Skip to content

Commit 96e29bd

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request #38690 from gaogao101/work67
[zh-cn] sync security-context.md
2 parents 5d78524 + 5c55dfa commit 96e29bd

File tree

1 file changed

+3
-15
lines changed

1 file changed

+3
-15
lines changed

content/zh-cn/docs/tasks/configure-pod-container/security-context.md

Lines changed: 3 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -316,15 +316,14 @@ and [`emptydir`](/docs/concepts/storage/volumes/#emptydir).
316316
## Delegating volume permission and ownership change to CSI driver
317317
-->
318318
## 将卷权限和所有权更改委派给 CSI 驱动程序
319-
{{< feature-state for_k8s_version="v1.23" state="beta" >}}
319+
{{< feature-state for_k8s_version="v1.26" state="stable" >}}
320320

321321
<!--
322322
If you deploy a [Container Storage Interface (CSI)](https://github.com/container-storage-interface/spec/blob/master/spec.md)
323323
driver which supports the `VOLUME_MOUNT_GROUP` `NodeServiceCapability`, the
324324
process of setting file ownership and permissions based on the
325325
`fsGroup` specified in the `securityContext` will be performed by the CSI driver
326-
instead of Kubernetes, provided that the `DelegateFSGroupToCSIDriver` Kubernetes
327-
feature gate is enabled. In this case, since Kubernetes doesn't perform any
326+
instead of Kubernetes. In this case, since Kubernetes doesn't perform any
328327
ownership and permission change, `fsGroupChangePolicy` does not take effect, and
329328
as specified by CSI, the driver is expected to mount the volume with the
330329
provided `fsGroup`, resulting in a volume that is readable/writable by the
@@ -333,21 +332,10 @@ provided `fsGroup`, resulting in a volume that is readable/writable by the
333332
如果你部署了一个[容器存储接口 (CSI)](https://github.com/container-storage-interface/spec/blob/master/spec.md)
334333
驱动,而该驱动支持 `VOLUME_MOUNT_GROUP` `NodeServiceCapability`,
335334
在 `securityContext` 中指定 `fsGroup` 来设置文件所有权和权限的过程将由 CSI
336-
驱动而不是 Kubernetes 来执行,前提是 Kubernetes 的 `DelegateFSGroupToCSIDriver`
337-
特性门控已启用。在这种情况下,由于 Kubernetes 不执行任何所有权和权限更改,
335+
驱动而不是 Kubernetes 来执行。在这种情况下,由于 Kubernetes 不执行任何所有权和权限更改,
338336
`fsGroupChangePolicy` 不会生效,并且按照 CSI 的规定,CSI 驱动应该使用所指定的
339337
`fsGroup` 来挂载卷,从而生成了一个对 `fsGroup` 可读/可写的卷.
340338

341-
<!--
342-
Please refer to the [KEP](https://github.com/gnufied/enhancements/blob/master/keps/sig-storage/2317-fsgroup-on-mount/README.md)
343-
and the description of the `VolumeCapability.MountVolume.volume_mount_group`
344-
field in the [CSI spec](https://github.com/container-storage-interface/spec/blob/master/spec.md#createvolume)
345-
for more information.
346-
-->
347-
更多的信息请参考 [KEP](https://github.com/gnufied/enhancements/blob/master/keps/sig-storage/2317-fsgroup-on-mount/README.md)
348-
和 [CSI 规范](https://github.com/container-storage-interface/spec/blob/master/spec.md#createvolume)
349-
中的字段 `VolumeCapability.MountVolume.volume_mount_group` 的描述。
350-
351339
<!--
352340
## Set the security context for a Container
353341

0 commit comments

Comments
 (0)