Merge branch 'master' into release-1.9

kubernetes · Dec 6, 2017 · 802eb48 · 802eb48
2 parents 3944be8 + 93646b0
commit 802eb48
Show file tree

Hide file tree

Showing 16 changed files with 257 additions and 135 deletions.
diff --git a/_data/glossary/configmap.yaml b/_data/glossary/configmap.yaml
@@ -0,0 +1,13 @@
+id: configmap
+name: ConfigMap
+full-link: /docs/tasks/configure-pod-container/configmap/
+related:
+- pod
+- secret
+tags:
+- core-object
+short-description: >
+  An API object used to store non-confidential data in key-value pairs. Can be consumed as environment variables, command-line arguments, or config files in a {% glossary_tooltip text="volume" term_id="volume" %}.
+long-description: >
+  Allows you to decouple environment-specific configuration from your {% glossary_tooltip text="container images" term_id="container" %}, so that your applications are easily portable.
+  When storing confidential data use a [Secret](https://kubernetes.io/docs/concepts/configuration/secret/).
diff --git a/_data/glossary/daemonset.yaml b/_data/glossary/daemonset.yaml
@@ -0,0 +1,10 @@
+id: daemonset
+name: DaemonSet
+full-link: /docs/concepts/workloads/controllers/daemonset
+tags:
+- fundamental
+- workload
+short-description: >
+  Ensures a copy of a {% glossary_tooltip term_id="pod" %} is running across a set of nodes in a {% glossary_tooltip term_id="cluster" %}.
+long-description: >
+  Used to deploy system daemons such as log collectors and monitoring agents that typically must run on every {% glossary_tooltip term_id="node" %}.
diff --git a/_data/glossary/image.yaml b/_data/glossary/image.yaml
@@ -0,0 +1,9 @@
+id: image
+name: Image
+tags:
+- fundamental
+short-description: >
+  Stored instance of a container that holds a set of software needed to run an application.
+long-description: >
+  A way of packaging software that allows it to be stored in a container registry, pulled to a local system, and run as an application. Meta data is included in the image that can indicate what executable to run, who built it, and other information.
+
diff --git a/_data/glossary/job.yaml b/_data/glossary/job.yaml
@@ -0,0 +1,9 @@
+id: job
+name: Job
+full-link: /docs/concepts/workloads/controllers/jobs-run-to-completion
+tags:
+- core-object
+short-description: >
+  A finite or batch task that runs to completion.
+long-description: >
+  Creates one or more {% glossary_tooltip term_id="pod" %} objects and ensures that a specified number of them successfully terminate. As Pods successfully complete, the Job tracks the successful completions.
diff --git a/_data/glossary/namespace.yaml b/_data/glossary/namespace.yaml
@@ -0,0 +1,9 @@
+id: namespace
+name: Namespace
+full-link: /docs/concepts/overview/working-with-objects/namespaces
+tags:
+- fundamental
+short-description: >
+  An abstraction used by Kubernetes to support virtual clusters on the same physical {% glossary_tooltip term_id="cluster" %}.
+long-description: >
+  Namespaces are used to organize objects in a cluster and provide a way to divide cluster resources. Names of resources need to be unique within a namespace, but not across namespaces.
diff --git a/_data/glossary/network-policy.yaml b/_data/glossary/network-policy.yaml
@@ -0,0 +1,13 @@
+id: network-policy
+name: Network Policy
+full-link: /docs/concepts/services-networking/network-policies/
+aka:
+  - NetworkPolicy
+tags:
+- networking
+- architecture
+- extension
+short-description: >
+  A specification of how groups of Pods are allowed to communicate with each other and with other network endpoints.
+long-description: >
+  Network Policies help you declaratively configure which Pods are allowed to connect to each other, which namespaces are allowed to communicate, and more specifically which port numbers to enforce each policy on. `NetworkPolicy` resources use labels to select Pods and define rules which specify what traffic is allowed to the selected Pods. Network Policies are implemented by a supported network plugin provided by a network provider. Be aware that creating a network resource without a controller to implement it will have no effect.
diff --git a/_data/glossary/node.yaml b/_data/glossary/node.yaml
@@ -0,0 +1,13 @@
+id: node
+name: Node
+full-link: /docs/concepts/architecture/node
+aka:
+- Minion
+related:
+- deployment
+tags:
+- fundamental
+short-description: >
+  A node is a worker machine in Kubernetes.
+long-description: >
+  A worker machine may be a VM or physical machine, depending on the cluster. It has the {% glossary_tooltip text="Services" term_id="service" %} necessary to run {% glossary_tooltip text="Pods" term_id="pod" %} and is managed by the master components. The {% glossary_tooltip text="Services" term_id="service" %} on a node include Docker, kubelet and kube-proxy.
diff --git a/_data/glossary/pod-security-policy.yaml b/_data/glossary/pod-security-policy.yaml
@@ -0,0 +1,19 @@
+id: pod-security-policy
+name: Pod Security Policy
+full-link: /docs/concepts/policy/pod-security-policy/
+related:
+- pod
+- container
+- sidecar
+- deployment
+- statefulset
+- security
+tags:
+- core-object
+- fundamental
+short-description: >
+  Enables fine-grained authorization of {% glossary_tooltip term_id="pod" %} creation and updates.
+long-description: >
+  A cluster-level resource that controls security sensitive aspects of the Pod specification.
+  The `PodSecurityPolicy` objects define a set of conditions that a Pod must run with in order to be accepted into the system, as well as defaults for the related fields.
+  Pod Security Policy control is implemented as an optional admission controller.
diff --git a/_data/glossary/replication-controller.yaml b/_data/glossary/replication-controller.yaml
@@ -0,0 +1,9 @@
+id: replication-controller
+name: Replication Controller
+tags:
+- fundamental
+short-description: >
+  Kubernetes service that ensures a specific number of instances of a pod are always running.
+long-description: >
+  Will automatically add or remove running instances of a pod, based on a set value for that pod. Allows the pod to return to the defined number of instances if pods are deleted or if too many are started by mistake.
+
diff --git a/_data/glossary/security-context.yaml b/_data/glossary/security-context.yaml
@@ -0,0 +1,9 @@
+id: security-context
+name: Security Context
+full-link: /docs/tasks/configure-pod-container/security-context/
+tags:
+- security
+short-description: >
+  The securityContext field defines privilege and access control settings for a Pod or Container, including the runtime UID and GID.
+long-description: >
+  The securityContext field in a {% glossary_tooltip term_id="pod" %} (applying to all containers) or container is used to set the user (runAsUser) and group (fsGroup), capabilities, privilege settings, and security policies (SELinux/AppArmor/Seccomp) that container processes use.
diff --git a/_data/glossary/service-account.yaml b/_data/glossary/service-account.yaml
@@ -0,0 +1,10 @@
+id: service-account
+name: Service Account
+full-link: /docs/tasks/configure-pod-container/configure-service-account/
+tags:
+- fundamental
+- core-object
+short-description: >
+  Provides an identity for processes that run in a Pod {% glossary_tooltip text="Pods" term_id="pod" %}.
+long-description: >
+  When processes inside Pods access the cluster, they are authenticated by the API server as a particular service account, for example, `default`. When you create a Pod, if you do not specify a service account, it is automatically assigned the default service account in the same namespace {% glossary_tooltip text="Namespace" term_id="namespace" %}.
diff --git a/_data/glossary/volume.yaml b/_data/glossary/volume.yaml
@@ -0,0 +1,17 @@
+id: volume
+name: Volume
+full-link: kubernetes.io/docs/concepts/storage/volumes/
+related:
+- pod
+- container
+- secret
+tags:
+- core-object
+- fundamental
+short-description: >
+ A directory containing data, accessible to the containers in a {% glossary_tooltip text="pod" term_id="pod" %}.
+long-description: >
+ A Kubernetes volume lives as long as the {% glossary_tooltip text="pod" term_id="pod" %} that encloses it.
+ Consequently, a volume outlives any {% glossary_tooltip text="containers" term_id="container" %} that run within the
+ {% glossary_tooltip text="pod" term_id="pod" %}, and data is preserved across
+ {% glossary_tooltip text="container" term_id="container" %} restarts. 
diff --git a/cn/docs/concepts/overview/what-is-kubernetes.md b/cn/docs/concepts/overview/what-is-kubernetes.md
@@ -70,7 +70,7 @@ Kubernetes 满足了生产中运行应用程序的许多常见的需求，例如
 * [Pod](/docs/user-guide/pods/) 提供复合应用并保留一个应用一个容器的容器模型,
 * [挂载外部存储](/docs/user-guide/volumes/),
 * [Secret管理](/docs/user-guide/secrets/),
-* [应用健康检查](/docs/user-guide/production-pods/#liveness-and-readiness-probes-aka-health-checks),
+* [应用健康检查](/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/),
 * [副本应用实例](/docs/user-guide/replication-controller/),
 * [横向自动扩缩容](/docs/user-guide/horizontal-pod-autoscaling/),
 * [服务发现](/docs/user-guide/connecting-applications/),

diff --git a/cn/docs/concepts/services-networking/connect-applications-service.md b/cn/docs/concepts/services-networking/connect-applications-service.md
@@ -366,16 +366,7 @@ LoadBalancer Ingress:   a320587ffd19711e5a37606cf4a74574-1142138393.us-east-1.el
 ...
 ```
 
-
-
 ## 进一步阅读
 
 Kubernetes 也支持联合 Service，能够跨多个集群和云提供商，为 Service 提供逐步增强的可用性、更优的容错、更好的可伸缩性。
 查看 [联合 Service 用户指南](/docs/concepts/cluster-administration/federation-service-discovery/) 获取更进一步信息。
-
-
-
-## 下一步
-
-[了解更多关于 Kubernetes 的特性，有助于在生产环境中可靠地运行容器](/docs/user-guide/production-pods)
-
diff --git a/cn/docs/concepts/workloads/pods/init-containers.md b/cn/docs/concepts/workloads/pods/init-containers.md
@@ -85,7 +85,7 @@ Init 容器支持应用容器的全部字段和特性，包括资源限制、数
 * 克隆 Git 仓库到数据卷。
 * 将配置值放到配置文件中，运行模板工具为主应用容器动态地生成配置文件。例如，在配置文件中存放 POD_IP 值，并使用 Jinja 生成主应用配置文件。
 
-更多详细用法示例，可以在 [StatefulSet 文档](/docs/concepts/abstractions/controllers/statefulsets/) 和 [生产环境 Pod 指南](/docs/user-guide/production-pods.md#handling-initialization)  中找到。
+更多详细用法示例，可以在 [StatefulSet 文档](/docs/concepts/abstractions/controllers/statefulsets/) 和 [Pod 初始化](/docs/tasks/configure-pod-container/configure-pod-initialization)  中找到。