Skip to content

Commit e278ef9

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request #36574 from Michelle951/michelle007
[zh ] sync kubeadm_join.md
2 parents 0815cb2 + f1f1e0a commit e278ef9

File tree

1 file changed

+27
-15
lines changed

1 file changed

+27
-15
lines changed

content/zh-cn/docs/reference/setup-tools/kubeadm/generated/kubeadm_join.md

Lines changed: 27 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ The file is auto-generated from the Go source code of the component using a gene
33
[generator](https://github.com/kubernetes-sigs/reference-docs/). To learn how
44
to generate the reference documentation, please read
55
[Contributing to the reference documentation](/docs/contribute/generate-ref-docs/).
6-
To update the reference conent, please follow the
6+
To update the reference content, please follow the
77
[Contributing upstream](/docs/contribute/generate-ref-docs/contribute-upstream/)
88
guide. You can file document formatting bugs against the
99
[reference-docs](https://github.com/kubernetes-sigs/reference-docs/) project.
@@ -27,13 +27,16 @@ Kubernetes Control Plane trust the Node).
2727
-->
2828

2929
当节点加入 kubeadm 初始化的集群时,我们需要建立双向信任。
30-
这个过程可以分解为发现(让待加入节点信任 Kubernetes 控制平面节点)和 TLS 引导(让Kubernetes 控制平面节点信任待加入节点)两个部分。
30+
这个过程可以分解为发现(让待加入节点信任 Kubernetes 控制平面节点)和
31+
TLS 引导(让 Kubernetes 控制平面节点信任待加入节点)两个部分。
3132

3233
<!--
3334
There are 2 main schemes for discovery. The first is to use a shared
3435
token along with the IP address of the API server. The second is to
35-
provide a file - a subset of the standard kubeconfig file. This file
36-
can be a local file or downloaded via an HTTPS URL. The forms are
36+
provide a file - a subset of the standard kubeconfig file. The
37+
discovery/kubeconfig file supports token, client-go authentication
38+
plugins ("exec"), "tokenFile", and "authProvider". This file can be a
39+
local file or downloaded via an HTTPS URL. The forms are
3740
kubeadm join --discovery-token abcdef.1234567890abcdef 1.2.3.4:6443,
3841
kubeadm join --discovery-file path/to/file.conf, or kubeadm join
3942
--discovery-file https://url/file.conf. Only one form can be used. If
@@ -44,9 +47,12 @@ the connection.
4447

4548
有两种主要的发现方案。
4649
第一种方法是使用共享令牌和 API 服务器的 IP 地址。
47-
第二种是提供一个文件 - 标准 kubeconfig 文件的一个子集。
48-
该文件可以是本地文件,也可以通过 HTTPS URL 下载。
49-
格式是 `kubeadm join --discovery-token abcdef.1234567890abcdef 1.2.3.4:6443``kubeadm join--discovery-file path/to/file.conf` 或者`kubeadm join --discovery-file https://url/file.conf`
50+
第二种是以文件形式提供标准 kubeconfig 文件的一个子集。
51+
发现/kubeconfig 文件支持令牌、client-go 鉴权插件(“exec”)、“tokenFile" 和
52+
"authProvider"。该文件可以是本地文件,也可以通过 HTTPS URL 下载。
53+
格式是 `kubeadm join --discovery-token abcdef.1234567890abcdef 1.2.3.4:6443`
54+
`kubeadm join --discovery-file path/to/file.conf` 或者
55+
`kubeadm join --discovery-file https://url/file.conf`
5056
只能使用其中一种。
5157
如果发现信息是从 URL 加载的,必须使用 HTTPS。
5258
此外,在这种情况下,主机安装的 CA 包用于验证连接。
@@ -63,8 +69,10 @@ calculated using standard tools. The --discovery-token-ca-cert-hash flag
6369
may be repeated multiple times to allow more than one public key.
6470
-->
6571

66-
如果使用共享令牌进行发现,还应该传递 --discovery-token-ca-cert-hash 参数来验证 Kubernetes 控制平面节点提供的根证书颁发机构(CA)的公钥。
67-
此参数的值指定为 "&lt;hash-type&gt;:&lt;hex-encoded-value&gt;",其中支持的哈希类型为 "sha256"。哈希是通过 Subject Public Key Info(SPKI)对象的字节计算的(如 RFC7469)。
72+
如果使用共享令牌进行发现,还应该传递 --discovery-token-ca-cert-hash 参数来验证
73+
Kubernetes 控制平面节点提供的根证书颁发机构(CA)的公钥。
74+
此参数的值指定为 "&lt;hash-type&gt;:&lt;hex-encoded-value&gt;",
75+
其中支持的哈希类型为 "sha256"。哈希是通过 Subject Public Key Info(SPKI)对象的字节计算的(如 RFC7469)。
6876
这个值可以从 "kubeadm init" 的输出中获得,或者可以使用标准工具进行计算。
6977
可以多次重复 --discovery-token-ca-cert-hash 参数以允许多个公钥。
7078

@@ -75,7 +83,7 @@ verification. This weakens the kubeadm security model since other nodes
7583
can potentially impersonate the Kubernetes Control Plane.
7684
-->
7785
如果无法提前知道 CA 公钥哈希,则可以通过 --discovery-token-unsafe-skip-ca-verification 参数禁用此验证。
78-
这削弱了kubeadm 安全模型,因为其他节点可能会模仿 Kubernetes 控制平面节点。
86+
这削弱了 kubeadm 安全模型,因为其他节点可能会模仿 Kubernetes 控制平面节点。
7987

8088
<!--
8189
The TLS bootstrap mechanism is also driven via a shared token. This is
@@ -138,7 +146,8 @@ kubeadm join [api-server-endpoint] [flags]
138146
<tr>
139147
<td></td><td style="line-height: 130%; word-wrap: break-word;">
140148
<!--
141-
<p>If the node should host a new control plane instance, the IP address the API Server will advertise it's listening on. If not set the default network interface will be used.</p>
149+
If the node should host a new control plane instance, the IP address the API Server will advertise it's listening on.
150+
If not set the default network interface will be used.
142151
-->
143152
<p>如果该节点托管一个新的控制平面实例,则 API 服务器将公布其正在侦听的 IP 地址。如果未设置,则使用默认网络接口。</p>
144153
</td>
@@ -203,9 +212,11 @@ kubeadm join [api-server-endpoint] [flags]
203212
<tr>
204213
<td></td><td style="line-height: 130%; word-wrap: break-word;">
205214
<!--
206-
<p>Path to the CRI socket to connect. If empty kubeadm will try to auto-detect this value; use this option only if you have more than one CRI installed or if you have non-standard CRI socket.</p>
215+
<p>Path to the CRI socket to connect. If empty kubeadm will try to auto-detect this value;
216+
use this option only if you have more than one CRI installed or if you have non-standard CRI socket.</p>
207217
-->
208-
<p>要连接的 CRI 套接字的路径。如果为空,则 kubeadm 将尝试自动检测此值;仅当安装了多个 CRI 或具有非标准 CRI 插槽时,才使用此选项。</p>
218+
<p>要连接的 CRI 套接字的路径。如果为空,则 kubeadm 将尝试自动检测此值;
219+
仅当安装了多个 CRI 或具有非标准 CRI 插槽时,才使用此选项。</p>
209220
</td>
210221
</tr>
211222

@@ -311,12 +322,13 @@ Don't apply any changes; just output what would be done.
311322
<tr>
312323
<td></td><td style="line-height: 130%; word-wrap: break-word;">
313324
<!--
314-
<p>Path to a directory that contains files named "target[suffix][+patchtype].extension". For example, "kube-apiserver0+merge.yaml" or just "etcd.json". "patchtype" can be one of "strategic", "merge" or "json" and they match the patch formats supported by kubectl. The default "patchtype" is "strategic". "extension" must be either "json" or "yaml". "suffix" is an optional string that can be used to determine which patches are applied first alpha-numerically.</p>
325+
<p>Path to a directory that contains files named &quot;target[suffix][+patchtype].extension&quot;. For example, &quot;kube-apiserver0+merge.yaml&quot; or just &quot;etcd.json&quot;. &quot;target&quot; can be one of &quot;kube-apiserver&quot;, &quot;kube-controller-manager&quot;, &quot;kube-scheduler&quot;, &quot;etcd&quot;, &quot;kubeletconfiguration&quot;. &quot;patchtype&quot; can be one of &quot;strategic&quot;, &quot;merge&quot; or &quot;json&quot; and they match the patch formats supported by kubectl. The default &quot;patchtype&quot; is &quot;strategic&quot;. &quot;extension&quot; must be either &quot;json&quot; or &quot;yaml&quot;. &quot;suffix&quot; is an optional string that can be used to determine which patches are applied first alpha-numerically.</p>
315326
-->
316327
<p>包含名为 "target[suffix][+patchtype].extension" 的文件的目录的路径。
317328
例如,"kube-apiserver0+merge.yaml" 或仅仅是 "etcd.json"。
329+
"target" 可以是 “kube-apiserver”、“kube-controller-manager”、“kube-scheduler”、“etcd”、“kubeletconfiguration” 之一,
318330
"patchtype" 可以是 "strategic"、"merge" 或 "json" 之一,并且它们与 kubectl 支持的补丁格式匹配。
319-
默认的 "patchtype" 为 "strategic"。 "extension" 必须为 "json" 或 "yaml"。
331+
默认的 "patchtype" 为 "strategic"。 "extension" 必须为 "json" 或 "yaml"。
320332
"suffix" 是一个可选字符串,可用于确定首先按字母顺序应用哪些补丁。</p>
321333
</td>
322334
</tr>

0 commit comments

Comments
 (0)