Skip to content

Commit 05b868e

Browse files
author
huangminjie
committed
[zh] sync 1.24 concepts-7
1 parent 1bd0ade commit 05b868e

File tree

3 files changed

+148
-102
lines changed

3 files changed

+148
-102
lines changed

content/zh/docs/concepts/cluster-administration/system-logs.md

Lines changed: 78 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -192,6 +192,82 @@ I1025 00:15:15.525108 1 example.go:116] "Example" data="This is text with
192192
second line.}
193193
```
194194

195+
<!--
196+
### Contextual Logging
197+
-->
198+
### 上下文日志
199+
200+
{{< feature-state for_k8s_version="v1.24" state="alpha" >}}
201+
202+
<!--
203+
Contextual logging builds on top of structured logging. It is primarily about
204+
how developers use logging calls: code based on that concept is more flexible
205+
and supports additional use cases as described in the [Contextual Logging
206+
KEP](https://github.com/kubernetes/enhancements/tree/master/keps/sig-instrumentation/3077-contextual-logging).
207+
-->
208+
上下文日志建立在结构化日志之上。
209+
它主要是关于开发人员如何使用日志记录调用:基于该概念的代码将更加灵活,
210+
并且支持在[结构化日志 KEP](https://github.com/kubernetes/enhancements/tree/master/keps/sig-instrumentation/3077-contextual-logging)
211+
中描述的额外用例。
212+
213+
<!--
214+
If developers use additional functions like `WithValues` or `WithName` in
215+
their components, then log entries contain additional information that gets
216+
passed into functions by their caller.
217+
-->
218+
如果开发人员在他们的组件中使用额外的函数,比如 `WithValues``WithName`
219+
那么日志条目将会包含额外的信息,这些信息会被调用者传递给函数。
220+
221+
<!--
222+
Currently this is gated behind the `StructuredLogging` feature gate and
223+
disabled by default. The infrastructure for this was added in 1.24 without
224+
modifying components. The
225+
[`component-base/logs/example`](https://github.com/kubernetes/kubernetes/blob/v1.24.0-beta.0/staging/src/k8s.io/component-base/logs/example/cmd/logger.go)
226+
command demonstrates how to use the new logging calls and how a component
227+
behaves that supports contextual logging.
228+
-->
229+
目前这一特性是由 `StructuredLogging` 特性门控所控制的,默认关闭。
230+
这个基础设施是在 1.24 中被添加的,并不需要修改组件。
231+
[`component-base/logs/example`](https://github.com/kubernetes/kubernetes/blob/v1.24.0-beta.0/staging/src/k8s.io/component-base/logs/example/cmd/logger.go)
232+
命令演示了如何使用新的日志记录调用以及组件如何支持上下文日志记录。
233+
234+
```console
235+
$ cd $GOPATH/src/k8s.io/kubernetes/staging/src/k8s.io/component-base/logs/example/cmd/
236+
$ go run . --help
237+
...
238+
--feature-gates mapStringBool A set of key=value pairs that describe feature gates for alpha/experimental features. Options are:
239+
AllAlpha=true|false (ALPHA - default=false)
240+
AllBeta=true|false (BETA - default=false)
241+
ContextualLogging=true|false (ALPHA - default=false)
242+
$ go run . --feature-gates ContextualLogging=true
243+
...
244+
I0404 18:00:02.916429 451895 logger.go:94] "example/myname: runtime" foo="bar" duration="1m0s"
245+
I0404 18:00:02.916447 451895 logger.go:95] "example: another runtime" foo="bar" duration="1m0s"
246+
```
247+
248+
<!--
249+
The `example` prefix and `foo="bar"` were added by the caller of the function
250+
which logs the `runtime` message and `duration="1m0s"` value, without having to
251+
modify that function.
252+
253+
With contextual logging disable, `WithValues` and `WithName` do nothing and log
254+
calls go through the global klog logger. Therefore this additional information
255+
is not in the log output anymore:
256+
-->
257+
`example` 前缀和 `foo="bar"` 会被函数的调用者添加上,
258+
不需修改该函数,它就会记录 `runtime` 消息和 `duration="1m0s"` 值。
259+
260+
禁用上下文日志后,`WithValues``WithName` 什么都不会做,
261+
并且会通过调用全局的 klog 日志记录器记录日志。
262+
因此,这些附加信息不再出现在日志输出中:
263+
264+
```console
265+
$ go run . --feature-gates ContextualLogging=false
266+
...
267+
I0404 18:03:31.171945 452150 logger.go:94] "runtime" duration="1m0s"
268+
I0404 18:03:31.171962 452150 logger.go:95] "another runtime" duration="1m0s"
269+
```
270+
195271
<!--
196272
### JSON log format
197273
-->
@@ -258,45 +334,6 @@ List of components currently supporting JSON format:
258334
* {{< glossary_tooltip term_id="kube-scheduler" text="kube-scheduler" >}}
259335
* {{< glossary_tooltip term_id="kubelet" text="kubelet" >}}
260336

261-
<!--
262-
### Log sanitization
263-
-->
264-
### 日志清洗 {#log-sanitization}
265-
266-
{{< feature-state for_k8s_version="v1.20" state="alpha" >}}
267-
268-
{{<warning >}}
269-
<!--
270-
Log sanitization might incur significant computation overhead and therefore should not be enabled in production.
271-
-->
272-
日志清洗(Log Sanitization)可能会导致大量的计算开销,因此不应在生产环境中启用。
273-
{{< /warning >}}
274-
275-
<!--
276-
The `--experimental-logging-sanitization` flag enables the klog sanitization filter.
277-
If enabled all log arguments are inspected for fields tagged as sensitive data (e.g. passwords, keys, tokens) and logging of these fields will be prevented.
278-
-->
279-
`--experimental-logging-sanitization` 参数可用来启用 klog 清洗过滤器。
280-
如果启用后,将检查所有日志参数中是否有标记为敏感数据的字段(比如:密码,密钥,令牌),
281-
并且将阻止这些字段的记录。
282-
283-
<!--
284-
List of components currently supporting log sanitization:
285-
-->
286-
当前支持日志清洗的组件列表:
287-
288-
* kube-controller-manager
289-
* kube-apiserver
290-
* kube-scheduler
291-
* kubelet
292-
293-
{{< note >}}
294-
<!--
295-
The Log sanitization filter does not prevent user workload logs from leaking sensitive data.
296-
-->
297-
日志清洗过滤器不会阻止用户工作负载日志泄漏敏感数据。
298-
{{< /note >}}
299-
300337
<!--
301338
### Log verbosity level
302339
@@ -347,11 +384,13 @@ The `logrotate` tool rotates logs daily, or once the log size is greater than 10
347384
<!--
348385
* Read about the [Kubernetes Logging Architecture](/docs/concepts/cluster-administration/logging/)
349386
* Read about [Structured Logging](https://github.com/kubernetes/enhancements/tree/master/keps/sig-instrumentation/1602-structured-logging)
387+
* Read about [Contextual Logging](https://github.com/kubernetes/enhancements/tree/master/keps/sig-instrumentation/3077-contextual-logging)
350388
* Read about [deprecation of klog flags](https://github.com/kubernetes/enhancements/tree/master/keps/sig-instrumentation/2845-deprecate-klog-specific-flags-in-k8s-components)
351389
* Read about the [Conventions for logging severity](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md)
352390
-->
353391
* 阅读 [Kubernetes 日志架构](/zh/docs/concepts/cluster-administration/logging/)
354392
* 阅读[结构化日志提案(英文)](https://github.com/kubernetes/enhancements/tree/master/keps/sig-instrumentation/1602-structured-logging)
393+
* 阅读[上下文日志提案(英文)](https://github.com/kubernetes/enhancements/tree/master/keps/sig-instrumentation/3077-contextual-logging)
355394
* 阅读 [klog 参数的废弃(英文)](https://github.com/kubernetes/enhancements/tree/master/keps/sig-instrumentation/2845-deprecate-klog-specific-flags-in-k8s-components)
356395
* 阅读[日志严重级别约定(英文)](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-instrumentation/logging.md)
357396

content/zh/docs/concepts/containers/runtime-class.md

Lines changed: 21 additions & 41 deletions
Original file line numberDiff line numberDiff line change
@@ -113,18 +113,21 @@ RuntimeClass 资源当前只有两个重要的字段:RuntimeClass 名 (`metada
113113
对象定义如下所示:
114114

115115
```yaml
116-
apiVersion: node.k8s.io/v1 # RuntimeClass 定义于 node.k8s.io API 组
116+
# RuntimeClass 定义于 node.k8s.io API 组
117+
apiVersion: node.k8s.io/v1
117118
kind: RuntimeClass
118119
metadata:
119-
name: myclass # 用来引用 RuntimeClass 的名字
120+
# 用来引用 RuntimeClass 的名字
120121
# RuntimeClass 是一个集群层面的资源
121-
handler: myconfiguration # 对应的 CRI 配置的名称
122+
name: myclass
123+
# 对应的 CRI 配置的名称
124+
handler: myconfiguration
122125
```
123126
124127
<!--
125128
It is recommended that RuntimeClass write operations (create/update/patch/delete) be
126-
restricted to the cluster administrator. This is typically the default. See [Authorization
127-
Overview](/docs/reference/access-authn-authz/authorization/) for more details.
129+
restricted to the cluster administrator. This is typically the default. See
130+
[Authorization Overview](/docs/reference/access-authn-authz/authorization/) for more details.
128131
-->
129132
{{< note >}}
130133
建议将 RuntimeClass 写操作(create、update、patch 和 delete)限定于集群管理员使用。
@@ -134,13 +137,13 @@ Overview](/docs/reference/access-authn-authz/authorization/) for more details.
134137
<!--
135138
## Usage
136139
137-
Once RuntimeClasses are configured for the cluster, using them is very simple. Specify a
138-
`runtimeClassName` in the Pod spec. For example:
140+
Once RuntimeClasses are configured for the cluster, you can specify a
141+
`runtimeClassName` in the Pod spec to use it. For example:
139142
-->
140143
## 使用说明 {#usage}
141144

142-
一旦完成集群中 RuntimeClasses 的配置,使用起来非常方便。
143-
Pod spec 中指定 `runtimeClassName` 即可。例如:
145+
一旦完成集群中 RuntimeClasses 的配置,
146+
你可以在 Pod spec 中指定 `runtimeClassName` 来使用它。例如:
144147

145148
```yaml
146149
apiVersion: v1
@@ -181,25 +184,7 @@ For more details on setting up CRI runtimes, see [CRI installation](/docs/setup/
181184
关于如何安装 CRI 运行时,请查阅
182185
[CRI 安装](/zh/docs/setup/production-environment/container-runtimes/)。
183186

184-
#### dockershim
185-
186-
<!--
187-
{{< feature-state for_k8s_version="v1.20" state="deprecated" >}}
188-
189-
Dockershim is deprecated as of Kubernetes v1.20, and will be removed in v1.24. For more information on the deprecation,
190-
see [dockershim deprecation](/blog/2020/12/08/kubernetes-1-20-release-announcement/#dockershim-deprecation)
191-
-->
192-
Dockershim 自 Kubernetes v1.20 起已弃用,并将在 v1.24 中删除。
193-
有关弃用的更多信息查看 [dockershim 弃用](/blog/2020/12/08/kubernetes-1-20-release-announcement/#dockershim-deprecation)。
194-
195-
<!--
196-
RuntimeClasses with dockershim must set the runtime handler to `docker`. Dockershim does not support
197-
custom configurable runtime handlers.
198-
-->
199-
为 dockershim 设置 RuntimeClass 时,必须将运行时处理程序设置为 `docker`。
200-
Dockershim 不支持自定义的可配置的运行时处理程序。
201-
202-
#### [containerd](https://containerd.io/)
187+
#### {{< glossary_tooltip term_id="containerd" >}}
203188

204189
<!--
205190
Runtime handlers are configured through containerd's configuration at
@@ -213,10 +198,10 @@ handler 需要配置在 runtimes 块中:
213198
```
214199
215200
<!--
216-
See the containerd [CRI Plugin Config Guide](https://github.com/containerd/containerd/blob/main/docs/cri/config.md) for more details.
201+
See containerd's [config documentation](https://github.com/containerd/cri/blob/master/docs/config.md)
202+
for more details:
217203
-->
218-
更详细信息,请查阅 containerd
219-
[CRI 插件配置指南](https://github.com/containerd/cri/blob/master/docs/config.md)
204+
更详细信息,请查阅 containerd 的[配置指南](https://github.com/containerd/cri/blob/master/docs/config.md)
220205
221206
#### [cri-o](https://cri-o.io/)
222207
@@ -278,8 +263,8 @@ by each.
278263
与 `nodeSelector` 一样,tolerations 也在 admission 阶段与 pod 的 tolerations 合并,取二者的并集。
279264
280265
<!--
281-
To learn more about configuring the node selector and tolerations, see [Assigning Pods to
282-
Nodes](/docs/concepts/configuration/assign-pod-node/).
266+
To learn more about configuring the node selector and tolerations, see
267+
[Assigning Pods to Nodes](/docs/concepts/configuration/assign-pod-node/).
283268
-->
284269
更多有关 node selector 和 tolerations 的配置信息,请查阅
285270
[将 Pod 分派到节点](/zh/docs/concepts/scheduling-eviction/assign-pod-node/)。
@@ -289,26 +274,21 @@ Nodes](/docs/concepts/configuration/assign-pod-node/).
289274
-->
290275
### Pod 开销 {#pod-overhead}
291276
292-
{{< feature-state for_k8s_version="v1.18" state="beta" >}}
277+
{{< feature-state for_k8s_version="v1.24" state="stable" >}}
293278
294279
<!--
295280
You can specify _overhead_ resources that are associated with running a Pod. Declaring overhead allows
296281
the cluster (including the scheduler) to account for it when making decisions about Pods and resources.
297-
To use Pod overhead, you must have the PodOverhead [feature gate](/docs/reference/command-line-tools-reference/feature-gates/)
298-
enabled (it is on by default).
299282
-->
300283
你可以指定与运行 Pod 相关的 _开销_ 资源。声明开销即允许集群(包括调度器)在决策 Pod 和资源时将其考虑在内。
301-
若要使用 Pod 开销特性,你必须确保 PodOverhead
302-
[特性门控](/zh/docs/reference/command-line-tools-reference/feature-gates/)
303-
处于启用状态(默认为启用状态)。
304284
305285
<!--
306-
Pod overhead is defined in RuntimeClass through the `Overhead` fields. Through the use of these fields,
286+
Pod overhead is defined in RuntimeClass through the `overhead` field. Through the use of this field,
307287
you can specify the overhead of running pods utilizing this RuntimeClass and ensure these overheads
308288
are accounted for in Kubernetes.
309289
-->
310290
Pod 开销通过 RuntimeClass 的 `overhead` 字段定义。
311-
通过使用这些字段,你可以指定使用该 RuntimeClass 运行 Pod 时的开销并确保 Kubernetes 将这些开销计算在内。
291+
通过使用这个字段,你可以指定使用该 RuntimeClass 运行 Pod 时的开销并确保 Kubernetes 将这些开销计算在内。
312292
313293
## {{% heading "whatsnext" %}}
314294

content/zh/docs/concepts/overview/kubernetes-api.md

Lines changed: 49 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -145,29 +145,63 @@ Kubernetes 为 API 实现了一种基于 Protobuf 的序列化格式,主要用
145145

146146
### OpenAPI V3
147147

148-
{{< feature-state state="alpha" for_k8s_version="v1.23" >}}
148+
{{< feature-state state="beta" for_k8s_version="v1.24" >}}
149149

150150
<!--
151-
Kubernetes v1.23 offers initial support for publishing its APIs as OpenAPI v3; this is an
152-
alpha feature that is disabled by default.
153-
You can enable the alpha feature by turning on the
151+
Kubernetes {{< param "version" >}} offers beta support for publishing its APIs as OpenAPI v3; this is a
152+
beta feature that is enabled by default.
153+
You can disable the beta feature by turning off the
154154
[feature gate](/docs/reference/command-line-tools-reference/feature-gates/) named `OpenAPIV3`
155155
for the kube-apiserver component.
156156
-->
157-
Kubernetes v1.23 提供将其 API 以 OpenAPI v3 形式发布的初始支持;这一功能特性处于 Alpha
158-
状态,默认被禁用。
159-
你可以通过为 kube-apiserver 组件启用 `OpenAPIV3`
160-
[特性门控](/zh/docs/reference/command-line-tools-reference/feature-gates/)来启用此
161-
Alpha 特性。
157+
Kubernetes {{< param "version" >}} 提供将其 API 以 OpenAPI v3 形式发布的 beta 支持;
158+
这一功能特性处于 beta 状态,默认被开启。
159+
你可以通过为 kube-apiserver 组件关闭 `OpenAPIV3`
160+
[特性门控](/zh/docs/reference/command-line-tools-reference/feature-gates/)来禁用此 beta 特性。
162161

163162
<!--
164-
With the feature enabled, the Kubernetes API server serves an
165-
aggregated OpenAPI v3 spec per Kubernetes group version at the
166-
`/openapi/v3/apis/<group>/<version>` endpoint. Please refer to the
167-
table below for accepted request headers.
163+
A discovery endpoint `/openapi/v3` is provided to see a list of all
164+
group/versions available. This endpoint only returns JSON. These group/versions
165+
are provided in the following format:
166+
-->
167+
发现端点 `/openapi/v3` 被提供用来查看可用的所有组、版本列表。
168+
此列表仅返回 JSON。这些组、版本以下面的格式提供:
169+
```json
170+
{
171+
"paths": {
172+
...
173+
"api/v1": {
174+
"serverRelativeURL": "/openapi/v3/api/v1?hash=CC0E9BFD992D8C59AEC98A1E2336F899E8318D3CF4C68944C3DEC640AF5AB52D864AC50DAA8D145B3494F75FA3CFF939FCBDDA431DAD3CA79738B297795818CF"
175+
},
176+
"apis/admissionregistration.k8s.io/v1": {
177+
"serverRelativeURL": "/openapi/v3/apis/admissionregistration.k8s.io/v1?hash=E19CC93A116982CE5422FC42B590A8AFAD92CDE9AE4D59B5CAAD568F083AD07946E6CB5817531680BCE6E215C16973CD39003B0425F3477CFD854E89A9DB6597"
178+
},
179+
...
180+
}
181+
```
182+
183+
<!--
184+
The relative URLs are pointing to immutable OpenAPI descriptions, in
185+
order to improve client-side caching. The proper HTTP caching headers
186+
are also set by the API server for that purpose (`Expires` to 1 year in
187+
the future, and `Cache-Control` to `immutable`). When an obsolete URL is
188+
used, the API server returns a redirect to the newest URL.
189+
-->
190+
为了改进客户端缓存,相对的 URL 会指向不可变的 OpenAPI 描述。
191+
为了此目的,API 服务器也会设置正确的 HTTP 缓存标头
192+
(`Expires` 为未来 1 年,和 `Cache-Control` 为 `immutable`)。
193+
当一个过时的 URL 被使用时,API 服务器会返回一个指向最新 URL 的重定向。
194+
195+
<!--
196+
The Kubernetes API server publishes an OpenAPI v3 spec per Kubernetes
197+
group version at the `/openapi/v3/apis/<group>/<version>?hash=<hash>`
198+
endpoint.
199+
200+
Refer to the table below for accepted request headers.
168201
-->
169-
特性被启用时,Kubernetes API 服务器会在端点 `/openapi/v3/apis/<group>/<version>`
170-
提供按 Kubernetes 组版本聚合的 OpenAPI v3 规范。
202+
Kubernetes API 服务器会在端点 `/openapi/v3/apis/<group>/<version>?hash=<hash>`
203+
发布一个 Kubernetes 组版本的 OpenAPI v3 规范。
204+
171205
请参阅下表了解可接受的请求头部。
172206

173207
<table>
@@ -201,13 +235,6 @@ table below for accepted request headers.
201235
</tbody>
202236
</table>
203237

204-
<!--
205-
A discovery endpoint `/openapi/v3` is provided to see a list of all
206-
group/versions available. This endpoint only returns JSON.
207-
-->
208-
发现端点 `/openapi/v3` 被提供用来查看可用的所有组、版本列表。
209-
此列表仅返回 JSON。
210-
211238
<!--
212239
## API changes
213240

0 commit comments

Comments
 (0)