kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

sync node-pressure-eviction scheduling-framework multi-tenancy

This commit is contained in:
xin gu 2024-03-11 14:33:58 +08:00
parent 9c55a6e15f
commit a663a2ddbe
3 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
content/zh-cn/docs/concepts/scheduling-eviction/node-pressure-eviction.md
View File

@ -334,7 +334,7 @@ kubelet 具有以下默认硬驱逐条件:
<!--
These default values of hard eviction thresholds will only be set if none
of the parameters is changed. If you changed the value of any parameter,
of the parameters is changed. If you change the value of any parameter,
then the values of other parameters will not be inherited as the default
values and will be set to zero. In order to provide custom values, you
should provide all the thresholds respectively.

2
content/zh-cn/docs/concepts/scheduling-eviction/scheduling-framework.md
View File

@ -222,7 +222,7 @@ called for that node. Nodes may be evaluated concurrently.
### PostFilter {#post-filter}
<!--
These plugins are called after Filter phase, but only when no feasible nodes
These plugins are called after the Filter phase, but only when no feasible nodes
were found for the pod. Plugins are called in their configured order. If
any postFilter plugin marks the node as `Schedulable`, the remaining plugins
will not be called. A typical PostFilter implementation is preemption, which

6
content/zh-cn/docs/concepts/security/multi-tenancy.md
View File

@ -608,7 +608,7 @@ sandboxing implementations are available:
* [gVisor](https://gvisor.dev/) intercepts syscalls from containers and runs them through a
userspace kernel, written in Go, with limited access to the underlying host.
* [Kata Containers](https://katacontainers.io/) is an OCI compliant runtime that allows you to run
* [Kata Containers](https://katacontainers.io/) provide a secure container runtime that allows you to run
containers in a VM. The hardware virtualization available in Kata offers an added layer of
security for containers running untrusted code.
-->
@ -617,8 +617,8 @@ sandboxing implementations are available:
* [gVisor](https://gvisor.dev/) 拦截来自容器的系统调用,并通过用户空间内核运行它们,
用户空间内核采用 Go 编写,对底层主机的访问是受限的
* [Kata Containers](https://katacontainers.io/) 是符合 OCI 的运行时,允许你在 VM 中运行容器。
Kata 中提供的硬件虚拟化为运行不受信任代码的容器提供了额外的安全层。
* [Kata Containers](https://katacontainers.io/) 提供了一个安全的容器运行时,
允许你在 VM 中运行容器。Kata 中提供的硬件虚拟化为运行不受信任代码的容器提供了额外的安全层。
<!--
### Node Isolation