Merge pull request #29369 from EricWvi/main

k8s-ci-robot · web-flow · commit cd052d9381ad · 2021-08-16T19:22:02.000-07:00
[zh] Concept files to sync for 1.22 - (8) Service
diff --git a/content/zh/docs/concepts/services-networking/dns-pod-service.md b/content/zh/docs/concepts/services-networking/dns-pod-service.md
@@ -92,10 +92,10 @@ options ndots:5
 
 <!--
 In summary, a pod in the _test_ namespace can successfully resolve either
-`data.prod` or `data.prod.cluster.local`.
+`data.prod` or `data.prod.svc.cluster.local`.
 -->
 概括起来，名字空间 `test` 中的 Pod 可以成功地解析 `data.prod` 或者
-`data.prod.cluster.local`。
+`data.prod.svc.cluster.local`。
 
 <!--
 ### DNS Records
@@ -336,11 +336,11 @@ record unless `publishNotReadyAddresses=True` is set on the Service.
 <!--
 ### Pod's setHostnameAsFQDN field {#pod-sethostnameasfqdn-field}
 
-{{< feature-state for_k8s_version="v1.20" state="beta" >}}
+{{< feature-state for_k8s_version="v1.22" state="stable" >}}
 -->
 ### Pod 的 setHostnameAsFQDN 字段  {#pod-sethostnameasfqdn-field}
 
-{{< feature-state for_k8s_version="v1.20" state="beta" >}}
+{{< feature-state for_k8s_version="v1.22" state="stable" >}}
 
 <!--
 When a Pod is configured to have fully qualified domain name (FQDN), its hostname is the short hostname. For example, if you have a Pod with the fully qualified domain name `busybox-1.default-subdomain.my-namespace.svc.cluster-domain.example`, then by default the `hostname` command inside that Pod returns `busybox-1` and  the `hostname -fqdn` command returns the FQDN.
@@ -454,6 +454,8 @@ spec:
 <!--
 ### Pod's DNS Config
 
+{{< feature-state for_k8s_version="v1.14" state="stable" >}}
+
 Pod's DNS Config allows users more control on the DNS settings for a Pod.
 
 The `dnsConfig` field is optional and it can work with any `dnsPolicy` settings.
@@ -464,6 +466,8 @@ Below are the properties a user can specify in the `dnsConfig` field:
 -->
 ### Pod 的 DNS 配置  {#pod-dns-config}
 
+{{< feature-state for_k8s_version="v1.14" state="stable" >}}
+
 Pod 的 DNS 配置可让用户对 Pod 的 DNS 设置进行更多控制。
 
 `dnsConfig` 字段是可选的，它可以与任何 `dnsPolicy` 设置一起使用。
@@ -541,6 +545,28 @@ search default.svc.cluster-domain.example svc.cluster-domain.example cluster-dom
 options ndots:5
 ```
 
+<!--
+#### Expanded DNS Configuration
+
+{{< feature-state for_k8s_version="1.22" state="alpha" >}}
+
+By default, for Pod's DNS Config, Kubernetes allows at most 6 search domains and
+a list of search domains of up to 256 characters.
+
+If the feature gate `ExpandedDNSConfig` is enabled for the kube-apiserver and
+the kubelet, it is allowed for Kubernetes to have at most 32 search domains and
+a list of search domains of up to 2048 characters.
+-->
+#### 扩展 DNS 配置  {#expanded-dns-configuration}
+
+{{< feature-state for_k8s_version="1.22" state="alpha" >}}
+
+对于 Pod DNS 配置，Kubernetes 默认允许最多 6 个 搜索域（ Search Domain） 
+以及一个最多 256 个字符的搜索域列表。
+
+如果启用 kube-apiserver 和 kubelet 的特性门控 `ExpandedDNSConfig`，Kubernetes 将可以有最多 32 个 
+搜索域以及一个最多 2048 个字符的搜索域列表。
+
 <!--
 ### Feature availability
 
diff --git a/content/zh/docs/concepts/services-networking/endpoint-slices.md b/content/zh/docs/concepts/services-networking/endpoint-slices.md
@@ -458,9 +458,7 @@ implementation in `kube-proxy`.
 ## {{% heading "whatsnext" %}}
 
 <!--
-* [Enabling Endpoint Slices](/docs/tasks/administer-cluster/enabling-endpoint-slices)
 * Read [Connecting Applications with Services](/docs/concepts/services-networking/connect-applications-service/)
 -->
-* 了解[启用 EndpointSlice](/zh/docs/tasks/administer-cluster/enabling-endpointslices)
 * 阅读[使用服务连接应用](/zh/docs/concepts/services-networking/connect-applications-service/)
 
diff --git a/content/zh/docs/concepts/services-networking/ingress.md b/content/zh/docs/concepts/services-networking/ingress.md
@@ -421,21 +421,29 @@ IngressClass 资源包含一个可选的 `parameters` 字段，可用于为该
 -->
 #### 名字空间域的参数
 
-{{< feature-state for_k8s_version="v1.21" state="alpha" >}}
+{{< feature-state for_k8s_version="v1.22" state="beta" >}}
 
 <!--
 `Parameters` field has a `scope` and `namespace` field that can be used to
 reference a namespace-specific resource for configuration of an Ingress class.
 `Scope` field defaults to `Cluster`, meaning, the default is cluster-scoped
 resource. Setting `Scope` to `Namespace` and setting the `Namespace` field
 will reference a parameters resource in a specific namespace:
+
+Namespace-scoped parameters avoid the need for a cluster-scoped CustomResourceDefinition
+for a parameters resource. This further avoids RBAC-related resources
+that would otherwise be required to grant permissions to cluster-scoped
+resources.
 -->
 `parameters` 字段有一个 `scope` 和 `namespace` 字段，可用来引用特定
 于名字空间的资源，对 Ingress 类进行配置。
 `scope` 字段默认为 `Cluster`，表示默认是集群作用域的资源。
 将 `scope` 设置为 `Namespace` 并设置 `namespace` 字段就可以引用某特定
 名字空间中的参数资源。
 
+有了名字空间域的参数，就不再需要为一个参数资源配置集群范围的 CustomResourceDefinition。
+除此之外，之前对访问集群范围的资源进行授权，需要用到 RBAC 相关的资源，现在也不再需要了。
+
 {{< codenew file="service/networking/namespaced-params.yaml" >}}
 
 <!-- 
diff --git a/content/zh/docs/concepts/services-networking/network-policies.md b/content/zh/docs/concepts/services-networking/network-policies.md
@@ -290,6 +290,7 @@ Pod 的连接，*或* 来自任何名字空间中标有 `user=alice` 的任何 P
 <!--
 When in doubt, use `kubectl describe` to see how Kubernetes has interpreted the policy.
 
+<a name="behavior-of-ipblock-selectors"></a>
 __ipBlock__: This selects particular IP CIDR ranges to allow as ingress sources or egress destinations. These should be cluster-external IPs, since Pod IPs are ephemeral and unpredictable.
 
 Cluster ingress and egress mechanisms often require rewriting the source or destination IP
@@ -415,13 +416,13 @@ This ensures that even pods that aren't selected by any other NetworkPolicy will
 -->
 ## SCTP 支持
 
-{{< feature-state for_k8s_version="v1.19" state="beta" >}}
+{{< feature-state for_k8s_version="v1.20" state="stable" >}}
 
 <!--
-As a beta feature, this is enabled by default. To disable SCTP at a cluster level, you (or your cluster administrator) will need to disable the `SCTPSupport` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) for the API server with `-feature-gates=SCTPSupport=false,...`.
+As a stable feature, this is enabled by default. To disable SCTP at a cluster level, you (or your cluster administrator) will need to disable the `SCTPSupport` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) for the API server with `--feature-gates=SCTPSupport=false,…`.
 When the feature gate is enabled, you can set the `protocol` field of a NetworkPolicy to `SCTP`.
 -->
-作为一个 Beta 特性，SCTP 支持默认是被启用的。
+作为一个稳定特性，SCTP 支持默认是被启用的。
 要在集群层面禁用 SCTP，你（或你的集群管理员）需要为 API 服务器指定
 `--feature-gates=SCTPSupport=false,...`
 来禁用 `SCTPSupport` [特性门控](/zh/docs/reference/command-line-tools-reference/feature-gates/)。
@@ -439,7 +440,7 @@ You must be using a {{< glossary_tooltip text="CNI" term_id="cni" >}} plugin tha
 -->
 ## 针对某个端口范围   {#targeting-a-range-of-ports}
 
-{{< feature-state for_k8s_version="v1.21" state="alpha" >}}
+{{< feature-state for_k8s_version="v1.22" state="beta" >}}
 
 <!--
 When writing a NetworkPolicy, you can target a range of ports instead of a single port.
@@ -473,23 +474,25 @@ spec:
 ```
 
 <!--
-The above rule allows any Pod with label `db` on the namespace `default` to communicate with any IP within the range `10.0.0.0/24` over TCP, provided that the target port is between the range 32000 and 32768.
+The above rule allows any Pod with label `db` on the namespace `default` to communicate 
+with any IP within the range `10.0.0.0/24` over TCP, provided that the target 
+port is between the range 32000 and 32768.
 -->
 上面的规则允许名字空间 `default` 中所有带有标签 `db` 的 Pod 使用 TCP 协议
 与 `10.0.0.0/24` 范围内的 IP 通信，只要目标端口介于 32000 和 32768 之间就可以。
 
 <!--
 The following restrictions apply when using this field:
-* As an alpha feature, this is disabled by default. To enable the `endPort` field at a cluster level, you (or your cluster administrator) need to enable the `NetworkPolicyEndPort` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) for the API server with `-feature-gates=NetworkPolicyEndPort=true,…`.
+* As a beta feature, this is enabled by default. To disable the `endPort` field at a cluster level, you (or your cluster administrator) need to disable the `NetworkPolicyEndPort` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) for the API server with `-feature-gates=NetworkPolicyEndPort=false,…`.
 * The `endPort` field must be equal than or greater to the `port` field.
 * `endPort` can only be defined if `port` is also defined.
 * Both ports must be numeric.
 -->
 使用此字段时存在以下限制：
 
-* 作为一种 Alpha 阶段的特性，端口范围设定默认是被禁用的。要在整个集群
-  范围内允许使用 `endPort` 字段，你（或者你的集群管理员）需要为 API
-  服务器设置 `-feature-gates=NetworkPolicyEndPort=true,...` 以启用
+* 作为一种 Beta 阶段的特性，端口范围设定默认是被启用的。要在整个集群
+  范围内禁止使用 `endPort` 字段，你（或者你的集群管理员）需要为 API
+  服务器设置 `-feature-gates=NetworkPolicyEndPort=false,...` 以禁用
   `NetworkPolicyEndPort` 
   [特性门控](/zh/docs/reference/command-line-tools-reference/feature-gates/)。
 * `endPort` 字段必须等于或者大于 `port` 字段的值。
@@ -499,9 +502,15 @@ The following restrictions apply when using this field:
 <!--
 Your cluster must be using a {{< glossary_tooltip text="CNI" term_id="cni" >}} plugin that
 supports the `endPort` field in NetworkPolicy specifications.
+If your [network plugin](/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/) 
+does not support the `endPort` field and you specify a NetworkPolicy with that,
+the policy will be applied only for the single `port` field.
 -->
 你的集群所使用的 {{< glossary_tooltip text="CNI" term_id="cni" >}} 插件
 必须支持在 NetworkPolicy 规约中使用 `endPort` 字段。
+如果你的[网络插件](/zh/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/)
+不支持 `endPort` 字段，而你指定了一个包含 `endPort` 字段的 NetworkPolicy，
+策略只对单个 `port` 字段生效。
 {{< /note >}}
 
 <!--
diff --git a/content/zh/docs/concepts/services-networking/service.md b/content/zh/docs/concepts/services-networking/service.md
