Merge pull request #52942 from my-git9/npe-7882

k8s-ci-robot · web-flow · commit cfa10393393b · 2025-10-25T06:03:34.000-07:00
[zh-cn]sync kubeadm_join/_index.md
diff --git a/content/zh-cn/docs/reference/setup-tools/kubeadm/generated/kubeadm_join/_index.md b/content/zh-cn/docs/reference/setup-tools/kubeadm/generated/kubeadm_join/_index.md
@@ -60,15 +60,15 @@ Kubernetes 控制平面节点提供的根证书颁发机构（CA）的公钥。
 此参数的值指定为 "&lt;hash-type&gt;:&lt;hex-encoded-value&gt;"，
 其中支持的哈希类型为 "sha256"。哈希是通过 Subject Public Key Info（SPKI）对象的字节计算的（如 RFC7469）。
 这个值可以从 "kubeadm init" 的输出中获得，或者可以使用标准工具进行计算。
-可以多次重复 --discovery-token-ca-cert-hash 参数以允许多个公钥。
+可以多次重复 `--discovery-token-ca-cert-hash` 参数以允许多个公钥。
 
 <!--
 If you cannot know the CA public key hash ahead of time, you can pass
 the --discovery-token-unsafe-skip-ca-verification flag to disable this
 verification. This weakens the kubeadm security model since other nodes
 can potentially impersonate the Kubernetes Control Plane.
 -->
-如果无法提前知道 CA 公钥哈希，则可以通过 --discovery-token-unsafe-skip-ca-verification 参数禁用此验证。
+如果无法提前知道 CA 公钥哈希，则可以通过 `--discovery-token-unsafe-skip-ca-verification` 参数禁用此验证。
 这削弱了 kubeadm 安全模型，因为其他节点可能会模仿 Kubernetes 控制平面节点。
 
 <!--
@@ -85,7 +85,7 @@ Often times the same token is used for both parts. In this case, the
 TLS 引导机制也通过共享令牌驱动。
 这用于向 Kubernetes 控制平面节点进行临时的身份验证，以提交本地创建的密钥对的证书签名请求（CSR）。
 默认情况下，kubeadm 将设置 Kubernetes 控制平面节点自动批准这些签名请求。
-这个令牌通过 --tls-bootstrap-token abcdef.1234567890abcdef 参数传入。
+这个令牌通过 `--tls-bootstrap-token abcdef.1234567890abcdef` 参数传入。
 
 通常两个部分会使用相同的令牌。
 在这种情况下可以使用 --token 参数，而不是单独指定每个令牌。
@@ -108,7 +108,7 @@ control-plane-join     Join a machine as a control plane instance
   /etcd                  Add a new local etcd member
   /update-status         Register the new control-plane node into the ClusterStatus maintained in the kubeadm-config ConfigMap (DEPRECATED)
   /mark-control-plane    Mark a node as a control-plane
-wait-control-plane     EXPERIMENTAL: Wait for the control plane to start
+wait-control-plane     Wait for the control plane to start
 ```
 -->
 1. preflight：运行接入前检查
@@ -124,7 +124,7 @@ wait-control-plane     EXPERIMENTAL: Wait for the control plane to start
    3. mark-control-plane：将节点标记为控制平面
 5. wait-control-plane：[实验] 等待控制平面启动
 
-```
+```shell
 kubeadm join [api-server-endpoint] [flags]
 ```
 
@@ -133,7 +133,7 @@ kubeadm join [api-server-endpoint] [flags]
 -->
 ### 选项
 
-   <table style="width: 100%; table-layout: fixed;">
+<table style="width: 100%; table-layout: fixed;">
 <colgroup>
 <col span="1" style="width: 10px;" />
 <col span="1" />
@@ -144,11 +144,13 @@ kubeadm join [api-server-endpoint] [flags]
 </tr>
 <tr>
 <td></td><td style="line-height: 130%; word-wrap: break-word;">
+<p>
 <!--
 If the node should host a new control plane instance, the IP address the API Server will advertise it's listening on.
 If not set the default network interface will be used.
 -->
-<p>如果该节点托管一个新的控制平面实例，则 API 服务器将公布其正在侦听的 IP 地址。如果未设置，则使用默认网络接口。</p>
+如果该节点托管一个新的控制平面实例，则 API 服务器将公布其正在侦听的 IP 地址。如果未设置，则使用默认网络接口。
+</p>
 </td>
 </tr>
 
@@ -162,10 +164,12 @@ If not set the default network interface will be used.
 </tr>
 <tr>
 <td></td><td style="line-height: 130%; word-wrap: break-word;">
+<p>
 <!--
-<p>If the node should host a new control plane instance, the port for the API Server to bind to.</p>
+If the node should host a new control plane instance, the port for the API Server to bind to.
 -->
-<p>如果节点应该托管新的控制平面实例，则为 API 服务器要绑定的端口。</p>
+如果节点应该托管新的控制平面实例，则为 API 服务器要绑定的端口。
+</p>
 </td>
 </tr>
 
@@ -189,10 +193,12 @@ Use this key to decrypt the certificate secrets uploaded by init. The certificat
 </tr>
 <tr>
 <td></td><td style="line-height: 130%; word-wrap: break-word;">
+<p>
 <!--
-<p>Path to a kubeadm configuration file.</p>
+Path to a kubeadm configuration file.
 -->
-<p>kubeadm 配置文件的路径。</p>
+kubeadm 配置文件的路径。
+</p>
 </td>
 </tr>
 
@@ -201,10 +207,12 @@ Use this key to decrypt the certificate secrets uploaded by init. The certificat
 </tr>
 <tr>
 <td></td><td style="line-height: 130%; word-wrap: break-word;">
+<p>
 <!--
-<p>Create a new control plane instance on this node</p>
+Create a new control plane instance on this node
 -->
-<p>在此节点上创建一个新的控制平面实例。</p>
+在此节点上创建一个新的控制平面实例。
+</p>
 </td>
 </tr>
 
@@ -213,12 +221,14 @@ Use this key to decrypt the certificate secrets uploaded by init. The certificat
 </tr>
 <tr>
 <td></td><td style="line-height: 130%; word-wrap: break-word;">
+<p>
 <!--
-<p>Path to the CRI socket to connect. If empty kubeadm will try to auto-detect this value; 
-use this option only if you have more than one CRI installed or if you have non-standard CRI socket.</p>
+Path to the CRI socket to connect. If empty kubeadm will try to auto-detect this value; 
+use this option only if you have more than one CRI installed or if you have non-standard CRI socket.
 -->
-<p>要连接的 CRI 套接字的路径。如果为空，则 kubeadm 将尝试自动检测此值；
-仅当安装了多个 CRI 或存在非标准的 CRI 套接字时，才使用此选项。</p>
+要连接的 CRI 套接字的路径。如果为空，则 kubeadm 将尝试自动检测此值；
+仅当安装了多个 CRI 或存在非标准的 CRI 套接字时，才使用此选项。
+</p>
 </td>
 </tr>
 
@@ -227,10 +237,12 @@ use this option only if you have more than one CRI installed or if you have non-
 </tr>
 <tr>
 <td></td><td style="line-height: 130%; word-wrap: break-word;">
+<p>
 <!--
-<p>For file-based discovery, a file or URL from which to load cluster information.</p>
+For file-based discovery, a file or URL from which to load cluster information.
 -->
-<p>对于基于文件的发现，给出用于加载集群信息的文件或者 URL。</p>
+对于基于文件的发现，给出用于加载集群信息的文件或者 URL。
+</p>
 </td>
 </tr>
 
@@ -239,10 +251,12 @@ use this option only if you have more than one CRI installed or if you have non-
 </tr>
 <tr>
 <td></td><td style="line-height: 130%; word-wrap: break-word;">
+<p>
 <!--
-<p>For token-based discovery, the token used to validate cluster information fetched from the API server.</p>
+For token-based discovery, the token used to validate cluster information fetched from the API server.
 -->
-<p>对于基于令牌的发现，该令牌用于验证从 API 服务器获取的集群信息。</p>
+对于基于令牌的发现，该令牌用于验证从 API 服务器获取的集群信息。
+</p>
 </td>
 </tr>
 
@@ -251,10 +265,12 @@ use this option only if you have more than one CRI installed or if you have non-
 </tr>
 <tr>
 <td></td><td style="line-height: 130%; word-wrap: break-word;">
+<p>
 <!--
-<p>For token-based discovery, validate that the root CA public key matches this hash (format: "&lt;type&gt;:&lt;value&gt;").</p>
+For token-based discovery, validate that the root CA public key matches this hash (format: "&lt;type&gt;:&lt;value&gt;").
 -->
-<p>对基于令牌的发现，验证根 CA 公钥是否与此哈希匹配 (格式："&lt;type&gt;:&lt;value&gt;")。</p>
+对基于令牌的发现，验证根 CA 公钥是否与此哈希匹配 (格式："&lt;type&gt;:&lt;value&gt;")。
+</p>
 </td>
 </tr>
 
@@ -263,34 +279,40 @@ use this option only if you have more than one CRI installed or if you have non-
 </tr>
 <tr>
 <td></td><td style="line-height: 130%; word-wrap: break-word;">
+<p>
 <!--
-<p>For token-based discovery, allow joining without --discovery-token-ca-cert-hash pinning.</p>
+For token-based discovery, allow joining without --discovery-token-ca-cert-hash pinning.
 -->
-<p>对于基于令牌的发现，允许在未关联 --discovery-token-ca-cert-hash 参数的情况下添加节点。</p>
+对于基于令牌的发现，允许在未关联 --discovery-token-ca-cert-hash 参数的情况下添加节点。
+</p>
 </td>
 </tr>
 
 <tr>
 <td colspan="2">--dry-run</td>
 </tr>
 <tr>
-<td></td><td style="line-height: 130%; word-wrap: break-word;"><p>
+<td></td><td style="line-height: 130%; word-wrap: break-word;">
+<p>
 <!-- 
 Don't apply any changes; just output what would be done. 
 -->
 不做任何更改；只输出将要执行的操作。
-</p></td>
+</p>
+</td>
 </tr>
 
 <tr>
 <td colspan="2">-h, --help</td>
 </tr>
 <tr>
 <td></td><td style="line-height: 130%; word-wrap: break-word;">
+<p>
 <!--
-<p>help for join</p>
+help for join
 -->
-<p>join 操作的帮助命令。</p>
+join 操作的帮助命令。
+</p>
 </td>
 </tr>
 
@@ -299,10 +321,13 @@ Don't apply any changes; just output what would be done.
 </tr>
 <tr>
 <td></td><td style="line-height: 130%; word-wrap: break-word;">
+<p>
 <!--
-<p>A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.</p>
+A list of checks whose errors will be shown as warnings. Example: 'IsPrivilegedUser,Swap'. Value 'all' ignores errors from all checks.
 -->
-<p>错误将显示为警告的检查列表；例如：'IsPrivilegedUser,Swap'。取值为 'all' 时将忽略检查中的所有错误。</p>
+错误将显示为警告的检查列表；例如：'IsPrivilegedUser,Swap'。
+取值为 'all' 时将忽略检查中的所有错误。
+</p>
 </td>
 </tr>
 
@@ -311,10 +336,12 @@ Don't apply any changes; just output what would be done.
 </tr>
 <tr>
 <td></td><td style="line-height: 130%; word-wrap: break-word;">
+<p>
 <!--
-<p>Specify the node name.</p>
+Specify the node name.
 -->
-<p>指定节点的名称。</p>
+指定节点的名称。
+</p>
 </td>
 </tr>
 
@@ -323,15 +350,17 @@ Don't apply any changes; just output what would be done.
 </tr>
 <tr>
 <td></td><td style="line-height: 130%; word-wrap: break-word;">
+<p>
 <!--  
-<p>Path to a directory that contains files named &quot;target[suffix][+patchtype].extension&quot;. For example, &quot;kube-apiserver0+merge.yaml&quot; or just &quot;etcd.json&quot;. &quot;target&quot; can be one of &quot;kube-apiserver&quot;, &quot;kube-controller-manager&quot;, &quot;kube-scheduler&quot;, &quot;etcd&quot;, &quot;kubeletconfiguration&quot;. &quot;patchtype&quot; can be one of &quot;strategic&quot;, &quot;merge&quot; or &quot;json&quot; and they match the patch formats supported by kubectl. The default &quot;patchtype&quot; is &quot;strategic&quot;. &quot;extension&quot; must be either &quot;json&quot; or &quot;yaml&quot;. &quot;suffix&quot; is an optional string that can be used to determine which patches are applied first alpha-numerically.</p>
+Path to a directory that contains files named &quot;target[suffix][+patchtype].extension&quot;. For example, &quot;kube-apiserver0+merge.yaml&quot; or just &quot;etcd.json&quot;. &quot;target&quot; can be one of &quot;kube-apiserver&quot;, &quot;kube-controller-manager&quot;, &quot;kube-scheduler&quot;, &quot;etcd&quot;, &quot;kubeletconfiguration&quot;. &quot;patchtype&quot; can be one of &quot;strategic&quot;, &quot;merge&quot; or &quot;json&quot; and they match the patch formats supported by kubectl. The default &quot;patchtype&quot; is &quot;strategic&quot;. &quot;extension&quot; must be either &quot;json&quot; or &quot;yaml&quot;. &quot;suffix&quot; is an optional string that can be used to determine which patches are applied first alpha-numerically.
 -->
-<p>包含名为 "target[suffix][+patchtype].extension" 的文件的目录的路径。
+包含名为 "target[suffix][+patchtype].extension" 的文件的目录的路径。
 例如，"kube-apiserver0+merge.yaml" 或仅仅是 "etcd.json"。
 "target" 可以是 “kube-apiserver”、“kube-controller-manager”、“kube-scheduler”、“etcd”、“kubeletconfiguration” 之一，
 "patchtype" 可以是 "strategic"、"merge" 或 "json" 之一，并且它们与 kubectl 支持的补丁格式匹配。
 默认的 "patchtype" 为 "strategic"。 "extension" 必须为 "json" 或 "yaml"。
-"suffix" 是一个可选字符串，可用于确定首先按字母顺序应用哪些补丁。</p>
+"suffix" 是一个可选字符串，可用于确定首先按字母顺序应用哪些补丁。
+</p>
 </td>
 </tr>
 
@@ -340,10 +369,12 @@ Don't apply any changes; just output what would be done.
 </tr>
 <tr>
 <td></td><td style="line-height: 130%; word-wrap: break-word;">
+<p>
 <!--
-<p>List of phases to be skipped</p>
+List of phases to be skipped
 -->
-<p>要跳过的阶段列表。</p>
+要跳过的阶段列表。
+</p>
 </td>
 </tr>
 
@@ -352,10 +383,12 @@ Don't apply any changes; just output what would be done.
 </tr>
 <tr>
 <td></td><td style="line-height: 130%; word-wrap: break-word;">
+<p>
 <!--
-<p>Specify the token used to temporarily authenticate with the Kubernetes Control Plane while joining the node.</p>
+Specify the token used to temporarily authenticate with the Kubernetes Control Plane while joining the node.
 -->
-<p>指定在加入节点时用于临时通过 Kubernetes 控制平面进行身份验证的令牌。</p>
+指定在加入节点时用于临时通过 Kubernetes 控制平面进行身份验证的令牌。
+</p>
 </td>
 </tr>
 
