[zh] sync cilium-network-policy.md

windsonsea · windsonsea · commit f6adf582d790 · 2022-11-20T12:16:12.000+08:00
diff --git a/content/zh-cn/docs/tasks/administer-cluster/network-policy-provider/cilium-network-policy.md b/content/zh-cn/docs/tasks/administer-cluster/network-policy-provider/cilium-network-policy.md
@@ -39,11 +39,11 @@ to perform a basic DaemonSet installation of Cilium in minikube.
 To start minikube, minimal version required is >= v1.5.2, run the with the
 following arguments:
 -->
-## 在 Minikube 上部署 Cilium 用于基本测试
+## 在 Minikube 上部署 Cilium 用于基本测试   {#deploying-cilium-on-minikube-for-basic-testing}
 
-为了轻松熟悉 Cilium 你可以根据
+为了轻松熟悉 Cilium，你可以根据
 [Cilium Kubernetes 入门指南](https://docs.cilium.io/en/stable/gettingstarted/k8s-install-default/s)
-在 minikube 中执行一个 cilium 的基本 DaemonSet 安装。
+在 minikube 中执行一个 Cilium 的基本 DaemonSet 安装。
 
 要启动 minikube，需要的最低版本为 1.5.2，使用下面的参数运行：
 
@@ -55,58 +55,75 @@ minikube version: v1.5.2
 ```
 
 ```shell
-minikube start --network-plugin=cni --memory=4096
+minikube start --network-plugin=cni
 ```
 
 <!--
-For minikube you can install Cilium using its CLI tool. Cilium will
-automatically detect the cluster configuration and will install the appropriate
-components for a successful installation:
+For minikube you can install Cilium using its CLI tool. To do so, first download the latest
+version of the CLI with the following command:
 -->
 对于 minikube 你可以使用 Cilium 的 CLI 工具安装它。
-Cilium 将自动检测集群配置并为成功的集群部署选择合适的组件。
+为此，先用以下命令下载最新版本的 CLI：
 
 ```shell
 curl -LO https://github.com/cilium/cilium-cli/releases/latest/download/cilium-linux-amd64.tar.gz
+```
+
+<!--
+Then extract the downloaded file to your `/usr/local/bin` directory with the following command:
+-->
+然后用以下命令将下载的文件解压缩到你的 `/usr/local/bin` 目录：
+
+```shell
 sudo tar xzvfC cilium-linux-amd64.tar.gz /usr/local/bin
 rm cilium-linux-amd64.tar.gz
-cilium install
 ```
+
+<!--
+After running the above commands, you can now install Cilium with the following command:
+-->
+运行上述命令后，你现在可以用以下命令安装 Cilium：
+
+```shell
+cilium install
 ```
-🔮 Auto-detected Kubernetes kind: minikube
-✨ Running "minikube" validation checks
-✅ Detected minikube version "1.20.0"
-ℹ️  Cilium version not set, using default version "v1.10.0"
-🔮 Auto-detected cluster name: minikube
-🔮 Auto-detected IPAM mode: cluster-pool
-🔮 Auto-detected datapath mode: tunnel
-🔑 Generating CA...
-2021/05/27 02:54:44 [INFO] generate received request
-2021/05/27 02:54:44 [INFO] received CSR
-2021/05/27 02:54:44 [INFO] generating key: ecdsa-256
-2021/05/27 02:54:44 [INFO] encoded CSR
-2021/05/27 02:54:44 [INFO] signed certificate with serial number 48713764918856674401136471229482703021230538642
-🔑 Generating certificates for Hubble...
-2021/05/27 02:54:44 [INFO] generate received request
-2021/05/27 02:54:44 [INFO] received CSR
-2021/05/27 02:54:44 [INFO] generating key: ecdsa-256
-2021/05/27 02:54:44 [INFO] encoded CSR
-2021/05/27 02:54:44 [INFO] signed certificate with serial number 3514109734025784310086389188421560613333279574
-🚀 Creating Service accounts...
-🚀 Creating Cluster roles...
-🚀 Creating ConfigMap...
-🚀 Creating Agent DaemonSet...
-🚀 Creating Operator Deployment...
-⌛ Waiting for Cilium to be installed...
-```
+
+<!--
+Cilium will then automatically detect the cluster configuration and create and
+install the appropriate components for a successful installation.
+The components are:
+
+- Certificate Authority (CA) in Secret `cilium-ca` and certificates for Hubble (Cilium's observability layer).
+- Service accounts.
+- Cluster roles.
+- ConfigMap.
+- Agent DaemonSet and an Operator Deployment.
+-->
+随后 Cilium 将自动检测集群配置，并创建和安装合适的组件以成功完成安装。
+这些组件为：
+
+- Secret `cilium-ca` 中的证书机构 (CA) 和 Hubble（Cilium 的可观测层）所用的证书。
+- 服务账号。
+- 集群角色。
+- ConfigMap。
+- Agent DaemonSet 和 Operator Deployment。
+
+<!--
+After the installation, you can view the overall status of the Cilium deployment with the `cilium status` command.
+See the expected output of the `status` command
+[here](https://docs.cilium.io/en/stable/gettingstarted/k8s-install-default/#validate-the-installation). 
+-->
+安装之后，你可以用 `cilium status` 命令查看 Cilium Deployment 的整体状态。
+[在此处](https://docs.cilium.io/en/stable/gettingstarted/k8s-install-default/#validate-the-installation)查看
+`status` 命令的预期输出。
 
 <!--
 The remainder of the Getting Started Guide explains how to enforce both L3/L4
 (i.e., IP address + port) security policies, as well as L7 (e.g., HTTP) security
 policies using an example application.
 -->
-入门指南其余的部分用一个示例应用说明了如何强制执行 L3/L4（即 IP 地址+端口）的安全策略
-以及L7 （如 HTTP）的安全策略。
+入门指南其余的部分用一个示例应用说明了如何强制执行 L3/L4（即 IP 地址 + 端口）的安全策略以及
+L7 （如 HTTP）的安全策略。
 
 <!--
 ## Deploying Cilium for Production Use
@@ -116,10 +133,10 @@ For detailed instructions around deploying Cilium for production, see:
 This documentation includes detailed requirements, instructions and example
 production DaemonSet files.
  -->
-## 部署 Cilium 用于生产用途
+## 部署 Cilium 用于生产用途   {#deployment-cilium-for-production-use}
 
-关于部署 Cilium 用于生产的详细说明，请见
-[Cilium Kubernetes 安装指南](https://docs.cilium.io/en/stable/concepts/kubernetes/intro/)
+关于部署 Cilium 用于生产的详细说明，请参见
+[Cilium Kubernetes 安装指南](https://docs.cilium.io/en/stable/concepts/kubernetes/intro/)。
 此文档包括详细的需求、说明和生产用途 DaemonSet 文件示例。
 
 <!-- discussion -->
@@ -129,17 +146,19 @@ production DaemonSet files.
 
 Deploying a cluster with Cilium adds Pods to the `kube-system` namespace. To see
 this list of Pods run:
- -->
-##  了解 Cilium 组件
+-->
+## 了解 Cilium 组件   {#understanding-cilium-components}
 
-部署使用 Cilium 的集群会添加 Pods 到 `kube-system` 命名空间。要查看 Pod 列表，运行：
+部署使用 Cilium 的集群会添加 Pod 到 `kube-system` 命名空间。要查看 Pod 列表，运行：
 
 ```shell
 kubectl get pods --namespace=kube-system -l k8s-app=cilium
 ```
 
-<!-- You'll see a list of Pods similar to this: -->
-你将看到像这样的 Pods 列表：
+<!--
+You'll see a list of Pods similar to this:
+-->
+你将看到像这样的 Pod 列表：
 
 ```console
 NAME           READY   STATUS    RESTARTS   AGE
@@ -163,9 +182,8 @@ to try out Kubernetes NetworkPolicy with Cilium.
 Have fun, and if you have questions, contact us using the
 [Cilium Slack Channel](https://cilium.herokuapp.com/).
 -->
-集群运行后，你可以按照
-[声明网络策略](/zh-cn/docs/tasks/administer-cluster/declare-network-policy/)
-试用基于 Cilium 的 Kubernetes NetworkPolicy。
-玩得开心，如果你有任何疑问，请到 [Cilium Slack 频道](https://cilium.herokuapp.com/)
-联系我们。
+集群运行后，
+你可以按照[声明网络策略](/zh-cn/docs/tasks/administer-cluster/declare-network-policy/)试用基于
+Cilium 的 Kubernetes NetworkPolicy。玩得开心，如果你有任何疑问，请到
+[Cilium Slack 频道](https://cilium.herokuapp.com/)联系我们。
 
