Skip to content

Commit

Permalink
Merge pull request kubernetes#44393 from my-git9/encrypt-data-31
Browse files Browse the repository at this point in the history
[zh-cn] sync resource-bin-packing create-cluster-kubeadm encrypt-data
  • Loading branch information
k8s-ci-robot authored Jan 23, 2024
2 parents 64be1cc + 1f4a619 commit 8618613
Show file tree
Hide file tree
Showing 3 changed files with 337 additions and 101 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ To set the `MostAllocated` strategy for the `NodeResourcesFit` plugin, use a
可以使用一个类似于下面这样的[调度器配置](/zh-cn/docs/reference/scheduling/config/)

```yaml
apiVersion: kubescheduler.config.k8s.io/v1beta3
apiVersion: kubescheduler.config.k8s.io/v1
kind: KubeSchedulerConfiguration
profiles:
- pluginConfig:
Expand All @@ -64,10 +64,10 @@ profiles:
<!--
To learn more about other parameters and their default configuration, see the API documentation for
[`NodeResourcesFitArgs`](/docs/reference/config-api/kube-scheduler-config.v1beta3/#kubescheduler-config-k8s-io-v1beta3-NodeResourcesFitArgs).
[`NodeResourcesFitArgs`](/docs/reference/config-api/kube-scheduler-config.v1/#kubescheduler-config-k8s-io-v1-NodeResourcesFitArgs).
-->
要进一步了解其它参数及其默认配置,请参阅
[`NodeResourcesFitArgs`](/zh-cn/docs/reference/config-api/kube-scheduler-config.v1beta3/#kubescheduler-config-k8s-io-v1beta3-NodeResourcesFitArgs)
[`NodeResourcesFitArgs`](/zh-cn/docs/reference/config-api/kube-scheduler-config.v1/#kubescheduler-config-k8s-io-v1-NodeResourcesFitArgs)
的 API 文档。

<!--
Expand All @@ -79,7 +79,7 @@ allows users to bin pack extended resources by using appropriate parameters
to improve the utilization of scarce resources in large clusters. It favors nodes according to a
configured function of the allocated resources. The behavior of the `RequestedToCapacityRatio` in
the `NodeResourcesFit` score function can be controlled by the
[scoringStrategy](/docs/reference/config-api/kube-scheduler-config.v1beta3/#kubescheduler-config-k8s-io-v1beta3-ScoringStrategy) field.
[scoringStrategy](/docs/reference/config-api/kube-scheduler-config.v1/#kubescheduler-config-k8s-io-v1-ScoringStrategy) field.
Within the `scoringStrategy` field, you can configure two parameters: `requestedToCapacityRatio` and
`resources`. The `shape` in the `requestedToCapacityRatio`
parameter allows the user to tune the function as least requested or most
Expand All @@ -92,11 +92,10 @@ specify the weight of each resource.
`RequestedToCapacityRatio` 策略允许用户基于请求值与容量的比率,针对参与节点计分的每类资源设置权重。
这一策略使得用户可以使用合适的参数来对扩展资源执行装箱操作,进而提升大规模集群中稀有资源的利用率。
此策略根据所分配资源的一个配置函数来评价节点。
`NodeResourcesFit` 计分函数中的 `RequestedToCapacityRatio` 可以通过字段
[scoringStrategy](/zh-cn/docs/reference/config-api/kube-scheduler-config.v1beta3/#kubescheduler-config-k8s-io-v1beta3-ScoringStrategy)
来控制。
在 `scoringStrategy` 字段中,你可以配置两个参数:`requestedToCapacityRatio`
和 `resources`。`requestedToCapacityRatio` 参数中的 `shape`
`NodeResourcesFit` 计分函数中的 `RequestedToCapacityRatio` 可以通过
[scoringStrategy](/zh-cn/docs/reference/config-api/kube-scheduler-config.v1/#kubescheduler-config-k8s-io-v1-ScoringStrategy)
字段来控制。在 `scoringStrategy` 字段中,你可以配置两个参数:
`requestedToCapacityRatio` 和 `resources`。`requestedToCapacityRatio` 参数中的 `shape`
设置使得用户能够调整函数的算法,基于 `utilization` 和 `score` 值计算最少请求或最多请求。
`resources` 参数中包含计分过程中需要考虑的资源的 `name`,以及用来设置每种资源权重的 `weight`。

Expand All @@ -109,7 +108,7 @@ using the `requestedToCapacityRatio` field.
和 `intel.com/bar` 设置装箱行为:

```yaml
apiVersion: kubescheduler.config.k8s.io/v1beta3
apiVersion: kubescheduler.config.k8s.io/v1
kind: KubeSchedulerConfiguration
profiles:
- pluginConfig:
Expand Down Expand Up @@ -140,10 +139,10 @@ scheduler.

<!--
To learn more about other parameters and their default configuration, see the API documentation for
[`NodeResourcesFitArgs`](/docs/reference/config-api/kube-scheduler-config.v1beta3/#kubescheduler-config-k8s-io-v1beta3-NodeResourcesFitArgs).
[`NodeResourcesFitArgs`](/docs/reference/config-api/kube-scheduler-config.v1/#kubescheduler-config-k8s-io-v1-NodeResourcesFitArgs).
-->
要进一步了解其它参数及其默认配置,可以参阅
[`NodeResourcesFitArgs`](/zh-cn/docs/reference/config-api/kube-scheduler-config.v1beta3/#kubescheduler-config-k8s-io-v1beta3-NodeResourcesFitArgs)
[`NodeResourcesFitArgs`](/zh-cn/docs/reference/config-api/kube-scheduler-config.v1/#kubescheduler-config-k8s-io-v1-NodeResourcesFitArgs)
的 API 文档。

<!--
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -285,11 +285,11 @@ for more details.
这个步骤是可选的,只适用于你希望 `kubeadm init``kubeadm join` 不去下载存放在
`registry.k8s.io` 上的默认容器镜像的情况。

当你在离线的节点上创建一个集群的时候,Kubeadm 有一些命令可以帮助你预拉取所需的镜像。
当你在离线的节点上创建一个集群的时候,kubeadm 有一些命令可以帮助你预拉取所需的镜像。
阅读[离线运行 kubeadm](/zh-cn/docs/reference/setup-tools/kubeadm/kubeadm-init#without-internet-connection)
获取更多的详情。

Kubeadm 允许你给所需要的镜像指定一个自定义的镜像仓库。
kubeadm 允许你给所需要的镜像指定一个自定义的镜像仓库。
阅读[使用自定义镜像](/zh-cn/docs/reference/setup-tools/kubeadm/kubeadm-init#custom-images)获取更多的详情。

<!--
Expand Down Expand Up @@ -487,18 +487,34 @@ export KUBECONFIG=/etc/kubernetes/admin.conf

{{< warning >}}
<!--
Kubeadm signs the certificate in the `admin.conf` to have `Subject: O = system:masters, CN = kubernetes-admin`.
`system:masters` is a break-glass, super user group that bypasses the authorization layer (e.g. RBAC).
Do not share the `admin.conf` file with anyone and instead grant users custom permissions by generating
them a kubeconfig file using the `kubeadm kubeconfig user` command. For more details see
[Generating kubeconfig files for additional users](/docs/tasks/administer-cluster/kubeadm/kubeadm-certs#kubeconfig-additional-users).
-->
kubeadm 对 `admin.conf` 中的证书进行签名时,将其配置为
`Subject: O = system:masters, CN = kubernetes-admin`
`system:masters` 是一个例外的、超级用户组,可以绕过鉴权层(例如 RBAC)。
不要将 `admin.conf` 文件与任何人共享,应该使用 `kubeadm kubeconfig user`
命令为其他用户生成 kubeconfig 文件,完成对他们的定制授权。
更多细节请参见[为其他用户生成 kubeconfig 文件](/zh-cn/docs/tasks/administer-cluster/kubeadm/kubeadm-certs#kubeconfig-additional-users)
The kubeconfig file `admin.conf` that `kubeadm init` generates contains a certificate with
`Subject: O = kubeadm:cluster-admins, CN = kubernetes-admin`. The group `kubeadm:cluster-admins`
is bound to the built-in `cluster-admin` ClusterRole.
Do not share the `admin.conf` file with anyone.
-->
`kubeadm init` 生成的 kubeconfig 文件 `admin.conf`
包含一个带有 `Subject: O = kubeadm:cluster-admins, CN = kubernetes-admin` 的证书。
`kubeadm:cluster-admins` 组被绑定到内置的 `cluster-admin` ClusterRole 上。
不要与任何人共享 `admin.conf` 文件。

<!--
`kubeadm init` generates another kubeconfig file `super-admin.conf` that contains a certificate with
`Subject: O = system:masters, CN = kubernetes-super-admin`.
`system:masters` is a break-glass, super user group that bypasses the authorization layer (for example RBAC).
Do not share the `super-admin.conf` file with anyone. It is recommended to move the file to a safe location.
-->
`kubeadm init` 生成另一个 kubeconfig 文件 `super-admin.conf`
其中包含带有 `Subject: O = system:masters, CN = kubernetes-super-admin` 的证书。
`system:masters` 是一个紧急访问、超级用户组,可以绕过授权层(例如 RBAC)。
不要与任何人共享 `super-admin.conf` 文件,建议将其移动到安全位置。

<!--
See
[Generating kubeconfig files for additional users](/docs/tasks/administer-cluster/kubeadm/kubeadm-certs#kubeconfig-additional-users)
on how to use `kubeadm kubeconfig user` to generate kubeconfig files for additional users.
-->
有关如何使用 `kubeadm kubeconfig user` 为其他用户生成 kubeconfig
文件,请参阅[为其他用户生成 kubeconfig 文件](/zh-cn/docs/tasks/administer-cluster/kubeadm/kubeadm-certs#kubeconfig-additional-users)
{{< /warning >}}

<!--
Expand Down Expand Up @@ -1104,12 +1120,14 @@ version as kubeadm or one version older.
<!--
Example:
* kubeadm is at {{< skew currentVersion >}}
* kubelet on the host must be at {{< skew currentVersion >}} or {{< skew currentVersionAddMinor -1 >}}
* kubelet on the host must be at {{< skew currentVersion >}}, {{< skew currentVersionAddMinor -1 >}},
{{< skew currentVersionAddMinor -2 >}} or {{< skew currentVersionAddMinor -3 >}}
-->
例子:

* kubeadm 的版本为 {{< skew currentVersion >}}。
* 主机上的 kubelet 必须为 {{< skew currentVersion >}} 或者 {{< skew currentVersionAddMinor -1 >}}。
* 主机上的 kubelet 必须为 {{< skew currentVersion >}}、{{< skew currentVersionAddMinor -1 >}}、
{{< skew currentVersionAddMinor -2 >}} 或 {{< skew currentVersionAddMinor -3 >}}。

<!--
### kubeadm's skew against kubeadm
Expand Down
Loading

0 comments on commit 8618613

Please sign in to comment.