You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/zh-cn/docs/reference/labels-annotations-taints/_index.md
+19-30Lines changed: 19 additions & 30 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -921,7 +921,7 @@ Used on: Node
921
921
922
922
The kubelet can set this annotation on a Node to denote its configured IPv4 address.
923
923
924
-
When kubelet is started with the "external" cloud provider, it sets this annotation on the Node to denote an IP address set from the command line flag (`--node-ip`). This IP is verified with the cloud provider as valid by the cloud-controller-manager.
924
+
When kubelet is started with the `--cloud-provider` flag set to any value (includes both external and legacy in-tree cloud providers), it sets this annotation on the Node to denote an IP address set from the command line flag (`--node-ip`). This IP is verified with the cloud provider as valid by the cloud-controller-manager.
A user can manually add the taint to a Node marking it out-of-service. If the `NodeOutOfServiceVolumeDetach`
1133
+
A user can manually add the taint to a Node marking it out-of-service. If the `NodeOutOfServiceVolumeDetach`
1133
1134
[feature gate](/docs/reference/command-line-tools-reference/feature-gates/) is enabled on
1134
1135
`kube-controller-manager`, and a Node is marked out-of-service with this taint, the pods on the node will be forcefully deleted if there are no matching tolerations on it and volume detach operations for the pods terminating on the node will happen immediately. This allows the Pods on the out-of-service node to recover quickly on a different node.
1135
1136
-->
@@ -1348,7 +1349,10 @@ for more information.
1348
1349
1349
1350
Example: `kubernetes.io/psp: restricted`
1350
1351
1351
-
This annotation is only relevant if you are using [PodSecurityPolicies](/docs/concepts/security/pod-security-policy/).
1352
+
Used on: Pod
1353
+
1354
+
This annotation was only relevant if you were using [PodSecurityPolicies](/docs/concepts/security/pod-security-policy/).
1355
+
Kubernetes v{{< skew currentVersion >}} does not support the PodSecurityPolicy API.
1352
1356
1353
1357
When the PodSecurityPolicy admission controller admits a Pod, the admission controller
1354
1358
modifies the Pod to have this annotation.
@@ -1359,7 +1363,10 @@ The value of the annotation is the name of the PodSecurityPolicy that was used f
This annotation has been deprecated since Kubernetes v1.19 and will become non-functional in v1.25.
1378
+
This annotation has been deprecated since Kubernetes v1.19 and will become non-functional in a future release.
1379
+
please use the corresponding pod or container `securityContext.seccompProfile` field instead.
1372
1380
To specify security settings for a Pod, include the `securityContext` field in the Pod specification.
1373
1381
The [`securityContext`](/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context) field within a Pod's `.spec` defines pod-level security attributes.
1374
1382
When you [specify the security context for a Pod](/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod),
1375
1383
the settings you specify apply to all containers in that Pod.
0 commit comments