Merge pull request #27722 from tengqm/zh-sync-kubeadm-2

[zh] Resync kubeadm files (2)

Author: k8s-ci-robot

content/zh/docs/reference/config-api/kube-proxy-config.v1alpha1.md

@@ -46,7 +46,7 @@ with the aim of sharing knowledge on Kubernetes cluster best practices.
    - lock-down the kubelet API
    - locking down access to the API for system components like the kube-proxy and CoreDNS
    - locking down what a Bootstrap Token can access
- - **Easy to use**: The user should not have to run anything more than a couple of commands:
+ - **User-friendly**: The user should not have to run anything more than a couple of commands:
    - `kubeadm init`
    - `export KUBECONFIG=/etc/kubernetes/admin.conf`
    - `kubectl apply -f <network-of-choice.yaml>`
@@ -63,7 +63,7 @@ with the aim of sharing knowledge on Kubernetes cluster best practices.
   - 锁定 kubelet API
   - 锁定对系统组件（例如 kube-proxy 和 CoreDNS）的 API 的访问
   - 锁定启动引导令牌（Bootstrap Token）可以访问的内容
-- **易用的**：用户只需要运行几个命令即可：
+- **用户友好**：用户只需要运行几个命令即可：
   - `kubeadm init`
   - `export KUBECONFIG=/etc/kubernetes/admin.conf`
   - `kubectl apply -f <所选网络.yaml>`
@@ -558,7 +558,7 @@ API 服务器的静态 Pod 清单会受到用户提供的以下参数的影响:
     - `--requestheader-client-ca-file` to`front-proxy-ca.crt`
     - `--proxy-client-cert-file` to `front-proxy-client.crt`
     - `--proxy-client-key-file` to `front-proxy-client.key`
- - Other flags for securing the front proxy ([API Aggregation](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/aggregated-api-servers.md)) communications:
+ - Other flags for securing the front proxy ([API Aggregation](/docs/concepts/extend-kubernetes/api-extension/apiserver-aggregation/)) communications:
     - `--requestheader-username-headers=X-Remote-User`
     - `--requestheader-group-headers=X-Remote-Group`
     - `--requestheader-extra-headers-prefix=X-Remote-Extra-`
@@ -580,7 +580,7 @@ API 服务器的静态 Pod 清单会受到用户提供的以下参数的影响:
   - `--proxy-client-key-file` 设为 `front-proxy-client.key`
 
 - 其他用于保护前端代理（
-  [API 聚合层](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/aggregated-api-servers.md)）
+  [API 聚合层](/zh/docs/concepts/extend-kubernetes/api-extension/apiserver-aggregation/)）
   通信的标志:
 
   - `--requestheader-username-headers=X-Remote-User`
@@ -697,7 +697,7 @@ into `/var/lib/kubelet/config/init/kubelet` file.
 <!--  
 The init configuration is used for starting the kubelet on this specific node, providing an alternative for the kubelet drop-in file;
 such configuration will be replaced by the kubelet base configuration as described in following steps.
-See [set Kubelet parameters via a config file](/docs/tasks/administer-cluster/kubelet-config-file) for additional info.
+See [set Kubelet parameters via a config file](/docs/tasks/administer-cluster/kubelet-config-file) for additional information.
 -->
 初始化配置用于在这个特定节点上启动 kubelet，从而为 kubelet 插件文件提供了
 一种替代方法。如以下步骤中所述，这种配置将由 kubelet 基本配置所替代。
@@ -710,17 +710,24 @@ See [set Kubelet parameters via a config file](/docs/tasks/administer-cluster/ku
 <!--  
 1. To make dynamic kubelet configuration work, flag `--dynamic-config-dir=/var/lib/kubelet/config/dynamic` should be specified
    in `/etc/systemd/system/kubelet.service.d/10-kubeadm.conf`
-2. The kubelet configuration can be changed by passing a `KubeletConfiguration` object to `kubeadm init` or `kubeadm join` by using
+1. The kubelet configuration can be changed by passing a `KubeletConfiguration` object to `kubeadm init` or `kubeadm join` by using
    a configuration file `--config some-file.yaml`. The `KubeletConfiguration` object can be separated from other objects such
    as `InitConfiguration` using the `---` separator. For more details have a look at the `kubeadm config print-default` command.
 -->
 1. 要使动态 kubelet 配置生效，应在 `/etc/systemd/system/kubelet.service.d/10-kubeadm.conf`
    中指定 `--dynamic-config-dir=/var/lib/kubelet/config/dynamic` 标志。
-2. 通过使用配置文件 `--config some-file.yaml` 将 `KubeletConfiguration` 对象传递给
+1. 通过使用配置文件 `--config some-file.yaml` 将 `KubeletConfiguration` 对象传递给
    `kubeadm init` 或 `kubeadm join` 来更改 kubelet 配置。
    可以使用 `---` 分隔符将 `KubeletConfiguration` 对象与其他对象（例如 `InitConfiguration`）
    分开。更多的详细信息，请查看 `kubeadm config print-default` 命令。
 
+<!--
+For more details about the `KubeletConfiguration` struct, take a look at the
+[`KubeletConfiguration` reference](/docs/reference/config-api/kubelet-config.v1beta1/).
+-->
+有关 `KubeletConfiguration` 结构的详细信息，可参阅
+[`KubeletConfiguration` 参考文档](/docs/reference/config-api/kubelet-config.v1beta1/)。
+
 <!--
 ### Wait for the control plane to come up
 -->
@@ -748,7 +755,7 @@ kubeadm 依靠 kubelet 拉取控制平面镜像并将其作为静态 Pod 正确
 -->
 ### （可选）编写基本 kubelet 配置  {#write-base-kubelet-configuration}
 
-{{< feature-state for_k8s_version="v1.9" state="alpha" >}}
+{{< feature-state for_k8s_version="v1.11" state="beta" >}}
 
 <!--
 If kubeadm is invoked with `--feature-gates=DynamicKubeletConfig`:
@@ -1028,24 +1035,28 @@ A ServiceAccount for `kube-proxy` is created in the `kube-system` namespace; the
 - `kube-proxy` 的 ServiceAccount 绑定了 `system:node-proxier` ClusterRole
   中的特权
 
-#### DNS  {#dns}
+#### DNS
 
 <!--  
-- In Kubernetes version 1.18 kube-dns usage with kubeadm is deprecated and will be removed in a future release
 - The CoreDNS service is named `kube-dns`. This is done to prevent any interruption
-in service when the user is switching the cluster DNS from kube-dns to CoreDNS or vice-versa
-the `--config` method described [here](/docs/reference/setup-tools/kubeadm/kubeadm-init-phase/#cmd-phase-addon)
-- A ServiceAccount for CoreDNS/kube-dns is created in the `kube-system` namespace.
-- The `kube-dns` ServiceAccount is bound to the privileges in the `system:kube-dns` ClusterRole
+  in service when the user is switching the cluster DNS from kube-dns to CoreDNS,
+  the `--config` method described [here](/docs/reference/setup-tools/kubeadm/kubeadm-init-phase/#cmd-phase-addon)
+- A ServiceAccount for CoreDNS is created in the `kube-system` namespace.
+- The `coredns` ServiceAccount is bound to the privileges in the `system:coredns` ClusterRole
 -->
-- 在 Kubernetes 1.18 版本中，通过 kubeadm 部署 kube-dns 这一操作已经弃用，
-  将在未来的版本中删除。
 - CoreDNS 服务的名称为 `kube-dns`。这样做是为了防止当用户将集群 DNS 从 kube-dns
-  切换到 CoreDNS 或者反过来时，出现服务中断。`--config` 方法在
+  切换到 CoreDNS 时出现服务中断。`--config` 方法在
   [这里](/zh/docs/reference/setup-tools/kubeadm/kubeadm-init-phase/#cmd-phase-addon)
   有描述。
-- 在 `kube-system` 名字空间中创建 CoreDNS/kube-dns 的 ServiceAccount
-- `kube-dns` 的 ServiceAccount 绑定了 `system:kube-dns` ClusterRole 中的特权
+- 在 `kube-system` 名字空间中创建 CoreDNS 的 ServiceAccount
+- `coredns` 的 ServiceAccount 绑定了 `system:coredns` ClusterRole 中的特权
+
+<!--
+In Kubernetes version 1.21, support for using `kube-dns` with kubeadm was removed.
+You can use CoreDNS with kubeadm even when the related Service is named `kube-dns`.
+-->
+在 Kubernetes 1.21 版本中，kubeadm 对 `kube-dns` 的支持被移除。
+你可以在 kubeadm 使用 CoreDNS，即使相关的 Service 名字仍然是 `kube-dns`。
 
 <!--
 ## kubeadm join phases internal design
@@ -1183,17 +1194,16 @@ when the connection with the cluster is established, kubeadm try to access the `
 ## TLS 引导  {#tls-boostrap}
 
 <!--  
-Once the cluster info are known, the file `bootstrap-kubelet.conf` is written, thus allowing kubelet to do TLS Bootstrapping
-(conversely until v.1.7 TLS bootstrapping were managed by kubeadm).
+Once the cluster info are known, the file `bootstrap-kubelet.conf` is written, thus allowing kubelet to do TLS Bootstrapping.
 -->
-知道集群信息后，将写入文件 `bootstrap-kubelet.conf`，从而允许 kubelet 执行
-TLS 引导（相反，在 v1.7 之前 TLS 引导都是由 kubeadm 管理）。
+知道集群信息后，kubeadm 将写入文件 `bootstrap-kubelet.conf`，从而允许 kubelet 执行
+TLS 引导。
 
 <!--  
-The TLS bootstrap mechanism uses the shared token to temporarily authenticate with the Kubernetes Master to submit a certificate
+The TLS bootstrap mechanism uses the shared token to temporarily authenticate with the Kubernetes API server to submit a certificate
 signing request (CSR) for a locally created key pair.
 -->
-TLS 引导机制使用共享令牌对 Kubernetes 主控节点进行临时身份验证，以便
+TLS 引导机制使用共享令牌对 Kubernetes API 服务器进行临时身份验证，以便
 为本地创建的密钥对提交证书签名请求（CSR）。
 
 <!--  
@@ -1209,7 +1219,7 @@ kubelet 加入集群，同时删除 `bootstrap-kubelet.conf`。
 <!--  
 - The temporary authentication is validated against the token saved during the `kubeadm init` process (or with additional tokens
   created with `kubeadm token`)
-- The temporary authentication resolve to a user member of  `system:bootstrappers:kubeadm:default-node-token` group which was granted
+- The temporary authentication resolve to a user member of `system:bootstrappers:kubeadm:default-node-token` group which was granted
   access to CSR api during the `kubeadm init` process
 - The automatic CSR approval is managed by the csrapprover controller, according with configuration done the `kubeadm init` process
 -->
@@ -1222,24 +1232,24 @@ kubelet 加入集群，同时删除 `bootstrap-kubelet.conf`。
 <!--
 ### (optional) Write init kubelet configuration
 -->
-### （可选）编写 init kubelet 配置  {#write-init-kubelet-configuration}
+### （可选）写入初始的 kubelet 配置  {#write-init-kubelet-configuration}
 
-{{< feature-state for_k8s_version="v1.9" state="alpha" >}}
+{{< feature-state for_k8s_version="v1.11" state="beta" >}}
 
 <!--
 If kubeadm is invoked with `--feature-gates=DynamicKubeletConfig`:
 -->
 如果带 `--feature-gates=DynamicKubeletConfig` 参数调用 kubeadm，则 kubeadm：
 
 <!--  
-1. Read the kubelet base configuration from the `kubelet-base-config-v1.9` ConfigMap in the `kube-system` namespace  using the
+1. Read the kubelet base configuration from the `kubelet-base-config-v1.x` ConfigMap in the `kube-system` namespace  using the
    Bootstrap Token credentials, and write it to disk as kubelet init configuration file  `/var/lib/kubelet/config/init/kubelet`
 2. As soon as kubelet starts with the Node's own credential (`/etc/kubernetes/kubelet.conf`), update current node configuration
    specifying that the source for the node/kubelet configuration is the above ConfigMap.
 -->
-1. 使用引导令牌凭证从 `kube-system` 名字空间中 ConfigMap `kubelet-base-config-v1.9`
+1. 使用引导令牌凭证从 `kube-system` 名字空间中 ConfigMap `kubelet-base-config-v1.x`
    中读取 kubelet 基本配置，
-   并将其作为 kubelet init 配置文件 `/var/lib/kubelet/config/init/kubelet` 写入磁盘。
+   并将其作为 kubelet 初始配置文件 `/var/lib/kubelet/config/init/kubelet` 写入磁盘。
 2. 一旦 kubelet 开始使用节点自己的凭据（`/etc/kubernetes/kubelet.conf`），
    就更新当前节点配置，指定该节点或 kubelet 配置来自上述 ConfigMap。
 

content/zh/docs/reference/config-api/kubelet-config.v1beta1.md

@@ -18,47 +18,10 @@ weight: 90
 请试用这些功能并给我们提供反馈！
 {{< /caution >}}
 
-## kubeadm alpha kubeconfig user {#cmd-phase-kubeconfig}
-
-<!--
-The `user` subcommand can be used for the creation of kubeconfig files for additional users.
--->
-使用子命令 `user` 为其他用户创建 kubeconfig 文件。
-
-{{< tabs name="tab-kubeconfig" >}}
-{{< tab name="kubeconfig" include="generated/kubeadm_alpha_kubeconfig.md" />}}
-{{< tab name="user" include="generated/kubeadm_alpha_kubeconfig_user.md" />}}
-{{< /tabs >}}
-
-## kubeadm alpha kubelet config {#cmd-phase-kubelet}
-
 <!--
-Use the following command to enable the DynamicKubeletConfiguration feature.
+Currently there are no experimental commands under `kubeadm alpha`.
 -->
-使用以下命令启用 DynamicKubeletConfiguration 功能。
-
-{{< tabs name="tab-kubelet" >}}
-{{< tab name="kubelet" include="generated/kubeadm_alpha_kubelet.md" />}}
-{{< tab name="enable-dynamic" include="generated/kubeadm_alpha_kubelet_config_enable-dynamic.md" />}}
-{{< /tabs >}}
-
-## kubeadm alpha selfhosting pivot {#cmd-selfhosting}
-
-<!--
-The subcommand `pivot` can be used to convert a static Pod-hosted control plane into a self-hosted one.
--->
-子命令 `pivot` 可用于将 Pod 托管的静态控制平面转换为自托管的控制平面。
-有关 `pivot` 更多信息，请参见
-[文档](/zh/docs/setup/production-environment/tools/kubeadm/self-hosting/)。
-
-<!--
-[Documentation](/docs/setup/production-environment/tools/kubeadm/self-hosting/)
--->
-
-{{< tabs name="selfhosting" >}}
-{{< tab name="selfhosting" include="generated/kubeadm_alpha_selfhosting.md" />}}
-{{< tab name="pivot" include="generated/kubeadm_alpha_selfhosting_pivot.md" />}}
-{{< /tabs >}}
+目前在 `kubeadm alpha` 之下没有试验性质的命令。
 
 ## {{% heading "whatsnext" %}}
 

content/zh/docs/reference/setup-tools/kubeadm/implementation-details.md

@@ -4,26 +4,25 @@ weight: 90
 content_type: concept
 ---
 <!--
----
 title: kubeadm init phase
 weight: 90
 content_type: concept
----
 -->
 
 <!--
 `kubeadm init phase` enables you to invoke atomic steps of the bootstrap process.
 Hence, you can let kubeadm do some of the work and you can fill in the gaps
 if you wish to apply customization.
 -->
-`kubeadm init phase` 能确保调用引导过程的原子步骤。因此，如果希望自定义应用，则可以让 kubeadm 做一些工作，然后填补空白。
-
+`kubeadm init phase` 能确保调用引导过程的原子步骤。
+因此，如果希望自定义应用，则可以让 kubeadm 做一些工作，然后填补空白。
 
 <!--
 `kubeadm init phase` is consistent with the [kubeadm init workflow](/docs/reference/setup-tools/kubeadm/kubeadm-init/#init-workflow),
 and behind the scene both use the same code.
 -->
-`kubeadm init phase` 与 [kubeadm init 工作流](/zh/docs/reference/setup-tools/kubeadm/kubeadm-init/#init-workflow)一致，后台都使用相同的代码。
+`kubeadm init phase` 与 [kubeadm init 工作流](/zh/docs/reference/setup-tools/kubeadm/kubeadm-init/#init-workflow)
+一致，后台都使用相同的代码。
 
 <!--
 ## kubeadm init phase preflight {#cmd-phase-preflight}
@@ -143,7 +142,8 @@ Use the following phase to create a local etcd instance based on a static Pod fi
 You can use this command to upload the kubeadm configuration to your cluster.
 Alternatively, you can use [kubeadm config](/docs/reference/setup-tools/kubeadm/kubeadm-config/).
 -->
-可以使用此命令将 kubeadm 配置文件上传到集群。或者使用 [kubeadm config](/zh/docs/reference/setup-tools/kubeadm/kubeadm-config/)。
+可以使用此命令将 kubeadm 配置文件上传到集群。或者使用
+[kubeadm config](/zh/docs/reference/setup-tools/kubeadm/kubeadm-config/)。
 
 {{< tabs name="upload-config" >}}
 {{< tab name="upload-config" include="generated/kubeadm_init_phase_upload-config.md" />}}
@@ -177,7 +177,8 @@ By default the certs and encryption key expire after two hours.
 <!--
 Use the following phase to label and taint the node with the `node-role.kubernetes.io/master=""` key-value pair.
 -->
-使用以下阶段来给具有 `node-role.kubernetes.io/master=""` 键值对的节点打标签（label）和记录污点（taint）。
+使用以下阶段来给具有 `node-role.kubernetes.io/master=""` 键值对的节点
+打标签（label）和记录污点（taint）。
 
 {{< tabs name="tab-mark-control-plane" >}}
 {{< tab name="mark-control-plane" include="generated/kubeadm_init_phase_mark-control-plane.md" />}}
@@ -232,50 +233,12 @@ install them selectively.
 {{< tab name="kube-proxy" include="generated/kubeadm_init_phase_addon_kube-proxy.md" />}}
 {{< /tabs >}}
 
-<!--
-To use kube-dns instead of CoreDNS you have to pass a configuration file:
--->
-要使用 kube-dns 代替 CoreDNS，必须传递一个配置文件：
-
-<!--
-# for installing a DNS addon only
-# 仅用于安装 DNS 插件
-# for creating a complete control plane node
-# 用于创建完整的控制平面节点
-# for listing or pulling images
-# 用于列出或者拉取镜像
-# for upgrades
--->
-
-```bash
-# 仅用于安装 DNS 插件
-kubeadm init phase addon coredns --config=someconfig.yaml
-# 用于创建完整的控制平面节点
-kubeadm init --config=someconfig.yaml
-# 用于列出或者拉取镜像
-kubeadm config images list/pull --config=someconfig.yaml
-# 升级
-kubeadm upgrade apply --config=someconfig.yaml
-```
-
-<!--
-The file has to contain a [`DNS`](https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta2#DNS) field in[`ClusterConfiguration`](https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta2#ClusterConfiguration)
-and also a type for the addon - `kube-dns` (default value is `CoreDNS`).
--->
-该文件必须在 [`ClusterConfiguration`](https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta2#ClusterConfiguration) 中包含一个 [`DNS`](https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta2#DNS) 字段，以及包含一个插件的类型 - `kube-dns`（默认值为 `CoreDNS`）。
-
-```yaml
-apiVersion: kubeadm.k8s.io/v1beta2
-kind: ClusterConfiguration
-dns:
-  type: "kube-dns"
-```
-
 <!--
 For more details on each field in the `v1beta2` configuration you can navigate to our
 [API reference pages.] (https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta2)
 -->
-有关 `v1beta2` 配置中每个字段的更多详细信息，可以访问 [API](https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta2)。
+有关 `v1beta2` 配置中每个字段的更多详细信息，可以访问
+[API](https://godoc.org/k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta2)。
 
 ## {{% heading "whatsnext" %}}
 
@@ -285,7 +248,11 @@ For more details on each field in the `v1beta2` configuration you can navigate t
 * [kubeadm reset](/docs/reference/setup-tools/kubeadm/kubeadm-reset/) to revert any changes made to this host by `kubeadm init` or `kubeadm join`
 * [kubeadm alpha](/docs/reference/setup-tools/kubeadm/kubeadm-alpha/) to try experimental functionality
 -->
-* [kubeadm init](/zh/docs/reference/setup-tools/kubeadm/kubeadm-init/) 引导 Kubernetes 控制平面节点
-* [kubeadm join](/zh/docs/reference/setup-tools/kubeadm/kubeadm-join/) 将节点连接到集群
-* [kubeadm reset](/zh/docs/reference/setup-tools/kubeadm/kubeadm-reset/) 恢复通过 `kubeadm init` 或 `kubeadm join` 操作对主机所做的任何更改
-* [kubeadm alpha](/zh/docs/reference/setup-tools/kubeadm/kubeadm-alpha/) 尝试实验性功能
+* [kubeadm init](/zh/docs/reference/setup-tools/kubeadm/kubeadm-init/)
+  引导 Kubernetes 控制平面节点
+* [kubeadm join](/zh/docs/reference/setup-tools/kubeadm/kubeadm-join/)
+  将节点加入到集群
+* [kubeadm reset](/zh/docs/reference/setup-tools/kubeadm/kubeadm-reset/)
+  恢复通过 `kubeadm init` 或 `kubeadm join` 操作对主机所做的任何更改
+* [kubeadm alpha](/zh/docs/reference/setup-tools/kubeadm/kubeadm-alpha/)
+  尝试实验性功能