[zh-cn]sync client-authentication.v1

my-git9 · my-git9 · commit e9296cd6897f · 2025-05-27T22:49:34.000+08:00
Signed-off-by: xin.li &lt;xin.li@daocloud.io&gt;
diff --git a/content/zh-cn/docs/reference/config-api/client-authentication.v1.md b/content/zh-cn/docs/reference/config-api/client-authentication.v1.md
@@ -36,7 +36,9 @@ ExecCredential 由基于 exec 的插件使用，与 HTTP 传输组件沟通凭
 <a href="#client-authentication-k8s-io-v1-ExecCredentialSpec"><code>ExecCredentialSpec</code></a>
 </td>
 <td>
-   <!--Spec holds information passed to the plugin by the transport.-->
+   <!--
+   Spec holds information passed to the plugin by the transport.
+   -->
    字段 spec 包含由 HTTP 传输组件传递给插件的信息。
 </td>
 </tr>
@@ -45,8 +47,10 @@ ExecCredential 由基于 exec 的插件使用，与 HTTP 传输组件沟通凭
 <a href="#client-authentication-k8s-io-v1-ExecCredentialStatus"><code>ExecCredentialStatus</code></a>
 </td>
 <td>
-   <!--Status is filled in by the plugin and holds the credentials that the transport
-   should use to contact the API.-->
+   <!--
+   Status is filled in by the plugin and holds the credentials that the transport
+   should use to contact the API.
+   -->
    字段 status 由插件填充，包含传输组件与 API 服务器连接时需要提供的凭据。
 </td>
 </tr>
@@ -86,7 +90,9 @@ Cluster 中包含允许 exec 插件与 Kubernetes 集群进行通信身份认证
 <code>string</code>
 </td>
 <td>
-   <!--Server is the address of the kubernetes cluster (https://hostname:port).-->
+   <!--
+   Server is the address of the kubernetes cluster (https://hostname:port).
+   -->
    字段 server 是 Kubernetes 集群的地址（https://hostname:port）。
 </td>
 </tr>
@@ -95,9 +101,11 @@ Cluster 中包含允许 exec 插件与 Kubernetes 集群进行通信身份认证
 <code>string</code>
 </td>
 <td>
-   <!--TLSServerName is passed to the server for SNI and is used in the client to
+   <!--
+   TLSServerName is passed to the server for SNI and is used in the client to
    check server certificates against. If ServerName is empty, the hostname
-   used to contact the server is used.-->
+   used to contact the server is used.
+   -->
    tls-server-name 是用来提供给服务器用作 SNI 解析的，客户端以此检查服务器的证书。
    如此字段为空，则使用链接服务器时使用的主机名。
 </td>
@@ -107,8 +115,10 @@ Cluster 中包含允许 exec 插件与 Kubernetes 集群进行通信身份认证
 <code>bool</code>
 </td>
 <td>
-   <!--InsecureSkipTLSVerify skips the validity check for the server's certificate.
-   This will make your HTTPS connections insecure.-->
+   <!--
+   InsecureSkipTLSVerify skips the validity check for the server's certificate.
+   This will make your HTTPS connections insecure.
+   -->
    设置此字段之后，会令客户端跳过对服务器端证书的合法性检查。
    这会使得你的 HTTPS 链接不再安全。
 </td>
@@ -118,8 +128,10 @@ Cluster 中包含允许 exec 插件与 Kubernetes 集群进行通信身份认证
 <code>[]byte</code>
 </td>
 <td>
-   <!--CAData contains PEM-encoded certificate authority certificates.
-   If empty, system roots should be used.-->
+   <!--
+   CAData contains PEM-encoded certificate authority certificates.
+   If empty, system roots should be used.
+   -->
    此字段包含 PEM 编码的证书机构（CA）证书。
    如果为空，则使用系统的根证书。
 </td>
@@ -129,8 +141,10 @@ Cluster 中包含允许 exec 插件与 Kubernetes 集群进行通信身份认证
 <code>string</code>
 </td>
 <td>
-   <!--ProxyURL is the URL to the proxy to be used for all requests to this
-   cluster.-->
+   <!--
+   ProxyURL is the URL to the proxy to be used for all requests to this
+   cluster.
+   -->
    此字段用来设置向集群发送所有请求时要使用的代理服务器。
 </td>
 </tr>
@@ -139,31 +153,47 @@ Cluster 中包含允许 exec 插件与 Kubernetes 集群进行通信身份认证
 <code>bool</code>
 </td>
 <td>
+   <p>
    <!--
    DisableCompression allows client to opt-out of response compression for all requests to the server. This is useful
    to speed up requests (specifically lists) when client-server network bandwidth is ample, by saving time on
    compression (server-side) and decompression (client-side): https://github.com/kubernetes/kubernetes/issues/112296.
    -->
-   <p>disable-compression 允许客户端针对到服务器的所有请求选择取消响应压缩。
+   disable-compression 允许客户端针对到服务器的所有请求选择取消响应压缩。
    当客户端服务器网络带宽充足时，这有助于通过节省压缩（服务器端）和解压缩（客户端）时间来加快请求（特别是列表）的速度：
-   https://github.com/kubernetes/kubernetes/issues/112296。</p>
+   https://github.com/kubernetes/kubernetes/issues/112296。
+   </p>
 </td>
 </tr>
 
 <tr><td><code>config</code><br/>
 <a href="https://godoc.org/k8s.io/apimachinery/pkg/runtime/#RawExtension"><code>k8s.io/apimachinery/pkg/runtime.RawExtension</code></a>
 </td>
 <td>
-   <!--Config holds additional config data that is specific to the exec
+   <p>
+   <!--
+   Config holds additional config data that is specific to the exec
    plugin with regards to the cluster being authenticated to.
-
+   -->
+   </p>
+   此字段包含一些额外的、特定于 exec 插件和所连接的集群的数据。
+   <p>
    This data is sourced from the clientcmd Cluster object's
    extensions[client.authentication.k8s.io/exec] field:
-   -->
-   <p>此字段包含一些额外的、特定于 exec 插件和所连接的集群的数据，</p>
-   <p>此字段来自于 clientcmd 集群对象的 <code>extensions[client.authentication.k8s.io/exec]</code>
-   字段：</p>
+   此字段来自于 clientcmd 集群对象的 <code>extensions[client.authentication.k8s.io/exec]</code>
+   字段：
+   </p>
 <pre>
+<!--
+clusters:
+- name: my-cluster
+  cluster:
+    ...
+    extensions:
+    - name: client.authentication.k8s.io/exec  # reserved extension name for per cluster exec config
+      extension:
+        audience: 06e3fbd18de8  # arbitrary config
+-->
 clusters:
 - name: my-cluster
   cluster:
@@ -174,17 +204,21 @@ clusters:
         audience: 06e3fbd18de8  # 任意配置信息
 </pre>
 
-   <!--In some environments, the user config may be exactly the same across many clusters
+   <p>
+   <!--
+   In some environments, the user config may be exactly the same across many clusters
    (i.e. call this exec plugin) minus some details that are specific to each cluster
    such as the audience.  This field allows the per cluster config to be directly
    specified with the cluster info.  Using this field to store secret data is not
    recommended as one of the prime benefits of exec plugins is that no secrets need
-   to be stored directly in the kubeconfig.-->
-   <p>在某些环境中，用户配置可能对很多集群而言都完全一样（即调用同一个 exec 插件），
+   to be stored directly in the kubeconfig.
+   -->
+   在某些环境中，用户配置可能对很多集群而言都完全一样（即调用同一个 exec 插件），
    只是针对不同集群会有一些细节上的差异，例如 audience。
    此字段使得特定于集群的配置可以直接使用集群信息来设置。
    不建议使用此字段来保存 Secret 数据，因为 exec 插件的主要优势之一是不需要在
-   kubeconfig 中保存 Secret 数据。</p>
+   kubeconfig 中保存 Secret 数据。
+   </p>
 </td>
 </tr>
 </tbody>
@@ -213,10 +247,12 @@ ExecCredentialSpec 保存传输组件所提供的特定于请求和运行时的
 <a href="#client-authentication-k8s-io-v1-Cluster"><code>Cluster</code></a>
 </td>
 <td>
-   <!--Cluster contains information to allow an exec plugin to communicate with the
+   <!--
+   Cluster contains information to allow an exec plugin to communicate with the
    kubernetes cluster being authenticated to. Note that Cluster is non-nil only
    when provideClusterInfo is set to true in the exec provider config (i.e.,
-   ExecConfig.ProvideClusterInfo).-->
+   ExecConfig.ProvideClusterInfo).
+   -->
    此字段中包含的信息使得 exec 插件能够与要访问的 Kubernetes 集群通信。
    注意，cluster 字段只有在 exec 驱动的配置中 provideClusterInfo
   （即：ExecConfig.ProvideClusterInfo）被设置为 true 时才不能为空。
@@ -227,7 +263,9 @@ ExecCredentialSpec 保存传输组件所提供的特定于请求和运行时的
 <code>bool</code>
 </td>
 <td>
-   <!--Interactive declares whether stdin has been passed to this exec plugin.-->
+   <!--
+   Interactive declares whether stdin has been passed to this exec plugin.
+   -->
    此字段用来标明标准输出信息是否已传递给 exec 插件。
 </td>
 </tr>
@@ -259,10 +297,12 @@ itself should at least be protected via file permissions.
 <thead><tr><th width="30%"><!--Field-->字段</th><th><!--Description-->描述</th></tr></thead>
 <tbody>
 <tr><td><code>expirationTimestamp</code><br/>
-<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.32/#time-v1-meta"><code>meta/v1.Time</code></a>
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.33/#time-v1-meta"><code>meta/v1.Time</code></a>
 </td>
 <td>
-   <!--ExpirationTimestamp indicates a time when the provided credentials expire.-->
+   <!--
+   ExpirationTimestamp indicates a time when the provided credentials expire.
+   -->
    给出所提供的凭据到期的时间。
 </td>
 </tr>
@@ -271,7 +311,9 @@ itself should at least be protected via file permissions.
 <code>string</code>
 </td>
 <td>
-   <!--Token is a bearer token used by the client for request authentication.-->
+   <!--
+   Token is a bearer token used by the client for request authentication.
+   -->
    客户端用做请求身份认证的持有者令牌。
 </td>
 </tr>
@@ -280,7 +322,9 @@ itself should at least be protected via file permissions.
 <code>string</code>
 </td>
 <td>
-   <!--PEM-encoded client TLS certificates (including intermediates, if any).-->
+   <!--
+   PEM-encoded client TLS certificates (including intermediates, if any).
+   -->
    PEM 编码的客户端 TLS 证书（如果有临时证书，也会包含）。
 </td>
 </tr>
@@ -289,7 +333,9 @@ itself should at least be protected via file permissions.
 <code>string</code>
 </td>
 <td>
-   <!--PEM-encoded private key for the above certificate.-->
+   <!--
+   PEM-encoded private key for the above certificate.
+   -->
    与上述证书对应的、PEM 编码的私钥。
 </td>
 </tr>
