[zh] - docs/reference/command-line-tools-reference/feature-gates.md #29551
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
k8s-ci-robot
added
cncf-cla: yes
k8s-ci-robot
added
language/zh
|
✔️ Deploy Preview for kubernetes-io-main-staging ready! 🔨 Explore the source changes: ba8429c 🔍 Inspect the deploy log: https://app.netlify.com/sites/kubernetes-io-main-staging/deploys/612a354822e060000877b64b 😎 Browse the preview: https://deploy-preview-29551--kubernetes-io-main-staging.netlify.app |
zhangguanzhang
force-pushed
the
zh-feature-gates
branch
from
9a5856e
to
a7fc058
Compare
|
/assign @tengqm |
tengqm
reviewed
Aug 28, 2021
| @@ -609,9 +701,13 @@ Each feature gate is designed for enabling/disabling a specific feature: | |||
| `--service-account-extend-token-expiration=false` 参数关闭扩展令牌。查看 | |||
| [绑定服务账号令牌](https://github.com/kubernetes/enhancements/blob/master/keps/sig-auth/1205-bound-service-account-tokens/README.md) | |||
| 获取更多详细信息。 | |||
| - `ControllerManagerLeaderMigration`: 为 | |||
| [kube-controller-manager](/zh/docs/tasks/administer-cluster/controller-manager-leader-migration/#initial-leader-migration-configuration) 和 | |||
| [cloud-controller-manager](/zh/docs/tasks/administer-cluster/controller-manager-leader-migration/#deploy-cloud-controller-manager) 启用 Leader 迁移,它允许集群管理者在没有停机的高可用集群环境下,实时把 kube-controller-manager 迁移迁移到外部的 controller-manager (例如 cloud-controller-manager) 中。 | |||
| --> | ||
| - `CSIVolumeFSGroupPolicy`: 允许 CSIDrivers 使用 `fsGroupPolicy` 字段. | ||
| 该字段能控制由 CSIDriver 创建的卷在挂载这些卷时是否支持卷所有权和权限修改。 | ||
| - `CSIVolumeHealth`: 启用对节点上的 CSI volume 运行状况监控的支持 | ||
| - `CSRDuration`: 允许客户端来通过请求 Kubernetes CSR API 签署的证书持续时间。 |
There was a problem hiding this comment.
Suggested change
| - `CSRDuration`: 允许客户端来通过请求 Kubernetes CSR API 签署的证书持续时间。 | |
| - `CSRDuration`: 允许客户端来通过请求 Kubernetes CSR API 签署的证书的持续时间。 |
| @@ -836,11 +960,17 @@ Each feature gate is designed for enabling/disabling a specific feature: | |||
| --> | |||
| - `DefaultPodTopologySpread`: 启用 `PodTopologySpread` 调度插件来完成 | |||
| [默认的调度传播](/zh/docs/concepts/workloads/pods/pod-topology-spread-constraints/#internal-default-constraints). | |||
| - `DelegateFSGroupToCSIDriver`: 如果 CSI 驱动程序支持,则通过 NodeStageVolume 和 | |||
| NodePublishVolume CSI 调用传递 `fsGroup` ,将应用 `fsGroup` 从 Pod 的 | |||
| `securityContext` 的角色委托给驱动。 | |||
There was a problem hiding this comment.
Suggested change
| `securityContext` 的角色委托给驱动。 | |
| `securityContext` 的角色委托给驱动。 |
| @@ -925,6 +1058,9 @@ Each feature gate is designed for enabling/disabling a specific feature: | |||
| This feature is deprecated by Pod Priority and Preemption as of v1.13. | |||
| --> | |||
| - `ExpandCSIVolumes`: 启用扩展 CSI 卷。 | |||
| - `ExpandedDNSConfig`: 在 kubelet 和 kube-apiserver 上启用后, | |||
| 允许更多的搜索域和搜索域列表to allow more DNS。 参阅 | |||
There was a problem hiding this comment.
Suggested change
| 允许更多的搜索域和搜索域列表to allow more DNS。 参阅 | |
| 允许更多的 DNS 搜索域和搜索域列表。 参阅 |
| - `IndexedJob`:允许 [Job](/zh/docs/concepts/workloads/controllers/job/) 控制器按每个完成的索引去管理 Pod 完成。 | ||
| - `IngressClassNamespacedParams`:允许引用命名空间范围的参数引用 `IngressClass`资源。该特性增加了两个字段 —— `Scope` 和 `Namespace` 到 `IngressClass.spec.parameters`。 | ||
| - `Initializers`: 使用 Initializers 准入插件允许异步协调对象创建。 | ||
| - `IPv6DualStack`:启用[双协议栈](/zh/docs/concepts/services-networking/dual-stack/) | ||
| 以支持 IPv6。 | ||
| - `JobTrackingWithFinalizers`: 启用跟踪[Job](/zh/docs/concepts/workloads/controllers/job) |
There was a problem hiding this comment.
Suggested change
| - `JobTrackingWithFinalizers`: 启用跟踪[Job](/zh/docs/concepts/workloads/controllers/job) | |
| - `JobTrackingWithFinalizers`: 启用跟踪 [Job](/zh/docs/concepts/workloads/controllers/job) |
| - `KubeletConfigFile`:启用从使用配置文件指定的文件中加载 kubelet 配置。 | ||
| 有关更多详细信息,请参见 | ||
| [通过配置文件设置 kubelet 参数](/zh/docs/tasks/administer-cluster/kubelet-config-file/)。 | ||
| - `KubeletCredentialProviders`:允许使用 kubelet exec 凭据提供程序来设置 | ||
| 镜像拉取凭据。 | ||
| - `KubeletInUserNamespace`: 支持在 {{<glossary_tooltip text="user namespace" term_id="userns">}} 里运行 kubelet 。 | ||
| 请参见 [Running Kubernetes Node Components as a Non-root User](/zh/docs/tasks/administer-cluster/kubelet-in-userns/). |
There was a problem hiding this comment.
Suggested change
| 请参见 [Running Kubernetes Node Components as a Non-root User](/zh/docs/tasks/administer-cluster/kubelet-in-userns/). | |
| 请参见[使用非 Root 用户来运行 Kubernetes 节点组件](/zh/docs/tasks/administer-cluster/kubelet-in-userns/). |
| 启用 Pod 的调度和抢占。 | ||
| - `PodReadinessGates`:启用 `podReadinessGate` 字段的设置以扩展 Pod 准备状态评估。 | ||
| 有关更多详细信息,请参见 | ||
| [Pod 就绪状态判别](/zh/docs/concepts/workloads/pods/pod-lifecycle/#pod-readiness-gate)。 | ||
| - `PodSecurity`: 开启 `PodSecurity`准入控制插件。 |
There was a problem hiding this comment.
Suggested change
| - `PodSecurity`: 开启 `PodSecurity`准入控制插件。 | |
| - `PodSecurity`: 开启 `PodSecurity` 准入控制插件。 |
| @@ -1034,7 +1199,8 @@ Each feature gate is designed for enabling/disabling a specific feature: | |||
| --> | |||
| - `KubeletPodResources`:启用 kubelet 的 Pod 资源 GRPC 端点。更多详细信息,请参见 | |||
| [支持设备监控](https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/compute-device-assignment.md)。 | |||
| - `KubeletPodResourcesGetAllocatable`:启用 kubelet 的 pod 资源 `GetAllocatableResources` 功能。 | |||
| - `KubeletPodResourcesGetAllocatable`:启用 kubelet 的 pod 资源 | |||
There was a problem hiding this comment.
Suggested change
| - `KubeletPodResourcesGetAllocatable`:启用 kubelet 的 pod 资源 | |
| - `KubeletPodResourcesGetAllocatable`:启用 kubelet 上 pod 资源 |
tengqm
reviewed
Aug 28, 2021
| @@ -1069,7 +1238,9 @@ Each feature gate is designed for enabling/disabling a specific feature: | |||
| 的后备文件系统支持项目配额,并且启用了这些配额,将使用项目配额来监视 | |||
| [emptyDir 卷](/zh/docs/concepts/storage/volumes/#emptydir)的存储消耗 | |||
| 而不是遍历文件系统,以此获得更好的性能和准确性。 | |||
| - `LogarithmicScaleDown`:启用Pod的半随机(semi-random)选择,控制器将根据 Pod 时间戳的对数桶按比例缩小去驱逐 Pod。 | |||
| - `LogarithmicScaleDown`:启用 Pod 的半随机(semi-random)选择,控制器将根据 Pod 时间戳的对数桶按比例缩小去驱逐 Pod。 | |||
| - `MemoryManager`: 允许基于 NUMA 拓扑为容器设置内存关联。 | |||
There was a problem hiding this comment.
Suggested change
| - `MemoryManager`: 允许基于 NUMA 拓扑为容器设置内存关联。 | |
| - `MemoryManager`: 允许基于 NUMA 拓扑为容器设置内存亲和性。 |
| @@ -1102,6 +1276,9 @@ Each feature gate is designed for enabling/disabling a specific feature: | |||
| - `NodeDisruptionExclusion`:启用节点标签 `node.kubernetes.io/exclude-disruption`, | |||
| 以防止在可用区发生故障期间驱逐节点。 | |||
| - `NodeLease`:启用新的 Lease(租期)API 以报告节点心跳,可用作节点运行状况信号。 | |||
| - `NodeSwap`: 启用 kubelet 为节点上的 Kubernetes 工作负载分配交换内存的能力。 | |||
| 必须将 `KubeletConfiguration.failSwapOn` 设置为 false 的情况下才能使用。 | |||
| 更多详细信息,请参见 [swap memory](/zh/docs/concepts/architecture/nodes/#swap-memory) | |||
There was a problem hiding this comment.
Suggested change
| 更多详细信息,请参见 [swap memory](/zh/docs/concepts/architecture/nodes/#swap-memory) | |
| 更多详细信息,请参见[交换内存](/zh/docs/concepts/architecture/nodes/#swap-memory)。 |
| - `ProbeTerminationGracePeriod`:在 Pod 上 启用 | ||
| [设置探测器级别 `terminationGracePeriodSeconds`](/zh/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#probe-level-terminationgraceperiodseconds)。 | ||
| 有关更多信息,请参见 [enhancement proposal](https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/2238-liveness-probe-grace-period)。 | ||
| - `ProcMountType`:允许容器通过设置 SecurityContext 的 `procMount` 字段来控制 | ||
| 对 proc 文件系统的挂载方式。 | ||
| - `ProxyTerminatingEndpoints`: 当 `ExternalTrafficPolicy=Local` 时, | ||
| 启用 kube-proxy 来处理终止的 endpoints 。 |
There was a problem hiding this comment.
Suggested change
| 启用 kube-proxy 来处理终止的 endpoints 。 | |
| 允许 kube-proxy 来处理终止过程中的端点。 |
| - `QOSReserved`:允许在 QoS 级别进行资源预留,以防止处于较低 QoS 级别的 Pod | ||
| 突发进入处于较高 QoS 级别的请求资源(目前仅适用于内存)。 | ||
| - `ReadWriteOncePod`: 启用 `ReadWriteOncePod` 的 PersistentVolume 的访问模式的使用。 |
There was a problem hiding this comment.
Suggested change
| - `ReadWriteOncePod`: 启用 `ReadWriteOncePod` 的 PersistentVolume 的访问模式的使用。 | |
| - `ReadWriteOncePod`: 允许使用 `ReadWriteOncePod` 访问模式的 PersistentVolume。 |
| @@ -1224,6 +1419,9 @@ Each feature gate is designed for enabling/disabling a specific feature: | |||
| --> | |||
| - `SCTPSupport`:在 Pod、Service、Endpoints、NetworkPolicy 定义中 | |||
| 允许将 _SCTP_ 用作 `protocol` 值。 | |||
| - `SeccompDefault`: 允许使用 `RuntimeDefault` 来为所有工作附着在设置默认的 seccomp 配置文件。 | |||
There was a problem hiding this comment.
Suggested change
| - `SeccompDefault`: 允许使用 `RuntimeDefault` 来为所有工作附着在设置默认的 seccomp 配置文件。 | |
| - `SeccompDefault`: 允许将所有工作负载的默认 seccomp 配置文件为 `RuntimeDefault`。 |
| @@ -1224,6 +1419,9 @@ Each feature gate is designed for enabling/disabling a specific feature: | |||
| --> | |||
| - `SCTPSupport`:在 Pod、Service、Endpoints、NetworkPolicy 定义中 | |||
| 允许将 _SCTP_ 用作 `protocol` 值。 | |||
| - `SeccompDefault`: 允许使用 `RuntimeDefault` 来为所有工作附着在设置默认的 seccomp 配置文件。 | |||
| seccomp 配置在 Pod 或者容器的 `securityContext` 字段中指定。 | |||
There was a problem hiding this comment.
Suggested change
| seccomp 配置在 Pod 或者容器的 `securityContext` 字段中指定。 | |
| seccomp 配置在 Pod 或者容器的 `securityContext` 字段中指定。 |
| @@ -1275,6 +1475,7 @@ Each feature gate is designed for enabling/disabling a specific feature: | |||
| --> | |||
| - `StartupProbe`:在 kubelet 中启用 | |||
| [启动探针](/zh/docs/concepts/workloads/pods/pod-lifecycle/#when-should-you-use-a-startup-probe)。 | |||
| - `StatefulSetMinReadySeconds`: 允许 StatefulSet 控制器遵守 `minReadySeconds`。 | |||
There was a problem hiding this comment.
Suggested change
| - `StatefulSetMinReadySeconds`: 允许 StatefulSet 控制器遵守 `minReadySeconds`。 | |
| - `StatefulSetMinReadySeconds`: 允许 StatefulSet 控制器采纳 `minReadySeconds` 设置。 |
| --> | ||
| - `VolumeSubpathEnvExpansion`:启用 `subPathExpr` 字段用于将环境变量在 `subPath` | ||
| 中展开。 | ||
| - `WarningHeaders`:允许在 API 响应中发送警告头部。 | ||
| - `WatchBookmark`:启用对 watch 操作中 bookmark 事件的支持。 | ||
| - `WinDSR`:允许 kube-proxy 为 Windows 创建 DSR 负载均衡。 | ||
| - `WinOverlay`:允许 kube-proxy 在 Windows 的覆盖网络模式下运行。 | ||
| - `WindowsEndpointSliceProxying`: 当启用时,运行在 Windows 上的 kube-proxy | ||
| 将使用 EndpointSlices 而不是 endpoint 作为主要数据源,从而实现可伸缩性和性能改进。 |
There was a problem hiding this comment.
Suggested change
| 将使用 EndpointSlices 而不是 endpoint 作为主要数据源,从而实现可伸缩性和性能改进。 | |
| 将使用 EndpointSlices 而不是 Endpoints 作为主要数据源,从而实现可伸缩性和并改进性能。 |
| --> | ||
| - `VolumeSubpathEnvExpansion`:启用 `subPathExpr` 字段用于将环境变量在 `subPath` | ||
| 中展开。 | ||
| - `WarningHeaders`:允许在 API 响应中发送警告头部。 | ||
| - `WatchBookmark`:启用对 watch 操作中 bookmark 事件的支持。 | ||
| - `WinDSR`:允许 kube-proxy 为 Windows 创建 DSR 负载均衡。 | ||
| - `WinOverlay`:允许 kube-proxy 在 Windows 的覆盖网络模式下运行。 | ||
| - `WindowsEndpointSliceProxying`: 当启用时,运行在 Windows 上的 kube-proxy | ||
| 将使用 EndpointSlices 而不是 endpoint 作为主要数据源,从而实现可伸缩性和性能改进。 | ||
| 详情请参见[Enabling Endpoint Slices](/zh/docs/concepts/administer-cluster/enabling-endpointslices/). |
There was a problem hiding this comment.
Suggested change
| 详情请参见[Enabling Endpoint Slices](/zh/docs/concepts/administer-cluster/enabling-endpointslices/). | |
| 详情请参见[启用短点切片](/zh/docs/concepts/administer-cluster/enabling-endpointslices/). |
zhangguanzhang
force-pushed
the
zh-feature-gates
branch
from
a7fc058
to
c1e1824
Compare
|
all had done |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
zhangguanzhang
force-pushed
the
zh-feature-gates
branch
from
c1e1824
to
ba8429c
Compare
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: tengqm The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
@chenrui333 PTAL |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
LGTM label has been added. Git tree hash: df6158a79d10c61b2f6b14e1ba31728f9d580088
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Signed-off-by: zhangguanzhang zhangguanzhang@qq.com
Ref: #29327 (comment)