Merge pull request #48941 from my-git9/pp-14758

k8s-ci-robot · web-flow · commit 9a0df09d069f · 2024-12-16T02:58:43.000+01:00
[zh-cn]sync limit-range.md
diff --git a/content/zh-cn/docs/concepts/policy/limit-range.md b/content/zh-cn/docs/concepts/policy/limit-range.md
@@ -1,5 +1,5 @@
 ---
-title: 限制范围
+title: 限制范围（LimitRange）
 api_metadata:
 - apiVersion: "v1"
   kind: "LimitRange"
@@ -20,18 +20,24 @@ weight: 10
 <!-- overview -->
 
 <!--
-By default, containers run with unbounded [compute resources](/docs/concepts/configuration/manage-resources-containers/) on a Kubernetes cluster.
+By default, containers run with unbounded
+[compute resources](/docs/concepts/configuration/manage-resources-containers/) on a Kubernetes cluster.
 Using  Kubernetes [resource quotas](/docs/concepts/policy/resource-quotas/),
 administrators (also termed _cluster operators_) can restrict consumption and creation
 of cluster resources (such as CPU time, memory, and persistent storage) within a specified
 {{< glossary_tooltip text="namespace" term_id="namespace" >}}.
-Within a namespace, a {{< glossary_tooltip text="Pod" term_id="Pod" >}} can consume as much CPU and memory as is allowed by the ResourceQuotas that apply to that namespace. As a cluster operator, or as a namespace-level administrator, you might also be concerned about making sure that a single object cannot monopolize all available resources within a namespace.
-
-A LimitRange is a policy to constrain the resource allocations (limits and requests) that you can specify for each applicable object kind (such as Pod or {{< glossary_tooltip text="PersistentVolumeClaim" term_id="persistent-volume-claim" >}}) in a namespace.
+Within a namespace, a {{< glossary_tooltip text="Pod" term_id="Pod" >}} can consume as much CPU and memory
+as is allowed by the ResourceQuotas that apply to that namespace.
+As a cluster operator, or as a namespace-level administrator, you might also be concerned
+about making sure that a single object cannot monopolize all available resources within a namespace.
+
+A LimitRange is a policy to constrain the resource allocations (limits and requests) that you can specify for
+each applicable object kind (such as Pod or {{< glossary_tooltip text="PersistentVolumeClaim" term_id="persistent-volume-claim" >}})
+in a namespace.
 -->
 默认情况下， Kubernetes 集群上的容器运行使用的[计算资源](/zh-cn/docs/concepts/configuration/manage-resources-containers/)没有限制。
 使用 Kubernetes [资源配额](/zh-cn/docs/concepts/policy/resource-quotas/)，
-管理员（也称为 **集群操作者**）可以在一个指定的{{< glossary_tooltip text="命名空间" term_id="namespace" >}}内限制集群资源的使用与创建。
+管理员（也称为**集群操作者**）可以在一个指定的{{< glossary_tooltip text="命名空间" term_id="namespace" >}}内限制集群资源的使用与创建。
 在命名空间中，一个 {{< glossary_tooltip text="Pod" term_id="Pod" >}} 最多能够使用命名空间的资源配额所定义的 CPU 和内存用量。
 作为集群操作者或命名空间级的管理员，你可能也会担心如何确保一个 Pod 不会垄断命名空间内所有可用的资源。
 
@@ -45,11 +51,12 @@ LimitRange 是限制命名空间内可为每个适用的对象类别
 A _LimitRange_ provides constraints that can:
 
 - Enforce minimum and maximum compute resources usage per Pod or Container in a namespace.
-- Enforce minimum and maximum storage request per {{< glossary_tooltip text="PersistentVolumeClaim" term_id="persistent-volume-claim" >}} in a namespace.
+- Enforce minimum and maximum storage request per
+  {{< glossary_tooltip text="PersistentVolumeClaim" term_id="persistent-volume-claim" >}} in a namespace.
 - Enforce a ratio between request and limit for a resource in a namespace.
-- Set default request/limit for compute resources in a namespace and automatically inject them to Containers at runtime.
+- Set default request/limit for compute resources in a namespace and automatically
+  inject them to Containers at runtime.
 -->
-
 一个 **LimitRange（限制范围）** 对象提供的限制能够做到：
 
 - 在一个命名空间中实施对每个 Pod 或 Container 最小和最大的资源使用量的限制。
@@ -59,10 +66,11 @@ A _LimitRange_ provides constraints that can:
 - 设置一个命名空间中对计算资源的默认申请/限制值，并且自动的在运行时注入到多个 Container 中。
 
 <!--
-A LimitRange is enforced in a particular namespace when there is a
-LimitRange object in that namespace.
+Kubernetes constrains resource allocations to Pods in a particular namespace
+whenever there is at least one LimitRange object in that namespace.
 -->
-当某命名空间中有一个 LimitRange 对象时，将在该命名空间中实施 LimitRange 限制。
+只要特定命名空间中至少有一个 LimitRange 对象，Kubernetes 就会限制对该命名空间中的
+Pod 的资源分配。
 
 <!--
 The name of a LimitRange object must be a valid
@@ -75,46 +83,69 @@ LimitRange 的名称必须是合法的
 ## Constraints on resource limits and requests
 
 - The administrator creates a LimitRange in a namespace.
-- Users create (or try to create) objects in that namespace, such as Pods or PersistentVolumeClaims.
-- First, the `LimitRange` admission controller applies default request and limit values for all Pods (and their containers) that do not set compute resource requirements.
-- Second, the `LimitRange` tracks usage to ensure it does not exceed resource minimum, maximum and ratio defined in any `LimitRange` present in the namespace.
-- If you attempt to create or update an object (Pod or PersistentVolumeClaim) that violates a `LimitRange` constraint, your request to the API server will fail with an HTTP status code `403 Forbidden` and a message explaining the constraint that has been violated.
-- If you add a `LimitRange` in a namespace that applies to compute-related resources such as
- `cpu` and `memory`, you must specify
-  requests or limits for those values. Otherwise, the system may reject Pod creation.
-- `LimitRange` validations occur only at Pod admission stage, not on running Pods.
+- Users create (or try to create) objects in that namespace, such as Pods or
+  PersistentVolumeClaims.
+- First, the LimitRange admission controller applies default request and limit values
+  for all Pods (and their containers) that do not set compute resource requirements.
+- Second, the LimitRange tracks usage to ensure it does not exceed resource minimum,
+  maximum and ratio defined in any LimitRange present in the namespace.
+- If you attempt to create or update an object (Pod or PersistentVolumeClaim) that violates
+  a LimitRange constraint, your request to the API server will fail with an HTTP status
+  code `403 Forbidden` and a message explaining the constraint that has been violated.
+- If you add a LimitRange in a namespace that applies to compute-related resources
+  such as `cpu` and `memory`, you must specify requests or limits for those values.
+  Otherwise, the system may reject Pod creation.
+- LimitRange validations occur only at Pod admission stage, not on running Pods.
   If you add or modify a LimitRange, the Pods that already exist in that namespace
   continue unchanged.
-- If two or more `LimitRange` objects exist in the namespace, it is not deterministic which default value will be applied.
+- If two or more LimitRange objects exist in the namespace, it is not deterministic
+  which default value will be applied.
 -->
 ## 资源限制和请求的约束   {#constraints-on-resource-limits-and-requests}
 
-- 管理员在一个命名空间内创建一个 `LimitRange` 对象。
+- 管理员在一个命名空间内创建一个 LimitRange 对象。
 - 用户在此命名空间内创建（或尝试创建） Pod 和 PersistentVolumeClaim 等对象。
-- 首先，`LimitRange` 准入控制器对所有没有设置计算资源需求的所有 Pod（及其容器）设置默认请求值与限制值。
-- 其次，`LimitRange` 跟踪其使用量以保证没有超出命名空间中存在的任意 `LimitRange` 所定义的最小、最大资源使用量以及使用量比值。
-- 若尝试创建或更新的对象（Pod 和 PersistentVolumeClaim）违反了 `LimitRange` 的约束，
+- 首先，LimitRange 准入控制器对所有没有设置计算资源需求的所有 Pod（及其容器）设置默认请求值与限制值。
+- 其次，LimitRange 跟踪其使用量以保证没有超出命名空间中存在的任意 LimitRange 所定义的最小、最大资源使用量以及使用量比值。
+- 若尝试创建或更新的对象（Pod 和 PersistentVolumeClaim）违反了 LimitRange 的约束，
   向 API 服务器的请求会失败，并返回 HTTP 状态码 `403 Forbidden` 以及描述哪一项约束被违反的消息。
-- 若你在命名空间中添加 `LimitRange` 启用了对 `cpu` 和 `memory` 等计算相关资源的限制，
+- 若你在命名空间中添加 LimitRange 启用了对 `cpu` 和 `memory` 等计算相关资源的限制，
   你必须指定这些值的请求使用量与限制使用量。否则，系统将会拒绝创建 Pod。
-- `LimitRange` 的验证仅在 Pod 准入阶段进行，不对正在运行的 Pod 进行验证。
+- LimitRange 的验证仅在 Pod 准入阶段进行，不对正在运行的 Pod 进行验证。
   如果你添加或修改 LimitRange，命名空间中已存在的 Pod 将继续不变。
-- 如果命名空间中存在两个或更多 `LimitRange` 对象，应用哪个默认值是不确定的。
+- 如果命名空间中存在两个或更多 LimitRange 对象，应用哪个默认值是不确定的。
 
 <!--
 ## LimitRange and admission checks for Pods
 
-A `LimitRange` does **not** check the consistency of the default values it applies. This means that a default value for the _limit_ that is set by `LimitRange` may be less than the _request_ value specified for the container in the spec that a client submits to the API server. If that happens, the final Pod will not be schedulable.
+A LimitRange does **not** check the consistency of the default values it applies.
+This means that a default value for the _limit_ that is set by LimitRange may be
+less than the _request_ value specified for the container in the spec that a client
+submits to the API server. If that happens, the final Pod will not be schedulable.
 
-For example, you define a `LimitRange` with this manifest:
+For example, you define a LimitRange with this manifest:
 -->
 ## Pod 的 LimitRange 和准入检查     {#limitrange-and-admission-checks-for-pod}
 
-`LimitRange` **不** 检查所应用的默认值的一致性。
-这意味着 `LimitRange` 设置的 **limit** 的默认值可能小于客户端提交给 API 服务器的规约中为容器指定的 **request** 值。
+LimitRange **不**检查所应用的默认值的一致性。
+这意味着 LimitRange 设置的 **limit** 的默认值可能小于客户端提交给 API 服务器的规约中为容器指定的 **request** 值。
 如果发生这种情况，最终 Pod 将无法调度。
 
-例如，你使用如下清单定义一个 `LimitRange`：
+例如，你使用如下清单定义一个 LimitRange：
+
+{{< note >}}
+<!--
+The following examples operate within the default namespace of your cluster, as the namespace
+parameter is undefined and the LimitRange scope is limited to the namespace level.
+This implies that any references or operations within these examples will interact
+with elements within the default namespace of your cluster. You can override the
+operating namespace by configuring namespace in the `metadata.namespace` field.
+-->
+以下示例在集群的 default 命名空间内运行，因为命名空间参数未定义，并且
+LimitRange 范围仅限于命名空间级别。
+这意味着这些示例中的任何引用或操作都将与集群的 default 命名空间中的元素进行交互。
+你可以通过在 `metadata.namespace` 字段中配置命名空间来覆盖要使用的命名空间。
+{{< /note >}}
 
 {{% code_sample file="concepts/policy/limit-range/problematic-limit-range.yaml" %}}
 
@@ -135,19 +166,23 @@ Pod "example-conflict-with-limitrange-cpu" is invalid: spec.containers[0].resour
 ```
 
 <!--
-If you set both `request` and `limit`, then that new Pod will be scheduled successfully even with the same `LimitRange` in place:
+If you set both `request` and `limit`, then that new Pod will be scheduled successfully
+even with the same LimitRange in place:
 -->
-如果你同时设置了 `request` 和 `limit`，那么即使使用相同的 `LimitRange`，新 Pod 也会被成功调度：
+如果你同时设置了 `request` 和 `limit`，那么即使使用相同的 LimitRange，新 Pod 也会被成功调度：
 
 {{% code_sample file="concepts/policy/limit-range/example-no-conflict-with-limitrange-cpu.yaml" %}}
 
 <!--
 ## Example resource constraints
 
-Examples of policies that could be created using `LimitRange` are:
+Examples of policies that could be created using LimitRange are:
 
-- In a 2 node cluster with a capacity of 8 GiB RAM and 16 cores, constrain Pods in a namespace to request 100m of CPU with a max limit of 500m for CPU and request 200Mi for Memory with a max limit of 600Mi for Memory.
-- Define default CPU limit and request to 150m and memory default request to 300Mi for Containers started with no cpu and memory requests in their specs.
+- In a 2 node cluster with a capacity of 8 GiB RAM and 16 cores, constrain Pods in a
+  namespace to request 100m of CPU with a max limit of 500m for CPU and request 200Mi
+  for Memory with a max limit of 600Mi for Memory.
+- Define default CPU limit and request to 150m and memory default request to 300Mi for
+  Containers started with no cpu and memory requests in their specs.
 -->
 ## 资源约束示例   {#example-resource-constraints}
 
@@ -159,8 +194,9 @@ Examples of policies that could be created using `LimitRange` are:
   150m，内存默认需求值 300Mi。
 
 <!--
-In the case where the total limits of the namespace is less than the sum of the limits of the Pods/Containers,
-there may be contention for resources. In this case, the Containers or Pods will not be created.
+In the case where the total limits of the namespace is less than the sum of the limits
+of the Pods/Containers, there may be contention for resources. In this case, the
+Containers or Pods will not be created.
 -->
 在命名空间的总限制值小于 Pod 或 Container 的限制值的总和的情况下，可能会产生资源竞争。
 在这种情况下，将不会创建 Container 或 Pod。
@@ -182,7 +218,8 @@ For examples on using limits, see:
 - [how to configure minimum and maximum Storage consumption per namespace](/docs/tasks/administer-cluster/limit-storage-consumption/#limitrange-to-limit-requests-for-storage).
 - a [detailed example on configuring quota per namespace](/docs/tasks/administer-cluster/manage-resources/quota-memory-cpu-namespace/).
 
-Refer to the [LimitRanger design document](https://git.k8s.io/design-proposals-archive/resource-management/admission_control_limit_range.md) for context and historical information.
+Refer to the [LimitRanger design document](https://git.k8s.io/design-proposals-archive/resource-management/admission_control_limit_range.md)
+for context and historical information.
 -->
 关于使用限值的例子，可参阅：
 
@@ -193,4 +230,5 @@ Refer to the [LimitRanger design document](https://git.k8s.io/design-proposals-a
 - [如何配置每个命名空间最小和最大存储使用量](/zh-cn/docs/tasks/administer-cluster/limit-storage-consumption/#limitrange-to-limit-requests-for-storage)。
 - [配置每个命名空间的配额的详细例子](/zh-cn/docs/tasks/administer-cluster/manage-resources/quota-memory-cpu-namespace/)。
 
-有关上下文和历史信息，请参阅 [LimitRanger 设计文档](https://git.k8s.io/design-proposals-archive/resource-management/admission_control_limit_range.md)。
+有关上下文和历史信息，请参阅
+[LimitRanger 设计文档](https://git.k8s.io/design-proposals-archive/resource-management/admission_control_limit_range.md)。
