Skip to content

Commit 0895480

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request #25647 from jiaj12/patch-65
Update feature-gates.md
2 parents 27cd030 + acaa241 commit 0895480

File tree

1 file changed

+11
-5
lines changed

1 file changed

+11
-5
lines changed

content/zh/docs/reference/command-line-tools-reference/feature-gates.md

Lines changed: 11 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -511,10 +511,13 @@ Each feature gate is designed for enabling/disabling a specific feature:
511511
See [Raw Block Volume Support](/docs/concepts/storage/persistent-volumes/#raw-block-volume-support)
512512
for more details.
513513
- `BoundServiceAccountTokenVolume`: Migrate ServiceAccount volumes to use a projected volume consisting of a
514-
ServiceAccountTokenVolumeProjection.
515-
Check [Service Account Token Volumes](https://git.k8s.io/community/contributors/design-proposals/storage/svcacct-token-volume-source.md)
514+
ServiceAccountTokenVolumeProjection. Cluster admins can use metric `serviceaccount_stale_tokens_total` to
515+
monitor workloads that are depending on the extended tokens. If there are no such workloads, turn off
516+
extended tokens by starting `kube-apiserver` with flag `--service-account-extend-token-expiration=false`.
517+
Check [Bound Service Account Tokens](https://github.com/kubernetes/enhancements/blob/master/keps/sig-auth/1205-bound-service-account-tokens/README.md)
516518
for more details.
517-
- `ConfigurableFSGroupPolicy`: Allows user to configure volume permission change policy for fsGroups when mounting a volume in a Pod. See [Configure volume permission and ownership change policy for Pods](/docs/tasks/configure-pod-container/security-context/#configure-volume-permission-and-ownership-change-policy-for-pods) for more details.
519+
- `ConfigurableFSGroupPolicy`: Allows user to configure volume permission change policy for fsGroups when mounting a volume in a Pod. See
520+
[Configure volume permission and ownership change policy for Pods](/docs/tasks/configure-pod-container/security-context/#configure-volume-permission-and-ownership-change-policy-for-pods) for more details.
518521
- `CPUManager`: Enable container level CPU affinity support, see [CPU Management Policies](/docs/tasks/administer-cluster/cpu-management-policies/).
519522
-->
520523

@@ -525,8 +528,11 @@ Each feature gate is designed for enabling/disabling a specific feature:
525528
- `BlockVolume`:在 Pod 中启用原始块设备的定义和使用。有关更多详细信息,请参见
526529
[原始块卷支持](/zh/docs/concepts/storage/persistent-volumes/#raw-block-volume-support)
527530
- `BoundServiceAccountTokenVolume`:迁移 ServiceAccount 卷以使用由
528-
ServiceAccountTokenVolumeProjection 组成的预计卷。有关更多详细信息,请参见
529-
[服务账号令牌卷](https://git.k8s.io/community/contributors/design-proposals/storage/svcacct-token-volume-source.md)
531+
ServiceAccountTokenVolumeProjection 组成的投射卷。集群管理员可以使用 `serviceaccount_stale_tokens_total`
532+
度量值来监控依赖于扩展令牌的负载。如果没有这种类型的负载,你可以在启动 `kube-apiserver`
533+
添加 `--service-account-extend-token-expiration=false` 参数关闭扩展令牌。查看
534+
[绑定服务账号令牌](https://github.com/kubernetes/enhancements/blob/master/keps/sig-auth/1205-bound-service-account-tokens/README.md)
535+
获取更多详细信息。
530536
- `ConfigurableFSGroupPolicy`:在 Pod 中挂载卷时,允许用户为 fsGroup
531537
配置卷访问权限和属主变更策略。请参见
532538
[为 Pod 配置卷访问权限和属主变更策略](/zh/docs/tasks/configure-pod-container/security-context/#configure-volume-permission-and-ownership-change-policy-for-pods)

0 commit comments

Comments
 (0)