Merge pull request #37823 from gaogao101/work28

[zh-cn] Updated managing-secret-using-kubectl.md

Author: k8s-ci-robot

content/zh-cn/docs/tasks/configmap-secret/managing-secret-using-kubectl.md

@@ -13,6 +13,14 @@ description: Creating Secret objects using kubectl command line.
 
 <!-- overview -->
 
+<!--
+This page shows you how to create, edit, manage, and delete Kubernetes
+{{<glossary_tooltip text="Secrets" term_id="secret">}} using the `kubectl`
+command-line tool.
+-->
+本页向你展示如何使用 `kubectl` 命令行工具来创建、编辑、管理和删除。 
+Kubernetes {{<glossary_tooltip text="Secrets" term_id="secret">}}
+
 ## {{% heading "prerequisites" %}}
 
 {{< include "task-tutorial-prereqs.md" >}}
@@ -23,118 +31,134 @@ description: Creating Secret objects using kubectl command line.
 ## 创建 Secret    {#create-a-secret}
 
 <!--
-A `Secret` can contain user credentials required by pods to access a database.
-For example, a database connection string consists of a username and password.
-You can store the username in a file `./username.txt` and the password in a
-file `./password.txt` on your local machine.
- -->
-一个 `Secret` 可以包含 Pod 访问数据库所需的用户凭证。
-例如，由用户名和密码组成的数据库连接字符串。
-你可以在本地计算机上，将用户名存储在文件 `./username.txt` 中，将密码存储在文件 `./password.txt` 中。
+A `Secret` object stores sensitive data such as credentials
+used by Pods to access services. For example, you might need a Secret to store
+the username and password needed to access a database.
+-->
+`Secret` 对象用来存储敏感数据，如 Pod 用于访问服务的凭据。例如，为访问数据库，你可能需要一个
+Secret 来存储所需的用户名及密码。
 
-```shell
-echo -n 'admin' > ./username.txt
-echo -n '1f2d1e2e67df' > ./password.txt
-```
+<!-- 
+You can create the Secret by passing the raw data in the command, or by storing
+the credentials in files that you pass in the command. The following commands
+create a Secret that stores the username `admin` and the password `S!B\*d$zDsb=`.
+-->
+你可以通过在命令中传递原始数据，或将凭据存储文件中，然后再在命令行中创建 Secret。以下命令
+将创建一个存储用户名 `admin` 和密码 `S!B\*d$zDsb=` 的 Secret。
 
-<!--
-In these commands, the `-n` flag ensures that the generated files do not have
-an extra newline character at the end of the text. This is important because
-when `kubectl` reads a file and encodes the content into a base64 string, the
-extra newline character gets encoded too.
+<!-- 
+### Use raw data 
 -->
-在这些命令中，`-n` 标志确保生成的文件在文本末尾不包含额外的换行符。
-这一点很重要，因为当 `kubectl` 读取文件并将内容编码为 base64 字符串时，多余的换行符也会被编码。
+### 使用原始数据
 
-<!--
-The `kubectl create secret` command packages these files into a Secret and creates
-the object on the API server.
+<!-- 
+Run the following command: 
 -->
-`kubectl create secret` 命令将这些文件打包成一个 Secret 并在 API 服务器上创建对象。
+执行以下命令：
 
 ```shell
 kubectl create secret generic db-user-pass \
-  --from-file=./username.txt \
-  --from-file=./password.txt
-```
-
-<!-- The output is similar to: -->
-输出类似于：
-
-```
-secret/db-user-pass created
+    --from-literal=username=devuser \
+    --from-literal=password='S!B\*d$zDsb='
 ```
 
-<!--
-The default key name is the filename. You can optionally set the key name using
-`--from-file=[key=]source`. For example:
+<!-- 
+You must use single quotes `''` to escape special characters such as `$`, `\`,
+`*`, `=`, and `!` in your strings. If you don't, your shell will interpret these
+characters. 
 -->
-默认密钥名称是文件名。 你可以选择使用 `--from-file=[key=]source` 来设置密钥名称。例如：
-
-```shell
-kubectl create secret generic db-user-pass \
-  --from-file=username=./username.txt \
-  --from-file=password=./password.txt
-```
+你必须使用单引号 `''` 转义字符串中的特殊字符，如 `$`、`\`、`*`、`=`和`!` 。否则，你的 shell 
+将会解析这些字符。
 
-<!--
-You do not need to escape special characters in password strings that you 
-include in a file.
+<!-- 
+### Use source files 
 -->
-你不需要对文件中包含的密码字符串中的特殊字符进行转义。
+### 使用源文件
 
-<!--
-You can also provide Secret data using the `--from-literal=<key>=<value>` tag.
-This tag can be specified more than once to provide multiple key-value pairs.
-Note that special characters such as `$`, `\`, `*`, `=`, and `!` will be
-interpreted by your [shell](https://en.wikipedia.org/wiki/Shell_(computing))
-and require escaping.
+<!-- 
+1.  Store the credentials in files with the values encoded in base64: 
+-->
+1.  对凭证的取值作 base64 编码后保存到文件中：
+
+    ```shell
+    echo -n 'admin' | base64 > ./username.txt
+    echo -n 'S!B\*d$zDsb=' | base64 > ./password.txt
+    ```
+	<!-- 
+	The `-n` flag ensures that the generated files do not have an extra newline
+	character at the end of the text. This is important because when `kubectl`
+	reads a file and encodes the content into a base64 string, the extra
+	newline character gets encoded too. You do not need to escape special
+	characters in strings that you include in a file. 
+	-->
+	`-n` 标志用来确保生成文件的文末没有多余的换行符。这很重要，因为当 `kubectl`
+	读取文件并将内容编码为 base64 字符串时，额外的换行符也会被编码。
+	你不需要对文件中包含的字符串中的特殊字符进行转义。
 
-In most shells, the easiest way to escape the password is to surround it with
-single quotes (`'`). For example, if your password is `S!B\*d$zDsb=`,
-run the following command:
+<!-- 
+2.  Pass the file paths in the `kubectl` command: 
 -->
-你还可以使用 `--from-literal=<key>=<value>` 标签提供 Secret 数据。
-可以多次使用此标签，提供多个键值对。
-请注意，特殊字符（例如：`$`，`\`，`*`，`=` 和 `!`）由你的 [shell](https://en.wikipedia.org/wiki/Shell_(computing))
-解释执行，而且需要转义。
+2.  在 `kubectl` 命令中传递文件路径：
+
+    ```shell
+    kubectl create secret generic db-user-pass \
+        --from-file=./username.txt \
+        --from-file=./password.txt
+    ```
+	<!-- 
+	The default key name is the file name. You can optionally set the key name
+	using `--from-file=[key=]source`. For example: 
+	-->
+	默认键名为文件名。你也可以通过 `--from-file=[key=]source` 设置键名，例如：
+
+    ```shell
+    kubectl create secret generic db-user-pass \
+        --from-file=username=./username.txt \
+        --from-file=password=./password.txt
+    ```
 
-在大多数 shell 中，转义密码最简便的方法是用单引号括起来。
-比如，如果你的密码是 `S!B\*d$zDsb=`， 
-可以像下面一样执行命令：
+<!-- 
+With either method, the output is similar to: 
+-->
+无论使用哪种方法，输出都类似于：
 
-```shell
-kubectl create secret generic db-user-pass \
-  --from-literal=username=devuser \
-  --from-literal=password='S!B\*d$zDsb='
+```
+secret/db-user-pass created
 ```
 
-<!-- ## Verify the Secret -->
-## 验证 Secret    {#verify-the-secret}
+<!-- 
+### Verify the Secret {#verify-the-secret} 
+-->
+## 验证 Secret  {#verify-the-secret}
 
-<!-- Check that the Secret was created: -->
-检查 secret 是否已创建：
+<!-- 
+Check that the Secret was created: 
+-->
+检查 Secret 是否已创建：
 
 ```shell
 kubectl get secrets
 ```
 
-<!-- The output is similar to: -->
 输出类似于：
 
 ```
 NAME                  TYPE                                  DATA      AGE
 db-user-pass          Opaque                                2         51s
 ```
 
-<!-- You can view a description of the `Secret`: -->
-你可以查看 `Secret` 的描述：
+<!-- 
+View the details of the Secret: 
+-->
+查看 Secret 的细节：
 
 ```shell
-kubectl describe secrets/db-user-pass
+kubectl describe secret db-user-pass
 ```
 
-<!-- The output is similar to: -->
+<!-- 
+The output is similar to: 
+-->
 输出类似于：
 
 ```
@@ -159,76 +183,123 @@ accidentally, or from being stored in a terminal log.
 `kubectl get` 和 `kubectl describe` 命令默认不显示 `Secret` 的内容。
 这是为了防止 `Secret` 被意外暴露或存储在终端日志中。
 
-<!--
-To check the actual content of the encoded data, refer to [Decoding the Secret](#decoding-secret).
+<!-- 
+### Decode the Secret  {#decoding-secret} 
 -->
-查看编码数据的实际内容，请参考[解码 Secret](#decoding-secret)。
+### 解码 Secret  {#decoding-secret}
 
-<!-- ## Decoding the Secret  {#decoding-secret} -->
-## 解码 Secret  {#decoding-secret}
-
-<!--
-To view the contents of the Secret you created, run the following command:
+<!-- 
+1.  View the contents of the Secret you created: 
 -->
-要查看创建的 Secret 的内容，运行以下命令：
+1.  查看你所创建的 Secret 内容
 
-```shell
-kubectl get secret db-user-pass -o jsonpath='{.data}'
-```
+    ```shell
+    kubectl get secret db-user-pass -o jsonpath='{.data}'
+    ```
 
 <!-- The output is similar to: -->
-输出类似于：
+    输出类似于：
 
-```json
-{"password":"MWYyZDFlMmU2N2Rm","username":"YWRtaW4="}
-```
+    ```json
+    {"password":"UyFCXCpkJHpEc2I9","username":"YWRtaW4="}
+    ```
 
-<!-- 
-Now you can decode the `password` data:
--->
-现在你可以解码 `password` 的数据：
+<!-- 2.  Decode the `password` data: -->
+2.  解码 `password` 数据:
 
-```shell
-# 这是一个用于文档说明的示例。
-# 如果你这样做，数据 'MWYyZDFlMmU2N2Rm' 可以存储在你的 shell 历史中。
-# 可以进入你电脑的人可以找到那个记住的命令并可以在你不知情的情况下 base-64 解码这个 Secret。
-# 通常最好将这些步骤结合起来，如页面后面所示。
-echo 'MWYyZDFlMmU2N2Rm' | base64 --decode
-```
+    ```shell
+    echo 'UyFCXCpkJHpEc2I9' | base64 --decode
+    ```
 
 <!-- The output is similar to: -->
-输出类似于：
+    输出类似于：
+
+    ```
+    S!B\*d$zDsb=
+    ```
+
+    <!-- 
+    {{<caution>}}This is an example for documentation purposes. In practice,
+    this method could cause the command with the encoded data to be stored in
+    your shell history. Anyone with access to your computer could find the
+    command and decode the secret. A better approach is to combine the view and
+    decode commands.{{</caution>}} 
+    -->
+    {{<caution>}}
+    这是一个出于文档编制目的的示例。实际上，该方法可能会导致包含编码数据的命令存储在
+    Shell 的历史记录中。任何可以访问你的计算机的人都可以找到该命令并对 Secret 进行解码。
+    更好的办法是将查看和解码命令一同使用。{{</caution>}} 
+
+    ```shell
+    kubectl get secret db-user-pass -o jsonpath='{.data.password}' | base64 --decode
+    ```
 
-```
-1f2d1e2e67df
-```
+<!-- 
+## Edit a Secret {#edit-secret} 
+-->
+## 编辑 Secret {#edit-secret}
 
-<!--
-In order to avoid storing a secret encoded value in your shell history, you can
-run the following command:
+<!-- 
+You can edit an existing `Secret` object unless it is
+[immutable](/docs/concepts/configuration/secret/#secret-immutable). To edit a
+Secret, run the following command: 
 -->
-为了避免在 shell 历史记录中存储 Secret 的编码值，可以执行如下命令:
+你可以编辑一个现存的 `Secret` 对象，除非它是[不可改变的](/zh-cn/docs/concepts/configuration/secret/#secret-immutable)。
+要想编辑一个 Secret，请执行以下命令：
 
 ```shell
-kubectl get secret db-user-pass -o jsonpath='{.data.password}' | base64 --decode
+kubectl edit secrets <secret-name>
 ```
 
+<!-- 
+This opens your default editor and allows you to update the base64 encoded
+Secret values in the `data` field, such as in the following example: 
+-->
+这将打开默认编辑器，并允许你更新 `data` 字段中的 base64 编码的 Secret 值，示例如下：
 <!--
-The output shall be similar as above.
+# Please edit the object below. Lines beginning with a '#' will be ignored,
+# and an empty file will abort the edit. If an error occurs while saving this file, it will be
+# reopened with the relevant failures.
+#
 -->
-输出应与上述类似。
 
-<!-- ## Clean Up -->
+```yaml
+
+#请编辑下面的对象。以“#”开头的行将被忽略，
+#空文件将中止编辑。如果在保存此文件时发生错误，
+#则将重新打开该文件并显示相关的失败。
+#
+apiVersion: v1
+data:
+  password: UyFCXCpkJHpEc2I9
+  username: YWRtaW4=
+kind: Secret
+metadata:
+  creationTimestamp: "2022-06-28T17:44:13Z"
+  name: db-user-pass
+  namespace: default
+  resourceVersion: "12708504"
+  uid: 91becd59-78fa-4c85-823f-6d44436242ac
+type: Opaque
+```
+
+<!-- 
+## Clean up 
+-->
 ## 清理    {#clean-up}
 
-<!-- Delete the Secret you created: -->
-删除创建的 Secret：
+<!-- 
+To delete a Secret, run the following command: 
+-->
+要想删除一个 Secret，请执行以下命令：
 
 ```shell
 kubectl delete secret db-user-pass
 ```
 
-<!-- discussion -->
+<!-- 
+discussion 
+-->
 
 ## {{% heading "whatsnext" %}}