metric_detail">Labels:</label><span class="metric_label">apiserver_id_hash</span><span class="metric_label">status</span></li></ul>
</div><div class="metric" data-stability="alpha">
<div class="metric_name">apiserver_authorization_decisions_total</div>
<div class="metric_help">Total number of terminal decisions made by an authorizer split by authorizer type, name, and decision.</div>
<ul>
@ -725,6 +753,13 @@ Alpha metrics do not have any API guarantees. These metrics must be used at your
<li data-type="counter"><label class="metric_detail">Type:</label> <span class="metric_type">Counter</span></li>
<li class="metric_labels_varying"><label class="metric_detail">Labels:</label><span class="metric_label">apiserver_id_hash</span></li><li class="metric_deprecated_version"><label class="metric_detail">Deprecated Versions:</label><span>1.30.0</span></li></ul>
</div><div class="metric" data-stability="alpha">
<div class="metric_name">apiserver_encryption_config_controller_automatic_reload_last_timestamp_seconds</div>
<div class="metric_help">Timestamp of the last successful or failed automatic reload of encryption configuration split by apiserver identity.</div>
<ul>
<li><label class="metric_detail">Stability Level:</label><span class="metric_stability_level">ALPHA</span></li>
<li data-type="gauge"><label class="metric_detail">Type:</label> <span class="metric_type">Gauge</span></li>
<li class="metric_labels_varying"><label class="metric_detail">Labels:</label><span class="metric_label">apiserver_id_hash</span><span class="metric_label">status</span></li></ul>
</div><div class="metric" data-stability="alpha">
<div class="metric_name">apiserver_encryption_config_controller_automatic_reload_success_total</div>
<div class="metric_help">Total number of successful automatic reloads of encryption configuration split by apiserver identity.</div>
<ul>
@ -732,6 +767,13 @@ Alpha metrics do not have any API guarantees. These metrics must be used at your
<li data-type="counter"><label class="metric_detail">Type:</label> <span class="metric_type">Counter</span></li>
<li class="metric_labels_varying"><label class="metric_detail">Labels:</label><span class="metric_label">apiserver_id_hash</span></li><li class="metric_deprecated_version"><label class="metric_detail">Deprecated Versions:</label><span>1.30.0</span></li></ul>
</div><div class="metric" data-stability="alpha">
<div class="metric_name">apiserver_encryption_config_controller_automatic_reloads_total</div>
<div class="metric_help">Total number of reload successes and failures of encryption configuration split by apiserver identity.</div>
<ul>
<li><label class="metric_detail">Stability Level:</label><span class="metric_stability_level">ALPHA</span></li>
<li data-type="counter"><label class="metric_detail">Type:</label> <span class="metric_type">Counter</span></li>
<li class="metric_labels_varying"><label class="metric_detail">Labels:</label><span class="metric_label">apiserver_id_hash</span><span class="metric_label">status</span></li></ul>
</div><div class="metric" data-stability="alpha">
<div class="metric_name">apiserver_envelope_encryption_dek_cache_fill_percent</div>
<div class="metric_help">Percent of the cache slots currently occupied by cached DEKs.</div>
<ul>
@ -1005,6 +1047,13 @@ Alpha metrics do not have any API guarantees. These metrics must be used at your
<li data-type="counter"><label class="metric_detail">Type:</label> <span class="metric_type">Counter</span></li>
<li class="metric_labels_varying"><label class="metric_detail">Labels:</label><span class="metric_label">type</span></li></ul>
</div><div class="metric" data-stability="alpha">
<div class="metric_name">apiserver_nodeport_repair_reconcile_errors_total</div>
<div class="metric_help">Number of reconciliation failures on the nodeport repair reconcile loop</div>
<ul>
<li><label class="metric_detail">Stability Level:</label><span class="metric_stability_level">ALPHA</span></li>
<li data-type="counter"><label class="metric_detail">Type:</label> <span class="metric_type">Counter</span></li>
</ul>
</div><div class="metric" data-stability="alpha">
<div class="metric_name">apiserver_request_aborts_total</div>
<div class="metric_help">Number of requests which apiserver aborted possibly due to a timeout, for each group, version, verb, resource, subresource and scope</div>
<ul>
@ -1705,6 +1754,20 @@ Alpha metrics do not have any API guarantees. These metrics must be used at your
<li data-type="gauge"><label class="metric_detail">Type:</label> <span class="metric_type">Gauge</span></li>
</ul>
</div><div class="metric" data-stability="alpha">
<div class="metric_name">kube_apiserver_nodeport_allocator_allocation_errors_total</div>
<div class="metric_help">Number of errors trying to allocate NodePort</div>
<ul>
<li><label class="metric_detail">Stability Level:</label><span class="metric_stability_level">ALPHA</span></li>
<li data-type="counter"><label class="metric_detail">Type:</label> <span class="metric_type">Counter</span></li>
<li class="metric_labels_varying"><label class="metric_detail">Labels:</label><span class="metric_label">scope</span></li></ul>
</div><div class="metric" data-stability="alpha">
<div class="metric_name">kube_apiserver_nodeport_allocator_allocation_total</div>
<div class="metric_help">Number of NodePort allocations</div>
<ul>
<li><label class="metric_detail">Stability Level:</label><span class="metric_stability_level">ALPHA</span></li>
<li data-type="counter"><label class="metric_detail">Type:</label> <span class="metric_type">Counter</span></li>
<li class="metric_labels_varying"><label class="metric_detail">Labels:</label><span class="metric_label">scope</span></li></ul>
</div><div class="metric" data-stability="alpha">
<div class="metric_name">kube_apiserver_nodeport_allocator_available_ports</div>
<div class="metric_help">Gauge measuring the number of available NodePorts for Services</div>
<ul>

14
content/en/docs/reference/labels-annotations-taints/audit-annotations.md
View File

@ -20,6 +20,20 @@ The annotations apply to audit events. Audit events are different from objects i
<!-- body -->
## k8s.io/deprecated
Example: `k8s.io/deprecated: "true"`
Value **must** be "true" or "false". The value "true" indicates that the
request used a deprecated API version.
## k8s.io/removed-release
Example: `k8s.io/removed-release: "1.22"`
Value **must** be in the format "<major>.<minor>". It is set to target the removal release
on requests made to deprecated API versions with a target removal release.
## pod-security.kubernetes.io/exempt
Example: `pod-security.kubernetes.io/exempt: namespace`

3
content/en/docs/reference/node/kubelet-checkpoint-api.md
View File

@ -4,8 +4,7 @@ title: Kubelet Checkpoint API
weight: 10
---
{{< feature-state for_k8s_version="v1.25" state="alpha" >}}
{{< feature-state feature_gate_name="ContainerCheckpoint" >}}
Checkpointing a container is the functionality to create a stateful copy of a
running container. Once you have a stateful copy of a container, you could

4
content/en/docs/tasks/administer-cluster/configure-upgrade-etcd.md
View File

@ -447,7 +447,9 @@ either be a snapshot file from a previous backup operation, or from a remaining
```
If `<data-dir-location>` is the same folder as before, delete it and stop the etcd process before restoring the cluster.
Otherwise, change etcd configuration and restart the etcd process after restoration to have it use the new data directory.
Otherwise, change etcd configuration and restart the etcd process after restoration to have it use the new data directory:
first change `/etc/kubernetes/manifests/etcd.yaml`'s `volumes.hostPath.path` for `name: etcd-data` to `<data-dir-location>`,
then execute `kubectl -n kube-system delete pod <name-of-etcd-pod>` or `systemctl restart kubelet.service` (or both).
{{% /tab %}}
{{< /tabs >}}

37
content/en/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes.md
View File

@ -208,17 +208,19 @@ can't it is considered a failure.
{{% code_sample file="pods/probe/tcp-liveness-readiness.yaml" %}}
As you can see, configuration for a TCP check is quite similar to an HTTP check.
This example uses both readiness and liveness probes. The kubelet will send the
first readiness probe 15 seconds after the container starts. This will attempt to
connect to the `goproxy` container on port 8080. If the probe succeeds, the Pod
will be marked as ready. The kubelet will continue to run this check every 10
seconds.
This example uses both readiness and liveness probes. The kubelet will run the
first liveness probe 15 seconds after the container starts. This will attempt to
connect to the `goproxy` container on port 8080. If the liveness probe fails,
the container will be restarted. The kubelet will continue to run this check
every 10 seconds.
In addition to the readiness probe, this configuration includes a liveness probe.
The kubelet will run the first liveness probe 15 seconds after the container
starts. Similar to the readiness probe, this will attempt to connect to the
`goproxy` container on port 8080. If the liveness probe fails, the container
will be restarted.
In addition to the liveness probe, this configuration includes a readiness
probe. The kubelet will run the first readiness probe 15 seconds after the
container starts. Similar to the liveness probe, this will attempt to connect to
the `goproxy` container on port 8080. If the probe succeeds, the Pod will be
marked as ready and will receive traffic from services. If the readiness probe
fails, the pod will be marked unready and will not receive traffic from any
services.
To try the TCP liveness check, create a Pod:
@ -305,13 +307,12 @@ livenessProbe:
## Protect slow starting containers with startup probes {#define-startup-probes}
Sometimes, you have to deal with legacy applications that might require
an additional startup time on their first initialization.
In such cases, it can be tricky to set up liveness probe parameters without
compromising the fast response to deadlocks that motivated such a probe.
The trick is to set up a startup probe with the same command, HTTP or TCP
check, with a `failureThreshold * periodSeconds` long enough to cover the
worst case startup time.
Sometimes, you have to deal with applications that require additional startup
time on their first initialization. In such cases, it can be tricky to set up
liveness probe parameters without compromising the fast response to deadlocks
that motivated such a probe. The solution is to set up a startup probe with the
same command, HTTP or TCP check, with a `failureThreshold * periodSeconds` long
enough to cover the worst case startup time.
So, the previous example would become:
@ -394,7 +395,7 @@ liveness and readiness checks:
* `initialDelaySeconds`: Number of seconds after the container has started before startup,
liveness or readiness probes are initiated. If a startup probe is defined, liveness and
readiness probe delays do not begin until the startup probe has succeeded. If the value of
`periodSeconds` is greater than `initialDelaySeconds` then the `initialDelaySeconds` would be
`periodSeconds` is greater than `initialDelaySeconds` then the `initialDelaySeconds` will be
ignored. Defaults to 0 seconds. Minimum value is 0.
* `periodSeconds`: How often (in seconds) to perform the probe. Default to 10 seconds.
The minimum value is 1.

3
content/en/docs/tasks/configure-pod-container/security-context.md
View File

@ -729,6 +729,7 @@ them. The list of masked and read-only paths are as follows:
- `/proc/sched_debug`
- `/proc/scsi`
- `/sys/firmware`
- `/sys/devices/virtual/powercap`
- Read-Only Paths:
- `/proc/bus`
@ -809,4 +810,4 @@ kubectl delete pod security-context-demo-4
* Read about [User Namespaces](/docs/concepts/workloads/pods/user-namespaces/)
for Linux pods.
* [Masked Paths in the OCI Runtime
Specification](https://github.com/opencontainers/runtime-spec/blob/f66aad47309/config-linux.md#masked-paths)
Specification](https://github.com/opencontainers/runtime-spec/blob/f66aad47309/config-linux.md#masked-paths)

3
content/en/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions.md
View File

@ -1247,8 +1247,7 @@ Unlike other rules, transition rules apply only to operations meeting the follow
later update to the same object.
Errors will be generated on CRD writes if a schema node contains a transition rule that can never be
applied, e.g. "*path*: update rule *rule* cannot be set on schema because the schema or its parent
schema is not mergeable".
applied, e.g. "oldSelf cannot be used on the uncorrelatable portion of the schema within *path*".
Transition rules are only allowed on _correlatable portions_ of a schema.
A portion of the schema is correlatable if all `array` parent schemas are of type `x-kubernetes-list-type=map`;

6
content/ja/docs/reference/setup-tools/kubeadm/generated/_index.md Normal file
View File

@ -0,0 +1,6 @@
---
title: "Kubeadm Generated"
weight: 10
toc_hide: true
---

113
content/ja/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_images_list.md Normal file
View File

@ -0,0 +1,113 @@
kubeadmが使用するイメージの一覧を出力します。
設定ファイルはイメージやイメージリポジトリをカスタマイズする際に使用されます。
### 概要
kubeadmが使用するイメージの一覧を出力します。
設定ファイルはイメージやイメージリポジトリをカスタマイズする際に使用されます。
```
kubeadm config images list [flags]
```
### オプション
<table style="width: 100%; table-layout: fixed;">
<colgroup>
<col span="1" style="width: 10px;" />
<col span="1" />
</colgroup>
<tbody>
<tr>
<td colspan="2">--allow-missing-template-keys&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;デフォルト値: true</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>trueならば、テンプレートの中にフィールドやマップキーが見つからない場合に、テンプレート内のエラーを無視します。golangまたはjsonpathを出力フォーマットとした場合にのみ適用されます。</p></td>
</tr>
<tr>
<td colspan="2">--config string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>kubeadmの設定ファイルのパス。</p></td>
</tr>
<tr>
<td colspan="2">-o, --experimental-output string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;デフォルト値: "text"</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>出力フォーマット。次のいずれか: text|json|yaml|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.</p></td>
</tr>
<tr>
<td colspan="2">--feature-gates string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>様々な機能に対するフィーチャーゲートを記述するkey=valueペアのセット。オプション:<br/>EtcdLearnerMode=true|false (BETA - デフォルト値=true)<br/>PublicKeysECDSA=true|false (DEPRECATED - デフォルト値=false)<br/>RootlessControlPlane=true|false (ALPHA - デフォルト値=false)<br/>UpgradeAddonsBeforeControlPlane=true|false (DEPRECATED - デフォルト値=false)<br/>WaitForAllControlPlaneComponents=true|false (ALPHA - デフォルト値=false)</p></td>
</tr>
<tr>
<td colspan="2">-h, --help</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>listのヘルプ</p></td>
</tr>
<tr>
<td colspan="2">--image-repository string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;デフォルト値: "registry.k8s.io"</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>コントロールプレーンのイメージをプルするコンテナレジストリを選択します。</p></td>
</tr>
<tr>
<td colspan="2">--kubernetes-version string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;デフォルト値: "stable-1"</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>コントロールプレーンの特定のKubernetesバージョンを選択します。</p></td>
</tr>
<tr>
<td colspan="2">--show-managed-fields</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>trueならば、JSONまたはYAMLフォーマットでmanagedFieldsを省略せずにオブジェクトを出力します。</p></td>
</tr>
</tbody>
</table>
### 親コマンドから継承されたオプション
<table style="width: 100%; table-layout: fixed;">
<colgroup>
<col span="1" style="width: 10px;" />
<col span="1" />
</colgroup>
<tbody>
<tr>
<td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;デフォルト値: "/etc/kubernetes/admin.conf"</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>クラスターと通信する時に使用するkubeconfigファイル。フラグが設定されていない場合は、標準的な場所の中から既存のkubeconfigファイルが検索されます。</p></td>
</tr>
<tr>
<td colspan="2">--rootfs string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>[実験的]'実際の'ホストのルートファイルシステムのパス。</p></td>
</tr>
</tbody>
</table>

97
content/ja/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_images_pull.md Normal file
View File

@ -0,0 +1,97 @@
kubeadmによって使用されるイメージをプルします。
### 概要
kubeadmによって使用されるイメージをプルします。
```
kubeadm config images pull [flags]
```
### オプション
<table style="width: 100%; table-layout: fixed;">
<colgroup>
<col span="1" style="width: 10px;" />
<col span="1" />
</colgroup>
<tbody>
<tr>
<td colspan="2">--config string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>kubeadmの設定ファイルのパス。</p></td>
</tr>
<tr>
<td colspan="2">--cri-socket string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>接続するCRIソケットへのパス。空の場合、kubeadmはこの値を自動検出しようとします。このオプションは、複数のCRIがインストールされているか、標準ではないCRIソケットがある場合のみ使用してください。</p></td>
</tr>
<tr>
<td colspan="2">--feature-gates string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>様々な機能に対するフィーチャーゲートを記述するkey=valueペアのセット。オプション:<br/>EtcdLearnerMode=true|false (BETA - デフォルト値=true)<br/>PublicKeysECDSA=true|false (DEPRECATED - デフォルト値=false)<br/>RootlessControlPlane=true|false (ALPHA - デフォルト値=false)<br/>UpgradeAddonsBeforeControlPlane=true|false (DEPRECATED - デフォルト値=false)<br/>WaitForAllControlPlaneComponents=true|false (ALPHA - デフォルト値=false)</p></td>
</tr>
<tr>
<td colspan="2">-h, --help</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>pullのヘルプ</p></td>
</tr>
<tr>
<td colspan="2">--image-repository string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;デフォルト値: "registry.k8s.io"</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>コントロールプレーンのイメージをプルするコンテナレジストリを選択します。</p></td>
</tr>
<tr>
<td colspan="2">--kubernetes-version string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;デフォルト値: "stable-1"</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>コントロールプレーンの特定のKubernetesバージョンを選択します。</p></td>
</tr>
</tbody>
</table>
### 親コマンドから継承されたオプション
<table style="width: 100%; table-layout: fixed;">
<colgroup>
<col span="1" style="width: 10px;" />
<col span="1" />
</colgroup>
<tbody>
<tr>
<td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;デフォルト値: "/etc/kubernetes/admin.conf"</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>クラスターと通信する時に使用するkubeconfigファイル。フラグが設定されていない場合は、標準的な場所の中から既存のkubeconfigファイルが検索されます。</p></td>
</tr>
<tr>
<td colspan="2">--rootfs string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>[実験的]'実際の'ホストのルートファイルシステムのパス。</p></td>
</tr>
</tbody>
</table>

93
content/ja/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_migrate.md Normal file
View File

@ -0,0 +1,93 @@
ファイルから古いバージョンのAPIタイプのkubeadmの設定を読み込み、新しいバージョンの同等の設定オブジェクトを出力します。
### 概要
このコマンドは、古いバージョンの設定オブジェクトを、サポートされている最新のバージョンに変換します。
これはクラスターを何も触ることなく、CLIツール内に閉じています。
kubeadmのこのバージョンでは、次のAPIバージョンがサポートされています:
- kubeadm.k8s.io/v1beta3
さらに、kubeadmはバージョン"kubeadm.k8s.io/v1beta3"の設定しか出力できませんが、両方の種類を読むことができます。
このため、どのバージョンを--old-configパラメーターに渡したとしても、APIオブジェクトは読み込まれ、デシリアライズ、デフォルト化、変換、検証、再シリアライズされて、標準出力または--new-configで指定されたファイルに出力されます。
言い換えると、このコマンドの出力は、そのファイルを"kubeadm init"に渡した時にkubeadmが実際に内部で読むものとなります。
```
kubeadm config migrate [flags]
```
### オプション
<table style="width: 100%; table-layout: fixed;">
<colgroup>
<col span="1" style="width: 10px;" />
<col span="1" />
</colgroup>
<tbody>
<tr>
<td colspan="2">--allow-experimental-api</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>実験的な未リリースのAPIへの移行を許可します。</p></td>
</tr>
<tr>
<td colspan="2">-h, --help</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>migrateのヘルプ</p></td>
</tr>
<tr>
<td colspan="2">--new-config string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>新しいAPIバージョンを使用して得られた同等の内容のkubeadm設定ファイルのパス。この設定はオプションで、指定しない場合は標準出力に出力されます。</p></td>
</tr>
<tr>
<td colspan="2">--old-config string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>古いAPIバージョンを使用している、変換対象のkubeadm設定ファイルのパス。このフラグは必須です。</p></td>
</tr>
</tbody>
</table>
### 親コマンドから継承されたオプション
<table style="width: 100%; table-layout: fixed;">
<colgroup>
<col span="1" style="width: 10px;" />
<col span="1" />
</colgroup>
<tbody>
<tr>
<td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;デフォルト値: "/etc/kubernetes/admin.conf"</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>クラスターと通信する時に使用するkubeconfigファイル。フラグが設定されていない場合は、標準的な場所の中から既存のkubeconfigファイルが検索されます。</p></td>
</tr>
<tr>
<td colspan="2">--rootfs string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>[実験的]'実際の'ホストのルートファイルシステムのパス。</p></td>
</tr>
</tbody>
</table>

64
content/ja/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_print.md Normal file
View File

@ -0,0 +1,64 @@
設定を出力します。
### 概要
このコマンドは、指定されたサブコマンドに対する設定を出力します。
詳細については次を参照してください: https://pkg.go.dev/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm#section-directories
```
kubeadm config print [flags]
```
### オプション
<table style="width: 100%; table-layout: fixed;">
<colgroup>
<col span="1" style="width: 10px;" />
<col span="1" />
</colgroup>
<tbody>
<tr>
<td colspan="2">-h, --help</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>printのヘルプ</p></td>
</tr>
</tbody>
</table>
### 親コマンドから継承されたオプション
<table style="width: 100%; table-layout: fixed;">
<colgroup>
<col span="1" style="width: 10px;" />
<col span="1" />
</colgroup>
<tbody>
<tr>
<td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;デフォルト値: "/etc/kubernetes/admin.conf"</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>クラスターと通信する時に使用するkubeconfigファイル。フラグが設定されていない場合は、標準的な場所の中から既存のkubeconfigファイルが検索されます。</p></td>
</tr>
<tr>
<td colspan="2">--rootfs string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>[実験的]'実際の'ホストのルートファイルシステムのパス。</p></td>
</tr>
</tbody>
</table>

73
content/ja/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_print_init-defaults.md Normal file
View File

@ -0,0 +1,73 @@
`kubeadm init`で使用できるデフォルトのInitConfigurationを出力します。
### 概要
このコマンドは、'kubeadm init'で使用されるデフォルトのInitConfigurationオブジェクトを出力します。
Bootstrap Tokenフィールドのような機密性が高い値は、実際にトークンを生成する計算は実行しませんが、検証をパスするために"abcdef.0123456789abcdef"のようなプレースホルダーの値に置き換えられることに注意してください。
```
kubeadm config print init-defaults [flags]
```
### オプション
<table style="width: 100%; table-layout: fixed;">
<colgroup>
<col span="1" style="width: 10px;" />
<col span="1" />
</colgroup>
<tbody>
<tr>
<td colspan="2">--component-configs strings</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>デフォルト値を出力するコンポーネントの設定APIオブジェクトのカンマ区切りのリスト。利用可能な値: [KubeProxyConfiguration KubeletConfiguration]。このフラグが設定されていない場合は、どのコンポーネントの設定も出力されません。</p></td>
</tr>
<tr>
<td colspan="2">-h, --help</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>init-defaultsのヘルプ</p></td>
</tr>
</tbody>
</table>
### 親コマンドから継承されたオプション
<table style="width: 100%; table-layout: fixed;">
<colgroup>
<col span="1" style="width: 10px;" />
<col span="1" />
</colgroup>
<tbody>
<tr>
<td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;デフォルト値: "/etc/kubernetes/admin.conf"</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>クラスターと通信する時に使用するkubeconfigファイル。フラグが設定されていない場合は、標準的な場所の中から既存のkubeconfigファイルが検索されます。</p></td>
</tr>
<tr>
<td colspan="2">--rootfs string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>[実験的]'実際の'ホストのルートファイルシステムのパス。</p></td>
</tr>
</tbody>
</table>

66
content/ja/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_print_join-defaults.md Normal file
View File

@ -0,0 +1,66 @@
`kubeadm join`で使用できるデフォルトのJoinConfigurationを出力します。
### 概要
このコマンドは`kubeadm join`で使用されるデフォルトのJoinConfigurationオブジェクトを出力します
Bootstrap Tokenフィールドのような機密性が高い値は、実際にトークンを生成する計算は実行しませんが、検証をパスするために"abcdef.0123456789abcdef"のようなプレースホルダーの値に置き換えられることに注意してください。
```
kubeadm config print join-defaults [flags]
```
### オプション
<table style="width: 100%; table-layout: fixed;">
<colgroup>
<col span="1" style="width: 10px;" />
<col span="1" />
</colgroup>
<tbody>
<tr>
<td colspan="2">-h, --help</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>join-defaultsのヘルプ</p></td>
</tr>
</tbody>
</table>
### 親コマンドから継承されたオプション
<table style="width: 100%; table-layout: fixed;">
<colgroup>
<col span="1" style="width: 10px;" />
<col span="1" />
</colgroup>
<tbody>
<tr>
<td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;デフォルト値: "/etc/kubernetes/admin.conf"</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>クラスターと通信する時に使用するkubeconfigファイル。フラグが設定されていない場合は、標準的な場所の中から既存のkubeconfigファイルが検索されます。</p></td>
</tr>
<tr>
<td colspan="2">--rootfs string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>[実験的]'実際の'ホストのルートファイルシステムのパス。</p></td>
</tr>
</tbody>
</table>

85
content/ja/docs/reference/setup-tools/kubeadm/generated/kubeadm_config_validate.md Normal file
View File

@ -0,0 +1,85 @@
kubeadm設定APIを含むファイルを読み込み、検証に問題があれば報告します。
### 概要
このコマンドはkubeadm設定APIファイルを検証して、警告やエラーがあれば報告します。
エラーが無い場合は終了ステータスはゼロ、それ以外の場合はゼロ以外の値となります。
不明なAPIフィールドのようなデータ変換できない問題については、エラーが発生します。
不明なAPIバージョンや不正な値を持つフィールドについてもエラーとなります。
入力ファイルの内容によっては、その他のエラーや警告が報告されることもあります。
このバージョンのkubeadmでは、次のAPIバージョンがサポートされています:
- kubeadm.k8s.io/v1beta3
```
kubeadm config validate [flags]
```
### オプション
<table style="width: 100%; table-layout: fixed;">
<colgroup>
<col span="1" style="width: 10px;" />
<col span="1" />
</colgroup>
<tbody>
<tr>
<td colspan="2">--allow-experimental-api</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>実験的な未リリースのAPIの検証を許可する。</p></td>
</tr>
<tr>
<td colspan="2">--config string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>kubeadm設定ファイルへのパス。</p></td>
</tr>
<tr>
<td colspan="2">-h, --help</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>validateのヘルプ</p></td>
</tr>
</tbody>
</table>
### 親コマンドから継承されたオプション
<table style="width: 100%; table-layout: fixed;">
<colgroup>
<col span="1" style="width: 10px;" />
<col span="1" />
</colgroup>
<tbody>
<tr>
<td colspan="2">--kubeconfig string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;デフォルト値: "/etc/kubernetes/admin.conf"</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>クラスターと通信する時に使用するkubeconfigファイル。フラグが設定されていない場合は、標準的な場所の中から既存のkubeconfigファイルが検索されます。</p></td>
</tr>
<tr>
<td colspan="2">--rootfs string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>[実験的]'実際の'ホストのルートファイルシステムのパス。</p></td>
</tr>
</tbody>
</table>

61
content/ja/docs/reference/setup-tools/kubeadm/kubeadm-config.md Normal file
View File

@ -0,0 +1,61 @@
---
title: kubeadm config
content_type: concept
weight: 50
---
<!-- overview -->
`kubeadm init`の実行中、kubeadmはクラスターに対して、`kube-system`名前空間内の`kubeadm-config`という名前のConfigMapに`ClusterConfiguration`オブジェクトをアップロードします。
この設定は`kubeadm join`、`kubeadm reset`および`kubeadm upgrade`の実行中に読み込まれます。
`kubeadm config print`によって、kubeadmが`kubeadm init`や`kubeadm join`で使用する、デフォルトの静的な設定を表示することができます。
{{< note >}}
コマンドの出力は一例として提供されるものです。
自身のセットアップに合わせるためには、コマンドの出力を手動で編集する必要があります。
不明確なフィールドは削除してください。
kubeadmは実行時にホストを調べ、そのフィールドにデフォルト値を設定しようとします。
{{< /note >}}
`init`と`join`のより詳細な情報については、[設定ファイルを使ったkubeadm initの利用](/docs/reference/setup-tools/kubeadm/kubeadm-init/#config-file)、または[設定ファイルを使ったkubeadm joinの利用](/docs/reference/setup-tools/kubeadm/kubeadm-join/#config-file)を参照してください。
kubeadmの設定APIの使用法に関するより詳細な情報については、[kubeadm APIを使ったコンポーネントのカスタマイズ](/ja/docs/setup/production-environment/tools/kubeadm/control-plane-flags)を参照してください。
非推奨のAPIバージョンを含んだ古い設定ファイルを、サポートされた新しいAPIバージョンに変換する際には、`kubeadm config migrate`コマンドを使用することができます。
設定ファイルを検証するためには、`kubeadm config validate`を使用することができます。
kubeadmが必要とするイメージを表示、取得するために、`kbueadm config images list`や`kubeadm config images pull`を使用することができます。
<!-- body -->
## kubeadm config print {#cmd-config-print}
{{< include "generated/kubeadm_config_print.md" >}}
## kubeadm config print init-defaults {#cmd-config-print-init-defaults}
{{< include "generated/kubeadm_config_print_init-defaults.md" >}}
## kubeadm config print join-defaults {#cmd-config-print-join-defaults}
{{< include "generated/kubeadm_config_print_join-defaults.md" >}}
## kubeadm config migrate {#cmd-config-migrate}
{{< include "generated/kubeadm_config_migrate.md" >}}
## kubeadm config validate {#cmd-config-validate}
{{< include "generated/kubeadm_config_validate.md" >}}
## kubeadm config images list {#cmd-config-images-list}
{{< include "generated/kubeadm_config_images_list.md" >}}
## kubeadm config images pull {#cmd-config-images-pull}
{{< include "generated/kubeadm_config_images_pull.md" >}}
## {{% heading "whatsnext" %}}
* [kubeadm upgrade](/docs/reference/setup-tools/kubeadm/kubeadm-upgrade/)を使用すると、Kubernetesクラスターを最新のバージョンにアップグレードすることができます

2
content/pl/docs/reference/glossary/cloud-controller-manager.md
View File

@ -12,7 +12,7 @@ tags:
- operation
---
Element składowy {{< glossary_tooltip text="warstwy sterowania" term_id="control-plane" >}} Kubernetesa,
który zarządza usługami realizowanymi po stronie chmur obliczeniowych. [Cloud controller manager](/docs/concepts/architecture/cloud-controller/) umożliwia
który zarządza usługami realizowanymi po stronie chmur obliczeniowych. Cloud controller manager umożliwia
połączenie Twojego klastra z API operatora usług chmurowych i rozdziela składniki operujące na platformie
chmurowej od tych, które dotyczą wyłącznie samego klastra.

1
content/pt-br/examples/service/networking/example-ingress.yaml
View File

@ -5,6 +5,7 @@ metadata:
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
ingressClassName: nginx
rules:
- host: hello-world.info
http:

164
content/zh-cn/docs/concepts/configuration/manage-resources-containers.md
View File

@ -385,11 +385,13 @@ limits you defined.
<!--
- The memory limit for the Pod or container can also apply to pages in memory backed
volumes, such as an `emptyDir`. The kubelet tracks `tmpfs` emptyDir volumes as container
memory use, rather than as local ephemeral storage.
memory use, rather than as local ephemeral storage. When using memory backed `emptyDir`,
be sure to check the notes [below](#memory-backed-emptydir).
-->
- Pod 或容器的内存限制也适用于通过内存供应的卷,例如 `emptyDir` 卷。
- Pod 或容器的内存限制也适用于通过内存作为介质的卷,例如 `emptyDir` 卷。
kubelet 会跟踪 `tmpfs` 形式的 emptyDir 卷用量,将其作为容器的内存用量,
而不是临时存储用量。
而不是临时存储用量。当使用内存作为介质的 `emptyDir` 时,
请务必查看[下面](#memory-backed-emptydir)的注意事项。
<!--
If a container exceeds its memory request and the node that it runs on becomes short of
@ -431,6 +433,85 @@ kubelet 会将 Pod 的资源使用情况作为 Pod
则可以直接从[指标 API](/zh-cn/docs/tasks/debug/debug-cluster/resource-metrics-pipeline/#metrics-api)
或者监控工具获得 Pod 的资源使用情况。
<!--
### Considerations for memory backed `emptyDir` volumes {#memory-backed-emptydir}
-->
### 使用内存作为介质的 `emptyDir` 卷的注意事项 {#memory-backed-emptydir}
{{< caution >}}
<!--
If you do not specify a `sizeLimit` for an `emptyDir` volume, that volume may
consume up to that pod's memory limit (`Pod.spec.containers[].resources.limits.memory`).
If you do not set a memory limit, the pod has no upper bound on memory consumption,
and can consume all available memory on the node. Kubernetes schedules pods based
on resource requests (`Pod.spec.containers[].resources.requests`) and will not
consider memory usage above the request when deciding if another pod can fit on
a given node. This can result in a denial of service and cause the OS to do
out-of-memory (OOM) handling. It is possible to create any number of `emptyDir`s
that could potentially consume all available memory on the node, making OOM
more likely.
-->
如果你没有为 `emptyDir` 卷指定 `sizeLimit`,该卷就会消耗 Pod 的内存,
卷的用量上限为 Pod 的内存限制(`Pod.spec.containers[].resources.limits.memory`)。
如果你没有设置内存限制Pod 的内存消耗将没有上限,并且可能会用掉节点上的所有可用内存。
Kubernetes 基于资源请求(`Pod.spec.containers[].resources.requests`)调度 Pod
并且在决定另一个 Pod 是否适合调度到某个给定的节点上时,不会考虑超出请求的内存用量。
这可能导致拒绝服务并使操作系统出现需要处理内存不足OOM的情况。
用户可以创建任意数量的 `emptyDir`,可能会消耗节点上的所有可用内存,使得 OOM 更有可能发生。
{{< /caution >}}
<!--
From the perspective of memory management, there are some similarities between
when a process uses memory as a work area and when using memory-backed
`emptyDir`. But when using memory as a volume like memory-backed `emptyDir`,
there are additional points below that you should be careful of.
-->
从内存管理的角度来看,进程使用内存作为工作区与使用内存作为 `emptyDir` 的介质有一些相似之处。
但当将内存用作存储卷(例如内存为介质的 `emptyDir` 卷)时,你需要额外注意以下几点:
<!--
* Files stored on a memory-backed volume are almost entirely managed by the
user application. Unlike when used as a work area for a process, you can not
rely on things like language-level garbage collection.
* The purpose of writing files to a volume is to save data or pass it between
applications. Neither Kubernetes nor the OS may automatically delete files
from a volume, so memory used by those files can not be reclaimed when the
system or the pod are under memory pressure.
* A memory-backed `emptyDir` is useful because of its performance, but memory
is generally much smaller in size and much higher in cost than other storage
media, such as disks or SSDs. Using large amounts of memory for `emptyDir`
volumes may affect the normal operation of your pod or of the whole node,
so should be used carefully.
-->
* 存储在内存为介质的卷上的文件几乎完全由用户应用所管理。
与用作进程工作区的用法不同,你无法依赖语言级别垃圾回收这类机制。
* 将文件写入某个卷的目的是保存数据或在应用之间传递数据。
Kubernetes 或操作系统都不会自动从卷中删除文件,
因此当系统或 Pod 面临内存压力时,将无法回收这些文件所使用的内存。
* 以内存为介质的 `emptyDir` 因性能较好而很有用,但内存通常比其他存储介质(如磁盘或 SSD小得多且成本更高。
`emptyDir` 卷使用大量内存可能会影响 Pod 或整个节点的正常运行,因此你应谨慎使用。
<!--
If you are administering a cluster or namespace, you can also set
[ResourceQuota](/docs/concepts/policy/resource-quotas/) that limits memory use;
you may also want to define a [LimitRange](/docs/concepts/policy/limit-range/)
for additional enforcement.
If you specify a `spec.containers[].resources.limits.memory` for each Pod,
then the muximum size of an `emptyDir` volume will be the pod's memory limit.
-->
如果你在管理集群或命名空间,还可以设置限制内存使用的 [ResourceQuota](/zh-cn/docs/concepts/policy/resource-quotas/)
你可能还希望定义一个 [LimitRange](/zh-cn/docs/concepts/policy/limit-range/) 以施加额外的限制。如果为每个 Pod
指定 `spec.containers[].resources.limits.memory`,那么 `emptyDir` 卷的最大尺寸将是该 Pod 的内存限制。
<!--
As an alternative, a cluster administrator can enforce size limits for
`emptyDir` volumes in new Pods using a policy mechanism such as
[ValidationAdmissionPolicy](/docs/reference/access-authn-authz/validating-admission-policy).
-->
作为一种替代方案,集群管理员可以使用诸如
[ValidationAdmissionPolicy](/zh-cn/docs/reference/access-authn-authz/validating-admission-policy)
之类的策略机制来强制对新 Pod 的 `emptyDir` 卷进行大小限制。
<!--
## Local ephemeral storage
@ -449,8 +530,7 @@ mount [`emptyDir`](/docs/concepts/storage/volumes/#emptydir)
{{< feature-state for_k8s_version="v1.25" state="stable" >}}
节点通常还可以具有本地的临时性存储,由本地挂接的可写入设备或者有时也用 RAM
来提供支持。
“临时Ephemeral”意味着对所存储的数据不提供长期可用性的保证。
来提供支持。“临时Ephemeral”意味着对所存储的数据不提供长期可用性的保证。
Pods 通常可以使用临时性本地存储来实现缓冲区、保存日志等功能。
kubelet 可以为使用本地临时存储的 Pods 提供这种存储空间,允许后者使用
@ -549,6 +629,7 @@ kubelet 会将日志写入到所配置的日志目录(默认为 `/var/log`
你的集群节点当然可以包含其他的、并非用于 Kubernetes 的很多文件系统。
{{% /tab %}}
{{% tab name="双文件系统" %}}
<!--
You have a filesystem on the node that you're using for ephemeral data that
comes from running Pods: logs, and `emptyDir` volumes. You can use this filesystem
@ -558,7 +639,15 @@ be the root filesystem.
The kubelet also writes
[node-level container logs](/docs/concepts/cluster-administration/logging/#logging-at-the-node-level)
into the first filesystem, and treats these similarly to ephemeral local storage.
-->
你使用节点上的某个文件系统来保存运行 Pod 时产生的临时性数据:日志和
`emptyDir` 卷等。你可以使用这个文件系统来保存其他数据(例如:与 Kubernetes
无关的其他系统日志);这个文件系统还可以是根文件系统。
kubelet 也将[节点层面的容器日志](/zh-cn/docs/concepts/cluster-administration/logging/#logging-at-the-node-level)
写入到第一个文件系统中,并按临时性本地存储的方式对待之。
<!--
You also use a separate filesystem, backed by a different logical storage device.
In this configuration, the directory where you tell the kubelet to place
container image layers and writeable layers is on this second filesystem.
@ -568,16 +657,6 @@ The first filesystem does not hold any image layers or writeable layers.
Your node can have as many other filesystems, not used for Kubernetes,
as you like.
-->
{{% tab name="双文件系统" %}}
你使用节点上的某个文件系统来保存运行 Pods 时产生的临时性数据:日志和
`emptyDir` 卷等。你可以使用这个文件系统来保存其他数据(例如:与 Kubernetes
无关的其他系统日志);这个文件系统还可以是根文件系统。
kubelet 也将[节点层面的容器日志](/zh-cn/docs/concepts/cluster-administration/logging/#logging-at-the-node-level)
写入到第一个文件系统中,并按临时性本地存储的方式对待之。
同时你使用另一个由不同逻辑存储设备支持的文件系统。在这种配置下,你会告诉
kubelet 将容器镜像层和可写层保存到这第二个文件系统上的某个目录中。
@ -624,11 +703,6 @@ container of a Pod can specify either or both of the following:
* `spec.containers[].resources.limits.ephemeral-storage`
* `spec.containers[].resources.requests.ephemeral-storage`
Limits and requests for `ephemeral-storage` are measured in byte quantities.
You can express storage as a plain integer or as a fixed-point number using one of these suffixes:
E, P, T, G, M, k. You can also use the power-of-two equivalents: Ei, Pi, Ti, Gi,
Mi, Ki. For example, the following quantities all represent roughly the same value:
-->
### 为本地临时性存储设置请求和限制 {#setting-requests-and-limits-for-local-ephemeral-storage}
@ -638,6 +712,12 @@ Pod 中的每个容器可以设置以下属性:
* `spec.containers[].resources.limits.ephemeral-storage`
* `spec.containers[].resources.requests.ephemeral-storage`
<!--
Limits and requests for `ephemeral-storage` are measured in byte quantities.
You can express storage as a plain integer or as a fixed-point number using one of these suffixes:
E, P, T, G, M, k. You can also use the power-of-two equivalents: Ei, Pi, Ti, Gi,
Mi, Ki. For example, the following quantities all represent roughly the same value:
-->
`ephemeral-storage` 的请求和限制是按量纲计量的。
你可以使用一般整数或者定点数字加上下面的后缀来表达存储量E、P、T、G、M、k。
你也可以使用对应的 2 的幂级数来表达Ei、Pi、Ti、Gi、Mi、Ki。
@ -664,7 +744,6 @@ storage. Therefore, the Pod has a request of 4GiB of local ephemeral storage, an
a limit of 8GiB of local ephemeral storage. 500Mi of that limit could be
consumed by the `emptyDir` volume.
-->
在下面的例子中Pod 包含两个容器。每个容器请求 2 GiB 大小的本地临时性存储。
每个容器都设置了 4 GiB 作为其本地临时性存储的限制。
因此,整个 Pod 的本地临时性存储请求是 4 GiB且其本地临时性存储的限制为 8 GiB。
@ -713,7 +792,6 @@ For more information, see
The scheduler ensures that the sum of the resource requests of the scheduled containers is less than the capacity of the node.
-->
### 带临时性存储的 Pods 的调度行为 {#how-pods-with-ephemeral-storage-requests-are-scheduled}
当你创建一个 Pod 时Kubernetes 调度器会为 Pod 选择一个节点来运行之。
@ -735,15 +813,6 @@ kubelet measures storage use in:
If a Pod is using more ephemeral storage than you allow it to, the kubelet
sets an eviction signal that triggers Pod eviction.
For container-level isolation, if a container's writable layer and log
usage exceeds its storage limit, the kubelet marks the Pod for eviction.
For pod-level isolation the kubelet works out an overall Pod storage limit by
summing the limits for the containers in that Pod. In this case, if the sum of
the local ephemeral storage usage from all containers and also the Pod's `emptyDir`
volumes exceeds the overall Pod storage limit, then the kubelet also marks the Pod
for eviction.
-->
### 临时性存储消耗的管理 {#resource-emphemeralstorage-consumption}
@ -756,6 +825,16 @@ for eviction.
如果某 Pod 的临时存储用量超出了你所允许的范围kubelet
会向其发出逐出eviction信号触发该 Pod 被逐出所在节点。
<!--
For container-level isolation, if a container's writable layer and log
usage exceeds its storage limit, the kubelet marks the Pod for eviction.
For pod-level isolation the kubelet works out an overall Pod storage limit by
summing the limits for the containers in that Pod. In this case, if the sum of
the local ephemeral storage usage from all containers and also the Pod's `emptyDir`
volumes exceeds the overall Pod storage limit, then the kubelet also marks the Pod
for eviction.
-->
就容器层面的隔离而言,如果某容器的可写入镜像层和日志用量超出其存储限制,
kubelet 也会将所在的 Pod 标记为逐出候选。
@ -882,7 +961,14 @@ If you want to use project quotas, you should:
using the `featureGates` field in the
[kubelet configuration](/docs/reference/config-api/kubelet-config.v1beta1/)
or the `--feature-gates` command line flag.
-->
如果你希望使用项目配额,你需要:
* 在 [kubelet 配置](/zh-cn/docs/reference/config-api/kubelet-config.v1beta1/)中使用
`featureGates` 字段或者使用 `--feature-gates` 命令行参数启用
`LocalStorageCapacityIsolationFSQuotaMonitoring=true` [特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/)。
<!--
* Ensure that the root filesystem (or optional runtime filesystem)
has project quotas enabled. All XFS filesystems support project quotas.
For ext4 filesystems, you need to enable the project quota tracking feature
@ -892,18 +978,7 @@ If you want to use project quotas, you should:
# For ext4, with /dev/block-device not mounted
sudo tune2fs -O project -Q prjquota /dev/block-device
```
* Ensure that the root filesystem (or optional runtime filesystem) is
mounted with project quotas enabled. For both XFS and ext4fs, the
mount option is named `prjquota`.
-->
如果你希望使用项目配额,你需要:
* 在 [kubelet 配置](/zh-cn/docs/reference/config-api/kubelet-config.v1beta1/)中使用
`featureGates` 字段或者使用 `--feature-gates` 命令行参数启用
`LocalStorageCapacityIsolationFSQuotaMonitoring=true` [特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/)。
* 确保根文件系统(或者可选的运行时文件系统)启用了项目配额。所有 XFS
文件系统都支持项目配额。
对 extf 文件系统而言,你需要在文件系统尚未被挂载时启用项目配额跟踪特性:
@ -913,6 +988,11 @@ If you want to use project quotas, you should:
sudo tune2fs -O project -Q prjquota /dev/block-device
```
<!--
* Ensure that the root filesystem (or optional runtime filesystem) is
mounted with project quotas enabled. For both XFS and ext4fs, the
mount option is named `prjquota`.
-->
* 确保根文件系统(或者可选的运行时文件系统)在挂载时项目配额特性是被启用了的。
对于 XFS 和 ext4fs 而言,对应的挂载选项称作 `prjquota`

4
content/zh-cn/docs/concepts/configuration/secret.md
View File

@ -986,10 +986,10 @@ the filesystem of one or more of the Pod's containers.
<!--
For instructions, refer to
[Distribute credentials securely using Secrets](/docs/tasks/inject-data-application/distribute-credentials-secure/#create-a-pod-that-has-access-to-the-secret-data-through-a-volume).
[Create a Pod that has access to the secret data through a Volume](/docs/tasks/inject-data-application/distribute-credentials-secure/#create-a-pod-that-has-access-to-the-secret-data-through-a-volume).
-->
相关的指示说明,
可以参阅[使用 Secret 安全地分发凭据](/zh-cn/docs/tasks/inject-data-application/distribute-credentials-secure/#create-a-pod-that-has-access-to-the-secret-data-through-a-volume)。
可以参阅[创建一个可以通过卷访问 Secret 数据的 Pod](/zh-cn/docs/tasks/inject-data-application/distribute-credentials-secure/#create-a-pod-that-has-access-to-the-secret-data-through-a-volume)。
<!--
When a volume contains data from a Secret, and that Secret is updated, Kubernetes tracks

4
content/zh-cn/docs/concepts/storage/storage-classes.md
View File

@ -95,13 +95,13 @@ used.
<!--
If you set the
[`storageclass.kubernetes.io/is-default-class`](/docs/reference/labels-annotations-taints/#ingressclass-kubernetes-io-is-default-class)
[`storageclass.kubernetes.io/is-default-class`](/docs/reference/labels-annotations-taints/#storageclass-kubernetes-io-is-default-class)
annotation to true on more than one StorageClass in your cluster, and you then
create a PersistentVolumeClaim with no `storageClassName` set, Kubernetes
uses the most recently created default StorageClass.
-->
如果你在集群中的多个 StorageClass 上将
[`storageclass.kubernetes.io/is-default-class`](/zh-cn/docs/reference/labels-annotations-taints/#ingressclass-kubernetes-io-is-default-class)
[`storageclass.kubernetes.io/is-default-class`](/zh-cn/docs/reference/labels-annotations-taints/#storageclass-kubernetes-io-is-default-class)
注解设置为 true然后创建一个未设置 `storageClassName` 的 PersistentVolumeClaim (PVC)
Kubernetes 将使用最近创建的默认 StorageClass。

4
content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/container-checkpoint.md
View File

@ -9,6 +9,10 @@ stages:
- stage: alpha
defaultValue: false
fromVersion: "1.25"
toVersion: "1.29"
- stage: beta
defaultValue: true
fromVersion: "1.30"
---
<!--
Enables the kubelet `checkpoint` API.

20
content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/mutating-admission-policy.md Normal file
View File

@ -0,0 +1,20 @@
---
title: MutatingAdmissionPolicy
content_type: feature_gate
_build:
list: never
render: false
stages:
- stage: alpha
defaultValue: false
fromVersion: "1.30"
---
<!--
In Kubernetes {{< skew currentVersion >}}, this feature gate has no effect.
A future release of Kubernetes may use this feature gate to enable
the MutatingAdmissionPolicy in admission chain.
-->
在 Kubernetes {{< skew currentVersion >}} 中,此特性门控没有效果。
Kubernetes 的未来版本可能会使用此特性门控在准入链中启用 MutatingAdmissionPolicy。

3
content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/name-generation-retries.md → content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/retry-generate-name.md
View File

@ -1,13 +1,12 @@
---
title: RetryGenerateName
content_type: feature_gate
_build:
list: never
render: false
stages:
- stage: alpha
- stage: alpha
defaultValue: false
fromVersion: "1.30"
---

17
content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/watch-from-storage-without-resource-version.md Normal file
View File

@ -0,0 +1,17 @@
---
title: WatchFromStorageWithoutResourceVersion
content_type: feature_gate
_build:
list: never
render: false
stages:
- stage: beta
defaultValue: false
fromVersion: "1.30"
---
<!--
Enables watches without `resourceVersion` to be served from storage.
-->
允许在没有 `resourceVersion` 的情况下基于存储提供监视服务。

6
content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/zero-limited-nominal-concurrency-shares.md
View File

@ -9,9 +9,13 @@ stages:
- stage: beta
defaultValue: false
fromVersion: "1.29"
toVersion: "1.29"
- stage: stable
defaultValue: true
fromVersion: "1.30"
---
<!--
Allow [Priority & Fairness](/docs/concepts/cluster-administration/flow-control/)
Allow [priority & fairness](/docs/concepts/cluster-administration/flow-control/)
in the API server to use a zero value for the `nominalConcurrencyShares` field of
the `limited` section of a priority level.
-->

804
content/zh-cn/docs/reference/kubectl/generated/kubectl_delete/_index.md Normal file
View File

@ -0,0 +1,804 @@
---
title: kubectl delete
content_type: tool-reference
weight: 30
no_list: true
---
<!--
title: kubectl delete
content_type: tool-reference
weight: 30
auto_generated: true
no_list: true
-->
## {{% heading "synopsis" %}}
<!--
Delete resources by file names, stdin, resources and names, or by resources and label selector.
JSON and YAML formats are accepted. Only one type of argument may be specified: file names, resources and names, or resources and label selector.
-->
基于文件名、标准输入、资源和名称,或基于资源和标签选择算符来删除资源。
接受 JSON 和 YAML 格式。只能指定一种类型的参数:文件名、资源加名称,或资源加标签选择算符。
<!--
Some resources, such as pods, support graceful deletion. These resources define a default period before they are forcibly terminated (the grace period) but you may override that value with the --grace-period flag, or pass --now to set a grace-period of 1. Because these resources often represent entities in the cluster, deletion may not be acknowledged immediately. If the node hosting a pod is down or cannot reach the API server, termination may take significantly longer than the grace period. To force delete a resource, you must specify the --force flag. Note: only a subset of resources support graceful deletion. In absence of the support, the --grace-period flag is ignored.
-->
某些资源(如 Pod支持体面删除。这些资源定义了在强制终止之前的默认时长宽限期
但你可以使用 --grace-period 标志覆盖该值,或传递 --now 将宽限期设置为 1。
由于这些资源通常代表集群中的实体,所以删除可能不会立即得到确认。
如果托管 Pod 的节点宕机或无法访问 API 服务器,则终止所用的时间可能比宽限期长得多。
要强制删除某资源,你必须指定 --force 标志。
注意:只有一部分资源支持体面删除。如果不支持体面删除,--grace-period 标志将被忽略。
<!--
IMPORTANT: Force deleting pods does not wait for confirmation that the pod's processes have been terminated, which can leave those processes running until the node detects the deletion and completes graceful deletion. If your processes use shared storage or talk to a remote API and depend on the name of the pod to identify themselves, force deleting those pods may result in multiple processes running on different machines using the same identification which may lead to data corruption or inconsistency. Only force delete pods when you are sure the pod is terminated, or if your application can tolerate multiple copies of the same pod running at once. Also, if you force delete pods, the scheduler may place new pods on those nodes before the node has released those resources and causing those pods to be evicted immediately.
-->
重要提示:强制删除 Pod 不会等待确认 Pod 的进程已被终止,
这可能会导致直到节点检测到删除请求并完成体面删除之前Pod 中的进程一直继续运行。
如果你的进程使用共享存储或与远程 API 通信并依赖 Pod 的名称来标识自己,强制删除这些 Pod
可能会导致在不同机器上运行的多个进程使用相同的标识,从而可能导致数据损坏或不一致。
只有在你确定 Pod 已被终止或你的应用可以容忍同时运行相同 Pod 的多个副本时,才可以强制删除 Pod。
此外,如果你强制删除 Pod调度器可能会在节点释放这些资源之前在这些节点上调度新的 Pod从而使得 Pod 被立即驱逐。
<!--
Note that the delete command does NOT do resource version checks, so if someone submits an update to a resource right when you submit a delete, their update will be lost along with the rest of the resource.
After a CustomResourceDefinition is deleted, invalidation of discovery cache may take up to 6 hours. If you don't want to wait, you might want to run "kubectl api-resources" to refresh the discovery cache.
-->
请注意,删除命令不会检查资源版本,因此如果有人在你提交删除指令时提交了资源更新指令,
他们的更新请求将与剩余的资源一起丢失。
在 CustomResourceDefinition 被删除之后,对发现缓存的的刷新可能需要长达 6 小时的时长。
如果你不想等待,可以运行 "kubectl api-resources" 来刷新发现缓存。
```shell
kubectl delete ([-f FILENAME] | [-k DIRECTORY] | TYPE [(NAME | -l label | --all)])
```
## {{% heading "examples" %}}
<!--
```
# Delete a pod using the type and name specified in pod.json
# Delete resources from a directory containing kustomization.yaml - e.g. dir/kustomization.yaml
# Delete resources from all files that end with '.json'
# Delete a pod based on the type and name in the JSON passed into stdin
# Delete pods and services with same names "baz" and "foo"
# Delete pods and services with label name=myLabel
# Delete a pod with minimal delay
# Force delete a pod on a dead node
# Delete all pods
```
-->
```shell
# 使用 pod.json 中指定的类型和名称删除一个 Pod
kubectl delete -f ./pod.json
# 基于包含 kustomization.yaml 的目录(例如 dir/kustomization.yaml中的内容删除资源
kubectl delete -k dir
# 删除所有以 '.json' 结尾的文件中的资源
kubectl delete -f '*.json'
# 基于传递到标准输入的 JSON 中的类型和名称删除一个 Pod
cat pod.json | kubectl delete -f -
# 删除名称为 "baz" 和 "foo" 的 Pod 和 Service
kubectl delete pod,service baz foo
# 删除打了标签 name=myLabel 的 Pod 和 Service
kubectl delete pods,services -l name=myLabel
# 以最小延迟删除一个 Pod
kubectl delete pod foo --now
# 强制删除一个死节点上的 Pod
kubectl delete pod foo --force
# 删除所有 Pod
kubectl delete pods --all
```
## {{% heading "options" %}}
<table style="width: 100%; table-layout: fixed;">
<colgroup>
<col span="1" style="width: 10px;" />
<col span="1" />
</colgroup>
<tbody>
<tr>
<td colspan="2">--all</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Delete all resources, in the namespace of the specified resource types.
-->
删除指定资源类型的命名空间中的所有资源。
</p></td>
</tr>
<tr>
<td colspan="2">-A, --all-namespaces</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
If present, list the requested object(s) across all namespaces. Namespace in current context is ignored even if specified with --namespace.
-->
如果存在,则列举所有命名空间中请求的对象。
即使使用 --namespace 指定,当前上下文中的命名空间也会被忽略。
</p></td>
</tr>
<tr>
<td colspan="2">--cascade string[="background"]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<!--Default:-->默认值:"background"</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Must be &quot;background&quot;, &quot;orphan&quot;, or &quot;foreground&quot;. Selects the deletion cascading strategy for the dependents (e.g. Pods created by a ReplicationController). Defaults to background.
-->
必须是 "background"、"orphan" 或 "foreground"。
选择依赖项(例如,由 ReplicationController 创建的 Pod的删除级联策略
默认为 background。
</p></td>
</tr>
<tr>
<td colspan="2">--dry-run string[="unchanged"]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<!--Default:-->默认值:"none"</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Must be &quot;none&quot;, &quot;server&quot;, or &quot;client&quot;. If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
-->
必须是 "none"、"server" 或 "client"。如果是 client 策略,仅打印将要发送的对象,而不实际发送。
如果是 server 策略,提交服务器端请求而不持久化资源。
</p></td>
</tr>
<tr>
<td colspan="2">--field-selector string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Selector (field query) to filter on, supports '=', '==', and '!='.(e.g. --field-selector key1=value1,key2=value2). The server only supports a limited number of field queries per type.
-->
过滤所用的选择算符(字段查询),支持 '='、'==' 和 '!='。
(例如 --field-selector key1=value1,key2=value2。服务器针对每种类型仅支持有限数量的字段查询。
</p></td>
</tr>
<tr>
<td colspan="2">-f, --filename strings</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
containing the resource to delete.
-->
包含要删除的资源的文件名。
</p></td>
</tr>
<tr>
<td colspan="2">--force</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
If true, immediately remove resources from API and bypass graceful deletion. Note that immediate deletion of some resources may result in inconsistency or data loss and requires confirmation.
-->
如果为真,则立即从 API 中移除资源并略过体面删除处理。
请注意,立即删除某些资源可能会导致不一致或数据丢失,并且需要确认操作。
</p></td>
</tr>
<tr>
<td colspan="2">--grace-period int&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<!--Default:-->默认值:-1</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Period of time in seconds given to the resource to terminate gracefully. Ignored if negative. Set to 1 for immediate shutdown. Can only be set to 0 when --force is true (force deletion).
-->
指定给资源的体面终止时间(以秒为单位)。
如果为负数则忽略,为 1 表示立即关闭。
仅当 --force 为真(强制删除)时才可以设置为 0。
</p></td>
</tr>
<tr>
<td colspan="2">-h, --help</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
help for delete
-->
delete 操作的帮助命令。
</p></td>
</tr>
<tr>
<td colspan="2">--ignore-not-found</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Treat &quot;resource not found&quot; as a successful delete. Defaults to &quot;true&quot; when --all is specified.
-->
将 “resource not found” 视为成功删除。当指定 --all 参数时,默认值为 “true”。
</p></td>
</tr>
<tr>
<td colspan="2">-i, --interactive</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
If true, delete resource only when user confirms.
-->
如果为 true仅在用户确认时删除资源。
</p></td>
</tr>
<tr>
<td colspan="2">-k, --kustomize string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Process a kustomization directory. This flag can't be used together with -f or -R.
-->
处理 kustomization 目录,此标志不能与 -f 或 -R 一起使用。
</p></td>
</tr>
<tr>
<td colspan="2">--now</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
If true, resources are signaled for immediate shutdown (same as --grace-period=1).
-->
如果为 true资源将被标记为立即关闭等同于 --grace-period=1
</p></td>
</tr>
<tr>
<td colspan="2">-o, --output string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Output mode. Use &quot;-o name&quot; for shorter output (resource/name).
-->
输出模式。使用 “-o name” 以获得更简短的输出resource/name
</p></td>
</tr>
<tr>
<td colspan="2">--raw string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Raw URI to DELETE to the server. Uses the transport specified by the kubeconfig file.
-->
向服务器发送 DELETE 请求所用的原始 URI。使用 kubeconfig 文件中指定的传输方式。
</p></td>
</tr>
<tr>
<td colspan="2">-R, --recursive</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-->
递归处理在 -f、--filename 中给出的目录。当你想要管理位于同一目录中的相关清单时很有用。
</p></td>
</tr>
<tr>
<td colspan="2">-l, --selector string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2). Matching objects must satisfy all of the specified label constraints.
-->
过滤所用的选择算符(标签查询),支持 '='、'==' 和 '='。
(例如 -l key1=value1,key2=value2。匹配的对象必须满足所有指定的标签约束。
</p></td>
</tr>
<tr>
<td colspan="2">--timeout duration</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
The length of time to wait before giving up on a delete, zero means determine a timeout from the size of the object
-->
放弃删除之前等待的时间长度,为 0 表示根据对象的大小确定超时。
</p></td>
</tr>
<tr>
<td colspan="2">--wait&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<!--Default:-->默认值true</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
If true, wait for resources to be gone before returning. This waits for finalizers.
-->
如果为 true则等待资源消失后再返回。此参数会等待终结器被清空。
</p></td>
</tr>
</tbody>
</table>
## {{% heading "parentoptions" %}}
<table style="width: 100%; table-layout: fixed;">
<colgroup>
<col span="1" style="width: 10px;" />
<col span="1" />
</colgroup>
<tbody>
<tr>
<td colspan="2">--as string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
-->
操作所用的伪装用户名。用户可以是常规用户或命名空间中的服务账号。
</p></td>
</tr>
<tr>
<td colspan="2">--as-group strings</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
-->
操作所用的伪装用户组,此标志可以被重复设置以指定多个组。
</p></td>
</tr>
<tr>
<td colspan="2">--as-uid string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
UID to impersonate for the operation.
-->
操作所用的伪装 UID。
</p></td>
</tr>
<tr>
<td colspan="2">--cache-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<!--Default:-->默认值:"$HOME/.kube/cache"</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Default cache directory
-->
默认缓存目录。
</p></td>
</tr>
<tr>
<td colspan="2">--certificate-authority string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Path to a cert file for the certificate authority
-->
证书机构的证书文件的路径。
</p></td>
</tr>
<tr>
<td colspan="2">--client-certificate string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Path to a client certificate file for TLS
-->
TLS 客户端证书文件的路径。
</p></td>
</tr>
<tr>
<td colspan="2">--client-key string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Path to a client key file for TLS
-->
TLS 客户端密钥文件的路径。
</p></td>
</tr>
<tr>
<td colspan="2">--cloud-provider-gce-l7lb-src-cidrs cidrs&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<!--Default:-->默认值130.211.0.0/22,35.191.0.0/16</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
CIDRs opened in GCE firewall for L7 LB traffic proxy &amp; health checks
-->
GCE 防火墙中为 L7 负载均衡流量代理和健康检查开放的 CIDR。
</p></td>
</tr>
<tr>
<td colspan="2">--cloud-provider-gce-lb-src-cidrs cidrs&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<!--Default:-->默认值130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
CIDRs opened in GCE firewall for L4 LB traffic proxy &amp; health checks
-->
GCE 防火墙中为 L4 负载均衡流量代理和健康检查开放的 CIDR。
</p></td>
</tr>
<tr>
<td colspan="2">--cluster string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
The name of the kubeconfig cluster to use
-->
要使用的 kubeconfig 集群的名称。
</p></td>
</tr>
<tr>
<td colspan="2">--context string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
The name of the kubeconfig context to use
-->
要使用的 kubeconfig 上下文的名称。
</p></td>
</tr>
<tr>
<td colspan="2">--default-not-ready-toleration-seconds int&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<!--Default:-->默认值300</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
-->
设置针对 notReady:NoExecute 的容忍度的 tolerationSeconds默认添加到所有尚未设置此容忍度的 Pod。
</p></td>
</tr>
<tr>
<td colspan="2">--default-unreachable-toleration-seconds int&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<!--Default:-->默认值300</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
-->
设置针对 unreachable:NoExecute 的容忍度的 tolerationSeconds默认添加到所有尚未设置此容忍度的 Pod。
</p></td>
</tr>
<tr>
<td colspan="2">--disable-compression</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
If true, opt-out of response compression for all requests to the server
-->
如果为 true则对服务器所有请求的响应不再压缩。
</p></td>
</tr>
<tr>
<td colspan="2">--insecure-skip-tls-verify</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
-->
如果为 true则不检查服务器证书的有效性。这将使你的 HTTPS 连接不安全。
</p></td>
</tr>
<tr>
<td colspan="2">--kubeconfig string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Path to the kubeconfig file to use for CLI requests.
-->
CLI 请求要使用的 kubeconfig 文件的路径。
</p></td>
</tr>
<tr>
<td colspan="2">--match-server-version</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Require server version to match client version
-->
要求服务器版本与客户端版本匹配。
</p></td>
</tr>
<tr>
<td colspan="2">-n, --namespace string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
If present, the namespace scope for this CLI request
-->
如果存在,则是此 CLI 请求的命名空间范围。
</p></td>
</tr>
<tr>
<td colspan="2">--password string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Password for basic authentication to the API server
-->
向 API 服务器进行基本身份验证所用的密码。
</p></td>
</tr>
<tr>
<td colspan="2">--profile string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<!--Default:-->默认值:"none"</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)
-->
要记录的性能分析信息。可选值为none|cpu|heap|goroutine|threadcreate|block|mutex
</p></td>
</tr>
<tr>
<td colspan="2">--profile-output string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<!--Default:-->默认值:"profile.pprof"</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Name of the file to write the profile to
-->
性能分析信息要写入的目标文件的名称。
</p></td>
</tr>
<tr>
<td colspan="2">--request-timeout string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<!--Default:-->默认值:"0"</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-->
在放弃某个服务器请求之前等待的时长。非零值应包含相应的时间单位(例如 1s、2m、3h
值为零表示请求不会超时。
</p></td>
</tr>
<tr>
<td colspan="2">-s, --server string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
The address and port of the Kubernetes API server
-->
Kubernetes API 服务器的地址和端口。
</p></td>
</tr>
<tr>
<td colspan="2">--storage-driver-buffer-duration duration&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<!--Default:-->默认值1m0s</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
-->
对存储驱动的写入操作将被缓存的时长;缓存的操作会作为一个事务提交给非内存后端。
</p></td>
</tr>
<tr>
<td colspan="2">--storage-driver-db string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<!--Default:-->默认值:"cadvisor"</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
database name
-->
数据库名称。
</p></td>
</tr>
<tr>
<td colspan="2">--storage-driver-host string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<!--Default:-->默认值:"localhost:8086"</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
database host:port
-->
数据库 host:port
</p></td>
</tr>
<tr>
<td colspan="2">--storage-driver-password string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<!--Default:-->默认值:"root"</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
database password
-->
数据库密码。
</p></td>
</tr>
<tr>
<td colspan="2">--storage-driver-secure</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
use secure connection with database
-->
使用与数据库的安全连接。
</p></td>
</tr>
<tr>
<td colspan="2">--storage-driver-table string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<!--Default:-->默认值:"stats"</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
table name
-->
表名。
</p></td>
</tr>
<tr>
<td colspan="2">--storage-driver-user string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<!--Default:-->默认值:"root"</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
database username
-->
数据库用户名。
</p></td>
</tr>
<tr>
<td colspan="2">--tls-server-name string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
-->
服务器证书验证所用的服务器名称。如果未提供,则使用与服务器通信所用的主机名。
</p></td>
</tr>
<tr>
<td colspan="2">--token string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Bearer token for authentication to the API server
-->
向 API 服务器进行身份验证的持有者令牌。
</p></td>
</tr>
<tr>
<td colspan="2">--user string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
The name of the kubeconfig user to use
-->
要使用的 kubeconfig 用户的名称。
</p></td>
</tr>
<tr>
<td colspan="2">--username string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Username for basic authentication to the API server
-->
对 API 服务器进行基本身份验证时所用的用户名。
</p></td>
</tr>
<tr>
<td colspan="2">--version version[=true]</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
-->
--version, --version=raw 打印版本信息并退出;--version=vX.Y.Z... 设置报告的版本。
</p></td>
</tr>
<tr>
<td colspan="2">--warnings-as-errors</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Treat warnings received from the server as errors and exit with a non-zero exit code
-->
将从服务器收到的警告视为错误,并以非零退出码退出。
</p></td>
</tr>
</tbody>
</table>
## {{% heading "seealso" %}}
<!--
* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager
-->
* [kubectl](../kubectl/) - kubectl 控制 Kubernetes 集群管理器

843
content/zh-cn/docs/reference/kubectl/generated/kubectl_expose/_index.md Normal file
View File

@ -0,0 +1,843 @@
---
title: kubectl expose
content_type: tool-reference
weight: 30
no_list: true
---
<!--
title: kubectl expose
content_type: tool-reference
weight: 30
auto_generated: true
no_list: true
-->
## {{% heading "synopsis" %}}
<!--
Expose a resource as a new Kubernetes service.
Looks up a deployment, service, replica set, replication controller or pod by name and uses the selector for that resource as the selector for a new service on the specified port. A deployment or replica set will be exposed as a service only if its selector is convertible to a selector that service supports, i.e. when the selector contains only the matchLabels component. Note that if no port is specified via --port and the exposed resource has multiple ports, all will be re-used by the new service. Also if no labels are specified, the new service will re-use the labels from the resource it exposes.
-->
将资源公开为新的 Kubernetes 服务。
基于名称查找 Deployment、Service、ReplicaSet、ReplicationController 或 Pod
并将该资源的选择算符用作指定端口上新服务的选择算符。
只有当 Deployment 或 ReplicaSet 的选择算符可转换为服务支持的选择算符
(即选择算符仅包含 matchLabels 部分)时,才会将其公开为服务。
请注意,如果未通过 --port 指定端口且所公开的资源有多个端口,
则新服务将重用所有这些端口。此外,如果未指定标签,新服务将重用它所公开的资源的标签。
<!--
Possible resources include (case insensitive):
pod (po), service (svc), replicationcontroller (rc), deployment (deploy), replicaset (rs)
-->
可能的资源包括(不区分大小写):
```
pod (po)service (svc)replicationcontroller (rc)deployment (deploy)replicaset (rs)
```
kubectl expose 命令的格式为:
```shell
kubectl expose (-f FILENAME | TYPE NAME) [--port=port] [--protocol=TCP|UDP|SCTP] [--target-port=number-or-name] [--name=name] [--external-ip=external-ip-of-service] [--type=type]
```
## {{% heading "examples" %}}
<!--
```
# Create a service for a replicated nginx, which serves on port 80 and connects to the containers on port 8000
# Create a service for a replication controller identified by type and name specified in "nginx-controller.yaml", which serves on port 80 and connects to the containers on port 8000
# Create a service for a pod valid-pod, which serves on port 444 with the name "frontend"
# Create a second service based on the above service, exposing the container port 8443 as port 443 with the name "nginx-https"
# Create a service for a replicated streaming application on port 4100 balancing UDP traffic and named 'video-stream'.
# Create a service for a replicated nginx using replica set, which serves on port 80 and connects to the containers on port 8000
# Create a service for an nginx deployment, which serves on port 80 and connects to the containers on port 8000
```
-->
```shell
# 为多副本的 nginx 创建一个服务,服务端口为 80通过端口 8000 连接到容器
kubectl expose rc nginx --port=80 --target-port=8000
# 为在 "nginx-controller.yaml" 中以 type 和 name 指定的 ReplicationController 创建一个服务
# 服务端口为 80通过端口 8000 连接到容器
kubectl expose -f nginx-controller.yaml --port=80 --target-port=8000
# 为名为 valid-pod 的 Pod 创建一个服务,服务端口为 444名称为 "frontend"
kubectl expose pod valid-pod --port=444 --name=frontend
# 基于上述服务创建第二个服务,将容器端口 8443 公开为端口 443名称为 "nginx-https"
kubectl expose service nginx --port=443 --target-port=8443 --name=nginx-https
# 为在端口 4100 上平衡 UDP 流量的多副本流应用创建一个服务,名称为 “video-stream”
kubectl expose rc streamer --port=4100 --protocol=UDP --name=video-stream
# 为使用 ReplicaSet 的多副本 nginx 创建一个服务,服务端口为 80通过端口 8000 连接到容器
kubectl expose rs nginx --port=80 --target-port=8000
# 为 nginx Deployment 创建一个服务,服务端口为 80通过端口 8000 连接到容器
kubectl expose deployment nginx --port=80 --target-port=8000
```
## {{% heading "options" %}}
<table style="width: 100%; table-layout: fixed;">
<colgroup>
<col span="1" style="width: 10px;" />
<col span="1" />
</colgroup>
<tbody>
<tr>
<td colspan="2">--allow-missing-template-keys&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<!--Default:-->默认值true</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
If true, ignore any errors in templates when a field or map key is missing in the template. Only applies to golang and jsonpath output formats.
-->
如果为 true在模板中字段或映射键缺失时忽略模板中的错误。
仅适用于 golang 和 jsonpath 输出格式。
</p></td>
</tr>
<tr>
<td colspan="2">--cluster-ip string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
ClusterIP to be assigned to the service. Leave empty to auto-allocate, or set to 'None' to create a headless service.
-->
要指派给服务的 ClusterIP。留空表示自动分配或设置为 “None” 以创建无头服务。
</p></td>
</tr>
<tr>
<td colspan="2">--dry-run string[="unchanged"]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<!--Default:-->默认值:"none"</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Must be &quot;none&quot;, &quot;server&quot;, or &quot;client&quot;. If client strategy, only print the object that would be sent, without sending it. If server strategy, submit server-side request without persisting the resource.
-->
必须是 "none"、"server" 或 "client"。如果是 client 策略,仅打印将要发送的对象,而不实际发送。
如果是 server 策略,提交服务器端请求而不持久化资源。
</p></td>
</tr>
<tr>
<td colspan="2">--external-ip string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Additional external IP address (not managed by Kubernetes) to accept for the service. If this IP is routed to a node, the service can be accessed by this IP in addition to its generated service IP.
-->
服务要接受的附加外部 IP 地址(不由 Kubernetes 管理)。
如果此 IP 被路由到某个节点,则除了生成的服务 IP 之外,还可以通过此 IP 访问服务。
</p></td>
</tr>
<tr>
<td colspan="2">--field-manager string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<!--Default:-->默认值:"kubectl-expose"</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Name of the manager used to track field ownership.
-->
用于跟踪字段属主关系的管理器的名称。
</p></td>
</tr>
<tr>
<td colspan="2">-f, --filename strings</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Filename, directory, or URL to files identifying the resource to expose a service
-->
文件名、目录或文件 URL 列表,用于标识要公开服务的资源。
</p></td>
</tr>
<tr>
<td colspan="2">-h, --help</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
help for expose
-->
expose 操作的帮助命令。
</p></td>
</tr>
<tr>
<td colspan="2">-k, --kustomize string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Process the kustomization directory. This flag can't be used together with -f or -R.
-->
处理 kustomization 目录。此标志不能与 -f 或 -R 一起使用。
</p></td>
</tr>
<tr>
<td colspan="2">-l, --labels string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Labels to apply to the service created by this call.
-->
要应用到此子命令所创建的服务上的标签。
</p></td>
</tr>
<tr>
<td colspan="2">--load-balancer-ip string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
IP to assign to the LoadBalancer. If empty, an ephemeral IP will be created and used (cloud-provider specific).
-->
要指派给负载均衡器的 IP。如果为空将创建并使用一个临时 IP具体取决于云提供商
</p></td>
</tr>
<tr>
<td colspan="2">--name string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
The name for the newly created object.
-->
新建对象的名称。
</p></td>
</tr>
<tr>
<td colspan="2">-o, --output string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Output format. One of: (json, yaml, name, go-template, go-template-file, template, templatefile, jsonpath, jsonpath-as-json, jsonpath-file).
-->
输出格式。可选值为:
json、yaml、name、go-template、go-template-file、template、templatefile、jsonpath、jsonpath-as-json、jsonpath-file。
</p></td>
</tr>
<tr>
<td colspan="2">--override-type string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<!--Default:-->默认值:"merge"</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
The method used to override the generated object: json, merge, or strategic.
-->
用于覆盖已生成对象的方法json、merge 或 strategic。
</p></td>
</tr>
<tr>
<td colspan="2">--overrides string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
An inline JSON override for the generated object. If this is non-empty, it is used to override the generated object. Requires that the object supply a valid apiVersion field.
-->
用于覆盖已生成对象的内联 JSON。如果此字段非空它将用于覆盖已生成的对象。
要求对象提供一个有效的 apiVersion 字段。
</p></td>
</tr>
<tr>
<td colspan="2">--port string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
The port that the service should serve on. Copied from the resource being exposed, if unspecified
-->
应该用于提供服务的端口。如果不指定,则从正被公开的资源复制。
</p></td>
</tr>
<tr>
<td colspan="2">--protocol string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
The network protocol for the service to be created. Default is 'TCP'.
-->
要创建的服务的网络协议。默认是 “TCP”。
</p></td>
</tr>
<tr>
<td colspan="2">-R, --recursive</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Process the directory used in -f, --filename recursively. Useful when you want to manage related manifests organized within the same directory.
-->
以递归方式处理在 -f、--filename 中给出的目录。当你想要管理位于同一目录中的相关清单时很有用。
</p></td>
</tr>
<tr>
<td colspan="2">--save-config</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
If true, the configuration of current object will be saved in its annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
-->
如果为 true则当前对象的配置将被保存在其注解中。否则注解将保持不变。
当你希望后续对此对象执行 `kubectl apply` 操作时,此标志很有用。
</p></td>
</tr>
<tr>
<td colspan="2">--selector string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
A label selector to use for this service. Only equality-based selector requirements are supported. If empty (the default) infer the selector from the replication controller or replica set.)
-->
指定服务所用的标签选择算符。仅支持基于等式的选择算符需求。
如果为空(默认值),则从 ReplicationController 或 ReplicaSet 中推断选择算符。
</p></td>
</tr>
<tr>
<td colspan="2">--session-affinity string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
If non-empty, set the session affinity for the service to this; legal values: 'None', 'ClientIP'
-->
如果非空将服务的会话亲和性设置为此值有效值为“None”、“ClientIP”。
</p></td>
</tr>
<tr>
<td colspan="2">--show-managed-fields</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
If true, keep the managedFields when printing objects in JSON or YAML format.
-->
如果为 true在以 JSON 或 YAML 格式打印对象时保留 managedFields。
</p></td>
</tr>
<tr>
<td colspan="2">--target-port string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Name or number for the port on the container that the service should direct traffic to. Optional.
-->
容器上服务应将流量导向的端口名称或端口号。可选。
</p></td>
</tr>
<tr>
<td colspan="2">--template string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Template string or path to template file to use when -o=go-template, -o=go-template-file. The template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
-->
当 -o=go-template、-o=go-template-file 时使用的模板字符串或模板文件路径。
模板格式为 golang 模板 [http://golang.org/pkg/text/template/#pkg-overview]。
</p></td>
</tr>
<tr>
<td colspan="2">--type string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Type for this service: ClusterIP, NodePort, LoadBalancer, or ExternalName. Default is 'ClusterIP'.
-->
此服务的类别ClusterIP、NodePort、LoadBalancer 或 ExternalName。默认是 “ClusterIP”。
</p></td>
</tr>
</tbody>
</table>
## {{% heading "parentoptions" %}}
<table style="width: 100%; table-layout: fixed;">
<colgroup>
<col span="1" style="width: 10px;" />
<col span="1" />
</colgroup>
<tbody>
<tr>
<td colspan="2">--as string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Username to impersonate for the operation. User could be a regular user or a service account in a namespace.
-->
操作所用的伪装用户名。用户可以是常规用户或命名空间中的服务账号。
</p></td>
</tr>
<tr>
<td colspan="2">--as-group strings</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
-->
操作所用的伪装用户组,此标志可以被重复设置以指定多个组。
</p></td>
</tr>
<tr>
<td colspan="2">--as-uid string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
UID to impersonate for the operation.
-->
操作所用的伪装 UID。
</p></td>
</tr>
<tr>
<td colspan="2">--cache-dir string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<!--Default:-->默认值:"$HOME/.kube/cache"</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Default cache directory
-->
默认缓存目录。
</p></td>
</tr>
<tr>
<td colspan="2">--certificate-authority string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Path to a cert file for the certificate authority
-->
证书机构的证书文件的路径。
</p></td>
</tr>
<tr>
<td colspan="2">--client-certificate string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Path to a client certificate file for TLS
-->
TLS 客户端证书文件的路径。
</p></td>
</tr>
<tr>
<td colspan="2">--client-key string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Path to a client key file for TLS
-->
TLS 客户端密钥文件的路径。
</p></td>
</tr>
<tr>
<td colspan="2">--cloud-provider-gce-l7lb-src-cidrs cidrs&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<!--Default:-->默认值130.211.0.0/22,35.191.0.0/16</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
CIDRs opened in GCE firewall for L7 LB traffic proxy &amp; health checks
-->
GCE 防火墙中为 L7 负载均衡流量代理和健康检查开放的 CIDR。
</p></td>
</tr>
<tr>
<td colspan="2">--cloud-provider-gce-lb-src-cidrs cidrs&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<!--Default:-->默认值130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
CIDRs opened in GCE firewall for L4 LB traffic proxy &amp; health checks
-->
GCE 防火墙中为 L4 负载均衡流量代理和健康检查开放的 CIDR。
</p></td>
</tr>
<tr>
<td colspan="2">--cluster string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
The name of the kubeconfig cluster to use
-->
要使用的 kubeconfig 集群的名称。
</p></td>
</tr>
<tr>
<td colspan="2">--context string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
The name of the kubeconfig context to use
-->
要使用的 kubeconfig 上下文的名称。
</p></td>
</tr>
<tr>
<td colspan="2">--default-not-ready-toleration-seconds int&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<!--Default:-->默认值300</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Indicates the tolerationSeconds of the toleration for notReady:NoExecute that is added by default to every pod that does not already have such a toleration.
-->
设置针对 notReady:NoExecute 的容忍度的 tolerationSeconds默认添加到所有尚未设置此容忍度的 Pod。
</p></td>
</tr>
<tr>
<td colspan="2">--default-unreachable-toleration-seconds int&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<!--Default:-->默认值300</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Indicates the tolerationSeconds of the toleration for unreachable:NoExecute that is added by default to every pod that does not already have such a toleration.
-->
设置针对 unreachable:NoExecute 的容忍度的 tolerationSeconds默认添加到所有尚未设置此容忍度的 Pod。
</p></td>
</tr>
<tr>
<td colspan="2">--disable-compression</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
If true, opt-out of response compression for all requests to the server
-->
如果为 true则对服务器所有请求的响应不再压缩。
</p></td>
</tr>
<tr>
<td colspan="2">--insecure-skip-tls-verify</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
-->
如果为 true则不检查服务器证书的有效性。这将使你的 HTTPS 连接不安全。
</p></td>
</tr>
<tr>
<td colspan="2">--kubeconfig string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Path to the kubeconfig file to use for CLI requests.
-->
CLI 请求要使用的 kubeconfig 文件的路径。
</p></td>
</tr>
<tr>
<td colspan="2">--match-server-version</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Require server version to match client version
-->
要求服务器版本与客户端版本匹配。
</p></td>
</tr>
<tr>
<td colspan="2">-n, --namespace string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
If present, the namespace scope for this CLI request
-->
如果存在,则是此 CLI 请求的命名空间范围。
</p></td>
</tr>
<tr>
<td colspan="2">--password string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Password for basic authentication to the API server
-->
向 API 服务器进行基本身份验证所用的密码。
</p></td>
</tr>
<tr>
<td colspan="2">--profile string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<!--Default:-->默认值:"none"</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)
-->
要记录的性能分析信息。可选值为none|cpu|heap|goroutine|threadcreate|block|mutex
</p></td>
</tr>
<tr>
<td colspan="2">--profile-output string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<!--Default:-->默认值:"profile.pprof"</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Name of the file to write the profile to
-->
性能分析信息要写入的目标文件的名称。
</p></td>
</tr>
<tr>
<td colspan="2">--request-timeout string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<!--Default:-->默认值:"0"</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-->
在放弃某个服务器请求之前等待的时长。非零值应包含相应的时间单位(例如 1s、2m、3h
值为零表示请求不会超时。
</p></td>
</tr>
<tr>
<td colspan="2">-s, --server string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
The address and port of the Kubernetes API server
-->
Kubernetes API 服务器的地址和端口。
</p></td>
</tr>
<tr>
<td colspan="2">--storage-driver-buffer-duration duration&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<!--Default:-->默认值1m0s</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Writes in the storage driver will be buffered for this duration, and committed to the non memory backends as a single transaction
-->
对存储驱动的写入操作将被缓存的时长;缓存的操作会作为一个事务提交给非内存后端。
</p></td>
</tr>
<tr>
<td colspan="2">--storage-driver-db string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<!--Default:-->默认值:"cadvisor"</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
database name
-->
数据库名称。
</p></td>
</tr>
<tr>
<td colspan="2">--storage-driver-host string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<!--Default:-->默认值:"localhost:8086"</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
database host:port
-->
数据库 host:port
</p></td>
</tr>
<tr>
<td colspan="2">--storage-driver-password string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<!--Default:-->默认值:"root"</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
database password
-->
数据库密码。
</p></td>
</tr>
<tr>
<td colspan="2">--storage-driver-secure</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
use secure connection with database
-->
使用与数据库的安全连接。
</p></td>
</tr>
<tr>
<td colspan="2">--storage-driver-table string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<!--Default:-->默认值:"stats"</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
table name
-->
表名。
</p></td>
</tr>
<tr>
<td colspan="2">--storage-driver-user string&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<!--Default:-->默认值:"root"</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
database username
-->
数据库用户名。
</p></td>
</tr>
<tr>
<td colspan="2">--tls-server-name string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
-->
服务器证书验证所用的服务器名称。如果未提供,则使用与服务器通信所用的主机名。
</p></td>
</tr>
<tr>
<td colspan="2">--token string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Bearer token for authentication to the API server
-->
向 API 服务器进行身份验证的持有者令牌。
</p></td>
</tr>
<tr>
<td colspan="2">--user string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
The name of the kubeconfig user to use
-->
要使用的 kubeconfig 用户的名称。
</p></td>
</tr>
<tr>
<td colspan="2">--username string</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Username for basic authentication to the API server
-->
向 API 服务器进行基本身份验证时所用的用户名。
</p></td>
</tr>
<tr>
<td colspan="2">--version version[=true]</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
--version, --version=raw prints version information and quits; --version=vX.Y.Z... sets the reported version
-->
--version, --version=raw 打印版本信息并退出;--version=vX.Y.Z... 设置报告的版本。
</p></td>
</tr>
<tr>
<td colspan="2">--warnings-as-errors</td>
</tr>
<tr>
<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
<!--
Treat warnings received from the server as errors and exit with a non-zero exit code
-->
将从服务器收到的警告视为错误,并以非零退出码退出。
</p></td>
</tr>
</tbody>
</table>
## {{% heading "seealso" %}}
<!--
* [kubectl](../kubectl/) - kubectl controls the Kubernetes cluster manager
-->
* [kubectl](../kubectl/) - kubectl 控制 Kubernetes 集群管理器

2
content/zh-cn/docs/reference/node/kubelet-checkpoint-api.md
View File

@ -4,7 +4,7 @@ title: Kubelet Checkpoint API
weight: 10
---
{{< feature-state for_k8s_version="v1.25" state="alpha" >}}
{{< feature-state feature_gate_name="ContainerCheckpoint" >}}
<!--
Checkpointing a container is the functionality to create a stateful copy of a

6
content/zh-cn/docs/reference/setup-tools/kubeadm/kubeadm-init.md
View File

@ -341,12 +341,16 @@ as a learner and promoted to a voting member only after the etcd data are fully
`PublicKeysECDSA`
: Can be used to create a cluster that uses ECDSA certificates instead of the default RSA algorithm.
Renewal of existing ECDSA certificates is also supported using `kubeadm certs renew`, but you cannot
switch between the RSA and ECDSA algorithms on the fly or during upgrades.
switch between the RSA and ECDSA algorithms on the fly or during upgrades. Kubernetes
{{< skew currentVersion >}} has a bug where keys in generated kubeconfig files are set use RSA
despite the feature gate being enabled.
-->
`PublicKeysECDSA`
: 可用于创建集群时使用 ECDSA 证书而不是默认 RSA 算法。
支持用 `kubeadm certs renew` 更新现有 ECDSA 证书,
但你不能在集群运行期间或升级期间切换 RSA 和 ECDSA 算法。
Kubernetes {{< skew currentVersion >}} 有一个错误,尽管开启了特性门控,
所生成的 kubeconfig 文件中的密钥仍使用 RSA 设置。
<!--
`RootlessControlPlane`

2
content/zh-cn/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes.md
View File

@ -660,6 +660,7 @@ liveness and readiness checks:
<!--
* `failureThreshold`: After a probe fails `failureThreshold` times in a row, Kubernetes
considers that the overall check has failed: the container is _not_ ready/healthy/live.
Defaults to 3. Minimum value is 1.
For the case of a startup or liveness probe, if at least `failureThreshold` probes have
failed, Kubernetes treats the container as unhealthy and triggers a restart for that
specific container. The kubelet honors the setting of `terminationGracePeriodSeconds`
@ -671,6 +672,7 @@ liveness and readiness checks:
-->
* `failureThreshold`:探针连续失败了 `failureThreshold` 次之后,
Kubernetes 认为总体上检查已失败:容器状态未就绪、不健康、不活跃。
默认值为 3最小值为 1。
对于启动探针或存活探针而言,如果至少有 `failureThreshold` 个探针已失败,
Kubernetes 会将容器视为不健康并为这个特定的容器触发重启操作。
kubelet 遵循该容器的 `terminationGracePeriodSeconds` 设置。

6
content/zh-cn/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions.md
View File

@ -2048,12 +2048,10 @@ Unlike other rules, transition rules apply only to operations meeting the follow
<!--
Errors will be generated on CRD writes if a schema node contains a transition rule that can never be
applied, e.g. "*path*: update rule *rule* cannot be set on schema because the schema or its parent
schema is not mergeable".
applied, e.g. "oldSelf cannot be used on the uncorrelatable portion of the schema within *path*".
-->
如果一个模式节点包含一个永远不能应用的转换规则,在 CRD 写入时将会产生错误,例如:
"*path*: update rule *rule* cannot be set on schema because the schema or its parent
schema is not mergeable"。
"oldSelf cannot be used on the uncorrelatable portion of the schema within *path*"。
<!--
Transition rules are only allowed on _correlatable portions_ of a schema.

1191
content/zh-cn/docs/tutorials/configuration/updating-configuration-via-a-configmap.md Normal file
View File

File diff suppressed because it is too large Load Diff

7
content/zh-cn/examples/configmap/immutable-configmap.yaml Normal file
View File

@ -0,0 +1,7 @@
apiVersion: v1
data:
company_name: "ACME, Inc." # 虚构的公司名称
kind: ConfigMap
immutable: true
metadata:
name: company-name-20150801

7
content/zh-cn/examples/configmap/new-immutable-configmap.yaml Normal file
View File

@ -0,0 +1,7 @@
apiVersion: v1
data:
company_name: "Fiktivesunternehmen GmbH" # 虚构的公司名称
kind: ConfigMap
immutable: true
metadata:
name: company-name-20240312

42
content/zh-cn/examples/deployments/deployment-with-configmap-and-sidecar-container.yaml Normal file
View File

@ -0,0 +1,42 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: configmap-sidecar-container
labels:
app.kubernetes.io/name: configmap-sidecar-container
spec:
replicas: 3
selector:
matchLabels:
app.kubernetes.io/name: configmap-sidecar-container
template:
metadata:
labels:
app.kubernetes.io/name: configmap-sidecar-container
spec:
volumes:
- name: shared-data
emptyDir: {}
- name: config-volume
configMap:
name: color
containers:
- name: nginx
image: nginx
volumeMounts:
- name: shared-data
mountPath: /usr/share/nginx/html
initContainers:
- name: alpine
image: alpine:3
restartPolicy: Always
volumeMounts:
- name: shared-data
mountPath: /pod-data
- name: config-volume
mountPath: /etc/config
command:
- /bin/sh
- -c
- while true; do echo "$(date) My preferred color is $(cat /etc/config/color)" > /pod-data/index.html;
sleep 10; done;

32
content/zh-cn/examples/deployments/deployment-with-configmap-as-envvar.yaml Normal file
View File

@ -0,0 +1,32 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: configmap-env-var
labels:
app.kubernetes.io/name: configmap-env-var
spec:
replicas: 3
selector:
matchLabels:
app.kubernetes.io/name: configmap-env-var
template:
metadata:
labels:
app.kubernetes.io/name: configmap-env-var
spec:
containers:
- name: alpine
image: alpine:3
env:
- name: FRUITS
valueFrom:
configMapKeyRef:
key: fruits
name: fruits
command:
- /bin/sh
- -c
- while true; do echo "$(date) The basket is full of $FRUITS";
sleep 10; done;
ports:
- containerPort: 80

33
content/zh-cn/examples/deployments/deployment-with-configmap-as-volume.yaml Normal file
View File

@ -0,0 +1,33 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: configmap-volume
labels:
app.kubernetes.io/name: configmap-volume
spec:
replicas: 3
selector:
matchLabels:
app.kubernetes.io/name: configmap-volume
template:
metadata:
labels:
app.kubernetes.io/name: configmap-volume
spec:
containers:
- name: alpine
image: alpine:3
command:
- /bin/sh
- -c
- while true; do echo "$(date) My preferred sport is $(cat /etc/config/sport)";
sleep 10; done;
ports:
- containerPort: 80
volumeMounts:
- name: config-volume
mountPath: /etc/config
volumes:
- name: config-volume
configMap:
name: sport

40
content/zh-cn/examples/deployments/deployment-with-configmap-two-containers.yaml Normal file
View File

@ -0,0 +1,40 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: configmap-two-containers
labels:
app.kubernetes.io/name: configmap-two-containers
spec:
replicas: 3
selector:
matchLabels:
app.kubernetes.io/name: configmap-two-containers
template:
metadata:
labels:
app.kubernetes.io/name: configmap-two-containers
spec:
volumes:
- name: shared-data
emptyDir: {}
- name: config-volume
configMap:
name: color
containers:
- name: nginx
image: nginx
volumeMounts:
- name: shared-data
mountPath: /usr/share/nginx/html
- name: alpine
image: alpine:3
volumeMounts:
- name: shared-data
mountPath: /pod-data
- name: config-volume
mountPath: /etc/config
command:
- /bin/sh
- -c
- while true; do echo "$(date) My preferred color is $(cat /etc/config/color)" > /pod-data/index.html;
sleep 10; done;

33
content/zh-cn/examples/deployments/deployment-with-immutable-configmap-as-volume.yaml Normal file
View File

@ -0,0 +1,33 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: immutable-configmap-volume
labels:
app.kubernetes.io/name: immutable-configmap-volume
spec:
replicas: 3
selector:
matchLabels:
app.kubernetes.io/name: immutable-configmap-volume
template:
metadata:
labels:
app.kubernetes.io/name: immutable-configmap-volume
spec:
containers:
- name: alpine
image: alpine:3
command:
- /bin/sh
- -c
- while true; do echo "$(date) The name of the company is $(cat /etc/config/company_name)";
sleep 10; done;
ports:
- containerPort: 80
volumeMounts:
- name: config-volume
mountPath: /etc/config
volumes:
- name: config-volume
configMap:
name: company-name-20150801

2
data/i18n/en/en.toml
View File

@ -587,6 +587,8 @@ other = """<p>Items on this page refer to third party products or projects that
[thirdparty_message_vendor]
other = """Items on this page refer to vendors external to Kubernetes. The Kubernetes project authors aren't responsible for those third-party products or projects. To add a vendor, product or project to this list, read the <a href="/docs/contribute/style/content-guide/#third-party-content">content guide</a> before submitting a change. <a href="#third-party-content-disclaimer">More information.</a>"""
[translated_by]
other = "Translated By"
[ui_search_placeholder]
other = "Search this site"

269
data/i18n/zh-cn/zh-cn.toml
View File

@ -10,12 +10,24 @@ other = "(自动生成的页面)"
[auto_generated_pageinfo]
other = """<p>该页面是自动生成的。</p><p>如果你打算报告此页面的问题,请在问题描述中提及该页面是自动生成的。修复可能需要在 Kubernetes 项目的其他地方进行。</p>"""
[blog_post_show_more]
other = "显示更多文章..."
[banner_acknowledgement]
other = "隐藏此通知"
[case_study_prefix]
other = "案例分析:"
[caution]
other = "注意:"
[cleanup_heading]
other = "清理现场"
[china_icp_license]
other = "ICP 许可:"
[community_events_calendar]
other = "事件日历"
@ -25,6 +37,9 @@ other = "论坛"
[community_github_name]
other = "GitHub"
[community_server_fault_name]
other = "服务器故障"
[community_slack_name]
other = "Slack"
@ -32,7 +47,10 @@ other = "Slack"
other = "Stack Overflow"
[community_twitter_name]
other = "Twitter"
other = "X前身为 Twitter"
[community_x_name]
other = "X前身为 Twitter"
[community_youtube_name]
other = "YouTube"
@ -44,32 +62,26 @@ other = "YouTube"
[conjunction_1]
other = "和"
[copy_sample_to_clipboard]
other = "复制 {{ .filename }} 到剪贴板"
[cve_id]
other = "CVE ID"
[cve_issue_url]
other = "CVE GitHub Issue URL"
[cve_json_external_url]
other = "external_url"
[cve_json_id]
other = "id"
[cve_json_summary]
other = "概要"
[cve_json_url]
other = "url"
[cve_summary]
other = "问题描述"
[cve_table]
other = "Kubernetes CVE 列表"
[cve_url]
other = "CVE URL"
[cve_table_date_format]
other = "02 Jan 2006 15:04:05 MST"
[cve_table_date_format_string]
other = "(最后更新:%s"
[deprecation_title]
other = "你正在查看的文档所针对的是 Kubernetes 版本:"
@ -78,7 +90,13 @@ other = "你正在查看的文档所针对的是 Kubernetes 版本:"
other = " 版本的文档已不再维护。你现在看到的版本来自于一份静态的快照。如需查阅最新文档,请点击"
[deprecation_file_warning]
other = "已过时"
other = "已弃用"
[outdated_content_title]
other = "此文档中的信息可能已过时"
[outdated_content_message]
other = "此文档的更新日期比原文晚,因此其中的信息可能已过时。如果能阅读英文,请查看英文版本以获取最新信息:"
[dockershim_message]
other = """自 1.24 版起Dockershim 已从 Kubernetes 项目中移除。阅读 <a href="/zh-cn/dockershim">Dockershim 移除的常见问题</a>了解更多详情。"""
@ -95,6 +113,9 @@ other = "我是..."
[docs_label_users]
other = "用户"
[docs_page_versions]
other = "此 %s 适用于Kubernetes %s。如果你想使用其他 Kubernetes 版本,请参考以下页面:"
[docs_version_current]
other = "(本文档)"
@ -116,9 +137,48 @@ other = "你是否在搜索:"
[examples_heading]
other = "示例"
[feature_gate_stage_alpha]
other = "Alpha"
[feature_gate_stage_beta]
other = "Beta"
[feature_gate_stage_stable]
other = "GA"
[feature_gate_stage_deprecated]
other = "已弃用"
[feature_gate_table_header_default]
other = "默认值"
[feature_gate_table_header_feature]
other = "特性"
[feature_gate_table_header_from]
other = "从"
[feature_gate_table_header_since]
other = "自从"
[feature_gate_table_header_stage]
other = "阶段"
[feature_gate_table_header_to]
other = "到"
[feature_gate_table_header_until]
other = "直到"
[feature_state]
other = "特性状态:"
[feature_state_kubernetes_label]
other = "Kubernetes"
[feature_state_feature_gate_tooltip]
other = "特性门控:"
[feedback_heading]
other = "反馈"
@ -143,29 +203,37 @@ other = "电子邮件地址"
[javascript_required]
other = "必须[启用](https://www.enable-javascript.com/) JavaScript 才能查看此页内容"
[katacoda_message]
other = """<h4></h4>
<p>Kubernetes </p>
<p> O'Reilly Media 2019 <a
href="https://www.oreilly.com/content/oreilly-acquires-katacoda-and-a-new-way-for-2-5m-customers-to-learn/"></a> Katacoda </p>
<p>Kubernetes O'Reilly Katacoda Kubernetes </p>
<p><b>2023 3 31 </b> "<a href="/zh-cn/blog/2023/02/14/kubernetes-katacoda-tutorials-stop-from-2023-03-31/">免费的 Katacoda Kubernetes 教程即将关闭</a>。"</p>"""
[latest_release]
other = "最新发行版本:"
[latest_version]
other = "最新版本。"
[layouts_blog_pager_prev]
other = "<< 前一篇"
[layouts_blog_pager_next]
other = "后一篇 >>"
[layouts_blog_pager_prev]
other = "<< 前一篇"
[layouts_case_studies_list_tell]
other = "分享你的故事"
[layouts_docs_glossary_aka]
other = "亦称作"
[layouts_docs_glossary_description]
other = "此术语表旨在提供 Kubernetes 术语的完整、标准列表。其中包含特定于 Kubernetes 的技术术语以及能够构造有用的语境的一般性术语。"
[layout_docs_glossary_architecture_description]
other = "Kubernetes 的内部组件。"
[layouts_docs_glossary_deselect_all]
other = "全不选"
[layout_docs_glossary_architecture_name]
other = "架构"
[layouts_docs_glossary_click_details_after]
other = "下面的指示符号获取特定术语的更为完整的描述。"
@ -173,17 +241,89 @@ other = "下面的指示符号获取特定术语的更为完整的描述。"
[layouts_docs_glossary_click_details_before]
other = "点击"
[layout_docs_glossary_community_description]
other = "与 Kubernetes 开源开发相关。"
[layout_docs_glossary_community_name]
other = "社区"
[layout_docs_glossary_core-object_description]
other = "Kubernetes 默认支持的资源类型。"
[layout_docs_glossary_core-object_name]
other = "核心对象"
[layouts_docs_glossary_description]
other = "此术语表旨在提供 Kubernetes 术语的完整、标准列表。其中包含特定于 Kubernetes 的技术术语以及能够构造有用的语境的一般性术语。"
[layouts_docs_glossary_deselect_all]
other = "全不选"
[layout_docs_glossary_extension_description]
other = "支持自定义 Kubernetes。"
[layout_docs_glossary_extension_name]
other = "扩展"
[layouts_docs_glossary_filter]
other = "根据标签过滤术语"
[layout_docs_glossary_fundamental_description]
other = "与首次使用 Kubernetes 的用户相关。"
[layout_docs_glossary_fundamental_name]
other = "基础"
[layout_docs_glossary_networking_description]
other = "Kubernetes 组件(以及集群外的程序)如何相互通信。"
[layout_docs_glossary_networking_name]
other = "网络"
[layout_docs_glossary_operation_description]
other = "启动和维护 Kubernetes。"
[layout_docs_glossary_operation_name]
other = "操作"
[layout_docs_glossary_security_description]
other = "确保 Kubernetes 应用程序安全可靠。"
[layout_docs_glossary_security_name]
other = "安全"
[layouts_docs_glossary_select_all]
other = "全选"
[layout_docs_glossary_storage_description]
other = "Kubernetes 应用程序如何处理持久数据。"
[layout_docs_glossary_storage_name]
other = "存储"
[layout_docs_glossary_tool_description]
other = "使 Kubernetes 更容易或更好用的软件。"
[layout_docs_glossary_tool_name]
other = "工具"
[layout_docs_glossary_user-type_description]
other = "常见的 Kubernetes 用户类型。"
[layout_docs_glossary_user-type_name]
other = "用户类型"
[layout_docs_glossary_workload_description]
other = "在 Kubernetes 上运行的应用程序。"
[layout_docs_glossary_workload_name]
other = "工作负载"
[layouts_docs_partials_feedback_improvement]
other = "提出改进建议"
[layouts_docs_partials_feedback_issue]
other = "在 GitHub 仓库上登记新的问题"
other = """如果需要,请[GitHub 仓库](https://www.github.com/kubernetes/website/) 上登记新的问题"""
[layouts_docs_partials_feedback_or]
other = "或者"
@ -197,6 +337,11 @@ other = "感谢反馈。如果你有一个关于如何使用 Kubernetes 的具
[layouts_docs_search_fetching]
other = "检索结果中.."
[legacy_repos_message]
other = """ 2023 9 13 Kubernetes [ (`apt.kubernetes.io` `yum.kubernetes.io`)](/zh-cn/blog/2023/08/31/legacy-package-repository-deprecation/)
**使[ `pkgs.k8s.io` ](/zh-cn/blog/2023/08/15/pkgs-k8s-io-introduction/) 2023 9 13 Kubernetes **
Kubernetes v1.24.0 """
[main_by]
other = "由:"
@ -414,13 +559,15 @@ other = """本部分链接到提供 Kubernetes 所需功能的第三方项目。
[thirdparty_message_edit_disclaimer]
other="""第三方内容建议"""
[thirdparty_message_single_item]
other = """&#128711; 本条目指向第三方项目或产品,而该项目(产品)不是 Kubernetes 的一部分。<a class="alert-more-info" href="#third-party-content-disclaimer">更多信息</a>"""
[thirdparty_message_disclaimer]
other = """<p>本页面中的条目引用了第三方产品或项目,这些产品(项目)提供了 Kubernetes 所需的功能。Kubernetes 项目的开发人员不对这些第三方产品(项目)负责。请参阅<a href="https://github.com/cncf/foundation/blob/master/website-guidelines.md" target="_blank">CNCF 网站指南</a>了解更多细节。</p><p>在提交更改建议,向本页添加新的第三方链接之前,你应该先阅读<a href="/zh-cn/docs/contribute/style/content-guide/#third-party-content">内容指南。</p>"""
[thirdparty_message_vendor]
other = """本页面中的条目引用了 Kubernetes 外部的供应商。Kubernetes 项目的开发人员不对这些第三方产品(项目)负责。要将供应商、产品或项目添加到此列表中,请在提交更改之前阅读<a href="/zh-cn/docs/contribute/style/content-guide/#third-party-content">内容指南</a>。<a href="#third-party-content-disclaimer">更多信息。</a>"""
[ui_search_placeholder]
other = "搜索"
@ -441,75 +588,3 @@ other = "警告:"
[whatsnext_heading]
other = "接下来"
[layout_docs_glossary_architecture_name]
other = "架构"
[layout_docs_glossary_architecture_description]
other = "Kubernetes 的内部组件。"
[layout_docs_glossary_community_name]
other = "社区"
[layout_docs_glossary_community_description]
other = "与 Kubernetes 开源开发相关。"
[layout_docs_glossary_core-object_name]
other = "核心对象"
[layout_docs_glossary_core-object_description]
other = "Kubernetes 默认支持的资源类型。"
[layout_docs_glossary_extension_name]
other = "扩展"
[layout_docs_glossary_extension_description]
other = "支持自定义 Kubernetes。"
[layout_docs_glossary_fundamental_name]
other = "基础"
[layout_docs_glossary_fundamental_description]
other = "与首次使用 Kubernetes 的用户相关。"
[layout_docs_glossary_networking_name]
other = "网络"
[layout_docs_glossary_networking_description]
other = "Kubernetes 组件(以及集群外的程序)如何相互通信。"
[layout_docs_glossary_operation_name]
other = "操作"
[layout_docs_glossary_operation_description]
other = "启动和维护 Kubernetes。"
[layout_docs_glossary_security_name]
other = "安全"
[layout_docs_glossary_security_description]
other = "确保 Kubernetes 应用程序安全可靠。"
[layout_docs_glossary_storage_name]
other = "存储"
[layout_docs_glossary_storage_description]
other = "Kubernetes 应用程序如何处理持久数据。"
[layout_docs_glossary_tool_name]
other = "工具"
[layout_docs_glossary_tool_description]
other = "使 Kubernetes 更容易或更好用的软件。"
[layout_docs_glossary_user-type_name]
other = "用户类型"
[layout_docs_glossary_user-type_description]
other = "常见的 Kubernetes 用户类型。"
[layout_docs_glossary_workload_name]
other = "工作负载"
[layout_docs_glossary_workload_description]
other = "在 Kubernetes 上运行的应用程序。"

23
layouts/blog/content.html Normal file
View File

@ -0,0 +1,23 @@
<div class="td-content">
<h1>{{ .Title }}</h1>
{{ with .Params.description }}<div class="lead">{{ . | markdownify }}</div>{{ end }}
<div class="td-byline mb-4">
{{ with .Params.author }}{{ T "post_byline_by" }} <b>{{ . | markdownify }}</b> |{{ end}}
{{ with .Params.translator }}{{ T "translated_by" }} <b>{{ . | markdownify }}</b> |{{ end }}
<time datetime="{{ $.Date.Format "2006-01-02" }}" class="text-muted">{{ $.Date.Format $.Site.Params.time_format_blog }}</time>
</div>
<header class="article-meta">
{{ partial "taxonomy_terms_article_wrapper.html" . }}
{{ if (and (not .Params.hide_readingtime) (.Site.Params.ui.readingtime.enable)) }}
{{ partial "reading-time.html" . }}
{{ end }}
</header>
{{ .Content }}
{{ if (.Site.Params.DisqusShortname) }}
<br />
{{ partial "disqus-comment.html" . }}
<br />
{{ end }}
{{ partial "pager.html" . }}
</div>