sync configure-persistent-volume-storage kubeadm-certs feature-gates-removed working-with-objects/_index

2023-07-24 19:19:53 +08:00 · 2023-07-24 19:19:53 +08:00 · aacdde39bf
parent e60d558aed
commit aacdde39bf
4 changed files with 30 additions and 21 deletions
--- a/content/zh-cn/docs/concepts/overview/working-with-objects/_index.md
+++ b/content/zh-cn/docs/concepts/overview/working-with-objects/_index.md
@ -235,6 +235,14 @@ detail the structure of that `.status` field, and its content for each different
 不同类型的对象可以有不同的 `.status` 信息。API 参考页面给出了 `.status` 字段的详细结构，
 以及针对不同类型 API 对象的具体内容。

+{{< note >}}
+<!--
+See [Configuration Best Practices](/docs/concepts/configuration/overview/) for additional
+information on writing YAML configuration files.
+-->
+请查看[配置最佳实践](/zh-cn/docs/concepts/configuration/overview/)来获取有关编写 YAML 配置文件的更多信息。
+{{< /note >}}
+
 <!--
 ## Server side field validation

--- a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates-removed.md
+++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates-removed.md
@ -1158,7 +1158,6 @@ In the following table:
  A node is eligible for exclusion if labelled with "`node.kubernetes.io/exclude-from-external-load-balancers`".

 - `ServiceTopology`: Enable service to route traffic based upon the Node topology of the cluster.
-  See [ServiceTopology](/docs/concepts/services-networking/service-topology/) for more details.

 - `SetHostnameAsFQDN`: Enable the ability of setting Fully Qualified Domain Name(FQDN) as the
  hostname of a pod. See
@ -1171,7 +1170,6 @@ In the following table:
  如果节点标记有 `node.kubernetes.io/exclude-from-external-load-balancers` 标签，则可以排除该节点。

 - `ServiceTopology`：启用服务拓扑可以让一个服务基于集群的节点拓扑进行流量路由。
-  有关更多详细信息，请参见[服务拓扑](/zh-cn/docs/concepts/services-networking/service-topology/)。

 - `SetHostnameAsFQDN`：启用将全限定域名（FQDN）设置为 Pod 主机名的功能。
  请参见[为 Pod 设置 `setHostnameAsFQDN` 字段](/zh-cn/docs/concepts/services-networking/dns-pod-service/#pod-sethostnameasfqdn-field)。
--- a/content/zh-cn/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md
+++ b/content/zh-cn/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md
@ -238,11 +238,11 @@ kubeadm 在 1.17 版本之前有一个[缺陷](https://github.com/kubernetes/kub
 <!--
 ## Manual certificate renewal

-You can renew your certificates manually at any time with the `kubeadm certs renew` command.
+You can renew your certificates manually at any time with the `kubeadm certs renew` command, with the appropriate command line options.
 -->
 ## 手动更新证书 {#manual-certificate-renewal}

-你能随时通过 `kubeadm certs renew` 命令手动更新你的证书。
+你能随时通过 `kubeadm certs renew` 命令手动更新你的证书，只需带上合适的命令行选项。

 <!--
 This command performs the renewal using CA (or front-proxy-CA) certificate and key stored in `/etc/kubernetes/pki`.
@ -286,26 +286,29 @@ to keep them both in sync.
 {{< /note >}}

 <!--
-`kubeadm certs renew` provides the following options:
+`kubeadm certs renew` can renew any specific certificate or, with the subcommand `all`, it can renew all of them, as shown below:
 -->
-`kubeadm certs renew` 提供以下选项：
+`kubeadm certs renew` 可以更新任何特定的证书，或者使用子命令 `all`
+更新所有的证书，如下所示：

+```shell
+kubeadm certs renew all
+```
+
+{{< note >}}
 <!--
- The Kubernetes certificates normally reach their expiration date after one year.
+Clusters built with kubeadm often copy the `admin.conf` certificate into `$HOME/.kube/config`, as instructed in [Creating a cluster with kubeadm](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/). On such a system, to update the contents of `$HOME/.kube/config` after renewing the `admin.conf` you must run the following commands:
 -->
- Kubernetes 证书通常在一年后到期。
+使用 kubeadm 构建的集群通常会将 `admin.conf` 证书复制到 `$HOME/.kube/config` 中，
+如[使用 kubeadm 创建集群](/zh-cn/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/)中所指示的那样。
+在这样的系统中，为了在更新 `admin.conf` 后更新 `$HOME/.kube/config` 的内容，
+你必须运行以下命令：

-<!--
- `--csr-only` can be used to renew certificates with an external CA by generating certificate
-  signing requests (without actually renewing certificates in place); see next paragraph for more
-  information.
-
- It's also possible to renew a single certificate instead of all.
-->
- `--csr-only` 可用于经过一个外部 CA 生成的证书签名请求来更新证书（无需实际替换更新证书）；
-  更多信息请参见下节。
-
- 可以更新单个证书而不是全部证书。
+```shell
+sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
+sudo chown $(id -u):$(id -g) $HOME/.kube/config
+```
+{{< /note >}}

 <!--
 ## Renew certificates with the Kubernetes certificates API
--- a/content/zh-cn/docs/tasks/configure-pod-container/configure-persistent-volume-storage.md
+++ b/content/zh-cn/docs/tasks/configure-pod-container/configure-persistent-volume-storage.md
@ -214,7 +214,7 @@ task-pv-volume   10Gi       RWO           Retain          Available
 The next step is to create a PersistentVolumeClaim. Pods use PersistentVolumeClaims
 to request physical storage. In this exercise, you create a PersistentVolumeClaim
 that requests a volume of at least three gibibytes that can provide read-write
-access for at least one Node.
+access for at most one Node at a time.

 Here is the configuration file for the PersistentVolumeClaim:
 -->
@ -223,7 +223,7 @@ Here is the configuration file for the PersistentVolumeClaim:
 下一步是创建一个 PersistentVolumeClaim。
 Pod 使用 PersistentVolumeClaim 来请求物理存储。
 在本练习中，你将创建一个 PersistentVolumeClaim，它请求至少 3 GB 容量的卷，
-该卷至少可以为一个节点提供读写访问。
+该卷一次最多可以为一个节点提供读写访问。

 下面是 PersistentVolumeClaim 的配置文件：