Merge pull request #49205 from windsonsea/nodeyh

k8s-ci-robot · web-flow · commit 0c019f690458 · 2024-12-23T08:40:10.000+01:00
[zh] Add text to: access-authn-authz/node.md
diff --git a/content/zh-cn/docs/reference/access-authn-authz/node.md b/content/zh-cn/docs/reference/access-authn-authz/node.md
@@ -136,9 +136,32 @@ kubelet 如何确定主机名的详细信息，请参阅
 [kubelet 选项参考](/zh-cn/docs/reference/command-line-tools-reference/kubelet/)。
 
 <!--
-To enable the Node authorizer, start the apiserver with `--authorization-mode=Node`.
+To enable the Node authorizer, start the {{< glossary_tooltip text="API server" term_id="kube-apiserver" >}}
+with the `--authorization-config` flag set to a file that includes the `Node` authorizer; for example:
 -->
-要启用节点鉴权器，请使用 `--authorization-mode=Node` 启动 API 服务器。
+要启用 Node 鉴权器，启动 {{< glossary_tooltip text="API 服务器" term_id="kube-apiserver" >}}时将
+`--authorization-config` 参数设置为包含 `Node` 鉴权器的某个文件；例如：
+
+```yaml
+apiVersion: apiserver.config.k8s.io/v1
+kind: AuthorizationConfiguration
+authorizers:
+  ...
+  - type: Node
+  ...
+```
+
+<!--
+Or, start the {{< glossary_tooltip text="API server" term_id="kube-apiserver" >}} with
+the `--authorization-mode` flag set to a comma-separated list that includes `Node`;
+for example:
+-->
+或者，在启动 {{< glossary_tooltip text="API 服务器" term_id="kube-apiserver" >}}时将
+`--authorization-mode` 参数设置为一个包含 `Node` 的逗号分隔的列表；例如：
+
+```shell
+kube-apiserver --authorization-mode=...,Node --other-options --more-options
+```
 
 <!--
 To limit the API objects kubelets are able to write, enable the
