22title : Kubelet 配置 (v1)
33content_type : tool-reference
44package : kubelet.config.k8s.io/v1
5- auto_generated : true
65---
7-
86<!--
97title: Kubelet Configuration (v1)
108content_type: tool-reference
119package: kubelet.config.k8s.io/v1
1210auto_generated: true
1311-->
1412
15-
1613<!--
1714## Resource Types
1815-->
19-
2016## 资源类型
2117
2218- [ CredentialProviderConfig] ( #kubelet-config-k8s-io-v1-CredentialProviderConfig )
2319
24-
25-
2620## ` CredentialProviderConfig ` {#kubelet-config-k8s-io-v1-CredentialProviderConfig}
2721
28-
29-
3022<!--
3123CredentialProviderConfig is the configuration containing information about
3224each exec credential provider. Kubelet reads this configuration from disk and enables
3325each provider as specified by the CredentialProvider type.
3426-->
35- CredentialProviderConfig 包含有关每个 exec 凭据提供者的配置信息 。
36- Kubelet 从磁盘上读取这些配置信息,并根据 CredentialProvider 类型启用各个提供者 。
27+ CredentialProviderConfig 包含有关每个 exec 凭据提供程序的配置信息 。
28+ Kubelet 从磁盘上读取这些配置信息,并根据 CredentialProvider 类型启用各个提供程序 。
3729
3830<table class =" table " >
3931<thead ><tr ><th width =" 30% " ><!-- Field--> th ><th ><!-- Description--> th ></tr ></thead >
@@ -42,23 +34,22 @@ Kubelet 从磁盘上读取这些配置信息,并根据 CredentialProvider 类
4234<tr ><td ><code >apiVersion</code ><br />string</td ><td ><code >kubelet.config.k8s.io/v1</code ></td ></tr >
4335<tr ><td ><code >kind</code ><br />string</td ><td ><code >CredentialProviderConfig</code ></td ></tr >
4436
45-
4637<tr ><td ><code >providers</code > <B ><!-- [Required]--> B ><br />
4738<a href =" #kubelet-config-k8s-io-v1-CredentialProvider " ><code >[ ] CredentialProvider</code ></a >
4839</td >
4940<td >
50- <!--
51- providers is a list of credential provider plugins that will be enabled by the kubelet.
52- Multiple providers may match against a single image, in which case credentials
53- from all providers will be returned to the kubelet. If multiple providers are called
54- for a single image, the results are combined. If providers return overlapping
55- auth keys, the value from the provider earlier in this list is used.
56- -->
41+ <!--
42+ providers is a list of credential provider plugins that will be enabled by the kubelet.
43+ Multiple providers may match against a single image, in which case credentials
44+ from all providers will be returned to the kubelet. If multiple providers are called
45+ for a single image, the results are combined. If providers return overlapping
46+ auth keys, the value from the provider earlier in this list is used.
47+ -->
5748 <p >
58- <code >providers</code > 是一组凭据提供者插件 ,这些插件会被 kubelet 启用。
59- 多个提供者可以匹配到同一镜像上 ,这时,来自所有提供者的凭据信息都会返回给 kubelet。
60- 如果针对同一镜像调用了多个提供者 ,则结果会被组合起来。如果提供者返回的认证主键有重复 ,
61- 列表中先出现的提供者所返回的值将被使用 。
49+ <code >providers</code > 是一组凭据提供程序插件 ,这些插件会被 kubelet 启用。
50+ 多个提供程序可以匹配到同一镜像上 ,这时,来自所有提供程序的凭据信息都会返回给 kubelet。
51+ 如果针对同一镜像调用了多个提供程序 ,则结果会被组合起来。如果提供程序返回的认证主键有重复 ,
52+ 列表中先出现的提供程序所返回的值将被使用 。
6253 </p >
6354</td >
6455</tr >
@@ -81,22 +72,22 @@ invoked when an image being pulled matches the images handled by the plugin (see
8172CredentialProvider 代表的是要被 kubelet 调用的一个 exec 插件。
8273这一插件只会在所拉取的镜像与该插件所处理的镜像匹配时才会被调用(参见 <code >matchImages</code >)。
8374
84-
8575<table class =" table " >
8676<thead ><tr ><th width =" 30% " ><!-- Field--> th ><th ><!-- Description--> th ></tr ></thead >
8777<tbody >
8878
89-
9079<tr ><td ><code >name</code > <B ><!-- [Required]--> B ><br />
9180<code >string</code >
9281</td >
9382<td >
94- <!-- name is the required name of the credential provider. It must match the name of the
95- provider executable as seen by the kubelet. The executable must be in the kubelet's
96- bin directory (set by the --image-credential-provider-bin-dir flag). -->
83+ <!--
84+ name is the required name of the credential provider. It must match the name of the
85+ provider executable as seen by the kubelet. The executable must be in the kubelet's
86+ bin directory (set by the --image-credential-provider-bin-dir flag).
87+ -->
9788 <p >
98- <code >name</code > 是凭据提供者的名称 (必需)。此名称必须与 kubelet
99- 所看到的提供者可执行文件的名称匹配 。可执行文件必须位于 kubelet 的
89+ <code >name</code > 是凭据提供程序的名称 (必需)。此名称必须与 kubelet
90+ 所看到的提供程序可执行文件的名称匹配 。可执行文件必须位于 kubelet 的
10091 <code >bin</code > 目录(通过 <code >--image-credential-provider-bin-dir</code > 设置)下。
10192 </p >
10293</td >
@@ -112,9 +103,10 @@ requested image from the kubelet, the plugin will be invoked and given a chance
112103to provide credentials. Images are expected to contain the registry domain
113104and URL path.
114105-->
115- <p ><code >matchImages</code > 是一个必须设置的字符串列表,用来匹配镜像以便确定是否要调用此提供者 。
116- 如果字符串之一与 kubelet 所请求的镜像匹配,则此插件会被调用并给予提供凭证的机会 。
106+ <p ><code >matchImages</code > 是一个必须设置的字符串列表,用来匹配镜像以便确定是否要调用此提供程序 。
107+ 如果字符串之一与 kubelet 所请求的镜像匹配,则此插件会被调用并给予提供凭据的机会 。
117108镜像应该包含镜像库域名和 URL 路径。</p >
109+
118110<!--
119111Each entry in matchImages is a pattern which can optionally contain a port and a path.
120112Globs can be used in the domain, but not in the port or the path. Globs are supported
@@ -123,20 +115,21 @@ Matching partial subdomains like <code>app*.k8s.io</code> is also supported.
123115a single subdomain segment, so <code>*.io</code> does not match <code>*.k8s.io</code>.
124116-->
125117<p ><code >matchImages</code > 中的每个条目都是一个模式字符串,其中可以包含端口号和路径。
126- 域名部分可以包含统配符,但端口或路径部分不可以。通配符可以用作子域名,例如
127- <code >&ast ; .k8s.io</code > 或 <code >k8s.&ast ; .io</code >,以及顶级域名,如 <code >k8s.&ast ; </code >。</p >
128- <p >对类似 <code >app&ast ; .k8s.io</code > 这类部分子域名的匹配也是支持的。
118+ 域名部分可以包含通配符,但端口或路径部分不可以。
119+ <code >&ast ; .k8s.io</code > 或 <code >k8s.&ast ; .io</code > 等子域名以及
120+ <code >k8s.&ast ; </code > 这类顶级域名都支持通配符。</p >
121+ <p >对于 <code >app&ast ; .k8s.io</code > 这类部分子域名的匹配也是支持的。
129122每个通配符只能用来匹配一个子域名段,所以 <code >&ast ; .io</code > 不会匹配 <code >&ast ; .k8s.io</code >。</p >
130123<!--
131124A match exists between an image and a matchImage when all of the below are true:
132125-->
133126<p >镜像与 <code >matchImages</code > 之间存在匹配时,以下条件都要满足:</p >
134127<ul >
135- <!--
136- <li>Both contain the same number of domain parts and each part matches.</li>
137- <li>The URL path of an imageMatch must be a prefix of the target image URL path.</li>
138- <li>If the imageMatch contains a port, then the port must match in the image as well.</li>
139- -->
128+ <!--
129+ <li>Both contain the same number of domain parts and each part matches.</li>
130+ <li>The URL path of an imageMatch must be a prefix of the target image URL path.</li>
131+ <li>If the imageMatch contains a port, then the port must match in the image as well.</li>
132+ -->
140133 <li >二者均包含相同个数的域名部分,并且每个域名部分都对应匹配;</li >
141134 <li ><code >matchImages</code > 条目中的 URL 路径部分必须是目标镜像的 URL 路径的前缀;</li >
142135 <li >如果 <code >matchImages</code > 条目中包含端口号,则端口号也必须与镜像端口号匹配。</li >
@@ -158,10 +151,10 @@ Example values of matchImages:
158151<a href =" https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration " ><code >meta/v1.Duration</code ></a >
159152</td >
160153<td >
161- <!--
162- defaultCacheDuration is the default duration the plugin will cache credentials in-memory
163- if a cache duration is not provided in the plugin response. This field is required.
164- -->
154+ <!--
155+ defaultCacheDuration is the default duration the plugin will cache credentials in-memory
156+ if a cache duration is not provided in the plugin response. This field is required.
157+ -->
165158 <p >
166159 <code >defaultCacheDuration</code > 是插件在内存中缓存凭据的默认时长,
167160 在插件响应中没有给出缓存时长时,使用这里设置的值。此字段是必需的。
@@ -172,10 +165,10 @@ if a cache duration is not provided in the plugin response. This field is requir
172165<code >string</code >
173166</td >
174167<td >
175- <!--
176- Required input version of the exec CredentialProviderRequest. The returned CredentialProviderResponse
177- MUST use the same encoding version as the input. Current supported values are:
178- -->
168+ <!--
169+ Required input version of the exec CredentialProviderRequest. The returned CredentialProviderResponse
170+ MUST use the same encoding version as the input. Current supported values are:
171+ -->
179172 <p >
180173 要求 exec 插件 CredentialProviderRequest 请求的输入版本。
181174 所返回的 CredentialProviderResponse 必须使用与输入相同的编码版本。当前支持的值有:
@@ -189,21 +182,21 @@ MUST use the same encoding version as the input. Current supported values are:
189182<code >[ ] string</code >
190183</td >
191184<td >
192- <!--
193- Arguments to pass to the command when executing it.
194- -->
185+ <!--
186+ Arguments to pass to the command when executing it.
187+ -->
195188 <p >在执行插件可执行文件时要传递给命令的参数。</p >
196189</td >
197190</tr >
198191<tr ><td ><code >env</code ><br />
199192<a href =" #kubelet-config-k8s-io-v1-ExecEnvVar " ><code >[ ] ExecEnvVar</code ></a >
200193</td >
201194<td >
202- <!--
203- Env defines additional environment variables to expose to the process. These
204- are unioned with the host's environment, as well as variables client-go uses
205- to pass argument to the plugin.
206- -->
195+ <!--
196+ Env defines additional environment variables to expose to the process. These
197+ are unioned with the host's environment, as well as variables client-go uses
198+ to pass argument to the plugin.
199+ -->
207200 <p >
208201 <code >env</code > 定义要提供给插件进程的额外的环境变量。
209202 这些环境变量会与主机上的其他环境变量以及 client-go 所使用的环境变量组合起来,
@@ -229,26 +222,23 @@ credential plugin.
229222-->
230223ExecEnvVar 用来在执行基于 exec 的凭据插件时设置环境变量。
231224
232-
233225<table class =" table " >
234226<thead ><tr ><th width =" 30% " ><!-- Field--> th ><th ><!-- Description--> th ></tr ></thead >
235227<tbody >
236228
237-
238229<tr ><td ><code >name</code > <B ><!-- [Required]--> B ><br />
239230<code >string</code >
240231</td >
241232<td >
242- <!-- span class="text-muted"> No description provided.</span -->
243- <p >环境变量名称</p >
233+ <!-- No description provided. -->
234+ <span class = " text-muted " >环境变量名称</span ></ td >
244235</tr >
245- <tr ><td ><code >value</code > <B >[Required]</B ><br />
236+ <tr ><td ><code >value</code > <B ><!-- [Required] --> [必需 ]</B ><br />
246237<code >string</code >
247238</td >
248239<td >
249- <!-- span class="text-muted"> No description provided.</span -->
250- <p >环境变量取值</p >
240+ <!-- No description provided. -->
241+ <span class = " text-muted " >环境变量取值</span ></ td >
251242</tr >
252243</tbody >
253244</table >
254-
0 commit comments