Merge pull request #36137 from windsonsea/cluindex

k8s-ci-robot · web-flow · commit f3248d92bc5c · 2022-08-21T05:31:35.000-07:00
[zh-cn] resync /concepts/cluster-administration/_index.md
diff --git a/content/zh-cn/docs/concepts/cluster-administration/_index.md b/content/zh-cn/docs/concepts/cluster-administration/_index.md
@@ -6,7 +6,6 @@ description: >
   关于创建和管理 Kubernetes 集群的底层细节。
 no_list: true
 ---
-
 <!--
 title: Cluster Administration
 reviewers:
@@ -32,32 +31,40 @@ It assumes some familiarity with core Kubernetes [concepts](/docs/concepts/).
 <!--
 ## Planning a cluster
 
-See the guides in [Setup](/docs/setup/) for examples of how to plan, set up, and configure Kubernetes clusters. The solutions listed in this article are called *distros*.
-
-Not all distros are actively maintained. Choose distros which have been tested with a recent version of Kubernetes.
-
-Before choosing a guide, here are some considerations:
+See the guides in [Setup](/docs/setup/) for examples of how to plan, set up, and configure
+Kubernetes clusters. The solutions listed in this article are called *distros*.
 -->
 ## 规划集群   {#planning-a-cluster}
 
 查阅[安装](/zh-cn/docs/setup/)中的指导，获取如何规划、建立以及配置 Kubernetes
-集群的示例。本文所列的文章称为*发行版* 。
+集群的示例。本文所列的文章称为**发行版**。
 
 {{< note >}}
+<!--
+Not all distros are actively maintained. Choose distros which have been tested with a recent
+version of Kubernetes.
+-->
 并非所有发行版都是被积极维护的。
 请选择使用最近 Kubernetes 版本测试过的发行版。
 {{< /note >}}
 
+<!--
+Before choosing a guide, here are some considerations:
+-->
 在选择一个指南前，有一些因素需要考虑：
 
 <!--
-- Do you want to try out Kubernetes on your computer, or do you want to build a high-availability, multi-node cluster? Choose distros best suited for your needs.
-- Will you be using **a hosted Kubernetes cluster**, such as [Google Kubernetes Engine](https://cloud.google.com/kubernetes-engine/), or **hosting your own cluster**?
-- Will your cluster be **on-premises**, or **in the cloud (IaaS)**? Kubernetes does not directly support hybrid clusters. Instead, you can set up multiple clusters.
-- **If you are configuring Kubernetes on-premises**, consider which [networking model](/docs/concepts/cluster-administration/networking/) fits best.
+- Do you want to try out Kubernetes on your computer, or do you want to build a high-availability,
+  multi-node cluster? Choose distros best suited for your needs.
+- Will you be using **a hosted Kubernetes cluster**, such as
+  [Google Kubernetes Engine](https://cloud.google.com/kubernetes-engine/), or **hosting your own cluster**?
+- Will your cluster be **on-premises**, or **in the cloud (IaaS)**? Kubernetes does not directly
+  support hybrid clusters. Instead, you can set up multiple clusters.
+- **If you are configuring Kubernetes on-premises**, consider which
+  [networking model](/docs/concepts/cluster-administration/networking/) fits best.
 - Will you be running Kubernetes on **"bare metal" hardware** or on **virtual machines (VMs)**?
-- Do you **want to run a cluster**, or do you expect to do **active development of Kubernetes project code**? If the
-  latter, choose an actively-developed distro. Some distros only use binary releases, but
+- Do you **want to run a cluster**, or do you expect to do **active development of Kubernetes project code**?
+  If the latter, choose an actively-developed distro. Some distros only use binary releases, but
   offer a greater variety of choices.
 - Familiarize yourself with the [components](/docs/concepts/overview/components/) needed to run a cluster.
 -->
@@ -67,9 +74,9 @@ Before choosing a guide, here are some considerations:
   这样的**被托管的 Kubernetes 集群**, 还是**管理你自己的集群**？
 - 你的集群是在**本地**还是**云（IaaS）** 上？Kubernetes 不能直接支持混合集群。
   作为代替，你可以建立多个集群。
-- **如果你在本地配置 Kubernetes**，需要考虑哪种
-  [网络模型](/zh-cn/docs/concepts/cluster-administration/networking/)最适合。
-- 你的 Kubernetes 在**裸金属硬件**上还是**虚拟机（VMs）** 上运行？
+- **如果你在本地配置 Kubernetes**，
+  需要考虑哪种[网络模型](/zh-cn/docs/concepts/cluster-administration/networking/)最适合。
+- 你的 Kubernetes 在**裸金属硬件**上还是**虚拟机（VM）**上运行？
 - 你是想**运行一个集群**，还是打算**参与开发 Kubernetes 项目代码**？
   如果是后者，请选择一个处于开发状态的发行版。
   某些发行版只提供二进制发布版，但提供更多的选择。
@@ -78,7 +85,7 @@ Before choosing a guide, here are some considerations:
 <!--
 ## Managing a cluster
 
-* Learn how to [manage nodes](/docs/concepts/nodes/node/).
+* Learn how to [manage nodes](/docs/concepts/architecture/nodes/).
 
 * Learn how to set up and manage the [resource quota](/docs/concepts/policy/resource-quotas/) for shared clusters.
 -->
@@ -90,58 +97,65 @@ Before choosing a guide, here are some considerations:
 
 <!--
 ## Securing a cluster
-
-* [Generate Certificates](/docs/tasks/administer-cluster/certificates/) describes the steps to generate certificates using different tool chains.
-* [Kubernetes Container Environment](/docs/concepts/containers/container-environment/) describes the environment for Kubelet managed containers on a Kubernetes node.
-* [Controlling Access to the Kubernetes API](/docs/reference/access-authn-authz/controlling-access/) describes how to set up permissions for users and service accounts.
-* [Authenticating](/docs/reference/access-authn-authz/authentication/) explains authentication in Kubernetes, including the various authentication options.
-* [Authorization](/docs/reference/access-authn-authz/authorization/) is separate from authentication, and controls how HTTP calls are handled.
-* [Using Admission Controllers](/docs/reference/access-authn-authz/admission-controllers/) explains plug-ins which intercepts requests to the Kubernetes API server after authentication and authorization.
-* [Using Sysctls in a Kubernetes Cluster](/docs/concepts/cluster-administration/sysctl-cluster/) describes to an administrator how to use the `sysctl` command-line tool to set kernel parameters .
-* [Auditing](/docs/tasks/debug/debug-cluster/audit/) describes how to interact with Kubernetes' audit logs.
+* [Generate Certificates](/docs/tasks/administer-cluster/certificates/) describes the steps to
+  generate certificates using different tool chains.
+* [Kubernetes Container Environment](/docs/concepts/containers/container-environment/) describes
+  the environment for Kubelet managed containers on a Kubernetes node.
+* [Controlling Access to the Kubernetes API](/docs/concepts/security/controlling-access) describes
+  how Kubernetes implements access control for its own API.
+* [Authenticating](/docs/reference/access-authn-authz/authentication/) explains authentication in
+  Kubernetes, including the various authentication options.
+* [Authorization](/docs/reference/access-authn-authz/authorization/) is separate from
+  authentication, and controls how HTTP calls are handled.
+* [Using Admission Controllers](/docs/reference/access-authn-authz/admission-controllers/)
+  explains plug-ins which intercepts requests to the Kubernetes API server after authentication
+  and authorization.
+* [Using Sysctls in a Kubernetes Cluster](/docs/tasks/administer-cluster/sysctl-cluster/)
+  describes to an administrator how to use the `sysctl` command-line tool to set kernel parameters.
+* [Auditing](/docs/tasks/debug/debug-cluster/audit/) describes how to interact with Kubernetes'
+  audit logs.
 -->
 ## 保护集群  {#securing-a-cluster}
 
-* [生成证书](/zh-cn/docs/tasks/administer-cluster/certificates/)
-  节描述了使用不同的工具链生成证书的步骤。
-* [Kubernetes 容器环境](/zh-cn/docs/concepts/containers/container-environment/)
-  描述了 Kubernetes 节点上由 Kubelet 管理的容器的环境。
-* [控制到 Kubernetes API 的访问](/zh-cn/docs/concepts/security/controlling-access/)
-  描述了如何为用户和 service accounts 建立权限许可。
-* [身份认证](/zh-cn/docs/reference/access-authn-authz/authentication/)
-  节阐述了 Kubernetes 中的身份认证功能，包括许多认证选项。
-* [鉴权](/zh-cn/docs/reference/access-authn-authz/authorization/)
-  与身份认证不同，用于控制如何处理 HTTP 请求。
-* [使用准入控制器](/zh-cn/docs/reference/access-authn-authz/admission-controllers)
-  阐述了在认证和授权之后拦截到 Kubernetes API 服务的请求的插件。
-* [在 Kubernetes 集群中使用 Sysctls](/zh-cn/docs/tasks/administer-cluster/sysctl-cluster/)
+* [生成证书](/zh-cn/docs/tasks/administer-cluster/certificates/)描述了使用不同的工具链生成证书的步骤。
+* [Kubernetes 容器环境](/zh-cn/docs/concepts/containers/container-environment/)描述了
+  Kubernetes 节点上由 Kubelet 管理的容器的环境。
+* [控制对 Kubernetes API 的访问](/zh-cn/docs/concepts/security/controlling-access/)描述了 Kubernetes
+  如何为自己的 API 实现访问控制。
+* [身份认证](/zh-cn/docs/reference/access-authn-authz/authentication/)阐述了 Kubernetes
+  中的身份认证功能，包括许多认证选项。
+* [鉴权](/zh-cn/docs/reference/access-authn-authz/authorization/)与身份认证不同，用于控制如何处理 HTTP 请求。
+* [使用准入控制器](/zh-cn/docs/reference/access-authn-authz/admission-controllers)阐述了在认证和授权之后拦截到
+  Kubernetes API 服务的请求的插件。
+* [在 Kubernetes 集群中使用 sysctl](/zh-cn/docs/tasks/administer-cluster/sysctl-cluster/)
   描述了管理员如何使用 `sysctl` 命令行工具来设置内核参数。
-* [审计](/zh-cn/docs/tasks/debug/debug-cluster/audit/)
-  描述了如何与 Kubernetes 的审计日志交互。
+* [审计](/zh-cn/docs/tasks/debug/debug-cluster/audit/)描述了如何与 Kubernetes 的审计日志交互。
 
 <!--
 ### Securing the kubelet
 
-* [Master-Node communication](/docs/concepts/architecture/master-node-communication/)
+* [Control Plane-Node communication](/docs/concepts/architecture/control-plane-node-communication/)
 * [TLS bootstrapping](/docs/reference/access-authn-authz/kubelet-tls-bootstrapping/)
-* [Kubelet authentication/authorization](/docs/admin/kubelet-authentication-authorization/)
+* [Kubelet authentication/authorization](/docs/reference/access-authn-authz/kubelet-authn-authz/)
 -->
 ### 保护 kubelet   {#securing-the-kubelet}
 
-* [主控节点通信](/zh-cn/docs/concepts/architecture/control-plane-node-communication/)
-* [TLS 引导](/zh-cn/docs/reference/access-authn-authz/kubelet-tls-bootstrapping/)
-* [Kubelet 认证/授权](/zh-cn/docs/reference/access-authn-authz/kubelet-authn-authz/)
+* [节点与控制面之间的通信](/zh-cn/docs/concepts/architecture/control-plane-node-communication/)
+* [TLS 启动引导](/zh-cn/docs/reference/access-authn-authz/kubelet-tls-bootstrapping/)
+* [Kubelet 认证/鉴权](/zh-cn/docs/reference/access-authn-authz/kubelet-authn-authz/)
 
 <!--
 ## Optional Cluster Services
 
-* [DNS Integration](/docs/concepts/services-networking/dns-pod-service/) describes how to resolve a DNS name directly to a Kubernetes service.
-* [Logging and Monitoring Cluster Activity](/docs/concepts/cluster-administration/logging/) explains how logging in Kubernetes works and how to implement it.
+* [DNS Integration](/docs/concepts/services-networking/dns-pod-service/) describes how to resolve
+  a DNS name directly to a Kubernetes service.
+* [Logging and Monitoring Cluster Activity](/docs/concepts/cluster-administration/logging/)
+  explains how logging in Kubernetes works and how to implement it.
 -->
 ## 可选集群服务   {#optional-cluster-services}
 
-* [DNS 集成](/zh-cn/docs/concepts/services-networking/dns-pod-service/)
-  描述了如何将一个 DNS 名解析到一个 Kubernetes service。
-* [记录和监控集群活动](/zh-cn/docs/concepts/cluster-administration/logging/)
-  阐述了 Kubernetes 的日志如何工作以及怎样实现。
+* [DNS 集成](/zh-cn/docs/concepts/services-networking/dns-pod-service/)描述了如何将一个 DNS
+  名解析到一个 Kubernetes service。
+* [记录和监控集群活动](/zh-cn/docs/concepts/cluster-administration/logging/)阐述了 Kubernetes
+  的日志如何工作以及怎样实现。
 
