Skip to content

Commit 699d6fd

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request #47315 from my-git9/pp-22152
[zh-cn] sync access-authn-authz/rbac.md
2 parents a4a8dae + fbf0919 commit 699d6fd

File tree

1 file changed

+6
-6
lines changed
  • content/zh-cn/docs/reference/access-authn-authz

1 file changed

+6
-6
lines changed

content/zh-cn/docs/reference/access-authn-authz/rbac.md

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1148,7 +1148,7 @@ This allows the cluster to repair accidental modifications, and helps to keep ro
11481148
up-to-date as permissions and subjects change in new Kubernetes releases.
11491149

11501150
To opt out of this reconciliation, set the `rbac.authorization.kubernetes.io/autoupdate`
1151-
annotation on a default cluster role or rolebinding to `false`.
1151+
annotation on a default cluster role or default cluster RoleBinding to `false`.
11521152
Be aware that missing default permissions and subjects can result in non-functional clusters.
11531153

11541154
Auto-reconciliation is enabled by default if the RBAC authorizer is active.
@@ -1160,7 +1160,7 @@ Auto-reconciliation is enabled by default if the RBAC authorizer is active.
11601160
这种自动协商机制允许集群去修复一些不小心发生的修改,
11611161
并且有助于保证角色和角色绑定在新的发行版本中有权限或主体变更时仍然保持最新。
11621162

1163-
如果要禁止此功能,请将默认 ClusterRole 以及 ClusterRoleBinding 的
1163+
如果要禁止此功能,请将默认 ClusterRole 以及默认 ClusterRoleBinding 的
11641164
`rbac.authorization.kubernetes.io/autoupdate` 注解设置成 `false`。
11651165
注意,缺少默认权限和角色绑定主体可能会导致集群无法正常工作。
11661166

@@ -1169,18 +1169,18 @@ Auto-reconciliation is enabled by default if the RBAC authorizer is active.
11691169
<!--
11701170
### API discovery roles {#discovery-roles}
11711171

1172-
Default role bindings authorize unauthenticated and authenticated users to read API information
1172+
Default cluster role bindings authorize unauthenticated and authenticated users to read API information
11731173
that is deemed safe to be publicly accessible (including CustomResourceDefinitions).
1174-
To disable anonymous unauthenticated access, add `--anonymous-auth=false` to
1174+
To disable anonymous unauthenticated access, add `--anonymous-auth=false` flag to
11751175
the API server configuration.
11761176

11771177
To view the configuration of these roles via `kubectl` run:
11781178
-->
11791179
### API 发现角色 {#discovery-roles}
11801180

11811181
无论是经过身份验证的还是未经过身份验证的用户,
1182-
默认的角色绑定都授权他们读取被认为是可安全地公开访问的 API(包括 CustomResourceDefinitions)。
1183-
如果要禁用匿名的未经过身份验证的用户访问,请在 API 服务器配置中中添加
1182+
默认的集群角色绑定都授权他们读取被认为是可安全地公开访问的 API(包括 CustomResourceDefinitions)。
1183+
如果要禁用匿名的未经过身份验证的用户访问,请在 API 服务器配置中添加
11841184
`--anonymous-auth=false` 的配置选项。
11851185

11861186
通过运行命令 `kubectl` 可以查看这些角色的配置信息:

0 commit comments

Comments
 (0)