Merge pull request #37199 from windsonsea/labann

k8s-ci-robot · web-flow · commit dcb347f0ad87 · 2022-10-07T05:59:52.000-07:00
[zh] Sync /labels-annotations-taints/_index.md
diff --git a/content/zh-cn/docs/reference/labels-annotations-taints/_index.md b/content/zh-cn/docs/reference/labels-annotations-taints/_index.md
@@ -1068,6 +1068,25 @@ You should **not** manually add or remove this annotation.
 Job 上存在此注解表明控制平面正在[使用 Finalizer 追踪 Job](/zh-cn/docs/concepts/workloads/controllers/job/#job-tracking-with-finalizers)。
 你 **不** 可以手动添加或删除此注解。
 
+<!--
+### scheduler.alpha.kubernetes.io/defaultTolerations {#scheduleralphakubernetesio-defaulttolerations}
+
+Example: `scheduler.alpha.kubernetes.io/defaultTolerations: '[{"operator": "Equal", "value": "value1", "effect": "NoSchedule", "key": "dedicated-node"}]'`
+
+Used on: Namespace
+
+This annotation requires the [PodTolerationRestriction](/docs/reference/access-authn-authz/admission-controllers/#podtolerationrestriction) admission controller to be enabled. This annotation key allows assigning tolerations to a namespace and any new pods created in this namespace would get these tolerations added.
+-->
+### scheduler.alpha.kubernetes.io/defaultTolerations {#scheduleralphakubernetesio-defaulttolerations}
+
+例子：`scheduler.alpha.kubernetes.io/defaultTolerations: '[{"operator": "Equal", "value": "value1", "effect": "NoSchedule", "key": "dedicated-node"}]'`
+
+用于：Namespace
+
+此注解需要启用
+[PodTolerationRestriction](/zh-cn/docs/reference/access-authn-authz/admission-controllers/#podtolerationrestriction)
+准入控制器。此注解键允许为某个命名空间分配容忍度，在这个命名空间中创建的所有新 Pod 都会被添加这些容忍度。
+
 <!--
 ### scheduler.alpha.kubernetes.io/preferAvoidPods (deprecated) {#scheduleralphakubernetesio-preferavoidpods}
 
@@ -1414,9 +1433,9 @@ Used on: Pod
 This annotation was only relevant if you were using [PodSecurityPolicies](/docs/concepts/security/pod-security-policy/).
 Kubernetes v{{< skew currentVersion >}} does not support the PodSecurityPolicy API.
 
-When the PodSecurityPolicy admission controller admits a Pod, the admission controller
-modifies the Pod to have this annotation.
-The value of the annotation is the name of the PodSecurityPolicy that was used for validation.
+When the PodSecurityPolicy admission controller admitted a Pod, the admission controller
+modified the Pod to have this annotation.
+The value of the annotation was the name of the PodSecurityPolicy that was used for validation.
 -->
 
 ### kubernetes.io/psp（已弃用） {#kubernetes-io-psp}
@@ -1428,8 +1447,7 @@ The value of the annotation is the name of the PodSecurityPolicy that was used f
 这个注解只在你使用 [PodSecurityPolicies](/zh-cn/docs/concepts/security/pod-security-policy/) 时才有意义。
 Kubernetes v{{< skew currentVersion >}} 不支持 PodSecurityPolicy API。
 
-当 PodSecurityPolicy 准入控制器接受一个 Pod 时，会修改该 Pod，
-并给这个 Pod 添加此注解。
+当 PodSecurityPolicy 准入控制器接受一个 Pod 时，会修改该 Pod，并给这个 Pod 添加此注解。
 注解的值是用来对 Pod 进行验证检查的 PodSecurityPolicy 的名称。
 
 <!--
@@ -1453,7 +1471,7 @@ Pod 的 `.spec` 中的 [`securityContext`](/zh-cn/docs/reference/kubernetes-api/
 你所给出的设置适用于该 Pod 中的所有容器。
 
 <!--
-### container.seccomp.security.alpha.kubernetes.io/[NAME] {#container-seccomp-security-alpha-kubernetes-io}
+### container.seccomp.security.alpha.kubernetes.io/[NAME] (deprecated) {#container-seccomp-security-alpha-kubernetes-io}
 
 This annotation has been deprecated since Kubernetes v1.19 and will become non-functional in a future release.
 please use the corresponding pod or container `securityContext.seccompProfile` field instead.
@@ -1462,7 +1480,7 @@ you through the steps you follow to apply a seccomp profile to a Pod or to one o
 its containers. That tutorial covers the supported mechanism for configuring seccomp in Kubernetes,
 based on setting `securityContext` within the Pod's `.spec`.
 -->
-### container.seccomp.security.alpha.kubernetes.io/[NAME] {#container-seccomp-security-alpha-kubernetes-io}
+### container.seccomp.security.alpha.kubernetes.io/[NAME] （已弃用）{#container-seccomp-security-alpha-kubernetes-io}
 
 此注解自 Kubernetes v1.19 起已被弃用，将在未来的版本中失效。
 请使用对应 Pod 或容器的 `securityContext.seccompProfile` 字段替代。
@@ -1483,12 +1501,16 @@ Used on: VolumeSnapshotContent
 <!--
 Value can either be `true` or `false`.
 This determines whether a user can modify the mode of the source volume when a
-{{< glossary_tooltip text="PersistentVolumeClaim" term_id="persistent-volume-claim" >}} is being created from a VolumeSnapshot.
-Refer to [Converting the volume mode of a Snapshot](/docs/concepts/storage/volume-snapshots/#convert-volume-mode) and the [Kubernetes CSI Developer Documentation](https://kubernetes-csi.github.io/docs/) for more information.
+{{< glossary_tooltip text="PersistentVolumeClaim" term_id="persistent-volume-claim" >}} is being
+created from a VolumeSnapshot.
+
+Refer to [Converting the volume mode of a Snapshot](/docs/concepts/storage/volume-snapshots/#convert-volume-mode)
+and the [Kubernetes CSI Developer Documentation](https://kubernetes-csi.github.io/docs/) for more information.
 -->
 值可以是 `true` 或者 `false`。
 这决定了当从 VolumeSnapshot 创建 {{< glossary_tooltip text="PersistentVolumeClaim" term_id="persistent-volume-claim" >}}
 时，用户是否可以修改源卷的模式。
+
 更多信息请参阅[转换快照的卷模式](/zh-cn/docs/concepts/storage/volume-snapshots/#convert-volume-mode)和
 [Kubernetes CSI 开发者文档](https://kubernetes-csi.github.io/docs/)。
 
@@ -1525,6 +1547,7 @@ See more details on the [Audit Annotations](/docs/reference/labels-annotations-t
 
 <!--
 Example: `kubeadm.alpha.kubernetes.io/cri-socket: unix:///run/containerd/container.sock`
+
 Used on: Node
 -->
 例子：`kubeadm.alpha.kubernetes.io/cri-socket: unix:///run/containerd/container.sock`
@@ -1533,7 +1556,8 @@ Used on: Node
 
 <!--
 Annotation that kubeadm uses to preserve the CRI socket information given to kubeadm at `init`/`join` time for later use.
-kubeadm annotates the Node object with this information. The annotation remains "alpha", since ideally this should be a field in KubeletConfiguration instead.
+kubeadm annotates the Node object with this information. The annotation remains "alpha", since ideally this should
+be a field in KubeletConfiguration instead.
 -->
 kubeadm 用来保存 `init`/`join` 时提供给 kubeadm 以后使用的 CRI 套接字信息的注解。
 kubeadm 使用此信息为 Node 对象设置注解。
@@ -1550,7 +1574,8 @@ Used on: Pod
 用于：Pod
 
 <!--
-Annotation that kubeadm places on locally managed etcd pods to keep track of a list of URLs where etcd clients should connect to. This is used mainly for etcd cluster health check purposes.
+Annotation that kubeadm places on locally managed etcd pods to keep track of a list of URLs where etcd clients
+should connect to. This is used mainly for etcd cluster health check purposes.
 -->
 kubeadm 为本地管理的 etcd Pod 设置的注解，用来跟踪 etcd 客户端应连接到的 URL 列表。
 这主要用于 etcd 集群健康检查目的。
@@ -1559,29 +1584,33 @@ kubeadm 为本地管理的 etcd Pod 设置的注解，用来跟踪 etcd 客户
 
 <!--
 Example: `kubeadm.kubernetes.io/kube-apiserver.advertise-address.endpoint: https//172.17.0.18:6443`
+
 Used on: Pod
 -->
 例子：`kubeadm.kubernetes.io/kube-apiserver.advertise-address.endpoint: https//172.17.0.18:6443`
 
 用于：Pod
 
 <!--
-Annotation that kubeadm places on locally managed kube-apiserver pods to keep track of the exposed advertise address/port endpoint for that API server instance.
+Annotation that kubeadm places on locally managed kube-apiserver pods to keep track of the exposed advertise
+address/port endpoint for that API server instance.
 -->
 kubeadm 为本地管理的 kube-apiserver Pod 设置的注解，用以跟踪该 API 服务器实例的公开宣告地址/端口端点。
 
 ### kubeadm.kubernetes.io/component-config.hash {#component-config-hash}
 
 <!--
 Used on: ConfigMap
+
 Example: `kubeadm.kubernetes.io/component-config.hash: 2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae`
 -->
 例子：`kubeadm.kubernetes.io/component-config.hash: 2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae`
 
 用于：ConfigMap
 
 <!--
-Annotation that kubeadm places on ConfigMaps that it manages for configuring components. It contains a hash (SHA-256) used to determine if the user has applied settings different from the kubeadm defaults for a particular component.
+Annotation that kubeadm places on ConfigMaps that it manages for configuring components. It contains a hash (SHA-256)
+used to determine if the user has applied settings different from the kubeadm defaults for a particular component.
 -->
 kubeadm 为它所管理的 ConfigMaps 设置的注解，用于配置组件。它包含一个哈希（SHA-256）值，
 用于确定用户是否应用了不同于特定组件的 kubeadm 默认设置的设置。
@@ -1597,18 +1626,40 @@ Label that kubeadm applies on the control plane nodes that it manages.
 
 kubeadm 在其管理的控制平面节点上应用的标签。
 
-### node-role.kubernetes.io/control-plane
+### node-role.kubernetes.io/control-plane {#node-role-kubernetes-io-control-plane-taint}
 
 <!--
 Used on: Node
 
 Example: `node-role.kubernetes.io/control-plane:NoSchedule`
 -->
-例子：`node-role.kubernetes.io/control-plane:NoSchedule`
-
 用于：Node
 
+例子：`node-role.kubernetes.io/control-plane:NoSchedule`
+
 <!--
 Taint that kubeadm applies on control plane nodes to allow only critical workloads to schedule on them.
 -->
 kubeadm 应用在控制平面节点上的污点，仅允许在其上调度关键工作负载。
+
+<!--
+### node-role.kubernetes.io/master (deprecated) {#node-role-kubernetes-io-master-taint}
+
+Used on: Node
+
+Example: `node-role.kubernetes.io/master:NoSchedule`
+
+Taint that kubeadm previously applied on control plane nodes to allow only critical workloads to schedule on them.
+Replaced by [`node-role.kubernetes.io/control-plane`](#node-role-kubernetes-io-control-plane-taint); kubeadm
+no longer sets or uses this deprecated taint.
+-->
+### node-role.kubernetes.io/master（已弃用） {#node-role-kubernetes-io-master-taint}
+
+用于：Node
+
+例子：`node-role.kubernetes.io/master:NoSchedule`
+
+kubeadm 先前应用在控制平面节点上的污点，仅允许在其上调度关键工作负载。
+替换为 [`node-role.kubernetes.io/control-plane`](#node-role-kubernetes-io-control-plane-taint)；
+kubeadm 不再设置或使用这个废弃的污点。
+
