CINXE.COM
动态准入控制 | Kubernetes
<!doctype html> <html lang="zh-cn" class="no-js"> <head> <meta name="robots" content="noindex, nofollow"> <link rel="alternate" hreflang="en" href="https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/"> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="generator" content="Hugo 0.111.3"> <link rel="shortcut icon" type="image/png" href="/images/favicon.png"> <link rel="apple-touch-icon" href="/favicons/apple-touch-icon-180x180.png" sizes="180x180"> <link rel="manifest" href="/manifest.webmanifest"> <link rel="apple-touch-icon" href="/images/kubernetes-192x192.png"> <title>动态准入控制 | Kubernetes</title><meta property="og:title" content="动态准入控制" /> <meta property="og:description" content="除了内置的 admission 插件, 准入插件可以作为扩展独立开发,并以运行时所配置的 Webhook 的形式运行。 此页面描述了如何构建、配置、使用和监视准入 Webhook。 什么是准入 Webhook? 准入 Webhook 是一种用于接收准入请求并对其进行处理的 HTTP 回调机制。 可以定义两种类型的准入 Webhook, 即验证性质的准入 Webhook 和变更性质的准入 Webhook。 变更性质的准入 Webhook 会先被调用。它们可以修改发送到 API 服务器的对象以执行自定义的设置默认值操作。 在完成了所有对象修改并且 API 服务器也验证了所传入的对象之后, 验证性质的 Webhook 会被调用,并通过拒绝请求的方式来强制实施自定义的策略。 说明: 如果准入 Webhook 需要保证它们所看到的是对象的最终状态以实施某种策略。 则应使用验证性质的准入 Webhook,因为对象被修改性质 Webhook 看到之后仍然可能被修改。 尝试准入 Webhook 准入 Webhook 本质上是集群控制平面的一部分。你应该非常谨慎地编写和部署它们。 如果你打算编写或者部署生产级准入 Webhook, 请阅读用户指南以获取相关说明。 在下文中,我们将介绍如何快速试验准入 Webhook。 先决条件 确保启用 MutatingAdmissionWebhook 和 ValidatingAdmissionWebhook 控制器。 这里 是一组推荐的 admission 控制器,通常可以启用。 确保启用了 admissionregistration.k8s.io/v1 API。 编写一个准入 Webhook 服务器 请参阅 Kubernetes e2e 测试中的 Admission Webhook 服务器 的实现。Webhook 处理由 API 服务器发送的 AdmissionReview 请求,并且将其决定作为 AdmissionReview 对象以相同版本发送回去。" /> <meta property="og:type" content="article" /> <meta property="og:url" content="https://kubernetes.io/zh-cn/docs/reference/access-authn-authz/extensible-admission-controllers/" /><meta property="article:section" content="docs" /> <meta property="article:modified_time" content="2023-10-05T10:58:36+08:00" /><meta property="og:site_name" content="Kubernetes" /> <meta itemprop="name" content="动态准入控制"> <meta itemprop="description" content="除了内置的 admission 插件, 准入插件可以作为扩展独立开发,并以运行时所配置的 Webhook 的形式运行。 此页面描述了如何构建、配置、使用和监视准入 Webhook。 什么是准入 Webhook? 准入 Webhook 是一种用于接收准入请求并对其进行处理的 HTTP 回调机制。 可以定义两种类型的准入 Webhook, 即验证性质的准入 Webhook 和变更性质的准入 Webhook。 变更性质的准入 Webhook 会先被调用。它们可以修改发送到 API 服务器的对象以执行自定义的设置默认值操作。 在完成了所有对象修改并且 API 服务器也验证了所传入的对象之后, 验证性质的 Webhook 会被调用,并通过拒绝请求的方式来强制实施自定义的策略。 说明: 如果准入 Webhook 需要保证它们所看到的是对象的最终状态以实施某种策略。 则应使用验证性质的准入 Webhook,因为对象被修改性质 Webhook 看到之后仍然可能被修改。 尝试准入 Webhook 准入 Webhook 本质上是集群控制平面的一部分。你应该非常谨慎地编写和部署它们。 如果你打算编写或者部署生产级准入 Webhook, 请阅读用户指南以获取相关说明。 在下文中,我们将介绍如何快速试验准入 Webhook。 先决条件 确保启用 MutatingAdmissionWebhook 和 ValidatingAdmissionWebhook 控制器。 这里 是一组推荐的 admission 控制器,通常可以启用。 确保启用了 admissionregistration.k8s.io/v1 API。 编写一个准入 Webhook 服务器 请参阅 Kubernetes e2e 测试中的 Admission Webhook 服务器 的实现。Webhook 处理由 API 服务器发送的 AdmissionReview 请求,并且将其决定作为 AdmissionReview 对象以相同版本发送回去。"> <meta itemprop="dateModified" content="2023-10-05T10:58:36+08:00" /> <meta itemprop="wordCount" content="2754"> <meta itemprop="keywords" content="" /><meta name="twitter:card" content="summary"/> <meta name="twitter:title" content="动态准入控制"/> <meta name="twitter:description" content="除了内置的 admission 插件, 准入插件可以作为扩展独立开发,并以运行时所配置的 Webhook 的形式运行。 此页面描述了如何构建、配置、使用和监视准入 Webhook。 什么是准入 Webhook? 准入 Webhook 是一种用于接收准入请求并对其进行处理的 HTTP 回调机制。 可以定义两种类型的准入 Webhook, 即验证性质的准入 Webhook 和变更性质的准入 Webhook。 变更性质的准入 Webhook 会先被调用。它们可以修改发送到 API 服务器的对象以执行自定义的设置默认值操作。 在完成了所有对象修改并且 API 服务器也验证了所传入的对象之后, 验证性质的 Webhook 会被调用,并通过拒绝请求的方式来强制实施自定义的策略。 说明: 如果准入 Webhook 需要保证它们所看到的是对象的最终状态以实施某种策略。 则应使用验证性质的准入 Webhook,因为对象被修改性质 Webhook 看到之后仍然可能被修改。 尝试准入 Webhook 准入 Webhook 本质上是集群控制平面的一部分。你应该非常谨慎地编写和部署它们。 如果你打算编写或者部署生产级准入 Webhook, 请阅读用户指南以获取相关说明。 在下文中,我们将介绍如何快速试验准入 Webhook。 先决条件 确保启用 MutatingAdmissionWebhook 和 ValidatingAdmissionWebhook 控制器。 这里 是一组推荐的 admission 控制器,通常可以启用。 确保启用了 admissionregistration.k8s.io/v1 API。 编写一个准入 Webhook 服务器 请参阅 Kubernetes e2e 测试中的 Admission Webhook 服务器 的实现。Webhook 处理由 API 服务器发送的 AdmissionReview 请求,并且将其决定作为 AdmissionReview 对象以相同版本发送回去。"/> <link href="/scss/main.css" rel="stylesheet"> <script type="application/ld+json"> { "@context": "https://schema.org", "@type": "Organization", "url": "https://kubernetes.io", "logo": "https://kubernetes.io/images/favicon.png", } </script> <meta name="theme-color" content="#326ce5"> <style> .gutter { background-color: #eee; background-repeat: no-repeat; background-position: 50%; } .gutter.gutter-horizontal { background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAUAAAAeCAYAAADkftS9AAAAIklEQVQoU2M4c+bMfxAGAgYYmwGrIIiDjrELjpo5aiZeMwF+yNnOs5KSvgAAAABJRU5ErkJggg=='); cursor: col-resize; } #sidebarnav, #maindoc { max-width: 100%; } #maindoc { overflow-wrap: break-word; } @media (max-width: 768px) { #sidebarnav { padding-left: 15px; padding-right: 15px; } } </style> <link rel="stylesheet" href="/css/feature-states.css"> <meta name="description" content="除了内置的 admission 插件, 准入插件可以作为扩展独立开发,并以运行时所配置的 Webhook 的形式运行。 此页面描述了如何构建、配置、使用和监视准入 Webhook。 什么是准入 Webhook? 准入 Webhook 是一种用于接收准入请求并对其进行处理的 HTTP 回调机制。 可以定义两种类型的准入 Webhook, 即验证性质的准入 Webhook 和变更性质的准入 Webhook。 变更性质的准入 Webhook 会先被调用。它们可以修改发送到 API 服务器的对象以执行自定义的设置默认值操作。 在完成了所有对象修改并且 API 服务器也验证了所传入的对象之后, 验证性质的 Webhook 会被调用,并通过拒绝请求的方式来强制实施自定义的策略。 说明: 如果准入 Webhook 需要保证它们所看到的是对象的最终状态以实施某种策略。 则应使用验证性质的准入 Webhook,因为对象被修改性质 Webhook 看到之后仍然可能被修改。 尝试准入 Webhook 准入 Webhook 本质上是集群控制平面的一部分。你应该非常谨慎地编写和部署它们。 如果你打算编写或者部署生产级准入 Webhook, 请阅读用户指南以获取相关说明。 在下文中,我们将介绍如何快速试验准入 Webhook。 先决条件 确保启用 MutatingAdmissionWebhook 和 ValidatingAdmissionWebhook 控制器。 这里 是一组推荐的 admission 控制器,通常可以启用。 确保启用了 admissionregistration.k8s.io/v1 API。 编写一个准入 Webhook 服务器 请参阅 Kubernetes e2e 测试中的 Admission Webhook 服务器 的实现。Webhook 处理由 API 服务器发送的 AdmissionReview 请求,并且将其决定作为 AdmissionReview 对象以相同版本发送回去。"> <meta property="og:description" content="除了内置的 admission 插件, 准入插件可以作为扩展独立开发,并以运行时所配置的 Webhook 的形式运行。 此页面描述了如何构建、配置、使用和监视准入 Webhook。 什么是准入 Webhook? 准入 Webhook 是一种用于接收准入请求并对其进行处理的 HTTP 回调机制。 可以定义两种类型的准入 Webhook, 即验证性质的准入 Webhook 和变更性质的准入 Webhook。 变更性质的准入 Webhook 会先被调用。它们可以修改发送到 API 服务器的对象以执行自定义的设置默认值操作。 在完成了所有对象修改并且 API 服务器也验证了所传入的对象之后, 验证性质的 Webhook 会被调用,并通过拒绝请求的方式来强制实施自定义的策略。 说明: 如果准入 Webhook 需要保证它们所看到的是对象的最终状态以实施某种策略。 则应使用验证性质的准入 Webhook,因为对象被修改性质 Webhook 看到之后仍然可能被修改。 尝试准入 Webhook 准入 Webhook 本质上是集群控制平面的一部分。你应该非常谨慎地编写和部署它们。 如果你打算编写或者部署生产级准入 Webhook, 请阅读用户指南以获取相关说明。 在下文中,我们将介绍如何快速试验准入 Webhook。 先决条件 确保启用 MutatingAdmissionWebhook 和 ValidatingAdmissionWebhook 控制器。 这里 是一组推荐的 admission 控制器,通常可以启用。 确保启用了 admissionregistration.k8s.io/v1 API。 编写一个准入 Webhook 服务器 请参阅 Kubernetes e2e 测试中的 Admission Webhook 服务器 的实现。Webhook 处理由 API 服务器发送的 AdmissionReview 请求,并且将其决定作为 AdmissionReview 对象以相同版本发送回去。"> <meta name="twitter:description" content="除了内置的 admission 插件, 准入插件可以作为扩展独立开发,并以运行时所配置的 Webhook 的形式运行。 此页面描述了如何构建、配置、使用和监视准入 Webhook。 什么是准入 Webhook? 准入 Webhook 是一种用于接收准入请求并对其进行处理的 HTTP 回调机制。 可以定义两种类型的准入 Webhook, 即验证性质的准入 Webhook 和变更性质的准入 Webhook。 变更性质的准入 Webhook 会先被调用。它们可以修改发送到 API 服务器的对象以执行自定义的设置默认值操作。 在完成了所有对象修改并且 API 服务器也验证了所传入的对象之后, 验证性质的 Webhook 会被调用,并通过拒绝请求的方式来强制实施自定义的策略。 说明: 如果准入 Webhook 需要保证它们所看到的是对象的最终状态以实施某种策略。 则应使用验证性质的准入 Webhook,因为对象被修改性质 Webhook 看到之后仍然可能被修改。 尝试准入 Webhook 准入 Webhook 本质上是集群控制平面的一部分。你应该非常谨慎地编写和部署它们。 如果你打算编写或者部署生产级准入 Webhook, 请阅读用户指南以获取相关说明。 在下文中,我们将介绍如何快速试验准入 Webhook。 先决条件 确保启用 MutatingAdmissionWebhook 和 ValidatingAdmissionWebhook 控制器。 这里 是一组推荐的 admission 控制器,通常可以启用。 确保启用了 admissionregistration.k8s.io/v1 API。 编写一个准入 Webhook 服务器 请参阅 Kubernetes e2e 测试中的 Admission Webhook 服务器 的实现。Webhook 处理由 API 服务器发送的 AdmissionReview 请求,并且将其决定作为 AdmissionReview 对象以相同版本发送回去。"> <meta property="og:url" content="https://kubernetes.io/zh-cn/docs/reference/access-authn-authz/extensible-admission-controllers/"> <meta property="og:title" content="动态准入控制"> <meta name="twitter:title" content="动态准入控制"> <meta name="twitter:image" content="https://kubernetes.io/images/favicon.png" /> <meta name="twitter:image:alt" content="Kubernetes"> <meta property="og:image" content="/images/kubernetes-horizontal-color.png"> <meta property="og:type" content="article"> <script src="/js/jquery-3.6.0.min.js" intregrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script> <script src="/js/split-1.6.0.js" intregrity="sha384-0blL3GqHy6+9fw0cyY2Aoiwg4onHAtslAs4OkqZY7UQBrR65/K4gI+hxLdWDrjpz"></script> <title>动态准入控制 | Kubernetes</title> </head> <body class="td-page td-documentation"> <header> <nav class="js-navbar-scroll navbar navbar-expand navbar-dark flex-column flex-md-row td-navbar" data-auto-burger="primary"> <a class="navbar-brand img-fluid" href="/zh-cn/"></a> <div class="td-navbar-nav-scroll ml-md-auto" id="main_navbar"> <ul class="navbar-nav mt-2 mt-lg-0"> <li class="nav-item mr-2 mb-lg-0"> <a class="nav-link active" href="/zh-cn/docs/" >文档</a> </li> <li class="nav-item mr-2 mb-lg-0"> <a class="nav-link" href="/zh-cn/blog/" >Kubernetes 博客</a> </li> <li class="nav-item mr-2 mb-lg-0"> <a class="nav-link" href="/zh-cn/training/" >培训</a> </li> <li class="nav-item mr-2 mb-lg-0"> <a class="nav-link" href="/zh-cn/partners/" >合作伙伴</a> </li> <li class="nav-item mr-2 mb-lg-0"> <a class="nav-link" href="/zh-cn/community/" >社区</a> </li> <li class="nav-item mr-2 mb-lg-0"> <a class="nav-link" href="/zh-cn/case-studies/" >案例分析</a> </li> <li class="nav-item mr-n3 mr-lg-0 dropdown"> <a class="nav-link dropdown-toggle" href="#" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> 版本列表 </a> <div class="dropdown-menu dropdown-menu-right" aria-labelledby="navbarDropdownMenuLink"> <a class="dropdown-item" href="/zh-cn/releases">发布信息</a> <a class="dropdown-item" href="https://kubernetes.io/zh-cn/docs/reference/access-authn-authz/extensible-admission-controllers/">v1.31</a> <a class="dropdown-item" href="https://v1-30.docs.kubernetes.io/zh-cn/docs/reference/access-authn-authz/extensible-admission-controllers/">v1.30</a> <a class="dropdown-item" href="https://v1-29.docs.kubernetes.io/zh-cn/docs/reference/access-authn-authz/extensible-admission-controllers/">v1.29</a> <a class="dropdown-item" href="https://v1-28.docs.kubernetes.io/zh-cn/docs/reference/access-authn-authz/extensible-admission-controllers/">v1.28</a> <a class="dropdown-item" href="https://v1-27.docs.kubernetes.io/zh-cn/docs/reference/access-authn-authz/extensible-admission-controllers/">v1.27</a> </div> </li> <li class="nav-item mr-n4 mr-lg-0 dropdown"> <a class="nav-link dropdown-toggle" href="#" id="navbarDropdownMenuLink" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> 中文 (Chinese) </a> <div class="dropdown-menu dropdown-menu-right" aria-labelledby="navbarDropdownMenuLink"> <a class="dropdown-item" href="/docs/reference/access-authn-authz/extensible-admission-controllers/">English</a> </div> </li> </ul> </div> <button id="hamburger" onclick="kub.toggleMenu()" data-auto-burger-exclude><div></div></button> </nav> <section class="header-hero filler"> </section> </header> <div class="container-fluid td-outer"> <div class="td-main"> <div class="row flex-column flex-md-row"> <div id="sidebarnav" class="split td-sidebar d-print-none"> <script> $(function() { $("#td-section-nav a").removeClass("active"); $("#td-section-nav #m-zh-cn-docs-reference-access-authn-authz-extensible-admission-controllers").addClass("active"); $("#td-section-nav #m-zh-cn-docs-reference-access-authn-authz-extensible-admission-controllers-li span").addClass("td-sidebar-nav-active-item"); $("#td-section-nav #m-zh-cn-docs-reference-access-authn-authz-extensible-admission-controllers").parents("li").addClass("active-path"); $("#td-section-nav li.active-path").addClass("show"); $("#td-section-nav li.active-path").children("input").prop('checked', true); $("#td-section-nav #m-zh-cn-docs-reference-access-authn-authz-extensible-admission-controllers-li").siblings("li").addClass("show"); $("#td-section-nav #m-zh-cn-docs-reference-access-authn-authz-extensible-admission-controllers-li").children("ul").children("li").addClass("show"); $("#td-sidebar-menu").toggleClass("d-none"); }); </script> <div id="td-sidebar-menu" class="td-sidebar__inner d-none"> <form class="td-sidebar__search d-flex align-items-center"> <input type="search" class="form-control td-search-input" name="q" placeholder=" 搜索" aria-label="搜索" autocomplete="off" > <button class="btn btn-link td-sidebar__toggle d-md-none p-0 ml-3 fas fa-bars" type="button" data-toggle="collapse" data-target="#td-section-nav" aria-controls="td-docs-nav" aria-expanded="false" aria-label="Toggle section navigation"> </button> </form> <nav class="collapse td-sidebar-nav foldable-nav" id="td-section-nav"> <ul class="td-sidebar-nav__section pr-md-3 ul-0"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-li"> <ul class="ul-1"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-home-li"> <input type="checkbox" id="m-zh-cn-docs-home-check"/> <label for="m-zh-cn-docs-home-check"><a href="/zh-cn/docs/home/" title="Kubernetes 文档" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-home"><span class="">文档</span></a></label> <ul class="ul-2 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-home-supported-doc-versions-li"> <input type="checkbox" id="m-zh-cn-docs-home-supported-doc-versions-check"/> <label for="m-zh-cn-docs-home-supported-doc-versions-check"><a href="/zh-cn/docs/home/supported-doc-versions/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-home-supported-doc-versions"><span class="">Kubernetes 文档支持的版本</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-setup-li"> <input type="checkbox" id="m-zh-cn-docs-setup-check"/> <label for="m-zh-cn-docs-setup-check"><a href="/zh-cn/docs/setup/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-setup"><span class="">入门</span></a></label> <ul class="ul-2 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-setup-learning-environment-li"> <input type="checkbox" id="m-zh-cn-docs-setup-learning-environment-check"/> <label for="m-zh-cn-docs-setup-learning-environment-check"><a href="/zh-cn/docs/setup/learning-environment/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-setup-learning-environment"><span class="">学习环境</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-setup-production-environment-li"> <input type="checkbox" id="m-zh-cn-docs-setup-production-environment-check"/> <label for="m-zh-cn-docs-setup-production-environment-check"><a href="/zh-cn/docs/setup/production-environment/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-setup-production-environment"><span class="">生产环境</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-setup-production-environment-container-runtimes-li"> <input type="checkbox" id="m-zh-cn-docs-setup-production-environment-container-runtimes-check"/> <label for="m-zh-cn-docs-setup-production-environment-container-runtimes-check"><a href="/zh-cn/docs/setup/production-environment/container-runtimes/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-setup-production-environment-container-runtimes"><span class="">容器运行时</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-setup-production-environment-tools-li"> <input type="checkbox" id="m-zh-cn-docs-setup-production-environment-tools-check"/> <label for="m-zh-cn-docs-setup-production-environment-tools-check"><a href="/zh-cn/docs/setup/production-environment/tools/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-setup-production-environment-tools"><span class="">使用部署工具安装 Kubernetes</span></a></label> <ul class="ul-4 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-setup-production-environment-tools-kubeadm-li"> <input type="checkbox" id="m-zh-cn-docs-setup-production-environment-tools-kubeadm-check"/> <label for="m-zh-cn-docs-setup-production-environment-tools-kubeadm-check"><a href="/zh-cn/docs/setup/production-environment/tools/kubeadm/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-setup-production-environment-tools-kubeadm"><span class="">使用 kubeadm 引导集群</span></a></label> <ul class="ul-5 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-setup-production-environment-tools-kubeadm-install-kubeadm-li"> <input type="checkbox" id="m-zh-cn-docs-setup-production-environment-tools-kubeadm-install-kubeadm-check"/> <label for="m-zh-cn-docs-setup-production-environment-tools-kubeadm-install-kubeadm-check"><a href="/zh-cn/docs/setup/production-environment/tools/kubeadm/install-kubeadm/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-setup-production-environment-tools-kubeadm-install-kubeadm"><span class="">安装 kubeadm</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-setup-production-environment-tools-kubeadm-troubleshooting-kubeadm-li"> <input type="checkbox" id="m-zh-cn-docs-setup-production-environment-tools-kubeadm-troubleshooting-kubeadm-check"/> <label for="m-zh-cn-docs-setup-production-environment-tools-kubeadm-troubleshooting-kubeadm-check"><a href="/zh-cn/docs/setup/production-environment/tools/kubeadm/troubleshooting-kubeadm/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-setup-production-environment-tools-kubeadm-troubleshooting-kubeadm"><span class="">对 kubeadm 进行故障排查</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-setup-production-environment-tools-kubeadm-create-cluster-kubeadm-li"> <input type="checkbox" id="m-zh-cn-docs-setup-production-environment-tools-kubeadm-create-cluster-kubeadm-check"/> <label for="m-zh-cn-docs-setup-production-environment-tools-kubeadm-create-cluster-kubeadm-check"><a href="/zh-cn/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-setup-production-environment-tools-kubeadm-create-cluster-kubeadm"><span class="">使用 kubeadm 创建集群</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-setup-production-environment-tools-kubeadm-control-plane-flags-li"> <input type="checkbox" id="m-zh-cn-docs-setup-production-environment-tools-kubeadm-control-plane-flags-check"/> <label for="m-zh-cn-docs-setup-production-environment-tools-kubeadm-control-plane-flags-check"><a href="/zh-cn/docs/setup/production-environment/tools/kubeadm/control-plane-flags/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-setup-production-environment-tools-kubeadm-control-plane-flags"><span class="">使用 kubeadm API 定制组件</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-setup-production-environment-tools-kubeadm-ha-topology-li"> <input type="checkbox" id="m-zh-cn-docs-setup-production-environment-tools-kubeadm-ha-topology-check"/> <label for="m-zh-cn-docs-setup-production-environment-tools-kubeadm-ha-topology-check"><a href="/zh-cn/docs/setup/production-environment/tools/kubeadm/ha-topology/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-setup-production-environment-tools-kubeadm-ha-topology"><span class="">高可用拓扑选项</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-setup-production-environment-tools-kubeadm-high-availability-li"> <input type="checkbox" id="m-zh-cn-docs-setup-production-environment-tools-kubeadm-high-availability-check"/> <label for="m-zh-cn-docs-setup-production-environment-tools-kubeadm-high-availability-check"><a href="/zh-cn/docs/setup/production-environment/tools/kubeadm/high-availability/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-setup-production-environment-tools-kubeadm-high-availability"><span class="">利用 kubeadm 创建高可用集群</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-setup-production-environment-tools-kubeadm-setup-ha-etcd-with-kubeadm-li"> <input type="checkbox" id="m-zh-cn-docs-setup-production-environment-tools-kubeadm-setup-ha-etcd-with-kubeadm-check"/> <label for="m-zh-cn-docs-setup-production-environment-tools-kubeadm-setup-ha-etcd-with-kubeadm-check"><a href="/zh-cn/docs/setup/production-environment/tools/kubeadm/setup-ha-etcd-with-kubeadm/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-setup-production-environment-tools-kubeadm-setup-ha-etcd-with-kubeadm"><span class="">使用 kubeadm 创建一个高可用 etcd 集群</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-setup-production-environment-tools-kubeadm-kubelet-integration-li"> <input type="checkbox" id="m-zh-cn-docs-setup-production-environment-tools-kubeadm-kubelet-integration-check"/> <label for="m-zh-cn-docs-setup-production-environment-tools-kubeadm-kubelet-integration-check"><a href="/zh-cn/docs/setup/production-environment/tools/kubeadm/kubelet-integration/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-setup-production-environment-tools-kubeadm-kubelet-integration"><span class="">使用 kubeadm 配置集群中的每个 kubelet</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-setup-production-environment-tools-kubeadm-dual-stack-support-li"> <input type="checkbox" id="m-zh-cn-docs-setup-production-environment-tools-kubeadm-dual-stack-support-check"/> <label for="m-zh-cn-docs-setup-production-environment-tools-kubeadm-dual-stack-support-check"><a href="/zh-cn/docs/setup/production-environment/tools/kubeadm/dual-stack-support/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-setup-production-environment-tools-kubeadm-dual-stack-support"><span class="">使用 kubeadm 支持双协议栈</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-setup-production-environment-tools-kops-li"> <input type="checkbox" id="m-zh-cn-docs-setup-production-environment-tools-kops-check"/> <label for="m-zh-cn-docs-setup-production-environment-tools-kops-check"><a href="/zh-cn/docs/setup/production-environment/tools/kops/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-setup-production-environment-tools-kops"><span class="">使用 kOps 安装 Kubernetes</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-setup-production-environment-tools-kubespray-li"> <input type="checkbox" id="m-zh-cn-docs-setup-production-environment-tools-kubespray-check"/> <label for="m-zh-cn-docs-setup-production-environment-tools-kubespray-check"><a href="/zh-cn/docs/setup/production-environment/tools/kubespray/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-setup-production-environment-tools-kubespray"><span class="">使用 Kubespray 安装 Kubernetes</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-setup-production-environment-turnkey-solutions-li"> <input type="checkbox" id="m-zh-cn-docs-setup-production-environment-turnkey-solutions-check"/> <label for="m-zh-cn-docs-setup-production-environment-turnkey-solutions-check"><a href="/zh-cn/docs/setup/production-environment/turnkey-solutions/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-setup-production-environment-turnkey-solutions"><span class="">Turnkey 云解决方案</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-setup-best-practices-li"> <input type="checkbox" id="m-zh-cn-docs-setup-best-practices-check"/> <label for="m-zh-cn-docs-setup-best-practices-check"><a href="/zh-cn/docs/setup/best-practices/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-setup-best-practices"><span class="">最佳实践</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-setup-best-practices-cluster-large-li"> <input type="checkbox" id="m-zh-cn-docs-setup-best-practices-cluster-large-check"/> <label for="m-zh-cn-docs-setup-best-practices-cluster-large-check"><a href="/zh-cn/docs/setup/best-practices/cluster-large/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-setup-best-practices-cluster-large"><span class="">大规模集群的注意事项</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-setup-best-practices-multiple-zones-li"> <input type="checkbox" id="m-zh-cn-docs-setup-best-practices-multiple-zones-check"/> <label for="m-zh-cn-docs-setup-best-practices-multiple-zones-check"><a href="/zh-cn/docs/setup/best-practices/multiple-zones/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-setup-best-practices-multiple-zones"><span class="">运行于多可用区环境</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-setup-best-practices-node-conformance-li"> <input type="checkbox" id="m-zh-cn-docs-setup-best-practices-node-conformance-check"/> <label for="m-zh-cn-docs-setup-best-practices-node-conformance-check"><a href="/zh-cn/docs/setup/best-practices/node-conformance/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-setup-best-practices-node-conformance"><span class="">校验节点设置</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-setup-best-practices-enforcing-pod-security-standards-li"> <input type="checkbox" id="m-zh-cn-docs-setup-best-practices-enforcing-pod-security-standards-check"/> <label for="m-zh-cn-docs-setup-best-practices-enforcing-pod-security-standards-check"><a href="/zh-cn/docs/setup/best-practices/enforcing-pod-security-standards/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-setup-best-practices-enforcing-pod-security-standards"><span class="">强制实施 Pod 安全性标准</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-setup-best-practices-certificates-li"> <input type="checkbox" id="m-zh-cn-docs-setup-best-practices-certificates-check"/> <label for="m-zh-cn-docs-setup-best-practices-certificates-check"><a href="/zh-cn/docs/setup/best-practices/certificates/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-setup-best-practices-certificates"><span class="">PKI 证书和要求</span></a></label> </li> </ul> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-concepts-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-check"/> <label for="m-zh-cn-docs-concepts-check"><a href="/zh-cn/docs/concepts/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-concepts"><span class="">概念</span></a></label> <ul class="ul-2 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-concepts-overview-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-overview-check"/> <label for="m-zh-cn-docs-concepts-overview-check"><a href="/zh-cn/docs/concepts/overview/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-concepts-overview"><span class="">概述</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-concepts-overview-working-with-objects-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-overview-working-with-objects-check"/> <label for="m-zh-cn-docs-concepts-overview-working-with-objects-check"><a href="/zh-cn/docs/concepts/overview/working-with-objects/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-concepts-overview-working-with-objects"><span class="">Kubernetes 对象</span></a></label> <ul class="ul-4 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-overview-working-with-objects-object-management-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-overview-working-with-objects-object-management-check"/> <label for="m-zh-cn-docs-concepts-overview-working-with-objects-object-management-check"><a href="/zh-cn/docs/concepts/overview/working-with-objects/object-management/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-overview-working-with-objects-object-management"><span class="">Kubernetes 对象管理</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-overview-working-with-objects-names-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-overview-working-with-objects-names-check"/> <label for="m-zh-cn-docs-concepts-overview-working-with-objects-names-check"><a href="/zh-cn/docs/concepts/overview/working-with-objects/names/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-overview-working-with-objects-names"><span class="">对象名称和 ID</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-overview-working-with-objects-labels-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-overview-working-with-objects-labels-check"/> <label for="m-zh-cn-docs-concepts-overview-working-with-objects-labels-check"><a href="/zh-cn/docs/concepts/overview/working-with-objects/labels/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-overview-working-with-objects-labels"><span class="">标签和选择算符</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-overview-working-with-objects-namespaces-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-overview-working-with-objects-namespaces-check"/> <label for="m-zh-cn-docs-concepts-overview-working-with-objects-namespaces-check"><a href="/zh-cn/docs/concepts/overview/working-with-objects/namespaces/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-overview-working-with-objects-namespaces"><span class="">名字空间</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-overview-working-with-objects-annotations-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-overview-working-with-objects-annotations-check"/> <label for="m-zh-cn-docs-concepts-overview-working-with-objects-annotations-check"><a href="/zh-cn/docs/concepts/overview/working-with-objects/annotations/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-overview-working-with-objects-annotations"><span class="">注解</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-overview-working-with-objects-field-selectors-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-overview-working-with-objects-field-selectors-check"/> <label for="m-zh-cn-docs-concepts-overview-working-with-objects-field-selectors-check"><a href="/zh-cn/docs/concepts/overview/working-with-objects/field-selectors/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-overview-working-with-objects-field-selectors"><span class="">字段选择器</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-overview-working-with-objects-finalizers-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-overview-working-with-objects-finalizers-check"/> <label for="m-zh-cn-docs-concepts-overview-working-with-objects-finalizers-check"><a href="/zh-cn/docs/concepts/overview/working-with-objects/finalizers/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-overview-working-with-objects-finalizers"><span class="">Finalizers</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-overview-working-with-objects-owners-dependents-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-overview-working-with-objects-owners-dependents-check"/> <label for="m-zh-cn-docs-concepts-overview-working-with-objects-owners-dependents-check"><a href="/zh-cn/docs/concepts/overview/working-with-objects/owners-dependents/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-overview-working-with-objects-owners-dependents"><span class="">属主与附属</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-overview-working-with-objects-common-labels-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-overview-working-with-objects-common-labels-check"/> <label for="m-zh-cn-docs-concepts-overview-working-with-objects-common-labels-check"><a href="/zh-cn/docs/concepts/overview/working-with-objects/common-labels/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-overview-working-with-objects-common-labels"><span class="">推荐使用的标签</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-overview-components-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-overview-components-check"/> <label for="m-zh-cn-docs-concepts-overview-components-check"><a href="/zh-cn/docs/concepts/overview/components/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-overview-components"><span class="">Kubernetes 组件</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-overview-kubernetes-api-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-overview-kubernetes-api-check"/> <label for="m-zh-cn-docs-concepts-overview-kubernetes-api-check"><a href="/zh-cn/docs/concepts/overview/kubernetes-api/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-overview-kubernetes-api"><span class="">Kubernetes API</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-concepts-architecture-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-architecture-check"/> <label for="m-zh-cn-docs-concepts-architecture-check"><a href="/zh-cn/docs/concepts/architecture/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-concepts-architecture"><span class="">Kubernetes 架构</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-architecture-nodes-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-architecture-nodes-check"/> <label for="m-zh-cn-docs-concepts-architecture-nodes-check"><a href="/zh-cn/docs/concepts/architecture/nodes/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-architecture-nodes"><span class="">节点</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-architecture-control-plane-node-communication-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-architecture-control-plane-node-communication-check"/> <label for="m-zh-cn-docs-concepts-architecture-control-plane-node-communication-check"><a href="/zh-cn/docs/concepts/architecture/control-plane-node-communication/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-architecture-control-plane-node-communication"><span class="">节点与控制面之间的通信</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-architecture-controller-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-architecture-controller-check"/> <label for="m-zh-cn-docs-concepts-architecture-controller-check"><a href="/zh-cn/docs/concepts/architecture/controller/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-architecture-controller"><span class="">控制器</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-architecture-leases-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-architecture-leases-check"/> <label for="m-zh-cn-docs-concepts-architecture-leases-check"><a href="/zh-cn/docs/concepts/architecture/leases/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-architecture-leases"><span class="">租约(Lease)</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-architecture-cloud-controller-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-architecture-cloud-controller-check"/> <label for="m-zh-cn-docs-concepts-architecture-cloud-controller-check"><a href="/zh-cn/docs/concepts/architecture/cloud-controller/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-architecture-cloud-controller"><span class="">云控制器管理器</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-architecture-cgroups-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-architecture-cgroups-check"/> <label for="m-zh-cn-docs-concepts-architecture-cgroups-check"><a href="/zh-cn/docs/concepts/architecture/cgroups/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-architecture-cgroups"><span class="">关于 cgroup v2</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-architecture-cri-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-architecture-cri-check"/> <label for="m-zh-cn-docs-concepts-architecture-cri-check"><a href="/zh-cn/docs/concepts/architecture/cri/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-architecture-cri"><span class="">容器运行时接口(CRI)</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-architecture-garbage-collection-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-architecture-garbage-collection-check"/> <label for="m-zh-cn-docs-concepts-architecture-garbage-collection-check"><a href="/zh-cn/docs/concepts/architecture/garbage-collection/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-architecture-garbage-collection"><span class="">垃圾收集</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-architecture-mixed-version-proxy-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-architecture-mixed-version-proxy-check"/> <label for="m-zh-cn-docs-concepts-architecture-mixed-version-proxy-check"><a href="/zh-cn/docs/concepts/architecture/mixed-version-proxy/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-architecture-mixed-version-proxy"><span class="">混合版本代理</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-concepts-containers-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-containers-check"/> <label for="m-zh-cn-docs-concepts-containers-check"><a href="/zh-cn/docs/concepts/containers/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-concepts-containers"><span class="">容器</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-containers-images-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-containers-images-check"/> <label for="m-zh-cn-docs-concepts-containers-images-check"><a href="/zh-cn/docs/concepts/containers/images/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-containers-images"><span class="">镜像</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-containers-container-environment-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-containers-container-environment-check"/> <label for="m-zh-cn-docs-concepts-containers-container-environment-check"><a href="/zh-cn/docs/concepts/containers/container-environment/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-containers-container-environment"><span class="">容器环境</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-containers-runtime-class-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-containers-runtime-class-check"/> <label for="m-zh-cn-docs-concepts-containers-runtime-class-check"><a href="/zh-cn/docs/concepts/containers/runtime-class/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-containers-runtime-class"><span class="">容器运行时类(Runtime Class)</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-containers-container-lifecycle-hooks-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-containers-container-lifecycle-hooks-check"/> <label for="m-zh-cn-docs-concepts-containers-container-lifecycle-hooks-check"><a href="/zh-cn/docs/concepts/containers/container-lifecycle-hooks/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-containers-container-lifecycle-hooks"><span class="">容器生命周期回调</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-concepts-workloads-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-workloads-check"/> <label for="m-zh-cn-docs-concepts-workloads-check"><a href="/zh-cn/docs/concepts/workloads/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-concepts-workloads"><span class="">工作负载</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-concepts-workloads-pods-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-workloads-pods-check"/> <label for="m-zh-cn-docs-concepts-workloads-pods-check"><a href="/zh-cn/docs/concepts/workloads/pods/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-concepts-workloads-pods"><span class="">Pod</span></a></label> <ul class="ul-4 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-workloads-pods-pod-lifecycle-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-workloads-pods-pod-lifecycle-check"/> <label for="m-zh-cn-docs-concepts-workloads-pods-pod-lifecycle-check"><a href="/zh-cn/docs/concepts/workloads/pods/pod-lifecycle/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-workloads-pods-pod-lifecycle"><span class="">Pod 的生命周期</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-workloads-pods-init-containers-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-workloads-pods-init-containers-check"/> <label for="m-zh-cn-docs-concepts-workloads-pods-init-containers-check"><a href="/zh-cn/docs/concepts/workloads/pods/init-containers/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-workloads-pods-init-containers"><span class="">Init 容器</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-docs-concepts-workloads-pods-sidecar-containers-li"> <input type="checkbox" id="m-docs-concepts-workloads-pods-sidecar-containers-check"/> <label for="m-docs-concepts-workloads-pods-sidecar-containers-check"><a href="/docs/concepts/workloads/pods/sidecar-containers/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-docs-concepts-workloads-pods-sidecar-containers"><span class="">Sidecar Containers</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-workloads-pods-disruptions-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-workloads-pods-disruptions-check"/> <label for="m-zh-cn-docs-concepts-workloads-pods-disruptions-check"><a href="/zh-cn/docs/concepts/workloads/pods/disruptions/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-workloads-pods-disruptions"><span class="">干扰(Disruptions)</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-workloads-pods-ephemeral-containers-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-workloads-pods-ephemeral-containers-check"/> <label for="m-zh-cn-docs-concepts-workloads-pods-ephemeral-containers-check"><a href="/zh-cn/docs/concepts/workloads/pods/ephemeral-containers/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-workloads-pods-ephemeral-containers"><span class="">临时容器</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-workloads-pods-pod-qos-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-workloads-pods-pod-qos-check"/> <label for="m-zh-cn-docs-concepts-workloads-pods-pod-qos-check"><a href="/zh-cn/docs/concepts/workloads/pods/pod-qos/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-workloads-pods-pod-qos"><span class="">Pod QoS 类</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-workloads-pods-user-namespaces-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-workloads-pods-user-namespaces-check"/> <label for="m-zh-cn-docs-concepts-workloads-pods-user-namespaces-check"><a href="/zh-cn/docs/concepts/workloads/pods/user-namespaces/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-workloads-pods-user-namespaces"><span class="">用户命名空间</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-workloads-pods-downward-api-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-workloads-pods-downward-api-check"/> <label for="m-zh-cn-docs-concepts-workloads-pods-downward-api-check"><a href="/zh-cn/docs/concepts/workloads/pods/downward-api/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-workloads-pods-downward-api"><span class="">Downward API</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-concepts-workloads-controllers-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-workloads-controllers-check"/> <label for="m-zh-cn-docs-concepts-workloads-controllers-check"><a href="/zh-cn/docs/concepts/workloads/controllers/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-concepts-workloads-controllers"><span class="">工作负载资源</span></a></label> <ul class="ul-4 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-workloads-controllers-deployment-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-workloads-controllers-deployment-check"/> <label for="m-zh-cn-docs-concepts-workloads-controllers-deployment-check"><a href="/zh-cn/docs/concepts/workloads/controllers/deployment/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-workloads-controllers-deployment"><span class="">Deployments</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-workloads-controllers-replicaset-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-workloads-controllers-replicaset-check"/> <label for="m-zh-cn-docs-concepts-workloads-controllers-replicaset-check"><a href="/zh-cn/docs/concepts/workloads/controllers/replicaset/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-workloads-controllers-replicaset"><span class="">ReplicaSet</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-workloads-controllers-statefulset-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-workloads-controllers-statefulset-check"/> <label for="m-zh-cn-docs-concepts-workloads-controllers-statefulset-check"><a href="/zh-cn/docs/concepts/workloads/controllers/statefulset/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-workloads-controllers-statefulset"><span class="">StatefulSet</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-workloads-controllers-daemonset-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-workloads-controllers-daemonset-check"/> <label for="m-zh-cn-docs-concepts-workloads-controllers-daemonset-check"><a href="/zh-cn/docs/concepts/workloads/controllers/daemonset/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-workloads-controllers-daemonset"><span class="">DaemonSet</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-workloads-controllers-job-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-workloads-controllers-job-check"/> <label for="m-zh-cn-docs-concepts-workloads-controllers-job-check"><a href="/zh-cn/docs/concepts/workloads/controllers/job/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-workloads-controllers-job"><span class="">Job</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-workloads-controllers-ttlafterfinished-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-workloads-controllers-ttlafterfinished-check"/> <label for="m-zh-cn-docs-concepts-workloads-controllers-ttlafterfinished-check"><a href="/zh-cn/docs/concepts/workloads/controllers/ttlafterfinished/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-workloads-controllers-ttlafterfinished"><span class="">已完成 Job 的自动清理</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-workloads-controllers-cron-jobs-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-workloads-controllers-cron-jobs-check"/> <label for="m-zh-cn-docs-concepts-workloads-controllers-cron-jobs-check"><a href="/zh-cn/docs/concepts/workloads/controllers/cron-jobs/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-workloads-controllers-cron-jobs"><span class="">CronJob</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-workloads-controllers-replicationcontroller-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-workloads-controllers-replicationcontroller-check"/> <label for="m-zh-cn-docs-concepts-workloads-controllers-replicationcontroller-check"><a href="/zh-cn/docs/concepts/workloads/controllers/replicationcontroller/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-workloads-controllers-replicationcontroller"><span class="">ReplicationController</span></a></label> </li> </ul> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-concepts-services-networking-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-services-networking-check"/> <label for="m-zh-cn-docs-concepts-services-networking-check"><a href="/zh-cn/docs/concepts/services-networking/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-concepts-services-networking"><span class="">服务、负载均衡和联网</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-services-networking-service-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-services-networking-service-check"/> <label for="m-zh-cn-docs-concepts-services-networking-service-check"><a href="/zh-cn/docs/concepts/services-networking/service/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-services-networking-service"><span class="">服务(Service)</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-services-networking-ingress-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-services-networking-ingress-check"/> <label for="m-zh-cn-docs-concepts-services-networking-ingress-check"><a href="/zh-cn/docs/concepts/services-networking/ingress/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-services-networking-ingress"><span class="">Ingress</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-services-networking-ingress-controllers-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-services-networking-ingress-controllers-check"/> <label for="m-zh-cn-docs-concepts-services-networking-ingress-controllers-check"><a href="/zh-cn/docs/concepts/services-networking/ingress-controllers/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-services-networking-ingress-controllers"><span class="">Ingress 控制器</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-docs-concepts-services-networking-gateway-li"> <input type="checkbox" id="m-docs-concepts-services-networking-gateway-check"/> <label for="m-docs-concepts-services-networking-gateway-check"><a href="/docs/concepts/services-networking/gateway/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-docs-concepts-services-networking-gateway"><span class="">Gateway API</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-services-networking-endpoint-slices-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-services-networking-endpoint-slices-check"/> <label for="m-zh-cn-docs-concepts-services-networking-endpoint-slices-check"><a href="/zh-cn/docs/concepts/services-networking/endpoint-slices/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-services-networking-endpoint-slices"><span class="">EndpointSlice</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-services-networking-network-policies-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-services-networking-network-policies-check"/> <label for="m-zh-cn-docs-concepts-services-networking-network-policies-check"><a href="/zh-cn/docs/concepts/services-networking/network-policies/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-services-networking-network-policies"><span class="">网络策略</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-services-networking-dns-pod-service-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-services-networking-dns-pod-service-check"/> <label for="m-zh-cn-docs-concepts-services-networking-dns-pod-service-check"><a href="/zh-cn/docs/concepts/services-networking/dns-pod-service/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-services-networking-dns-pod-service"><span class="">Service 与 Pod 的 DNS</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-services-networking-dual-stack-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-services-networking-dual-stack-check"/> <label for="m-zh-cn-docs-concepts-services-networking-dual-stack-check"><a href="/zh-cn/docs/concepts/services-networking/dual-stack/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-services-networking-dual-stack"><span class="">IPv4/IPv6 双协议栈</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-services-networking-topology-aware-routing-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-services-networking-topology-aware-routing-check"/> <label for="m-zh-cn-docs-concepts-services-networking-topology-aware-routing-check"><a href="/zh-cn/docs/concepts/services-networking/topology-aware-routing/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-services-networking-topology-aware-routing"><span class="">拓扑感知路由</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-services-networking-windows-networking-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-services-networking-windows-networking-check"/> <label for="m-zh-cn-docs-concepts-services-networking-windows-networking-check"><a href="/zh-cn/docs/concepts/services-networking/windows-networking/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-services-networking-windows-networking"><span class="">Windows 网络</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-services-networking-cluster-ip-allocation-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-services-networking-cluster-ip-allocation-check"/> <label for="m-zh-cn-docs-concepts-services-networking-cluster-ip-allocation-check"><a href="/zh-cn/docs/concepts/services-networking/cluster-ip-allocation/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-services-networking-cluster-ip-allocation"><span class="">Service ClusterIP 分配</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-services-networking-service-traffic-policy-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-services-networking-service-traffic-policy-check"/> <label for="m-zh-cn-docs-concepts-services-networking-service-traffic-policy-check"><a href="/zh-cn/docs/concepts/services-networking/service-traffic-policy/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-services-networking-service-traffic-policy"><span class="">服务内部流量策略</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-concepts-storage-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-storage-check"/> <label for="m-zh-cn-docs-concepts-storage-check"><a href="/zh-cn/docs/concepts/storage/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-concepts-storage"><span class="">存储</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-storage-volumes-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-storage-volumes-check"/> <label for="m-zh-cn-docs-concepts-storage-volumes-check"><a href="/zh-cn/docs/concepts/storage/volumes/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-storage-volumes"><span class="">卷</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-storage-persistent-volumes-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-storage-persistent-volumes-check"/> <label for="m-zh-cn-docs-concepts-storage-persistent-volumes-check"><a href="/zh-cn/docs/concepts/storage/persistent-volumes/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-storage-persistent-volumes"><span class="">持久卷</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-storage-projected-volumes-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-storage-projected-volumes-check"/> <label for="m-zh-cn-docs-concepts-storage-projected-volumes-check"><a href="/zh-cn/docs/concepts/storage/projected-volumes/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-storage-projected-volumes"><span class="">投射卷</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-storage-ephemeral-volumes-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-storage-ephemeral-volumes-check"/> <label for="m-zh-cn-docs-concepts-storage-ephemeral-volumes-check"><a href="/zh-cn/docs/concepts/storage/ephemeral-volumes/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-storage-ephemeral-volumes"><span class="">临时卷</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-storage-storage-classes-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-storage-storage-classes-check"/> <label for="m-zh-cn-docs-concepts-storage-storage-classes-check"><a href="/zh-cn/docs/concepts/storage/storage-classes/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-storage-storage-classes"><span class="">存储类</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-storage-dynamic-provisioning-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-storage-dynamic-provisioning-check"/> <label for="m-zh-cn-docs-concepts-storage-dynamic-provisioning-check"><a href="/zh-cn/docs/concepts/storage/dynamic-provisioning/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-storage-dynamic-provisioning"><span class="">动态卷制备</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-storage-volume-snapshots-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-storage-volume-snapshots-check"/> <label for="m-zh-cn-docs-concepts-storage-volume-snapshots-check"><a href="/zh-cn/docs/concepts/storage/volume-snapshots/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-storage-volume-snapshots"><span class="">卷快照</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-storage-volume-snapshot-classes-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-storage-volume-snapshot-classes-check"/> <label for="m-zh-cn-docs-concepts-storage-volume-snapshot-classes-check"><a href="/zh-cn/docs/concepts/storage/volume-snapshot-classes/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-storage-volume-snapshot-classes"><span class="">卷快照类</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-storage-volume-pvc-datasource-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-storage-volume-pvc-datasource-check"/> <label for="m-zh-cn-docs-concepts-storage-volume-pvc-datasource-check"><a href="/zh-cn/docs/concepts/storage/volume-pvc-datasource/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-storage-volume-pvc-datasource"><span class="">CSI 卷克隆</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-storage-storage-capacity-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-storage-storage-capacity-check"/> <label for="m-zh-cn-docs-concepts-storage-storage-capacity-check"><a href="/zh-cn/docs/concepts/storage/storage-capacity/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-storage-storage-capacity"><span class="">存储容量</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-storage-storage-limits-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-storage-storage-limits-check"/> <label for="m-zh-cn-docs-concepts-storage-storage-limits-check"><a href="/zh-cn/docs/concepts/storage/storage-limits/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-storage-storage-limits"><span class="">特定于节点的卷数限制</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-storage-volume-health-monitoring-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-storage-volume-health-monitoring-check"/> <label for="m-zh-cn-docs-concepts-storage-volume-health-monitoring-check"><a href="/zh-cn/docs/concepts/storage/volume-health-monitoring/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-storage-volume-health-monitoring"><span class="">卷健康监测</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-storage-windows-storage-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-storage-windows-storage-check"/> <label for="m-zh-cn-docs-concepts-storage-windows-storage-check"><a href="/zh-cn/docs/concepts/storage/windows-storage/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-storage-windows-storage"><span class="">Windows 存储</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-concepts-configuration-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-configuration-check"/> <label for="m-zh-cn-docs-concepts-configuration-check"><a href="/zh-cn/docs/concepts/configuration/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-concepts-configuration"><span class="">配置</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-configuration-overview-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-configuration-overview-check"/> <label for="m-zh-cn-docs-concepts-configuration-overview-check"><a href="/zh-cn/docs/concepts/configuration/overview/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-configuration-overview"><span class="">配置最佳实践</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-configuration-configmap-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-configuration-configmap-check"/> <label for="m-zh-cn-docs-concepts-configuration-configmap-check"><a href="/zh-cn/docs/concepts/configuration/configmap/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-configuration-configmap"><span class="">ConfigMap</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-configuration-secret-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-configuration-secret-check"/> <label for="m-zh-cn-docs-concepts-configuration-secret-check"><a href="/zh-cn/docs/concepts/configuration/secret/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-configuration-secret"><span class="">Secret</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-configuration-manage-resources-containers-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-configuration-manage-resources-containers-check"/> <label for="m-zh-cn-docs-concepts-configuration-manage-resources-containers-check"><a href="/zh-cn/docs/concepts/configuration/manage-resources-containers/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-configuration-manage-resources-containers"><span class="">为 Pod 和容器管理资源</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-configuration-organize-cluster-access-kubeconfig-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-configuration-organize-cluster-access-kubeconfig-check"/> <label for="m-zh-cn-docs-concepts-configuration-organize-cluster-access-kubeconfig-check"><a href="/zh-cn/docs/concepts/configuration/organize-cluster-access-kubeconfig/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-configuration-organize-cluster-access-kubeconfig"><span class="">使用 kubeconfig 文件组织集群访问</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-configuration-windows-resource-management-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-configuration-windows-resource-management-check"/> <label for="m-zh-cn-docs-concepts-configuration-windows-resource-management-check"><a href="/zh-cn/docs/concepts/configuration/windows-resource-management/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-configuration-windows-resource-management"><span class="">Windows 节点的资源管理</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-concepts-security-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-security-check"/> <label for="m-zh-cn-docs-concepts-security-check"><a href="/zh-cn/docs/concepts/security/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-concepts-security"><span class="">安全</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-security-overview-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-security-overview-check"/> <label for="m-zh-cn-docs-concepts-security-overview-check"><a href="/zh-cn/docs/concepts/security/overview/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-security-overview"><span class="">云原生安全概述</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-security-pod-security-standards-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-security-pod-security-standards-check"/> <label for="m-zh-cn-docs-concepts-security-pod-security-standards-check"><a href="/zh-cn/docs/concepts/security/pod-security-standards/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-security-pod-security-standards"><span class="">Pod 安全性标准</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-security-service-accounts-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-security-service-accounts-check"/> <label for="m-zh-cn-docs-concepts-security-service-accounts-check"><a href="/zh-cn/docs/concepts/security/service-accounts/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-security-service-accounts"><span class="">服务账号</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-security-pod-security-admission-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-security-pod-security-admission-check"/> <label for="m-zh-cn-docs-concepts-security-pod-security-admission-check"><a href="/zh-cn/docs/concepts/security/pod-security-admission/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-security-pod-security-admission"><span class="">Pod 安全性准入</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-security-pod-security-policy-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-security-pod-security-policy-check"/> <label for="m-zh-cn-docs-concepts-security-pod-security-policy-check"><a href="/zh-cn/docs/concepts/security/pod-security-policy/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-security-pod-security-policy"><span class="">Pod 安全策略</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-security-windows-security-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-security-windows-security-check"/> <label for="m-zh-cn-docs-concepts-security-windows-security-check"><a href="/zh-cn/docs/concepts/security/windows-security/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-security-windows-security"><span class="">Windows 节点的安全性</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-security-controlling-access-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-security-controlling-access-check"/> <label for="m-zh-cn-docs-concepts-security-controlling-access-check"><a href="/zh-cn/docs/concepts/security/controlling-access/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-security-controlling-access"><span class="">Kubernetes API 访问控制</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-security-rbac-good-practices-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-security-rbac-good-practices-check"/> <label for="m-zh-cn-docs-concepts-security-rbac-good-practices-check"><a href="/zh-cn/docs/concepts/security/rbac-good-practices/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-security-rbac-good-practices"><span class="">基于角色的访问控制良好实践</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-security-secrets-good-practices-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-security-secrets-good-practices-check"/> <label for="m-zh-cn-docs-concepts-security-secrets-good-practices-check"><a href="/zh-cn/docs/concepts/security/secrets-good-practices/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-security-secrets-good-practices"><span class="">Kubernetes Secret 良好实践</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-security-multi-tenancy-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-security-multi-tenancy-check"/> <label for="m-zh-cn-docs-concepts-security-multi-tenancy-check"><a href="/zh-cn/docs/concepts/security/multi-tenancy/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-security-multi-tenancy"><span class="">多租户</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-docs-concepts-security-hardening-guide-authentication-mechanisms-li"> <input type="checkbox" id="m-docs-concepts-security-hardening-guide-authentication-mechanisms-check"/> <label for="m-docs-concepts-security-hardening-guide-authentication-mechanisms-check"><a href="/docs/concepts/security/hardening-guide/authentication-mechanisms/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-docs-concepts-security-hardening-guide-authentication-mechanisms"><span class="">Hardening Guide - Authentication Mechanisms</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-security-api-server-bypass-risks-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-security-api-server-bypass-risks-check"/> <label for="m-zh-cn-docs-concepts-security-api-server-bypass-risks-check"><a href="/zh-cn/docs/concepts/security/api-server-bypass-risks/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-security-api-server-bypass-risks"><span class="">Kubernetes API 服务器旁路风险</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-security-security-checklist-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-security-security-checklist-check"/> <label for="m-zh-cn-docs-concepts-security-security-checklist-check"><a href="/zh-cn/docs/concepts/security/security-checklist/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-security-security-checklist"><span class="">安全检查清单</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-concepts-policy-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-policy-check"/> <label for="m-zh-cn-docs-concepts-policy-check"><a href="/zh-cn/docs/concepts/policy/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-concepts-policy"><span class="">策略</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-policy-limit-range-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-policy-limit-range-check"/> <label for="m-zh-cn-docs-concepts-policy-limit-range-check"><a href="/zh-cn/docs/concepts/policy/limit-range/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-policy-limit-range"><span class="">限制范围</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-policy-resource-quotas-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-policy-resource-quotas-check"/> <label for="m-zh-cn-docs-concepts-policy-resource-quotas-check"><a href="/zh-cn/docs/concepts/policy/resource-quotas/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-policy-resource-quotas"><span class="">资源配额</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-policy-pid-limiting-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-policy-pid-limiting-check"/> <label for="m-zh-cn-docs-concepts-policy-pid-limiting-check"><a href="/zh-cn/docs/concepts/policy/pid-limiting/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-policy-pid-limiting"><span class="">进程 ID 约束与预留</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-policy-node-resource-managers-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-policy-node-resource-managers-check"/> <label for="m-zh-cn-docs-concepts-policy-node-resource-managers-check"><a href="/zh-cn/docs/concepts/policy/node-resource-managers/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-policy-node-resource-managers"><span class="">节点资源管理器</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-concepts-scheduling-eviction-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-scheduling-eviction-check"/> <label for="m-zh-cn-docs-concepts-scheduling-eviction-check"><a href="/zh-cn/docs/concepts/scheduling-eviction/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-concepts-scheduling-eviction"><span class="">调度、抢占和驱逐</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-scheduling-eviction-kube-scheduler-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-scheduling-eviction-kube-scheduler-check"/> <label for="m-zh-cn-docs-concepts-scheduling-eviction-kube-scheduler-check"><a href="/zh-cn/docs/concepts/scheduling-eviction/kube-scheduler/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-scheduling-eviction-kube-scheduler"><span class="">Kubernetes 调度器</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-scheduling-eviction-assign-pod-node-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-scheduling-eviction-assign-pod-node-check"/> <label for="m-zh-cn-docs-concepts-scheduling-eviction-assign-pod-node-check"><a href="/zh-cn/docs/concepts/scheduling-eviction/assign-pod-node/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-scheduling-eviction-assign-pod-node"><span class="">将 Pod 指派给节点</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-scheduling-eviction-pod-overhead-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-scheduling-eviction-pod-overhead-check"/> <label for="m-zh-cn-docs-concepts-scheduling-eviction-pod-overhead-check"><a href="/zh-cn/docs/concepts/scheduling-eviction/pod-overhead/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-scheduling-eviction-pod-overhead"><span class="">Pod 开销</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-scheduling-eviction-pod-scheduling-readiness-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-scheduling-eviction-pod-scheduling-readiness-check"/> <label for="m-zh-cn-docs-concepts-scheduling-eviction-pod-scheduling-readiness-check"><a href="/zh-cn/docs/concepts/scheduling-eviction/pod-scheduling-readiness/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-scheduling-eviction-pod-scheduling-readiness"><span class="">Pod 调度就绪态</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-scheduling-eviction-topology-spread-constraints-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-scheduling-eviction-topology-spread-constraints-check"/> <label for="m-zh-cn-docs-concepts-scheduling-eviction-topology-spread-constraints-check"><a href="/zh-cn/docs/concepts/scheduling-eviction/topology-spread-constraints/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-scheduling-eviction-topology-spread-constraints"><span class="">Pod 拓扑分布约束</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-scheduling-eviction-taint-and-toleration-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-scheduling-eviction-taint-and-toleration-check"/> <label for="m-zh-cn-docs-concepts-scheduling-eviction-taint-and-toleration-check"><a href="/zh-cn/docs/concepts/scheduling-eviction/taint-and-toleration/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-scheduling-eviction-taint-and-toleration"><span class="">污点和容忍度</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-scheduling-eviction-scheduling-framework-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-scheduling-eviction-scheduling-framework-check"/> <label for="m-zh-cn-docs-concepts-scheduling-eviction-scheduling-framework-check"><a href="/zh-cn/docs/concepts/scheduling-eviction/scheduling-framework/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-scheduling-eviction-scheduling-framework"><span class="">调度框架</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-scheduling-eviction-dynamic-resource-allocation-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-scheduling-eviction-dynamic-resource-allocation-check"/> <label for="m-zh-cn-docs-concepts-scheduling-eviction-dynamic-resource-allocation-check"><a href="/zh-cn/docs/concepts/scheduling-eviction/dynamic-resource-allocation/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-scheduling-eviction-dynamic-resource-allocation"><span class="">动态资源分配</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-scheduling-eviction-scheduler-perf-tuning-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-scheduling-eviction-scheduler-perf-tuning-check"/> <label for="m-zh-cn-docs-concepts-scheduling-eviction-scheduler-perf-tuning-check"><a href="/zh-cn/docs/concepts/scheduling-eviction/scheduler-perf-tuning/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-scheduling-eviction-scheduler-perf-tuning"><span class="">调度器性能调优</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-scheduling-eviction-resource-bin-packing-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-scheduling-eviction-resource-bin-packing-check"/> <label for="m-zh-cn-docs-concepts-scheduling-eviction-resource-bin-packing-check"><a href="/zh-cn/docs/concepts/scheduling-eviction/resource-bin-packing/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-scheduling-eviction-resource-bin-packing"><span class="">资源装箱</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-scheduling-eviction-pod-priority-preemption-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-scheduling-eviction-pod-priority-preemption-check"/> <label for="m-zh-cn-docs-concepts-scheduling-eviction-pod-priority-preemption-check"><a href="/zh-cn/docs/concepts/scheduling-eviction/pod-priority-preemption/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-scheduling-eviction-pod-priority-preemption"><span class="">Pod 优先级和抢占</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-scheduling-eviction-node-pressure-eviction-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-scheduling-eviction-node-pressure-eviction-check"/> <label for="m-zh-cn-docs-concepts-scheduling-eviction-node-pressure-eviction-check"><a href="/zh-cn/docs/concepts/scheduling-eviction/node-pressure-eviction/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-scheduling-eviction-node-pressure-eviction"><span class="">节点压力驱逐</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-scheduling-eviction-api-eviction-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-scheduling-eviction-api-eviction-check"/> <label for="m-zh-cn-docs-concepts-scheduling-eviction-api-eviction-check"><a href="/zh-cn/docs/concepts/scheduling-eviction/api-eviction/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-scheduling-eviction-api-eviction"><span class="">API 发起的驱逐</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-concepts-cluster-administration-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-cluster-administration-check"/> <label for="m-zh-cn-docs-concepts-cluster-administration-check"><a href="/zh-cn/docs/concepts/cluster-administration/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-concepts-cluster-administration"><span class="">集群管理</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-cluster-administration-certificates-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-cluster-administration-certificates-check"/> <label for="m-zh-cn-docs-concepts-cluster-administration-certificates-check"><a href="/zh-cn/docs/concepts/cluster-administration/certificates/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-cluster-administration-certificates"><span class="">证书</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-cluster-administration-manage-deployment-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-cluster-administration-manage-deployment-check"/> <label for="m-zh-cn-docs-concepts-cluster-administration-manage-deployment-check"><a href="/zh-cn/docs/concepts/cluster-administration/manage-deployment/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-cluster-administration-manage-deployment"><span class="">管理资源</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-cluster-administration-networking-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-cluster-administration-networking-check"/> <label for="m-zh-cn-docs-concepts-cluster-administration-networking-check"><a href="/zh-cn/docs/concepts/cluster-administration/networking/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-cluster-administration-networking"><span class="">集群网络系统</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-cluster-administration-logging-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-cluster-administration-logging-check"/> <label for="m-zh-cn-docs-concepts-cluster-administration-logging-check"><a href="/zh-cn/docs/concepts/cluster-administration/logging/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-cluster-administration-logging"><span class="">日志架构</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-cluster-administration-system-metrics-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-cluster-administration-system-metrics-check"/> <label for="m-zh-cn-docs-concepts-cluster-administration-system-metrics-check"><a href="/zh-cn/docs/concepts/cluster-administration/system-metrics/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-cluster-administration-system-metrics"><span class="">Kubernetes 系统组件指标</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-cluster-administration-system-logs-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-cluster-administration-system-logs-check"/> <label for="m-zh-cn-docs-concepts-cluster-administration-system-logs-check"><a href="/zh-cn/docs/concepts/cluster-administration/system-logs/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-cluster-administration-system-logs"><span class="">系统日志</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-cluster-administration-system-traces-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-cluster-administration-system-traces-check"/> <label for="m-zh-cn-docs-concepts-cluster-administration-system-traces-check"><a href="/zh-cn/docs/concepts/cluster-administration/system-traces/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-cluster-administration-system-traces"><span class="">追踪 Kubernetes 系统组件</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-cluster-administration-proxies-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-cluster-administration-proxies-check"/> <label for="m-zh-cn-docs-concepts-cluster-administration-proxies-check"><a href="/zh-cn/docs/concepts/cluster-administration/proxies/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-cluster-administration-proxies"><span class="">Kubernetes 中的代理</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-cluster-administration-flow-control-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-cluster-administration-flow-control-check"/> <label for="m-zh-cn-docs-concepts-cluster-administration-flow-control-check"><a href="/zh-cn/docs/concepts/cluster-administration/flow-control/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-cluster-administration-flow-control"><span class="">API 优先级和公平性</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-cluster-administration-addons-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-cluster-administration-addons-check"/> <label for="m-zh-cn-docs-concepts-cluster-administration-addons-check"><a href="/zh-cn/docs/concepts/cluster-administration/addons/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-cluster-administration-addons"><span class="">安装扩展(Addon)</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-concepts-windows-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-windows-check"/> <label for="m-zh-cn-docs-concepts-windows-check"><a href="/zh-cn/docs/concepts/windows/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-concepts-windows"><span class="">Kubernetes 中的 Windows</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-windows-intro-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-windows-intro-check"/> <label for="m-zh-cn-docs-concepts-windows-intro-check"><a href="/zh-cn/docs/concepts/windows/intro/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-windows-intro"><span class="">Kubernetes 中的 Windows 容器</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-windows-user-guide-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-windows-user-guide-check"/> <label for="m-zh-cn-docs-concepts-windows-user-guide-check"><a href="/zh-cn/docs/concepts/windows/user-guide/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-windows-user-guide"><span class="">Kubernetes 中的 Windows 容器调度指南</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-concepts-extend-kubernetes-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-extend-kubernetes-check"/> <label for="m-zh-cn-docs-concepts-extend-kubernetes-check"><a href="/zh-cn/docs/concepts/extend-kubernetes/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-concepts-extend-kubernetes"><span class="">扩展 Kubernetes</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-extend-kubernetes-operator-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-extend-kubernetes-operator-check"/> <label for="m-zh-cn-docs-concepts-extend-kubernetes-operator-check"><a href="/zh-cn/docs/concepts/extend-kubernetes/operator/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-extend-kubernetes-operator"><span class="">Operator 模式</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-concepts-extend-kubernetes-compute-storage-net-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-extend-kubernetes-compute-storage-net-check"/> <label for="m-zh-cn-docs-concepts-extend-kubernetes-compute-storage-net-check"><a href="/zh-cn/docs/concepts/extend-kubernetes/compute-storage-net/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-concepts-extend-kubernetes-compute-storage-net"><span class="">计算、存储和网络扩展</span></a></label> <ul class="ul-4 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-extend-kubernetes-compute-storage-net-network-plugins-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-extend-kubernetes-compute-storage-net-network-plugins-check"/> <label for="m-zh-cn-docs-concepts-extend-kubernetes-compute-storage-net-network-plugins-check"><a href="/zh-cn/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-extend-kubernetes-compute-storage-net-network-plugins"><span class="">网络插件</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-extend-kubernetes-compute-storage-net-device-plugins-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-extend-kubernetes-compute-storage-net-device-plugins-check"/> <label for="m-zh-cn-docs-concepts-extend-kubernetes-compute-storage-net-device-plugins-check"><a href="/zh-cn/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-extend-kubernetes-compute-storage-net-device-plugins"><span class="">设备插件</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-concepts-extend-kubernetes-api-extension-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-extend-kubernetes-api-extension-check"/> <label for="m-zh-cn-docs-concepts-extend-kubernetes-api-extension-check"><a href="/zh-cn/docs/concepts/extend-kubernetes/api-extension/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-concepts-extend-kubernetes-api-extension"><span class="">扩展 Kubernetes API</span></a></label> <ul class="ul-4 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-extend-kubernetes-api-extension-custom-resources-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-extend-kubernetes-api-extension-custom-resources-check"/> <label for="m-zh-cn-docs-concepts-extend-kubernetes-api-extension-custom-resources-check"><a href="/zh-cn/docs/concepts/extend-kubernetes/api-extension/custom-resources/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-extend-kubernetes-api-extension-custom-resources"><span class="">定制资源</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-concepts-extend-kubernetes-api-extension-apiserver-aggregation-li"> <input type="checkbox" id="m-zh-cn-docs-concepts-extend-kubernetes-api-extension-apiserver-aggregation-check"/> <label for="m-zh-cn-docs-concepts-extend-kubernetes-api-extension-apiserver-aggregation-check"><a href="/zh-cn/docs/concepts/extend-kubernetes/api-extension/apiserver-aggregation/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-concepts-extend-kubernetes-api-extension-apiserver-aggregation"><span class="">Kubernetes API 聚合层</span></a></label> </li> </ul> </li> </ul> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-tasks-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-check"/> <label for="m-zh-cn-docs-tasks-check"><a href="/zh-cn/docs/tasks/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-tasks"><span class="">任务</span></a></label> <ul class="ul-2 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-tasks-tools-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-tools-check"/> <label for="m-zh-cn-docs-tasks-tools-check"><a href="/zh-cn/docs/tasks/tools/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-tasks-tools"><span class="">安装工具</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-tools-install-kubectl-linux-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-tools-install-kubectl-linux-check"/> <label for="m-zh-cn-docs-tasks-tools-install-kubectl-linux-check"><a href="/zh-cn/docs/tasks/tools/install-kubectl-linux/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-tools-install-kubectl-linux"><span class="">在 Linux 系统中安装并设置 kubectl</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-tools-install-kubectl-macos-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-tools-install-kubectl-macos-check"/> <label for="m-zh-cn-docs-tasks-tools-install-kubectl-macos-check"><a href="/zh-cn/docs/tasks/tools/install-kubectl-macos/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-tools-install-kubectl-macos"><span class="">在 macOS 系统上安装和设置 kubectl</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-tools-install-kubectl-windows-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-tools-install-kubectl-windows-check"/> <label for="m-zh-cn-docs-tasks-tools-install-kubectl-windows-check"><a href="/zh-cn/docs/tasks/tools/install-kubectl-windows/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-tools-install-kubectl-windows"><span class="">在 Windows 上安装 kubectl</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-tasks-administer-cluster-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-check"><a href="/zh-cn/docs/tasks/administer-cluster/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-tasks-administer-cluster"><span class="">管理集群</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-tasks-administer-cluster-kubeadm-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-kubeadm-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-kubeadm-check"><a href="/zh-cn/docs/tasks/administer-cluster/kubeadm/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-tasks-administer-cluster-kubeadm"><span class="">用 kubeadm 进行管理</span></a></label> <ul class="ul-4 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-kubeadm-kubeadm-certs-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-kubeadm-kubeadm-certs-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-kubeadm-kubeadm-certs-check"><a href="/zh-cn/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-kubeadm-kubeadm-certs"><span class="">使用 kubeadm 进行证书管理</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-kubeadm-configure-cgroup-driver-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-kubeadm-configure-cgroup-driver-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-kubeadm-configure-cgroup-driver-check"><a href="/zh-cn/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-kubeadm-configure-cgroup-driver"><span class="">配置 cgroup 驱动</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-kubeadm-kubeadm-reconfigure-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-kubeadm-kubeadm-reconfigure-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-kubeadm-kubeadm-reconfigure-check"><a href="/zh-cn/docs/tasks/administer-cluster/kubeadm/kubeadm-reconfigure/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-kubeadm-kubeadm-reconfigure"><span class="">重新配置 kubeadm 集群</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-kubeadm-kubeadm-upgrade-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-kubeadm-kubeadm-upgrade-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-kubeadm-kubeadm-upgrade-check"><a href="/zh-cn/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-kubeadm-kubeadm-upgrade"><span class="">升级 kubeadm 集群</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-kubeadm-upgrading-linux-nodes-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-kubeadm-upgrading-linux-nodes-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-kubeadm-upgrading-linux-nodes-check"><a href="/zh-cn/docs/tasks/administer-cluster/kubeadm/upgrading-linux-nodes/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-kubeadm-upgrading-linux-nodes"><span class="">升级 Linux 节点</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-kubeadm-upgrading-windows-nodes-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-kubeadm-upgrading-windows-nodes-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-kubeadm-upgrading-windows-nodes-check"><a href="/zh-cn/docs/tasks/administer-cluster/kubeadm/upgrading-windows-nodes/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-kubeadm-upgrading-windows-nodes"><span class="">升级 Windows 节点</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-kubeadm-change-package-repository-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-kubeadm-change-package-repository-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-kubeadm-change-package-repository-check"><a href="/zh-cn/docs/tasks/administer-cluster/kubeadm/change-package-repository/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-kubeadm-change-package-repository"><span class="">更改 Kubernetes 软件包仓库</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-tasks-administer-cluster-migrating-from-dockershim-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-migrating-from-dockershim-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-migrating-from-dockershim-check"><a href="/zh-cn/docs/tasks/administer-cluster/migrating-from-dockershim/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-tasks-administer-cluster-migrating-from-dockershim"><span class="">从 dockershim 迁移</span></a></label> <ul class="ul-4 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-migrating-from-dockershim-change-runtime-containerd-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-migrating-from-dockershim-change-runtime-containerd-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-migrating-from-dockershim-change-runtime-containerd-check"><a href="/zh-cn/docs/tasks/administer-cluster/migrating-from-dockershim/change-runtime-containerd/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-migrating-from-dockershim-change-runtime-containerd"><span class="">将节点上的容器运行时从 Docker Engine 改为 containerd</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-migrating-from-dockershim-migrate-dockershim-dockerd-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-migrating-from-dockershim-migrate-dockershim-dockerd-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-migrating-from-dockershim-migrate-dockershim-dockerd-check"><a href="/zh-cn/docs/tasks/administer-cluster/migrating-from-dockershim/migrate-dockershim-dockerd/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-migrating-from-dockershim-migrate-dockershim-dockerd"><span class="">将 Docker Engine 节点从 dockershim 迁移到 cri-dockerd</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-migrating-from-dockershim-find-out-runtime-you-use-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-migrating-from-dockershim-find-out-runtime-you-use-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-migrating-from-dockershim-find-out-runtime-you-use-check"><a href="/zh-cn/docs/tasks/administer-cluster/migrating-from-dockershim/find-out-runtime-you-use/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-migrating-from-dockershim-find-out-runtime-you-use"><span class="">查明节点上所使用的容器运行时</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-migrating-from-dockershim-troubleshooting-cni-plugin-related-errors-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-migrating-from-dockershim-troubleshooting-cni-plugin-related-errors-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-migrating-from-dockershim-troubleshooting-cni-plugin-related-errors-check"><a href="/zh-cn/docs/tasks/administer-cluster/migrating-from-dockershim/troubleshooting-cni-plugin-related-errors/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-migrating-from-dockershim-troubleshooting-cni-plugin-related-errors"><span class="">排查 CNI 插件相关的错误</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-migrating-from-dockershim-check-if-dockershim-removal-affects-you-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-migrating-from-dockershim-check-if-dockershim-removal-affects-you-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-migrating-from-dockershim-check-if-dockershim-removal-affects-you-check"><a href="/zh-cn/docs/tasks/administer-cluster/migrating-from-dockershim/check-if-dockershim-removal-affects-you/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-migrating-from-dockershim-check-if-dockershim-removal-affects-you"><span class="">检查移除 Dockershim 是否对你有影响</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-migrating-from-dockershim-migrating-telemetry-and-security-agents-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-migrating-from-dockershim-migrating-telemetry-and-security-agents-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-migrating-from-dockershim-migrating-telemetry-and-security-agents-check"><a href="/zh-cn/docs/tasks/administer-cluster/migrating-from-dockershim/migrating-telemetry-and-security-agents/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-migrating-from-dockershim-migrating-telemetry-and-security-agents"><span class="">从 dockershim 迁移遥测和安全代理</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-certificates-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-certificates-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-certificates-check"><a href="/zh-cn/docs/tasks/administer-cluster/certificates/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-certificates"><span class="">手动生成证书</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-tasks-administer-cluster-manage-resources-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-manage-resources-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-manage-resources-check"><a href="/zh-cn/docs/tasks/administer-cluster/manage-resources/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-tasks-administer-cluster-manage-resources"><span class="">管理内存、CPU 和 API 资源</span></a></label> <ul class="ul-4 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-manage-resources-memory-default-namespace-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-manage-resources-memory-default-namespace-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-manage-resources-memory-default-namespace-check"><a href="/zh-cn/docs/tasks/administer-cluster/manage-resources/memory-default-namespace/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-manage-resources-memory-default-namespace"><span class="">为命名空间配置默认的内存请求和限制</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-manage-resources-cpu-default-namespace-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-manage-resources-cpu-default-namespace-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-manage-resources-cpu-default-namespace-check"><a href="/zh-cn/docs/tasks/administer-cluster/manage-resources/cpu-default-namespace/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-manage-resources-cpu-default-namespace"><span class="">为命名空间配置默认的 CPU 请求和限制</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-manage-resources-memory-constraint-namespace-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-manage-resources-memory-constraint-namespace-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-manage-resources-memory-constraint-namespace-check"><a href="/zh-cn/docs/tasks/administer-cluster/manage-resources/memory-constraint-namespace/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-manage-resources-memory-constraint-namespace"><span class="">配置命名空间的最小和最大内存约束</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-manage-resources-cpu-constraint-namespace-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-manage-resources-cpu-constraint-namespace-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-manage-resources-cpu-constraint-namespace-check"><a href="/zh-cn/docs/tasks/administer-cluster/manage-resources/cpu-constraint-namespace/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-manage-resources-cpu-constraint-namespace"><span class="">为命名空间配置 CPU 最小和最大约束</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-manage-resources-quota-memory-cpu-namespace-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-manage-resources-quota-memory-cpu-namespace-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-manage-resources-quota-memory-cpu-namespace-check"><a href="/zh-cn/docs/tasks/administer-cluster/manage-resources/quota-memory-cpu-namespace/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-manage-resources-quota-memory-cpu-namespace"><span class="">为命名空间配置内存和 CPU 配额</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-manage-resources-quota-pod-namespace-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-manage-resources-quota-pod-namespace-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-manage-resources-quota-pod-namespace-check"><a href="/zh-cn/docs/tasks/administer-cluster/manage-resources/quota-pod-namespace/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-manage-resources-quota-pod-namespace"><span class="">配置命名空间下 Pod 配额</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-tasks-administer-cluster-network-policy-provider-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-network-policy-provider-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-network-policy-provider-check"><a href="/zh-cn/docs/tasks/administer-cluster/network-policy-provider/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-tasks-administer-cluster-network-policy-provider"><span class="">安装网络策略驱动</span></a></label> <ul class="ul-4 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-network-policy-provider-antrea-network-policy-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-network-policy-provider-antrea-network-policy-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-network-policy-provider-antrea-network-policy-check"><a href="/zh-cn/docs/tasks/administer-cluster/network-policy-provider/antrea-network-policy/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-network-policy-provider-antrea-network-policy"><span class="">使用 Antrea 提供 NetworkPolicy</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-network-policy-provider-calico-network-policy-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-network-policy-provider-calico-network-policy-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-network-policy-provider-calico-network-policy-check"><a href="/zh-cn/docs/tasks/administer-cluster/network-policy-provider/calico-network-policy/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-network-policy-provider-calico-network-policy"><span class="">使用 Calico 提供 NetworkPolicy</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-network-policy-provider-cilium-network-policy-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-network-policy-provider-cilium-network-policy-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-network-policy-provider-cilium-network-policy-check"><a href="/zh-cn/docs/tasks/administer-cluster/network-policy-provider/cilium-network-policy/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-network-policy-provider-cilium-network-policy"><span class="">使用 Cilium 提供 NetworkPolicy</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-network-policy-provider-kube-router-network-policy-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-network-policy-provider-kube-router-network-policy-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-network-policy-provider-kube-router-network-policy-check"><a href="/zh-cn/docs/tasks/administer-cluster/network-policy-provider/kube-router-network-policy/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-network-policy-provider-kube-router-network-policy"><span class="">使用 kube-router 提供 NetworkPolicy</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-network-policy-provider-romana-network-policy-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-network-policy-provider-romana-network-policy-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-network-policy-provider-romana-network-policy-check"><a href="/zh-cn/docs/tasks/administer-cluster/network-policy-provider/romana-network-policy/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-network-policy-provider-romana-network-policy"><span class="">使用 Romana 提供 NetworkPolicy</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-network-policy-provider-weave-network-policy-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-network-policy-provider-weave-network-policy-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-network-policy-provider-weave-network-policy-check"><a href="/zh-cn/docs/tasks/administer-cluster/network-policy-provider/weave-network-policy/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-network-policy-provider-weave-network-policy"><span class="">使用 Weave Net 提供 NetworkPolicy</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-access-cluster-api-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-access-cluster-api-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-access-cluster-api-check"><a href="/zh-cn/docs/tasks/administer-cluster/access-cluster-api/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-access-cluster-api"><span class="">使用 Kubernetes API 访问集群</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-extended-resource-node-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-extended-resource-node-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-extended-resource-node-check"><a href="/zh-cn/docs/tasks/administer-cluster/extended-resource-node/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-extended-resource-node"><span class="">为节点发布扩展资源</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-dns-horizontal-autoscaling-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-dns-horizontal-autoscaling-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-dns-horizontal-autoscaling-check"><a href="/zh-cn/docs/tasks/administer-cluster/dns-horizontal-autoscaling/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-dns-horizontal-autoscaling"><span class="">自动扩缩集群 DNS 服务</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-switch-to-evented-pleg-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-switch-to-evented-pleg-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-switch-to-evented-pleg-check"><a href="/zh-cn/docs/tasks/administer-cluster/switch-to-evented-pleg/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-switch-to-evented-pleg"><span class="">从轮询切换为基于 CRI 事件的更新来获取容器状态</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-change-default-storage-class-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-change-default-storage-class-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-change-default-storage-class-check"><a href="/zh-cn/docs/tasks/administer-cluster/change-default-storage-class/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-change-default-storage-class"><span class="">改变默认 StorageClass</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-change-pv-reclaim-policy-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-change-pv-reclaim-policy-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-change-pv-reclaim-policy-check"><a href="/zh-cn/docs/tasks/administer-cluster/change-pv-reclaim-policy/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-change-pv-reclaim-policy"><span class="">更改 PersistentVolume 的回收策略</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-running-cloud-controller-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-running-cloud-controller-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-running-cloud-controller-check"><a href="/zh-cn/docs/tasks/administer-cluster/running-cloud-controller/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-running-cloud-controller"><span class="">Kubernetes 云管理控制器</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-kubelet-credential-provider-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-kubelet-credential-provider-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-kubelet-credential-provider-check"><a href="/zh-cn/docs/tasks/administer-cluster/kubelet-credential-provider/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-kubelet-credential-provider"><span class="">配置 kubelet 镜像凭据提供程序</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-quota-api-object-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-quota-api-object-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-quota-api-object-check"><a href="/zh-cn/docs/tasks/administer-cluster/quota-api-object/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-quota-api-object"><span class="">配置 API 对象配额</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-cpu-management-policies-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-cpu-management-policies-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-cpu-management-policies-check"><a href="/zh-cn/docs/tasks/administer-cluster/cpu-management-policies/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-cpu-management-policies"><span class="">控制节点上的 CPU 管理策略</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-topology-manager-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-topology-manager-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-topology-manager-check"><a href="/zh-cn/docs/tasks/administer-cluster/topology-manager/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-topology-manager"><span class="">控制节点上的拓扑管理策略</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-dns-custom-nameservers-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-dns-custom-nameservers-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-dns-custom-nameservers-check"><a href="/zh-cn/docs/tasks/administer-cluster/dns-custom-nameservers/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-dns-custom-nameservers"><span class="">自定义 DNS 服务</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-dns-debugging-resolution-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-dns-debugging-resolution-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-dns-debugging-resolution-check"><a href="/zh-cn/docs/tasks/administer-cluster/dns-debugging-resolution/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-dns-debugging-resolution"><span class="">调试 DNS 问题</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-declare-network-policy-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-declare-network-policy-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-declare-network-policy-check"><a href="/zh-cn/docs/tasks/administer-cluster/declare-network-policy/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-declare-network-policy"><span class="">声明网络策略</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-developing-cloud-controller-manager-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-developing-cloud-controller-manager-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-developing-cloud-controller-manager-check"><a href="/zh-cn/docs/tasks/administer-cluster/developing-cloud-controller-manager/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-developing-cloud-controller-manager"><span class="">开发云控制器管理器</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-enable-disable-api-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-enable-disable-api-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-enable-disable-api-check"><a href="/zh-cn/docs/tasks/administer-cluster/enable-disable-api/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-enable-disable-api"><span class="">启用/禁用 Kubernetes API</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-encrypt-data-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-encrypt-data-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-encrypt-data-check"><a href="/zh-cn/docs/tasks/administer-cluster/encrypt-data/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-encrypt-data"><span class="">静态加密机密数据</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-decrypt-data-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-decrypt-data-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-decrypt-data-check"><a href="/zh-cn/docs/tasks/administer-cluster/decrypt-data/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-decrypt-data"><span class="">解密已静态加密的机密数据</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-guaranteed-scheduling-critical-addon-pods-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-guaranteed-scheduling-critical-addon-pods-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-guaranteed-scheduling-critical-addon-pods-check"><a href="/zh-cn/docs/tasks/administer-cluster/guaranteed-scheduling-critical-addon-pods/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-guaranteed-scheduling-critical-addon-pods"><span class="">关键插件 Pod 的调度保证</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-ip-masq-agent-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-ip-masq-agent-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-ip-masq-agent-check"><a href="/zh-cn/docs/tasks/administer-cluster/ip-masq-agent/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-ip-masq-agent"><span class="">IP Masquerade Agent 用户指南</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-limit-storage-consumption-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-limit-storage-consumption-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-limit-storage-consumption-check"><a href="/zh-cn/docs/tasks/administer-cluster/limit-storage-consumption/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-limit-storage-consumption"><span class="">限制存储使用量</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-controller-manager-leader-migration-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-controller-manager-leader-migration-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-controller-manager-leader-migration-check"><a href="/zh-cn/docs/tasks/administer-cluster/controller-manager-leader-migration/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-controller-manager-leader-migration"><span class="">迁移多副本的控制面以使用云控制器管理器</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-namespaces-walkthrough-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-namespaces-walkthrough-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-namespaces-walkthrough-check"><a href="/zh-cn/docs/tasks/administer-cluster/namespaces-walkthrough/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-namespaces-walkthrough"><span class="">名字空间演练</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-configure-upgrade-etcd-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-configure-upgrade-etcd-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-configure-upgrade-etcd-check"><a href="/zh-cn/docs/tasks/administer-cluster/configure-upgrade-etcd/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-configure-upgrade-etcd"><span class="">操作 Kubernetes 中的 etcd 集群</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-reserve-compute-resources-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-reserve-compute-resources-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-reserve-compute-resources-check"><a href="/zh-cn/docs/tasks/administer-cluster/reserve-compute-resources/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-reserve-compute-resources"><span class="">为系统守护进程预留计算资源</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-kubelet-in-userns-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-kubelet-in-userns-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-kubelet-in-userns-check"><a href="/zh-cn/docs/tasks/administer-cluster/kubelet-in-userns/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-kubelet-in-userns"><span class="">以非 root 用户身份运行 Kubernetes 节点组件</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-safely-drain-node-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-safely-drain-node-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-safely-drain-node-check"><a href="/zh-cn/docs/tasks/administer-cluster/safely-drain-node/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-safely-drain-node"><span class="">安全地清空一个节点</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-securing-a-cluster-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-securing-a-cluster-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-securing-a-cluster-check"><a href="/zh-cn/docs/tasks/administer-cluster/securing-a-cluster/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-securing-a-cluster"><span class="">保护集群</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-kubelet-config-file-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-kubelet-config-file-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-kubelet-config-file-check"><a href="/zh-cn/docs/tasks/administer-cluster/kubelet-config-file/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-kubelet-config-file"><span class="">通过配置文件设置 kubelet 参数</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-namespaces-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-namespaces-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-namespaces-check"><a href="/zh-cn/docs/tasks/administer-cluster/namespaces/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-namespaces"><span class="">通过名字空间共享集群</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-cluster-upgrade-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-cluster-upgrade-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-cluster-upgrade-check"><a href="/zh-cn/docs/tasks/administer-cluster/cluster-upgrade/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-cluster-upgrade"><span class="">升级集群</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-use-cascading-deletion-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-use-cascading-deletion-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-use-cascading-deletion-check"><a href="/zh-cn/docs/tasks/administer-cluster/use-cascading-deletion/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-use-cascading-deletion"><span class="">在集群中使用级联删除</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-kms-provider-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-kms-provider-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-kms-provider-check"><a href="/zh-cn/docs/tasks/administer-cluster/kms-provider/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-kms-provider"><span class="">使用 KMS 驱动进行数据加密</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-coredns-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-coredns-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-coredns-check"><a href="/zh-cn/docs/tasks/administer-cluster/coredns/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-coredns"><span class="">使用 CoreDNS 进行服务发现</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-nodelocaldns-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-nodelocaldns-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-nodelocaldns-check"><a href="/zh-cn/docs/tasks/administer-cluster/nodelocaldns/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-nodelocaldns"><span class="">在 Kubernetes 集群中使用 NodeLocal DNSCache</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-sysctl-cluster-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-sysctl-cluster-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-sysctl-cluster-check"><a href="/zh-cn/docs/tasks/administer-cluster/sysctl-cluster/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-sysctl-cluster"><span class="">在 Kubernetes 集群中使用 sysctl</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-memory-manager-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-memory-manager-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-memory-manager-check"><a href="/zh-cn/docs/tasks/administer-cluster/memory-manager/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-memory-manager"><span class="">使用 NUMA 感知的内存管理器</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-administer-cluster-verify-signed-artifacts-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-administer-cluster-verify-signed-artifacts-check"/> <label for="m-zh-cn-docs-tasks-administer-cluster-verify-signed-artifacts-check"><a href="/zh-cn/docs/tasks/administer-cluster/verify-signed-artifacts/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-administer-cluster-verify-signed-artifacts"><span class="">验证已签名容器镜像</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-tasks-configure-pod-container-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-configure-pod-container-check"/> <label for="m-zh-cn-docs-tasks-configure-pod-container-check"><a href="/zh-cn/docs/tasks/configure-pod-container/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-tasks-configure-pod-container"><span class="">配置 Pods 和容器</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-configure-pod-container-assign-memory-resource-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-configure-pod-container-assign-memory-resource-check"/> <label for="m-zh-cn-docs-tasks-configure-pod-container-assign-memory-resource-check"><a href="/zh-cn/docs/tasks/configure-pod-container/assign-memory-resource/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-configure-pod-container-assign-memory-resource"><span class="">为容器和 Pod 分配内存资源</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-configure-pod-container-assign-cpu-resource-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-configure-pod-container-assign-cpu-resource-check"/> <label for="m-zh-cn-docs-tasks-configure-pod-container-assign-cpu-resource-check"><a href="/zh-cn/docs/tasks/configure-pod-container/assign-cpu-resource/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-configure-pod-container-assign-cpu-resource"><span class="">为容器和 Pods 分配 CPU 资源</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-configure-pod-container-resize-container-resources-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-configure-pod-container-resize-container-resources-check"/> <label for="m-zh-cn-docs-tasks-configure-pod-container-resize-container-resources-check"><a href="/zh-cn/docs/tasks/configure-pod-container/resize-container-resources/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-configure-pod-container-resize-container-resources"><span class="">调整分配给容器的 CPU 和内存资源</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-configure-pod-container-configure-gmsa-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-configure-pod-container-configure-gmsa-check"/> <label for="m-zh-cn-docs-tasks-configure-pod-container-configure-gmsa-check"><a href="/zh-cn/docs/tasks/configure-pod-container/configure-gmsa/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-configure-pod-container-configure-gmsa"><span class="">为 Windows Pod 和容器配置 GMSA</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-configure-pod-container-configure-runasusername-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-configure-pod-container-configure-runasusername-check"/> <label for="m-zh-cn-docs-tasks-configure-pod-container-configure-runasusername-check"><a href="/zh-cn/docs/tasks/configure-pod-container/configure-runasusername/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-configure-pod-container-configure-runasusername"><span class="">为 Windows 的 Pod 和容器配置 RunAsUserName</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-configure-pod-container-create-hostprocess-pod-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-configure-pod-container-create-hostprocess-pod-check"/> <label for="m-zh-cn-docs-tasks-configure-pod-container-create-hostprocess-pod-check"><a href="/zh-cn/docs/tasks/configure-pod-container/create-hostprocess-pod/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-configure-pod-container-create-hostprocess-pod"><span class="">创建 Windows HostProcess Pod</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-configure-pod-container-quality-service-pod-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-configure-pod-container-quality-service-pod-check"/> <label for="m-zh-cn-docs-tasks-configure-pod-container-quality-service-pod-check"><a href="/zh-cn/docs/tasks/configure-pod-container/quality-service-pod/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-configure-pod-container-quality-service-pod"><span class="">配置 Pod 的服务质量</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-configure-pod-container-extended-resource-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-configure-pod-container-extended-resource-check"/> <label for="m-zh-cn-docs-tasks-configure-pod-container-extended-resource-check"><a href="/zh-cn/docs/tasks/configure-pod-container/extended-resource/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-configure-pod-container-extended-resource"><span class="">为容器分派扩展资源</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-configure-pod-container-configure-volume-storage-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-configure-pod-container-configure-volume-storage-check"/> <label for="m-zh-cn-docs-tasks-configure-pod-container-configure-volume-storage-check"><a href="/zh-cn/docs/tasks/configure-pod-container/configure-volume-storage/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-configure-pod-container-configure-volume-storage"><span class="">配置 Pod 以使用卷进行存储</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-configure-pod-container-configure-persistent-volume-storage-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-configure-pod-container-configure-persistent-volume-storage-check"/> <label for="m-zh-cn-docs-tasks-configure-pod-container-configure-persistent-volume-storage-check"><a href="/zh-cn/docs/tasks/configure-pod-container/configure-persistent-volume-storage/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-configure-pod-container-configure-persistent-volume-storage"><span class="">配置 Pod 以使用 PersistentVolume 作为存储</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-configure-pod-container-configure-projected-volume-storage-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-configure-pod-container-configure-projected-volume-storage-check"/> <label for="m-zh-cn-docs-tasks-configure-pod-container-configure-projected-volume-storage-check"><a href="/zh-cn/docs/tasks/configure-pod-container/configure-projected-volume-storage/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-configure-pod-container-configure-projected-volume-storage"><span class="">配置 Pod 使用投射卷作存储</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-configure-pod-container-security-context-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-configure-pod-container-security-context-check"/> <label for="m-zh-cn-docs-tasks-configure-pod-container-security-context-check"><a href="/zh-cn/docs/tasks/configure-pod-container/security-context/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-configure-pod-container-security-context"><span class="">为 Pod 或容器配置安全上下文</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-configure-pod-container-configure-service-account-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-configure-pod-container-configure-service-account-check"/> <label for="m-zh-cn-docs-tasks-configure-pod-container-configure-service-account-check"><a href="/zh-cn/docs/tasks/configure-pod-container/configure-service-account/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-configure-pod-container-configure-service-account"><span class="">为 Pod 配置服务账号</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-configure-pod-container-pull-image-private-registry-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-configure-pod-container-pull-image-private-registry-check"/> <label for="m-zh-cn-docs-tasks-configure-pod-container-pull-image-private-registry-check"><a href="/zh-cn/docs/tasks/configure-pod-container/pull-image-private-registry/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-configure-pod-container-pull-image-private-registry"><span class="">从私有仓库拉取镜像</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-configure-pod-container-configure-liveness-readiness-startup-probes-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-configure-pod-container-configure-liveness-readiness-startup-probes-check"/> <label for="m-zh-cn-docs-tasks-configure-pod-container-configure-liveness-readiness-startup-probes-check"><a href="/zh-cn/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-configure-pod-container-configure-liveness-readiness-startup-probes"><span class="">配置存活、就绪和启动探针</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-configure-pod-container-assign-pods-nodes-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-configure-pod-container-assign-pods-nodes-check"/> <label for="m-zh-cn-docs-tasks-configure-pod-container-assign-pods-nodes-check"><a href="/zh-cn/docs/tasks/configure-pod-container/assign-pods-nodes/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-configure-pod-container-assign-pods-nodes"><span class="">将 Pod 分配给节点</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-configure-pod-container-assign-pods-nodes-using-node-affinity-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-configure-pod-container-assign-pods-nodes-using-node-affinity-check"/> <label for="m-zh-cn-docs-tasks-configure-pod-container-assign-pods-nodes-using-node-affinity-check"><a href="/zh-cn/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-configure-pod-container-assign-pods-nodes-using-node-affinity"><span class="">用节点亲和性把 Pod 分配到节点</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-configure-pod-container-configure-pod-initialization-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-configure-pod-container-configure-pod-initialization-check"/> <label for="m-zh-cn-docs-tasks-configure-pod-container-configure-pod-initialization-check"><a href="/zh-cn/docs/tasks/configure-pod-container/configure-pod-initialization/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-configure-pod-container-configure-pod-initialization"><span class="">配置 Pod 初始化</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-configure-pod-container-attach-handler-lifecycle-event-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-configure-pod-container-attach-handler-lifecycle-event-check"/> <label for="m-zh-cn-docs-tasks-configure-pod-container-attach-handler-lifecycle-event-check"><a href="/zh-cn/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-configure-pod-container-attach-handler-lifecycle-event"><span class="">为容器的生命周期事件设置处理函数</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-configure-pod-container-configure-pod-configmap-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-configure-pod-container-configure-pod-configmap-check"/> <label for="m-zh-cn-docs-tasks-configure-pod-container-configure-pod-configmap-check"><a href="/zh-cn/docs/tasks/configure-pod-container/configure-pod-configmap/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-configure-pod-container-configure-pod-configmap"><span class="">配置 Pod 使用 ConfigMap</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-configure-pod-container-share-process-namespace-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-configure-pod-container-share-process-namespace-check"/> <label for="m-zh-cn-docs-tasks-configure-pod-container-share-process-namespace-check"><a href="/zh-cn/docs/tasks/configure-pod-container/share-process-namespace/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-configure-pod-container-share-process-namespace"><span class="">在 Pod 中的容器之间共享进程命名空间</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-configure-pod-container-user-namespaces-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-configure-pod-container-user-namespaces-check"/> <label for="m-zh-cn-docs-tasks-configure-pod-container-user-namespaces-check"><a href="/zh-cn/docs/tasks/configure-pod-container/user-namespaces/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-configure-pod-container-user-namespaces"><span class="">为 Pod 配置用户名字空间</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-configure-pod-container-static-pod-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-configure-pod-container-static-pod-check"/> <label for="m-zh-cn-docs-tasks-configure-pod-container-static-pod-check"><a href="/zh-cn/docs/tasks/configure-pod-container/static-pod/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-configure-pod-container-static-pod"><span class="">创建静态 Pod</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-configure-pod-container-translate-compose-kubernetes-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-configure-pod-container-translate-compose-kubernetes-check"/> <label for="m-zh-cn-docs-tasks-configure-pod-container-translate-compose-kubernetes-check"><a href="/zh-cn/docs/tasks/configure-pod-container/translate-compose-kubernetes/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-configure-pod-container-translate-compose-kubernetes"><span class="">将 Docker Compose 文件转换为 Kubernetes 资源</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-configure-pod-container-enforce-standards-admission-controller-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-configure-pod-container-enforce-standards-admission-controller-check"/> <label for="m-zh-cn-docs-tasks-configure-pod-container-enforce-standards-admission-controller-check"><a href="/zh-cn/docs/tasks/configure-pod-container/enforce-standards-admission-controller/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-configure-pod-container-enforce-standards-admission-controller"><span class="">通过配置内置准入控制器实施 Pod 安全标准</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-configure-pod-container-enforce-standards-namespace-labels-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-configure-pod-container-enforce-standards-namespace-labels-check"/> <label for="m-zh-cn-docs-tasks-configure-pod-container-enforce-standards-namespace-labels-check"><a href="/zh-cn/docs/tasks/configure-pod-container/enforce-standards-namespace-labels/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-configure-pod-container-enforce-standards-namespace-labels"><span class="">使用名字空间标签来实施 Pod 安全性标准</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-configure-pod-container-migrate-from-psp-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-configure-pod-container-migrate-from-psp-check"/> <label for="m-zh-cn-docs-tasks-configure-pod-container-migrate-from-psp-check"><a href="/zh-cn/docs/tasks/configure-pod-container/migrate-from-psp/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-configure-pod-container-migrate-from-psp"><span class="">从 PodSecurityPolicy 迁移到内置的 PodSecurity 准入控制器</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-tasks-debug-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-debug-check"/> <label for="m-zh-cn-docs-tasks-debug-check"><a href="/zh-cn/docs/tasks/debug/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-tasks-debug"><span class="">监控、日志和调试</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-tasks-debug-debug-cluster-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-debug-debug-cluster-check"/> <label for="m-zh-cn-docs-tasks-debug-debug-cluster-check"><a href="/zh-cn/docs/tasks/debug/debug-cluster/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-tasks-debug-debug-cluster"><span class="">集群故障排查</span></a></label> <ul class="ul-4 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-debug-debug-cluster-troubleshoot-kubectl-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-debug-debug-cluster-troubleshoot-kubectl-check"/> <label for="m-zh-cn-docs-tasks-debug-debug-cluster-troubleshoot-kubectl-check"><a href="/zh-cn/docs/tasks/debug/debug-cluster/troubleshoot-kubectl/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-debug-debug-cluster-troubleshoot-kubectl"><span class="">kubectl 故障排查</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-debug-debug-cluster-resource-usage-monitoring-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-debug-debug-cluster-resource-usage-monitoring-check"/> <label for="m-zh-cn-docs-tasks-debug-debug-cluster-resource-usage-monitoring-check"><a href="/zh-cn/docs/tasks/debug/debug-cluster/resource-usage-monitoring/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-debug-debug-cluster-resource-usage-monitoring"><span class="">资源监控工具</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-debug-debug-cluster-resource-metrics-pipeline-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-debug-debug-cluster-resource-metrics-pipeline-check"/> <label for="m-zh-cn-docs-tasks-debug-debug-cluster-resource-metrics-pipeline-check"><a href="/zh-cn/docs/tasks/debug/debug-cluster/resource-metrics-pipeline/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-debug-debug-cluster-resource-metrics-pipeline"><span class="">资源指标管道</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-debug-debug-cluster-monitor-node-health-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-debug-debug-cluster-monitor-node-health-check"/> <label for="m-zh-cn-docs-tasks-debug-debug-cluster-monitor-node-health-check"><a href="/zh-cn/docs/tasks/debug/debug-cluster/monitor-node-health/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-debug-debug-cluster-monitor-node-health"><span class="">节点健康监测</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-debug-debug-cluster-crictl-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-debug-debug-cluster-crictl-check"/> <label for="m-zh-cn-docs-tasks-debug-debug-cluster-crictl-check"><a href="/zh-cn/docs/tasks/debug/debug-cluster/crictl/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-debug-debug-cluster-crictl"><span class="">使用 crictl 对 Kubernetes 节点进行调试</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-debug-debug-cluster-windows-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-debug-debug-cluster-windows-check"/> <label for="m-zh-cn-docs-tasks-debug-debug-cluster-windows-check"><a href="/zh-cn/docs/tasks/debug/debug-cluster/windows/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-debug-debug-cluster-windows"><span class="">Windows 调试技巧</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-debug-debug-cluster-audit-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-debug-debug-cluster-audit-check"/> <label for="m-zh-cn-docs-tasks-debug-debug-cluster-audit-check"><a href="/zh-cn/docs/tasks/debug/debug-cluster/audit/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-debug-debug-cluster-audit"><span class="">审计</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-debug-debug-cluster-local-debugging-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-debug-debug-cluster-local-debugging-check"/> <label for="m-zh-cn-docs-tasks-debug-debug-cluster-local-debugging-check"><a href="/zh-cn/docs/tasks/debug/debug-cluster/local-debugging/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-debug-debug-cluster-local-debugging"><span class="">使用 telepresence 在本地开发和调试服务</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-debug-debug-cluster-kubectl-node-debug-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-debug-debug-cluster-kubectl-node-debug-check"/> <label for="m-zh-cn-docs-tasks-debug-debug-cluster-kubectl-node-debug-check"><a href="/zh-cn/docs/tasks/debug/debug-cluster/kubectl-node-debug/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-debug-debug-cluster-kubectl-node-debug"><span class="">用 Kubectl 调试 Kubernetes 节点</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-tasks-debug-debug-application-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-debug-debug-application-check"/> <label for="m-zh-cn-docs-tasks-debug-debug-application-check"><a href="/zh-cn/docs/tasks/debug/debug-application/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-tasks-debug-debug-application"><span class="">应用故障排除</span></a></label> <ul class="ul-4 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-debug-debug-application-debug-pods-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-debug-debug-application-debug-pods-check"/> <label for="m-zh-cn-docs-tasks-debug-debug-application-debug-pods-check"><a href="/zh-cn/docs/tasks/debug/debug-application/debug-pods/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-debug-debug-application-debug-pods"><span class="">调试 Pod</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-debug-debug-application-debug-service-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-debug-debug-application-debug-service-check"/> <label for="m-zh-cn-docs-tasks-debug-debug-application-debug-service-check"><a href="/zh-cn/docs/tasks/debug/debug-application/debug-service/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-debug-debug-application-debug-service"><span class="">调试 Service</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-debug-debug-application-debug-statefulset-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-debug-debug-application-debug-statefulset-check"/> <label for="m-zh-cn-docs-tasks-debug-debug-application-debug-statefulset-check"><a href="/zh-cn/docs/tasks/debug/debug-application/debug-statefulset/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-debug-debug-application-debug-statefulset"><span class="">调试 StatefulSet</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-debug-debug-application-determine-reason-pod-failure-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-debug-debug-application-determine-reason-pod-failure-check"/> <label for="m-zh-cn-docs-tasks-debug-debug-application-determine-reason-pod-failure-check"><a href="/zh-cn/docs/tasks/debug/debug-application/determine-reason-pod-failure/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-debug-debug-application-determine-reason-pod-failure"><span class="">确定 Pod 失败的原因</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-debug-debug-application-debug-init-containers-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-debug-debug-application-debug-init-containers-check"/> <label for="m-zh-cn-docs-tasks-debug-debug-application-debug-init-containers-check"><a href="/zh-cn/docs/tasks/debug/debug-application/debug-init-containers/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-debug-debug-application-debug-init-containers"><span class="">调试 Init 容器</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-debug-debug-application-debug-running-pod-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-debug-debug-application-debug-running-pod-check"/> <label for="m-zh-cn-docs-tasks-debug-debug-application-debug-running-pod-check"><a href="/zh-cn/docs/tasks/debug/debug-application/debug-running-pod/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-debug-debug-application-debug-running-pod"><span class="">调试运行中的 Pod</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-debug-debug-application-get-shell-running-container-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-debug-debug-application-get-shell-running-container-check"/> <label for="m-zh-cn-docs-tasks-debug-debug-application-get-shell-running-container-check"><a href="/zh-cn/docs/tasks/debug/debug-application/get-shell-running-container/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-debug-debug-application-get-shell-running-container"><span class="">获取正在运行容器的 Shell</span></a></label> </li> </ul> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-tasks-manage-kubernetes-objects-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-manage-kubernetes-objects-check"/> <label for="m-zh-cn-docs-tasks-manage-kubernetes-objects-check"><a href="/zh-cn/docs/tasks/manage-kubernetes-objects/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-tasks-manage-kubernetes-objects"><span class="">管理 Kubernetes 对象</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-manage-kubernetes-objects-declarative-config-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-manage-kubernetes-objects-declarative-config-check"/> <label for="m-zh-cn-docs-tasks-manage-kubernetes-objects-declarative-config-check"><a href="/zh-cn/docs/tasks/manage-kubernetes-objects/declarative-config/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-manage-kubernetes-objects-declarative-config"><span class="">使用配置文件对 Kubernetes 对象进行声明式管理</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-manage-kubernetes-objects-kustomization-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-manage-kubernetes-objects-kustomization-check"/> <label for="m-zh-cn-docs-tasks-manage-kubernetes-objects-kustomization-check"><a href="/zh-cn/docs/tasks/manage-kubernetes-objects/kustomization/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-manage-kubernetes-objects-kustomization"><span class="">使用 Kustomize 对 Kubernetes 对象进行声明式管理</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-manage-kubernetes-objects-imperative-command-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-manage-kubernetes-objects-imperative-command-check"/> <label for="m-zh-cn-docs-tasks-manage-kubernetes-objects-imperative-command-check"><a href="/zh-cn/docs/tasks/manage-kubernetes-objects/imperative-command/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-manage-kubernetes-objects-imperative-command"><span class="">使用指令式命令管理 Kubernetes 对象</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-manage-kubernetes-objects-imperative-config-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-manage-kubernetes-objects-imperative-config-check"/> <label for="m-zh-cn-docs-tasks-manage-kubernetes-objects-imperative-config-check"><a href="/zh-cn/docs/tasks/manage-kubernetes-objects/imperative-config/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-manage-kubernetes-objects-imperative-config"><span class="">使用配置文件对 Kubernetes 对象进行命令式管理</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-manage-kubernetes-objects-update-api-object-kubectl-patch-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-manage-kubernetes-objects-update-api-object-kubectl-patch-check"/> <label for="m-zh-cn-docs-tasks-manage-kubernetes-objects-update-api-object-kubectl-patch-check"><a href="/zh-cn/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-manage-kubernetes-objects-update-api-object-kubectl-patch"><span class="">使用 kubectl patch 更新 API 对象</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-tasks-configmap-secret-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-configmap-secret-check"/> <label for="m-zh-cn-docs-tasks-configmap-secret-check"><a href="/zh-cn/docs/tasks/configmap-secret/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-tasks-configmap-secret"><span class="">管理 Secrets</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-configmap-secret-managing-secret-using-kubectl-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-configmap-secret-managing-secret-using-kubectl-check"/> <label for="m-zh-cn-docs-tasks-configmap-secret-managing-secret-using-kubectl-check"><a href="/zh-cn/docs/tasks/configmap-secret/managing-secret-using-kubectl/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-configmap-secret-managing-secret-using-kubectl"><span class="">使用 kubectl 管理 Secret</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-configmap-secret-managing-secret-using-config-file-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-configmap-secret-managing-secret-using-config-file-check"/> <label for="m-zh-cn-docs-tasks-configmap-secret-managing-secret-using-config-file-check"><a href="/zh-cn/docs/tasks/configmap-secret/managing-secret-using-config-file/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-configmap-secret-managing-secret-using-config-file"><span class="">使用配置文件管理 Secret</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-configmap-secret-managing-secret-using-kustomize-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-configmap-secret-managing-secret-using-kustomize-check"/> <label for="m-zh-cn-docs-tasks-configmap-secret-managing-secret-using-kustomize-check"><a href="/zh-cn/docs/tasks/configmap-secret/managing-secret-using-kustomize/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-configmap-secret-managing-secret-using-kustomize"><span class="">使用 Kustomize 管理 Secret</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-tasks-inject-data-application-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-inject-data-application-check"/> <label for="m-zh-cn-docs-tasks-inject-data-application-check"><a href="/zh-cn/docs/tasks/inject-data-application/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-tasks-inject-data-application"><span class="">给应用注入数据</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-inject-data-application-define-command-argument-container-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-inject-data-application-define-command-argument-container-check"/> <label for="m-zh-cn-docs-tasks-inject-data-application-define-command-argument-container-check"><a href="/zh-cn/docs/tasks/inject-data-application/define-command-argument-container/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-inject-data-application-define-command-argument-container"><span class="">为容器设置启动时要执行的命令和参数</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-inject-data-application-define-interdependent-environment-variables-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-inject-data-application-define-interdependent-environment-variables-check"/> <label for="m-zh-cn-docs-tasks-inject-data-application-define-interdependent-environment-variables-check"><a href="/zh-cn/docs/tasks/inject-data-application/define-interdependent-environment-variables/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-inject-data-application-define-interdependent-environment-variables"><span class="">定义相互依赖的环境变量</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-inject-data-application-define-environment-variable-container-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-inject-data-application-define-environment-variable-container-check"/> <label for="m-zh-cn-docs-tasks-inject-data-application-define-environment-variable-container-check"><a href="/zh-cn/docs/tasks/inject-data-application/define-environment-variable-container/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-inject-data-application-define-environment-variable-container"><span class="">为容器设置环境变量</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-inject-data-application-environment-variable-expose-pod-information-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-inject-data-application-environment-variable-expose-pod-information-check"/> <label for="m-zh-cn-docs-tasks-inject-data-application-environment-variable-expose-pod-information-check"><a href="/zh-cn/docs/tasks/inject-data-application/environment-variable-expose-pod-information/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-inject-data-application-environment-variable-expose-pod-information"><span class="">通过环境变量将 Pod 信息呈现给容器</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-inject-data-application-downward-api-volume-expose-pod-information-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-inject-data-application-downward-api-volume-expose-pod-information-check"/> <label for="m-zh-cn-docs-tasks-inject-data-application-downward-api-volume-expose-pod-information-check"><a href="/zh-cn/docs/tasks/inject-data-application/downward-api-volume-expose-pod-information/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-inject-data-application-downward-api-volume-expose-pod-information"><span class="">通过文件将 Pod 信息呈现给容器</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-inject-data-application-distribute-credentials-secure-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-inject-data-application-distribute-credentials-secure-check"/> <label for="m-zh-cn-docs-tasks-inject-data-application-distribute-credentials-secure-check"><a href="/zh-cn/docs/tasks/inject-data-application/distribute-credentials-secure/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-inject-data-application-distribute-credentials-secure"><span class="">使用 Secret 安全地分发凭据</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-tasks-run-application-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-run-application-check"/> <label for="m-zh-cn-docs-tasks-run-application-check"><a href="/zh-cn/docs/tasks/run-application/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-tasks-run-application"><span class="">运行应用</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-run-application-run-stateless-application-deployment-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-run-application-run-stateless-application-deployment-check"/> <label for="m-zh-cn-docs-tasks-run-application-run-stateless-application-deployment-check"><a href="/zh-cn/docs/tasks/run-application/run-stateless-application-deployment/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-run-application-run-stateless-application-deployment"><span class="">使用 Deployment 运行一个无状态应用</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-run-application-run-single-instance-stateful-application-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-run-application-run-single-instance-stateful-application-check"/> <label for="m-zh-cn-docs-tasks-run-application-run-single-instance-stateful-application-check"><a href="/zh-cn/docs/tasks/run-application/run-single-instance-stateful-application/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-run-application-run-single-instance-stateful-application"><span class="">运行一个单实例有状态应用</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-run-application-run-replicated-stateful-application-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-run-application-run-replicated-stateful-application-check"/> <label for="m-zh-cn-docs-tasks-run-application-run-replicated-stateful-application-check"><a href="/zh-cn/docs/tasks/run-application/run-replicated-stateful-application/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-run-application-run-replicated-stateful-application"><span class="">运行一个有状态的应用程序</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-run-application-scale-stateful-set-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-run-application-scale-stateful-set-check"/> <label for="m-zh-cn-docs-tasks-run-application-scale-stateful-set-check"><a href="/zh-cn/docs/tasks/run-application/scale-stateful-set/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-run-application-scale-stateful-set"><span class="">扩缩 StatefulSet</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-run-application-delete-stateful-set-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-run-application-delete-stateful-set-check"/> <label for="m-zh-cn-docs-tasks-run-application-delete-stateful-set-check"><a href="/zh-cn/docs/tasks/run-application/delete-stateful-set/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-run-application-delete-stateful-set"><span class="">删除 StatefulSet</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-run-application-force-delete-stateful-set-pod-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-run-application-force-delete-stateful-set-pod-check"/> <label for="m-zh-cn-docs-tasks-run-application-force-delete-stateful-set-pod-check"><a href="/zh-cn/docs/tasks/run-application/force-delete-stateful-set-pod/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-run-application-force-delete-stateful-set-pod"><span class="">强制删除 StatefulSet 中的 Pod</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-run-application-horizontal-pod-autoscale-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-run-application-horizontal-pod-autoscale-check"/> <label for="m-zh-cn-docs-tasks-run-application-horizontal-pod-autoscale-check"><a href="/zh-cn/docs/tasks/run-application/horizontal-pod-autoscale/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-run-application-horizontal-pod-autoscale"><span class="">Pod 水平自动扩缩</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-run-application-horizontal-pod-autoscale-walkthrough-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-run-application-horizontal-pod-autoscale-walkthrough-check"/> <label for="m-zh-cn-docs-tasks-run-application-horizontal-pod-autoscale-walkthrough-check"><a href="/zh-cn/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-run-application-horizontal-pod-autoscale-walkthrough"><span class="">HorizontalPodAutoscaler 演练</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-run-application-configure-pdb-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-run-application-configure-pdb-check"/> <label for="m-zh-cn-docs-tasks-run-application-configure-pdb-check"><a href="/zh-cn/docs/tasks/run-application/configure-pdb/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-run-application-configure-pdb"><span class="">为应用程序设置干扰预算(Disruption Budget)</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-run-application-access-api-from-pod-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-run-application-access-api-from-pod-check"/> <label for="m-zh-cn-docs-tasks-run-application-access-api-from-pod-check"><a href="/zh-cn/docs/tasks/run-application/access-api-from-pod/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-run-application-access-api-from-pod"><span class="">从 Pod 中访问 Kubernetes API</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-tasks-job-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-job-check"/> <label for="m-zh-cn-docs-tasks-job-check"><a href="/zh-cn/docs/tasks/job/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-tasks-job"><span class="">运行 Jobs</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-job-automated-tasks-with-cron-jobs-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-job-automated-tasks-with-cron-jobs-check"/> <label for="m-zh-cn-docs-tasks-job-automated-tasks-with-cron-jobs-check"><a href="/zh-cn/docs/tasks/job/automated-tasks-with-cron-jobs/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-job-automated-tasks-with-cron-jobs"><span class="">使用 CronJob 运行自动化任务</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-job-coarse-parallel-processing-work-queue-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-job-coarse-parallel-processing-work-queue-check"/> <label for="m-zh-cn-docs-tasks-job-coarse-parallel-processing-work-queue-check"><a href="/zh-cn/docs/tasks/job/coarse-parallel-processing-work-queue/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-job-coarse-parallel-processing-work-queue"><span class="">使用工作队列进行粗粒度并行处理</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-job-job-with-pod-to-pod-communication-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-job-job-with-pod-to-pod-communication-check"/> <label for="m-zh-cn-docs-tasks-job-job-with-pod-to-pod-communication-check"><a href="/zh-cn/docs/tasks/job/job-with-pod-to-pod-communication/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-job-job-with-pod-to-pod-communication"><span class="">带 Pod 间通信的 Job</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-job-fine-parallel-processing-work-queue-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-job-fine-parallel-processing-work-queue-check"/> <label for="m-zh-cn-docs-tasks-job-fine-parallel-processing-work-queue-check"><a href="/zh-cn/docs/tasks/job/fine-parallel-processing-work-queue/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-job-fine-parallel-processing-work-queue"><span class="">使用工作队列进行精细的并行处理</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-job-indexed-parallel-processing-static-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-job-indexed-parallel-processing-static-check"/> <label for="m-zh-cn-docs-tasks-job-indexed-parallel-processing-static-check"><a href="/zh-cn/docs/tasks/job/indexed-parallel-processing-static/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-job-indexed-parallel-processing-static"><span class="">使用索引作业完成静态工作分配下的并行处理</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-job-parallel-processing-expansion-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-job-parallel-processing-expansion-check"/> <label for="m-zh-cn-docs-tasks-job-parallel-processing-expansion-check"><a href="/zh-cn/docs/tasks/job/parallel-processing-expansion/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-job-parallel-processing-expansion"><span class="">使用展开的方式进行并行处理</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-job-pod-failure-policy-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-job-pod-failure-policy-check"/> <label for="m-zh-cn-docs-tasks-job-pod-failure-policy-check"><a href="/zh-cn/docs/tasks/job/pod-failure-policy/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-job-pod-failure-policy"><span class="">使用 Pod 失效策略处理可重试和不可重试的 Pod 失效</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-tasks-access-application-cluster-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-access-application-cluster-check"/> <label for="m-zh-cn-docs-tasks-access-application-cluster-check"><a href="/zh-cn/docs/tasks/access-application-cluster/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-tasks-access-application-cluster"><span class="">访问集群中的应用程序</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-access-application-cluster-web-ui-dashboard-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-access-application-cluster-web-ui-dashboard-check"/> <label for="m-zh-cn-docs-tasks-access-application-cluster-web-ui-dashboard-check"><a href="/zh-cn/docs/tasks/access-application-cluster/web-ui-dashboard/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-access-application-cluster-web-ui-dashboard"><span class="">部署和访问 Kubernetes 仪表板(Dashboard)</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-access-application-cluster-access-cluster-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-access-application-cluster-access-cluster-check"/> <label for="m-zh-cn-docs-tasks-access-application-cluster-access-cluster-check"><a href="/zh-cn/docs/tasks/access-application-cluster/access-cluster/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-access-application-cluster-access-cluster"><span class="">访问集群</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-access-application-cluster-configure-access-multiple-clusters-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-access-application-cluster-configure-access-multiple-clusters-check"/> <label for="m-zh-cn-docs-tasks-access-application-cluster-configure-access-multiple-clusters-check"><a href="/zh-cn/docs/tasks/access-application-cluster/configure-access-multiple-clusters/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-access-application-cluster-configure-access-multiple-clusters"><span class="">配置对多集群的访问</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-access-application-cluster-port-forward-access-application-cluster-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-access-application-cluster-port-forward-access-application-cluster-check"/> <label for="m-zh-cn-docs-tasks-access-application-cluster-port-forward-access-application-cluster-check"><a href="/zh-cn/docs/tasks/access-application-cluster/port-forward-access-application-cluster/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-access-application-cluster-port-forward-access-application-cluster"><span class="">使用端口转发来访问集群中的应用</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-access-application-cluster-service-access-application-cluster-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-access-application-cluster-service-access-application-cluster-check"/> <label for="m-zh-cn-docs-tasks-access-application-cluster-service-access-application-cluster-check"><a href="/zh-cn/docs/tasks/access-application-cluster/service-access-application-cluster/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-access-application-cluster-service-access-application-cluster"><span class="">使用服务来访问集群中的应用</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-access-application-cluster-connecting-frontend-backend-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-access-application-cluster-connecting-frontend-backend-check"/> <label for="m-zh-cn-docs-tasks-access-application-cluster-connecting-frontend-backend-check"><a href="/zh-cn/docs/tasks/access-application-cluster/connecting-frontend-backend/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-access-application-cluster-connecting-frontend-backend"><span class="">使用 Service 把前端连接到后端</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-access-application-cluster-create-external-load-balancer-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-access-application-cluster-create-external-load-balancer-check"/> <label for="m-zh-cn-docs-tasks-access-application-cluster-create-external-load-balancer-check"><a href="/zh-cn/docs/tasks/access-application-cluster/create-external-load-balancer/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-access-application-cluster-create-external-load-balancer"><span class="">创建外部负载均衡器</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-access-application-cluster-list-all-running-container-images-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-access-application-cluster-list-all-running-container-images-check"/> <label for="m-zh-cn-docs-tasks-access-application-cluster-list-all-running-container-images-check"><a href="/zh-cn/docs/tasks/access-application-cluster/list-all-running-container-images/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-access-application-cluster-list-all-running-container-images"><span class="">列出集群中所有运行容器的镜像</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-access-application-cluster-ingress-minikube-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-access-application-cluster-ingress-minikube-check"/> <label for="m-zh-cn-docs-tasks-access-application-cluster-ingress-minikube-check"><a href="/zh-cn/docs/tasks/access-application-cluster/ingress-minikube/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-access-application-cluster-ingress-minikube"><span class="">在 Minikube 环境中使用 NGINX Ingress 控制器配置 Ingress</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-access-application-cluster-communicate-containers-same-pod-shared-volume-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-access-application-cluster-communicate-containers-same-pod-shared-volume-check"/> <label for="m-zh-cn-docs-tasks-access-application-cluster-communicate-containers-same-pod-shared-volume-check"><a href="/zh-cn/docs/tasks/access-application-cluster/communicate-containers-same-pod-shared-volume/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-access-application-cluster-communicate-containers-same-pod-shared-volume"><span class="">同 Pod 内的容器使用共享卷通信</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-access-application-cluster-configure-dns-cluster-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-access-application-cluster-configure-dns-cluster-check"/> <label for="m-zh-cn-docs-tasks-access-application-cluster-configure-dns-cluster-check"><a href="/zh-cn/docs/tasks/access-application-cluster/configure-dns-cluster/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-access-application-cluster-configure-dns-cluster"><span class="">为集群配置 DNS</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-access-application-cluster-access-cluster-services-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-access-application-cluster-access-cluster-services-check"/> <label for="m-zh-cn-docs-tasks-access-application-cluster-access-cluster-services-check"><a href="/zh-cn/docs/tasks/access-application-cluster/access-cluster-services/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-access-application-cluster-access-cluster-services"><span class="">访问集群上运行的服务</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-tasks-extend-kubernetes-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-extend-kubernetes-check"/> <label for="m-zh-cn-docs-tasks-extend-kubernetes-check"><a href="/zh-cn/docs/tasks/extend-kubernetes/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-tasks-extend-kubernetes"><span class="">扩展 Kubernetes</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-extend-kubernetes-configure-aggregation-layer-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-extend-kubernetes-configure-aggregation-layer-check"/> <label for="m-zh-cn-docs-tasks-extend-kubernetes-configure-aggregation-layer-check"><a href="/zh-cn/docs/tasks/extend-kubernetes/configure-aggregation-layer/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-extend-kubernetes-configure-aggregation-layer"><span class="">配置聚合层</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-tasks-extend-kubernetes-custom-resources-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-extend-kubernetes-custom-resources-check"/> <label for="m-zh-cn-docs-tasks-extend-kubernetes-custom-resources-check"><a href="/zh-cn/docs/tasks/extend-kubernetes/custom-resources/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-tasks-extend-kubernetes-custom-resources"><span class="">使用自定义资源</span></a></label> <ul class="ul-4 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-extend-kubernetes-custom-resources-custom-resource-definitions-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-extend-kubernetes-custom-resources-custom-resource-definitions-check"/> <label for="m-zh-cn-docs-tasks-extend-kubernetes-custom-resources-custom-resource-definitions-check"><a href="/zh-cn/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-extend-kubernetes-custom-resources-custom-resource-definitions"><span class="">使用 CustomResourceDefinition 扩展 Kubernetes API</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-extend-kubernetes-custom-resources-custom-resource-definition-versioning-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-extend-kubernetes-custom-resources-custom-resource-definition-versioning-check"/> <label for="m-zh-cn-docs-tasks-extend-kubernetes-custom-resources-custom-resource-definition-versioning-check"><a href="/zh-cn/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definition-versioning/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-extend-kubernetes-custom-resources-custom-resource-definition-versioning"><span class="">CustomResourceDefinition 的版本</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-extend-kubernetes-setup-extension-api-server-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-extend-kubernetes-setup-extension-api-server-check"/> <label for="m-zh-cn-docs-tasks-extend-kubernetes-setup-extension-api-server-check"><a href="/zh-cn/docs/tasks/extend-kubernetes/setup-extension-api-server/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-extend-kubernetes-setup-extension-api-server"><span class="">安装一个扩展的 API server</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-extend-kubernetes-configure-multiple-schedulers-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-extend-kubernetes-configure-multiple-schedulers-check"/> <label for="m-zh-cn-docs-tasks-extend-kubernetes-configure-multiple-schedulers-check"><a href="/zh-cn/docs/tasks/extend-kubernetes/configure-multiple-schedulers/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-extend-kubernetes-configure-multiple-schedulers"><span class="">配置多个调度器</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-extend-kubernetes-http-proxy-access-api-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-extend-kubernetes-http-proxy-access-api-check"/> <label for="m-zh-cn-docs-tasks-extend-kubernetes-http-proxy-access-api-check"><a href="/zh-cn/docs/tasks/extend-kubernetes/http-proxy-access-api/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-extend-kubernetes-http-proxy-access-api"><span class="">使用 HTTP 代理访问 Kubernetes API</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-extend-kubernetes-socks5-proxy-access-api-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-extend-kubernetes-socks5-proxy-access-api-check"/> <label for="m-zh-cn-docs-tasks-extend-kubernetes-socks5-proxy-access-api-check"><a href="/zh-cn/docs/tasks/extend-kubernetes/socks5-proxy-access-api/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-extend-kubernetes-socks5-proxy-access-api"><span class="">使用 SOCKS5 代理访问 Kubernetes API</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-extend-kubernetes-setup-konnectivity-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-extend-kubernetes-setup-konnectivity-check"/> <label for="m-zh-cn-docs-tasks-extend-kubernetes-setup-konnectivity-check"><a href="/zh-cn/docs/tasks/extend-kubernetes/setup-konnectivity/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-extend-kubernetes-setup-konnectivity"><span class="">设置 Konnectivity 服务</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-tasks-tls-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-tls-check"/> <label for="m-zh-cn-docs-tasks-tls-check"><a href="/zh-cn/docs/tasks/tls/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-tasks-tls"><span class="">TLS</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-tls-managing-tls-in-a-cluster-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-tls-managing-tls-in-a-cluster-check"/> <label for="m-zh-cn-docs-tasks-tls-managing-tls-in-a-cluster-check"><a href="/zh-cn/docs/tasks/tls/managing-tls-in-a-cluster/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-tls-managing-tls-in-a-cluster"><span class="">管理集群中的 TLS 认证</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-tls-manual-rotation-of-ca-certificates-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-tls-manual-rotation-of-ca-certificates-check"/> <label for="m-zh-cn-docs-tasks-tls-manual-rotation-of-ca-certificates-check"><a href="/zh-cn/docs/tasks/tls/manual-rotation-of-ca-certificates/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-tls-manual-rotation-of-ca-certificates"><span class="">手动轮换 CA 证书</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-tls-certificate-rotation-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-tls-certificate-rotation-check"/> <label for="m-zh-cn-docs-tasks-tls-certificate-rotation-check"><a href="/zh-cn/docs/tasks/tls/certificate-rotation/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-tls-certificate-rotation"><span class="">为 kubelet 配置证书轮换</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-tasks-manage-daemon-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-manage-daemon-check"/> <label for="m-zh-cn-docs-tasks-manage-daemon-check"><a href="/zh-cn/docs/tasks/manage-daemon/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-tasks-manage-daemon"><span class="">管理集群守护进程</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-manage-daemon-update-daemon-set-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-manage-daemon-update-daemon-set-check"/> <label for="m-zh-cn-docs-tasks-manage-daemon-update-daemon-set-check"><a href="/zh-cn/docs/tasks/manage-daemon/update-daemon-set/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-manage-daemon-update-daemon-set"><span class="">对 DaemonSet 执行滚动更新</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-manage-daemon-rollback-daemon-set-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-manage-daemon-rollback-daemon-set-check"/> <label for="m-zh-cn-docs-tasks-manage-daemon-rollback-daemon-set-check"><a href="/zh-cn/docs/tasks/manage-daemon/rollback-daemon-set/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-manage-daemon-rollback-daemon-set"><span class="">对 DaemonSet 执行回滚</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-manage-daemon-pods-some-nodes-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-manage-daemon-pods-some-nodes-check"/> <label for="m-zh-cn-docs-tasks-manage-daemon-pods-some-nodes-check"><a href="/zh-cn/docs/tasks/manage-daemon/pods-some-nodes/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-manage-daemon-pods-some-nodes"><span class="">仅在某些节点上运行 Pod</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-tasks-network-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-network-check"/> <label for="m-zh-cn-docs-tasks-network-check"><a href="/zh-cn/docs/tasks/network/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-tasks-network"><span class="">网络</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-network-customize-hosts-file-for-pods-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-network-customize-hosts-file-for-pods-check"/> <label for="m-zh-cn-docs-tasks-network-customize-hosts-file-for-pods-check"><a href="/zh-cn/docs/tasks/network/customize-hosts-file-for-pods/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-network-customize-hosts-file-for-pods"><span class="">使用 HostAliases 向 Pod /etc/hosts 文件添加条目</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-network-validate-dual-stack-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-network-validate-dual-stack-check"/> <label for="m-zh-cn-docs-tasks-network-validate-dual-stack-check"><a href="/zh-cn/docs/tasks/network/validate-dual-stack/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-network-validate-dual-stack"><span class="">验证 IPv4/IPv6 双协议栈</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-manage-gpus-scheduling-gpus-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-manage-gpus-scheduling-gpus-check"/> <label for="m-zh-cn-docs-tasks-manage-gpus-scheduling-gpus-check"><a href="/zh-cn/docs/tasks/manage-gpus/scheduling-gpus/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-manage-gpus-scheduling-gpus"><span class="">调度 GPU</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-manage-hugepages-scheduling-hugepages-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-manage-hugepages-scheduling-hugepages-check"/> <label for="m-zh-cn-docs-tasks-manage-hugepages-scheduling-hugepages-check"><a href="/zh-cn/docs/tasks/manage-hugepages/scheduling-hugepages/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-manage-hugepages-scheduling-hugepages"><span class="">管理巨页(HugePage)</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tasks-extend-kubectl-kubectl-plugins-li"> <input type="checkbox" id="m-zh-cn-docs-tasks-extend-kubectl-kubectl-plugins-check"/> <label for="m-zh-cn-docs-tasks-extend-kubectl-kubectl-plugins-check"><a href="/zh-cn/docs/tasks/extend-kubectl/kubectl-plugins/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tasks-extend-kubectl-kubectl-plugins"><span class="">用插件扩展 kubectl</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-tutorials-li"> <input type="checkbox" id="m-zh-cn-docs-tutorials-check"/> <label for="m-zh-cn-docs-tutorials-check"><a href="/zh-cn/docs/tutorials/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-tutorials"><span class="">教程</span></a></label> <ul class="ul-2 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tutorials-hello-minikube-li"> <input type="checkbox" id="m-zh-cn-docs-tutorials-hello-minikube-check"/> <label for="m-zh-cn-docs-tutorials-hello-minikube-check"><a href="/zh-cn/docs/tutorials/hello-minikube/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tutorials-hello-minikube"><span class="">你好,Minikube</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-tutorials-kubernetes-basics-li"> <input type="checkbox" id="m-zh-cn-docs-tutorials-kubernetes-basics-check"/> <label for="m-zh-cn-docs-tutorials-kubernetes-basics-check"><a href="/zh-cn/docs/tutorials/kubernetes-basics/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-tutorials-kubernetes-basics"><span class="">学习 Kubernetes 基础知识</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-tutorials-kubernetes-basics-create-cluster-li"> <input type="checkbox" id="m-zh-cn-docs-tutorials-kubernetes-basics-create-cluster-check"/> <label for="m-zh-cn-docs-tutorials-kubernetes-basics-create-cluster-check"><a href="/zh-cn/docs/tutorials/kubernetes-basics/create-cluster/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-tutorials-kubernetes-basics-create-cluster"><span class="">创建集群</span></a></label> <ul class="ul-4 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tutorials-kubernetes-basics-create-cluster-cluster-intro-li"> <input type="checkbox" id="m-zh-cn-docs-tutorials-kubernetes-basics-create-cluster-cluster-intro-check"/> <label for="m-zh-cn-docs-tutorials-kubernetes-basics-create-cluster-cluster-intro-check"><a href="/zh-cn/docs/tutorials/kubernetes-basics/create-cluster/cluster-intro/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tutorials-kubernetes-basics-create-cluster-cluster-intro"><span class="">使用 Minikube 创建集群</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-tutorials-kubernetes-basics-deploy-app-li"> <input type="checkbox" id="m-zh-cn-docs-tutorials-kubernetes-basics-deploy-app-check"/> <label for="m-zh-cn-docs-tutorials-kubernetes-basics-deploy-app-check"><a href="/zh-cn/docs/tutorials/kubernetes-basics/deploy-app/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-tutorials-kubernetes-basics-deploy-app"><span class="">部署应用</span></a></label> <ul class="ul-4 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tutorials-kubernetes-basics-deploy-app-deploy-intro-li"> <input type="checkbox" id="m-zh-cn-docs-tutorials-kubernetes-basics-deploy-app-deploy-intro-check"/> <label for="m-zh-cn-docs-tutorials-kubernetes-basics-deploy-app-deploy-intro-check"><a href="/zh-cn/docs/tutorials/kubernetes-basics/deploy-app/deploy-intro/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tutorials-kubernetes-basics-deploy-app-deploy-intro"><span class="">使用 kubectl 创建 Deployment</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-tutorials-kubernetes-basics-explore-li"> <input type="checkbox" id="m-zh-cn-docs-tutorials-kubernetes-basics-explore-check"/> <label for="m-zh-cn-docs-tutorials-kubernetes-basics-explore-check"><a href="/zh-cn/docs/tutorials/kubernetes-basics/explore/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-tutorials-kubernetes-basics-explore"><span class="">了解你的应用</span></a></label> <ul class="ul-4 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tutorials-kubernetes-basics-explore-explore-intro-li"> <input type="checkbox" id="m-zh-cn-docs-tutorials-kubernetes-basics-explore-explore-intro-check"/> <label for="m-zh-cn-docs-tutorials-kubernetes-basics-explore-explore-intro-check"><a href="/zh-cn/docs/tutorials/kubernetes-basics/explore/explore-intro/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tutorials-kubernetes-basics-explore-explore-intro"><span class="">查看 Pod 和节点</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tutorials-kubernetes-basics-explore-explore-interactive-li"> <input type="checkbox" id="m-zh-cn-docs-tutorials-kubernetes-basics-explore-explore-interactive-check"/> <label for="m-zh-cn-docs-tutorials-kubernetes-basics-explore-explore-interactive-check"><a href="/zh-cn/docs/tutorials/kubernetes-basics/explore/explore-interactive/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tutorials-kubernetes-basics-explore-explore-interactive"><span class="">交互式教程 - 探索你的应用</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-tutorials-kubernetes-basics-expose-li"> <input type="checkbox" id="m-zh-cn-docs-tutorials-kubernetes-basics-expose-check"/> <label for="m-zh-cn-docs-tutorials-kubernetes-basics-expose-check"><a href="/zh-cn/docs/tutorials/kubernetes-basics/expose/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-tutorials-kubernetes-basics-expose"><span class="">公开地暴露你的应用</span></a></label> <ul class="ul-4 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tutorials-kubernetes-basics-expose-expose-intro-li"> <input type="checkbox" id="m-zh-cn-docs-tutorials-kubernetes-basics-expose-expose-intro-check"/> <label for="m-zh-cn-docs-tutorials-kubernetes-basics-expose-expose-intro-check"><a href="/zh-cn/docs/tutorials/kubernetes-basics/expose/expose-intro/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tutorials-kubernetes-basics-expose-expose-intro"><span class="">使用 Service 暴露你的应用</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-tutorials-kubernetes-basics-scale-li"> <input type="checkbox" id="m-zh-cn-docs-tutorials-kubernetes-basics-scale-check"/> <label for="m-zh-cn-docs-tutorials-kubernetes-basics-scale-check"><a href="/zh-cn/docs/tutorials/kubernetes-basics/scale/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-tutorials-kubernetes-basics-scale"><span class="">扩缩你的应用</span></a></label> <ul class="ul-4 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tutorials-kubernetes-basics-scale-scale-intro-li"> <input type="checkbox" id="m-zh-cn-docs-tutorials-kubernetes-basics-scale-scale-intro-check"/> <label for="m-zh-cn-docs-tutorials-kubernetes-basics-scale-scale-intro-check"><a href="/zh-cn/docs/tutorials/kubernetes-basics/scale/scale-intro/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tutorials-kubernetes-basics-scale-scale-intro"><span class="">运行应用程序的多个实例</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-tutorials-kubernetes-basics-update-li"> <input type="checkbox" id="m-zh-cn-docs-tutorials-kubernetes-basics-update-check"/> <label for="m-zh-cn-docs-tutorials-kubernetes-basics-update-check"><a href="/zh-cn/docs/tutorials/kubernetes-basics/update/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-tutorials-kubernetes-basics-update"><span class="">更新你的应用</span></a></label> <ul class="ul-4 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tutorials-kubernetes-basics-update-update-intro-li"> <input type="checkbox" id="m-zh-cn-docs-tutorials-kubernetes-basics-update-update-intro-check"/> <label for="m-zh-cn-docs-tutorials-kubernetes-basics-update-update-intro-check"><a href="/zh-cn/docs/tutorials/kubernetes-basics/update/update-intro/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tutorials-kubernetes-basics-update-update-intro"><span class="">执行滚动更新</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tutorials-kubernetes-basics-update-update-interactive-li"> <input type="checkbox" id="m-zh-cn-docs-tutorials-kubernetes-basics-update-update-interactive-check"/> <label for="m-zh-cn-docs-tutorials-kubernetes-basics-update-update-interactive-check"><a href="/zh-cn/docs/tutorials/kubernetes-basics/update/update-interactive/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tutorials-kubernetes-basics-update-update-interactive"><span class="">交互式教程 - 更新你的应用</span></a></label> </li> </ul> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-tutorials-configuration-li"> <input type="checkbox" id="m-zh-cn-docs-tutorials-configuration-check"/> <label for="m-zh-cn-docs-tutorials-configuration-check"><a href="/zh-cn/docs/tutorials/configuration/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-tutorials-configuration"><span class="">配置</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-tutorials-configuration-configure-java-microservice-li"> <input type="checkbox" id="m-zh-cn-docs-tutorials-configuration-configure-java-microservice-check"/> <label for="m-zh-cn-docs-tutorials-configuration-configure-java-microservice-check"><a href="/zh-cn/docs/tutorials/configuration/configure-java-microservice/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-tutorials-configuration-configure-java-microservice"><span class="">示例:配置 java 微服务</span></a></label> <ul class="ul-4 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tutorials-configuration-configure-java-microservice-configure-java-microservice-li"> <input type="checkbox" id="m-zh-cn-docs-tutorials-configuration-configure-java-microservice-configure-java-microservice-check"/> <label for="m-zh-cn-docs-tutorials-configuration-configure-java-microservice-configure-java-microservice-check"><a href="/zh-cn/docs/tutorials/configuration/configure-java-microservice/configure-java-microservice/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tutorials-configuration-configure-java-microservice-configure-java-microservice"><span class="">使用 MicroProfile、ConfigMaps、Secrets 实现外部化应用配置</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tutorials-configuration-configure-java-microservice-configure-java-microservice-interactive-li"> <input type="checkbox" id="m-zh-cn-docs-tutorials-configuration-configure-java-microservice-configure-java-microservice-interactive-check"/> <label for="m-zh-cn-docs-tutorials-configuration-configure-java-microservice-configure-java-microservice-interactive-check"><a href="/zh-cn/docs/tutorials/configuration/configure-java-microservice/configure-java-microservice-interactive/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tutorials-configuration-configure-java-microservice-configure-java-microservice-interactive"><span class="">互动教程 - 配置 java 微服务</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tutorials-configuration-configure-redis-using-configmap-li"> <input type="checkbox" id="m-zh-cn-docs-tutorials-configuration-configure-redis-using-configmap-check"/> <label for="m-zh-cn-docs-tutorials-configuration-configure-redis-using-configmap-check"><a href="/zh-cn/docs/tutorials/configuration/configure-redis-using-configmap/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tutorials-configuration-configure-redis-using-configmap"><span class="">使用 ConfigMap 来配置 Redis</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-tutorials-security-li"> <input type="checkbox" id="m-zh-cn-docs-tutorials-security-check"/> <label for="m-zh-cn-docs-tutorials-security-check"><a href="/zh-cn/docs/tutorials/security/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-tutorials-security"><span class="">安全</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tutorials-security-cluster-level-pss-li"> <input type="checkbox" id="m-zh-cn-docs-tutorials-security-cluster-level-pss-check"/> <label for="m-zh-cn-docs-tutorials-security-cluster-level-pss-check"><a href="/zh-cn/docs/tutorials/security/cluster-level-pss/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tutorials-security-cluster-level-pss"><span class="">在集群级别应用 Pod 安全标准</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tutorials-security-ns-level-pss-li"> <input type="checkbox" id="m-zh-cn-docs-tutorials-security-ns-level-pss-check"/> <label for="m-zh-cn-docs-tutorials-security-ns-level-pss-check"><a href="/zh-cn/docs/tutorials/security/ns-level-pss/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tutorials-security-ns-level-pss"><span class="">在名字空间级别应用 Pod 安全标准</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tutorials-security-apparmor-li"> <input type="checkbox" id="m-zh-cn-docs-tutorials-security-apparmor-check"/> <label for="m-zh-cn-docs-tutorials-security-apparmor-check"><a href="/zh-cn/docs/tutorials/security/apparmor/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tutorials-security-apparmor"><span class="">使用 AppArmor 限制容器对资源的访问</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tutorials-security-seccomp-li"> <input type="checkbox" id="m-zh-cn-docs-tutorials-security-seccomp-check"/> <label for="m-zh-cn-docs-tutorials-security-seccomp-check"><a href="/zh-cn/docs/tutorials/security/seccomp/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tutorials-security-seccomp"><span class="">使用 seccomp 限制容器的系统调用</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-tutorials-stateless-application-li"> <input type="checkbox" id="m-zh-cn-docs-tutorials-stateless-application-check"/> <label for="m-zh-cn-docs-tutorials-stateless-application-check"><a href="/zh-cn/docs/tutorials/stateless-application/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-tutorials-stateless-application"><span class="">无状态的应用</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tutorials-stateless-application-expose-external-ip-address-li"> <input type="checkbox" id="m-zh-cn-docs-tutorials-stateless-application-expose-external-ip-address-check"/> <label for="m-zh-cn-docs-tutorials-stateless-application-expose-external-ip-address-check"><a href="/zh-cn/docs/tutorials/stateless-application/expose-external-ip-address/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tutorials-stateless-application-expose-external-ip-address"><span class="">公开外部 IP 地址以访问集群中应用程序</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tutorials-stateless-application-guestbook-li"> <input type="checkbox" id="m-zh-cn-docs-tutorials-stateless-application-guestbook-check"/> <label for="m-zh-cn-docs-tutorials-stateless-application-guestbook-check"><a href="/zh-cn/docs/tutorials/stateless-application/guestbook/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tutorials-stateless-application-guestbook"><span class="">示例:使用 Redis 部署 PHP 留言板应用</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-tutorials-stateful-application-li"> <input type="checkbox" id="m-zh-cn-docs-tutorials-stateful-application-check"/> <label for="m-zh-cn-docs-tutorials-stateful-application-check"><a href="/zh-cn/docs/tutorials/stateful-application/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-tutorials-stateful-application"><span class="">有状态的应用</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tutorials-stateful-application-basic-stateful-set-li"> <input type="checkbox" id="m-zh-cn-docs-tutorials-stateful-application-basic-stateful-set-check"/> <label for="m-zh-cn-docs-tutorials-stateful-application-basic-stateful-set-check"><a href="/zh-cn/docs/tutorials/stateful-application/basic-stateful-set/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tutorials-stateful-application-basic-stateful-set"><span class="">StatefulSet 基础</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tutorials-stateful-application-mysql-wordpress-persistent-volume-li"> <input type="checkbox" id="m-zh-cn-docs-tutorials-stateful-application-mysql-wordpress-persistent-volume-check"/> <label for="m-zh-cn-docs-tutorials-stateful-application-mysql-wordpress-persistent-volume-check"><a href="/zh-cn/docs/tutorials/stateful-application/mysql-wordpress-persistent-volume/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tutorials-stateful-application-mysql-wordpress-persistent-volume"><span class="">示例:使用持久卷部署 WordPress 和 MySQL</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tutorials-stateful-application-cassandra-li"> <input type="checkbox" id="m-zh-cn-docs-tutorials-stateful-application-cassandra-check"/> <label for="m-zh-cn-docs-tutorials-stateful-application-cassandra-check"><a href="/zh-cn/docs/tutorials/stateful-application/cassandra/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tutorials-stateful-application-cassandra"><span class="">示例:使用 StatefulSet 部署 Cassandra</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tutorials-stateful-application-zookeeper-li"> <input type="checkbox" id="m-zh-cn-docs-tutorials-stateful-application-zookeeper-check"/> <label for="m-zh-cn-docs-tutorials-stateful-application-zookeeper-check"><a href="/zh-cn/docs/tutorials/stateful-application/zookeeper/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tutorials-stateful-application-zookeeper"><span class="">运行 ZooKeeper,一个分布式协调系统</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-tutorials-services-li"> <input type="checkbox" id="m-zh-cn-docs-tutorials-services-check"/> <label for="m-zh-cn-docs-tutorials-services-check"><a href="/zh-cn/docs/tutorials/services/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-tutorials-services"><span class="">Service</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tutorials-services-connect-applications-service-li"> <input type="checkbox" id="m-zh-cn-docs-tutorials-services-connect-applications-service-check"/> <label for="m-zh-cn-docs-tutorials-services-connect-applications-service-check"><a href="/zh-cn/docs/tutorials/services/connect-applications-service/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tutorials-services-connect-applications-service"><span class="">使用 Service 连接到应用</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tutorials-services-source-ip-li"> <input type="checkbox" id="m-zh-cn-docs-tutorials-services-source-ip-check"/> <label for="m-zh-cn-docs-tutorials-services-source-ip-check"><a href="/zh-cn/docs/tutorials/services/source-ip/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tutorials-services-source-ip"><span class="">使用源 IP</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-tutorials-services-pods-and-endpoint-termination-flow-li"> <input type="checkbox" id="m-zh-cn-docs-tutorials-services-pods-and-endpoint-termination-flow-check"/> <label for="m-zh-cn-docs-tutorials-services-pods-and-endpoint-termination-flow-check"><a href="/zh-cn/docs/tutorials/services/pods-and-endpoint-termination-flow/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-tutorials-services-pods-and-endpoint-termination-flow"><span class="">探索 Pod 及其端点的终止行为</span></a></label> </li> </ul> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-reference-li"> <input type="checkbox" id="m-zh-cn-docs-reference-check"/> <label for="m-zh-cn-docs-reference-check"><a href="/zh-cn/docs/reference/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-reference"><span class="">参考</span></a></label> <ul class="ul-2 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-glossary-li"> <input type="checkbox" id="m-zh-cn-docs-reference-glossary-check"/> <label for="m-zh-cn-docs-reference-glossary-check"><a href="/zh-cn/docs/reference/glossary/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-glossary"><span class="">词汇表</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-reference-using-api-li"> <input type="checkbox" id="m-zh-cn-docs-reference-using-api-check"/> <label for="m-zh-cn-docs-reference-using-api-check"><a href="/zh-cn/docs/reference/using-api/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-reference-using-api"><span class="">API 概述</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-using-api-api-concepts-li"> <input type="checkbox" id="m-zh-cn-docs-reference-using-api-api-concepts-check"/> <label for="m-zh-cn-docs-reference-using-api-api-concepts-check"><a href="/zh-cn/docs/reference/using-api/api-concepts/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-using-api-api-concepts"><span class="">Kubernetes API 概念</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-using-api-server-side-apply-li"> <input type="checkbox" id="m-zh-cn-docs-reference-using-api-server-side-apply-check"/> <label for="m-zh-cn-docs-reference-using-api-server-side-apply-check"><a href="/zh-cn/docs/reference/using-api/server-side-apply/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-using-api-server-side-apply"><span class="">服务器端应用(Server-Side Apply)</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-using-api-client-libraries-li"> <input type="checkbox" id="m-zh-cn-docs-reference-using-api-client-libraries-check"/> <label for="m-zh-cn-docs-reference-using-api-client-libraries-check"><a href="/zh-cn/docs/reference/using-api/client-libraries/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-using-api-client-libraries"><span class="">客户端库</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-using-api-cel-li"> <input type="checkbox" id="m-zh-cn-docs-reference-using-api-cel-check"/> <label for="m-zh-cn-docs-reference-using-api-cel-check"><a href="/zh-cn/docs/reference/using-api/cel/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-using-api-cel"><span class="">Kubernetes 中的通用表达式语言</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-using-api-deprecation-policy-li"> <input type="checkbox" id="m-zh-cn-docs-reference-using-api-deprecation-policy-check"/> <label for="m-zh-cn-docs-reference-using-api-deprecation-policy-check"><a href="/zh-cn/docs/reference/using-api/deprecation-policy/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-using-api-deprecation-policy"><span class="">Kubernetes 弃用策略</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-using-api-deprecation-guide-li"> <input type="checkbox" id="m-zh-cn-docs-reference-using-api-deprecation-guide-check"/> <label for="m-zh-cn-docs-reference-using-api-deprecation-guide-check"><a href="/zh-cn/docs/reference/using-api/deprecation-guide/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-using-api-deprecation-guide"><span class="">已弃用 API 的迁移指南</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-using-api-health-checks-li"> <input type="checkbox" id="m-zh-cn-docs-reference-using-api-health-checks-check"/> <label for="m-zh-cn-docs-reference-using-api-health-checks-check"><a href="/zh-cn/docs/reference/using-api/health-checks/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-using-api-health-checks"><span class="">Kubernetes API 健康端点</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-reference-access-authn-authz-li"> <input type="checkbox" id="m-zh-cn-docs-reference-access-authn-authz-check"/> <label for="m-zh-cn-docs-reference-access-authn-authz-check"><a href="/zh-cn/docs/reference/access-authn-authz/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-reference-access-authn-authz"><span class="">API 访问控制</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-access-authn-authz-authentication-li"> <input type="checkbox" id="m-zh-cn-docs-reference-access-authn-authz-authentication-check"/> <label for="m-zh-cn-docs-reference-access-authn-authz-authentication-check"><a href="/zh-cn/docs/reference/access-authn-authz/authentication/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-access-authn-authz-authentication"><span class="">用户认证</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-access-authn-authz-bootstrap-tokens-li"> <input type="checkbox" id="m-zh-cn-docs-reference-access-authn-authz-bootstrap-tokens-check"/> <label for="m-zh-cn-docs-reference-access-authn-authz-bootstrap-tokens-check"><a href="/zh-cn/docs/reference/access-authn-authz/bootstrap-tokens/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-access-authn-authz-bootstrap-tokens"><span class="">使用启动引导令牌(Bootstrap Tokens)认证</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-access-authn-authz-certificate-signing-requests-li"> <input type="checkbox" id="m-zh-cn-docs-reference-access-authn-authz-certificate-signing-requests-check"/> <label for="m-zh-cn-docs-reference-access-authn-authz-certificate-signing-requests-check"><a href="/zh-cn/docs/reference/access-authn-authz/certificate-signing-requests/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-access-authn-authz-certificate-signing-requests"><span class="">证书和证书签名请求</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-access-authn-authz-admission-controllers-li"> <input type="checkbox" id="m-zh-cn-docs-reference-access-authn-authz-admission-controllers-check"/> <label for="m-zh-cn-docs-reference-access-authn-authz-admission-controllers-check"><a href="/zh-cn/docs/reference/access-authn-authz/admission-controllers/" title="准入控制器参考" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-access-authn-authz-admission-controllers"><span class="">准入控制器</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-access-authn-authz-extensible-admission-controllers-li"> <input type="checkbox" id="m-zh-cn-docs-reference-access-authn-authz-extensible-admission-controllers-check"/> <label for="m-zh-cn-docs-reference-access-authn-authz-extensible-admission-controllers-check"><a href="/zh-cn/docs/reference/access-authn-authz/extensible-admission-controllers/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-access-authn-authz-extensible-admission-controllers"><span class="">动态准入控制</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-access-authn-authz-service-accounts-admin-li"> <input type="checkbox" id="m-zh-cn-docs-reference-access-authn-authz-service-accounts-admin-check"/> <label for="m-zh-cn-docs-reference-access-authn-authz-service-accounts-admin-check"><a href="/zh-cn/docs/reference/access-authn-authz/service-accounts-admin/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-access-authn-authz-service-accounts-admin"><span class="">管理服务账号</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-access-authn-authz-authorization-li"> <input type="checkbox" id="m-zh-cn-docs-reference-access-authn-authz-authorization-check"/> <label for="m-zh-cn-docs-reference-access-authn-authz-authorization-check"><a href="/zh-cn/docs/reference/access-authn-authz/authorization/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-access-authn-authz-authorization"><span class="">鉴权概述</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-access-authn-authz-rbac-li"> <input type="checkbox" id="m-zh-cn-docs-reference-access-authn-authz-rbac-check"/> <label for="m-zh-cn-docs-reference-access-authn-authz-rbac-check"><a href="/zh-cn/docs/reference/access-authn-authz/rbac/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-access-authn-authz-rbac"><span class="">使用 RBAC 鉴权</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-access-authn-authz-abac-li"> <input type="checkbox" id="m-zh-cn-docs-reference-access-authn-authz-abac-check"/> <label for="m-zh-cn-docs-reference-access-authn-authz-abac-check"><a href="/zh-cn/docs/reference/access-authn-authz/abac/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-access-authn-authz-abac"><span class="">使用 ABAC 鉴权</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-access-authn-authz-node-li"> <input type="checkbox" id="m-zh-cn-docs-reference-access-authn-authz-node-check"/> <label for="m-zh-cn-docs-reference-access-authn-authz-node-check"><a href="/zh-cn/docs/reference/access-authn-authz/node/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-access-authn-authz-node"><span class="">使用 Node 鉴权</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-access-authn-authz-psp-to-pod-security-standards-li"> <input type="checkbox" id="m-zh-cn-docs-reference-access-authn-authz-psp-to-pod-security-standards-check"/> <label for="m-zh-cn-docs-reference-access-authn-authz-psp-to-pod-security-standards-check"><a href="/zh-cn/docs/reference/access-authn-authz/psp-to-pod-security-standards/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-access-authn-authz-psp-to-pod-security-standards"><span class="">从 PodSecurityPolicy 映射到 Pod 安全性标准</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-access-authn-authz-webhook-li"> <input type="checkbox" id="m-zh-cn-docs-reference-access-authn-authz-webhook-check"/> <label for="m-zh-cn-docs-reference-access-authn-authz-webhook-check"><a href="/zh-cn/docs/reference/access-authn-authz/webhook/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-access-authn-authz-webhook"><span class="">Webhook 模式</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-access-authn-authz-kubelet-authn-authz-li"> <input type="checkbox" id="m-zh-cn-docs-reference-access-authn-authz-kubelet-authn-authz-check"/> <label for="m-zh-cn-docs-reference-access-authn-authz-kubelet-authn-authz-check"><a href="/zh-cn/docs/reference/access-authn-authz/kubelet-authn-authz/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-access-authn-authz-kubelet-authn-authz"><span class="">Kubelet 认证/鉴权</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-access-authn-authz-kubelet-tls-bootstrapping-li"> <input type="checkbox" id="m-zh-cn-docs-reference-access-authn-authz-kubelet-tls-bootstrapping-check"/> <label for="m-zh-cn-docs-reference-access-authn-authz-kubelet-tls-bootstrapping-check"><a href="/zh-cn/docs/reference/access-authn-authz/kubelet-tls-bootstrapping/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-access-authn-authz-kubelet-tls-bootstrapping"><span class="">TLS 启动引导</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-access-authn-authz-validating-admission-policy-li"> <input type="checkbox" id="m-zh-cn-docs-reference-access-authn-authz-validating-admission-policy-check"/> <label for="m-zh-cn-docs-reference-access-authn-authz-validating-admission-policy-check"><a href="/zh-cn/docs/reference/access-authn-authz/validating-admission-policy/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-access-authn-authz-validating-admission-policy"><span class="">验证准入策略(ValidatingAdmissionPolicy)</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-reference-labels-annotations-taints-li"> <input type="checkbox" id="m-zh-cn-docs-reference-labels-annotations-taints-check"/> <label for="m-zh-cn-docs-reference-labels-annotations-taints-check"><a href="/zh-cn/docs/reference/labels-annotations-taints/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-reference-labels-annotations-taints"><span class="">众所周知的标签、注解和污点</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-labels-annotations-taints-audit-annotations-li"> <input type="checkbox" id="m-zh-cn-docs-reference-labels-annotations-taints-audit-annotations-check"/> <label for="m-zh-cn-docs-reference-labels-annotations-taints-audit-annotations-check"><a href="/zh-cn/docs/reference/labels-annotations-taints/audit-annotations/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-labels-annotations-taints-audit-annotations"><span class="">审计注解</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-reference-kubernetes-api-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-check"><a href="/zh-cn/docs/reference/kubernetes-api/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-reference-kubernetes-api"><span class="">Kubernetes API</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-workload-resources-check"><a href="/zh-cn/docs/reference/kubernetes-api/workload-resources/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources"><span class="">工作负载资源</span></a></label> <ul class="ul-4 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-pod-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-pod-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-workload-resources-pod-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/workload-resources/pod-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-pod-v1"><span class="">Pod</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-pod-template-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-pod-template-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-workload-resources-pod-template-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/workload-resources/pod-template-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-pod-template-v1"><span class="">PodTemplate</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-replication-controller-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-replication-controller-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-workload-resources-replication-controller-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/workload-resources/replication-controller-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-replication-controller-v1"><span class="">ReplicationController</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-replica-set-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-replica-set-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-workload-resources-replica-set-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/workload-resources/replica-set-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-replica-set-v1"><span class="">ReplicaSet</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-deployment-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-deployment-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-workload-resources-deployment-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/workload-resources/deployment-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-deployment-v1"><span class="">Deployment</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-stateful-set-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-stateful-set-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-workload-resources-stateful-set-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/workload-resources/stateful-set-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-stateful-set-v1"><span class="">StatefulSet</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-controller-revision-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-controller-revision-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-workload-resources-controller-revision-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/workload-resources/controller-revision-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-controller-revision-v1"><span class="">ControllerRevision</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-daemon-set-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-daemon-set-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-workload-resources-daemon-set-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-daemon-set-v1"><span class="">DaemonSet</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-job-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-job-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-workload-resources-job-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/workload-resources/job-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-job-v1"><span class="">Job</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-cron-job-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-cron-job-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-workload-resources-cron-job-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/workload-resources/cron-job-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-cron-job-v1"><span class="">CronJob</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-horizontal-pod-autoscaler-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-horizontal-pod-autoscaler-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-workload-resources-horizontal-pod-autoscaler-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/workload-resources/horizontal-pod-autoscaler-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-horizontal-pod-autoscaler-v1"><span class="">HorizontalPodAutoscaler</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-horizontal-pod-autoscaler-v2-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-horizontal-pod-autoscaler-v2-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-workload-resources-horizontal-pod-autoscaler-v2-check"><a href="/zh-cn/docs/reference/kubernetes-api/workload-resources/horizontal-pod-autoscaler-v2/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-horizontal-pod-autoscaler-v2"><span class="">HorizontalPodAutoscaler</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-priority-class-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-priority-class-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-workload-resources-priority-class-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/workload-resources/priority-class-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-priority-class-v1"><span class="">PriorityClass</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-pod-scheduling-context-v1alpha2-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-pod-scheduling-context-v1alpha2-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-workload-resources-pod-scheduling-context-v1alpha2-check"><a href="/zh-cn/docs/reference/kubernetes-api/workload-resources/pod-scheduling-context-v1alpha2/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-pod-scheduling-context-v1alpha2"><span class="">PodSchedulingContext v1alpha2</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-resource-claim-v1alpha2-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-resource-claim-v1alpha2-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-workload-resources-resource-claim-v1alpha2-check"><a href="/zh-cn/docs/reference/kubernetes-api/workload-resources/resource-claim-v1alpha2/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-resource-claim-v1alpha2"><span class="">ResourceClaim v1alpha2</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-resource-claim-template-v1alpha2-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-resource-claim-template-v1alpha2-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-workload-resources-resource-claim-template-v1alpha2-check"><a href="/zh-cn/docs/reference/kubernetes-api/workload-resources/resource-claim-template-v1alpha2/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-resource-claim-template-v1alpha2"><span class="">ResourceClaimTemplate v1alpha2</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-resource-class-v1alpha2-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-resource-class-v1alpha2-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-workload-resources-resource-class-v1alpha2-check"><a href="/zh-cn/docs/reference/kubernetes-api/workload-resources/resource-class-v1alpha2/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-workload-resources-resource-class-v1alpha2"><span class="">ResourceClass v1alpha2</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-reference-kubernetes-api-service-resources-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-service-resources-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-service-resources-check"><a href="/zh-cn/docs/reference/kubernetes-api/service-resources/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-reference-kubernetes-api-service-resources"><span class="">Service 资源</span></a></label> <ul class="ul-4 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-service-resources-service-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-service-resources-service-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-service-resources-service-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/service-resources/service-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-service-resources-service-v1"><span class="">Service</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-service-resources-endpoints-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-service-resources-endpoints-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-service-resources-endpoints-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/service-resources/endpoints-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-service-resources-endpoints-v1"><span class="">Endpoints</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-service-resources-endpoint-slice-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-service-resources-endpoint-slice-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-service-resources-endpoint-slice-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/service-resources/endpoint-slice-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-service-resources-endpoint-slice-v1"><span class="">EndpointSlice</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-service-resources-ingress-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-service-resources-ingress-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-service-resources-ingress-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/service-resources/ingress-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-service-resources-ingress-v1"><span class="">Ingress</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-service-resources-ingress-class-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-service-resources-ingress-class-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-service-resources-ingress-class-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/service-resources/ingress-class-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-service-resources-ingress-class-v1"><span class="">IngressClass</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-check"><a href="/zh-cn/docs/reference/kubernetes-api/config-and-storage-resources/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources"><span class="">配置和存储资源</span></a></label> <ul class="ul-4 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-config-map-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-config-map-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-config-map-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/config-and-storage-resources/config-map-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-config-map-v1"><span class="">ConfigMap</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-secret-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-secret-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-secret-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/config-and-storage-resources/secret-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-secret-v1"><span class="">Secret</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-volume-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-volume-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-volume-check"><a href="/zh-cn/docs/reference/kubernetes-api/config-and-storage-resources/volume/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-volume"><span class="">Volume</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-persistent-volume-claim-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-persistent-volume-claim-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-persistent-volume-claim-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-persistent-volume-claim-v1"><span class="">PersistentVolumeClaim</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-persistent-volume-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-persistent-volume-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-persistent-volume-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-persistent-volume-v1"><span class="">PersistentVolume</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-storage-class-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-storage-class-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-storage-class-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/config-and-storage-resources/storage-class-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-storage-class-v1"><span class="">StorageClass</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-volume-attachment-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-volume-attachment-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-volume-attachment-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/config-and-storage-resources/volume-attachment-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-volume-attachment-v1"><span class="">VolumeAttachment</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-csi-driver-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-csi-driver-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-csi-driver-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/config-and-storage-resources/csi-driver-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-csi-driver-v1"><span class="">CSIDriver</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-csi-node-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-csi-node-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-csi-node-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/config-and-storage-resources/csi-node-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-csi-node-v1"><span class="">CSINode</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-csi-storage-capacity-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-csi-storage-capacity-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-csi-storage-capacity-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/config-and-storage-resources/csi-storage-capacity-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-config-and-storage-resources-csi-storage-capacity-v1"><span class="">CSIStorageCapacity</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-reference-kubernetes-api-authentication-resources-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-authentication-resources-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-authentication-resources-check"><a href="/zh-cn/docs/reference/kubernetes-api/authentication-resources/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-reference-kubernetes-api-authentication-resources"><span class="">身份认证资源</span></a></label> <ul class="ul-4 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-authentication-resources-service-account-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-authentication-resources-service-account-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-authentication-resources-service-account-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/authentication-resources/service-account-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-authentication-resources-service-account-v1"><span class="">ServiceAccount</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-authentication-resources-token-request-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-authentication-resources-token-request-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-authentication-resources-token-request-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/authentication-resources/token-request-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-authentication-resources-token-request-v1"><span class="">TokenRequest</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-authentication-resources-token-review-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-authentication-resources-token-review-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-authentication-resources-token-review-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/authentication-resources/token-review-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-authentication-resources-token-review-v1"><span class="">TokenReview</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-authentication-resources-certificate-signing-request-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-authentication-resources-certificate-signing-request-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-authentication-resources-certificate-signing-request-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/authentication-resources/certificate-signing-request-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-authentication-resources-certificate-signing-request-v1"><span class="">CertificateSigningRequest</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-authentication-resources-cluster-trust-bundle-v1alpha1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-authentication-resources-cluster-trust-bundle-v1alpha1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-authentication-resources-cluster-trust-bundle-v1alpha1-check"><a href="/zh-cn/docs/reference/kubernetes-api/authentication-resources/cluster-trust-bundle-v1alpha1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-authentication-resources-cluster-trust-bundle-v1alpha1"><span class="">ClusterTrustBundle v1alpha1</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-authentication-resources-self-subject-review-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-authentication-resources-self-subject-review-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-authentication-resources-self-subject-review-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/authentication-resources/self-subject-review-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-authentication-resources-self-subject-review-v1"><span class="">SelfSubjectReview</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-reference-kubernetes-api-authorization-resources-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-authorization-resources-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-authorization-resources-check"><a href="/zh-cn/docs/reference/kubernetes-api/authorization-resources/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-reference-kubernetes-api-authorization-resources"><span class="">鉴权资源</span></a></label> <ul class="ul-4 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-authorization-resources-local-subject-access-review-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-authorization-resources-local-subject-access-review-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-authorization-resources-local-subject-access-review-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/authorization-resources/local-subject-access-review-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-authorization-resources-local-subject-access-review-v1"><span class="">LocalSubjectAccessReview</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-authorization-resources-self-subject-access-review-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-authorization-resources-self-subject-access-review-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-authorization-resources-self-subject-access-review-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/authorization-resources/self-subject-access-review-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-authorization-resources-self-subject-access-review-v1"><span class="">SelfSubjectAccessReview</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-authorization-resources-self-subject-rules-review-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-authorization-resources-self-subject-rules-review-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-authorization-resources-self-subject-rules-review-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/authorization-resources/self-subject-rules-review-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-authorization-resources-self-subject-rules-review-v1"><span class="">SelfSubjectRulesReview</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-authorization-resources-subject-access-review-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-authorization-resources-subject-access-review-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-authorization-resources-subject-access-review-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/authorization-resources/subject-access-review-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-authorization-resources-subject-access-review-v1"><span class="">SubjectAccessReview</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-authorization-resources-cluster-role-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-authorization-resources-cluster-role-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-authorization-resources-cluster-role-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/authorization-resources/cluster-role-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-authorization-resources-cluster-role-v1"><span class="">ClusterRole</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-authorization-resources-cluster-role-binding-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-authorization-resources-cluster-role-binding-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-authorization-resources-cluster-role-binding-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/authorization-resources/cluster-role-binding-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-authorization-resources-cluster-role-binding-v1"><span class="">ClusterRoleBinding</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-authorization-resources-role-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-authorization-resources-role-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-authorization-resources-role-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/authorization-resources/role-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-authorization-resources-role-v1"><span class="">Role</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-authorization-resources-role-binding-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-authorization-resources-role-binding-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-authorization-resources-role-binding-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/authorization-resources/role-binding-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-authorization-resources-role-binding-v1"><span class="">RoleBinding</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-reference-kubernetes-api-policy-resources-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-policy-resources-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-policy-resources-check"><a href="/zh-cn/docs/reference/kubernetes-api/policy-resources/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-reference-kubernetes-api-policy-resources"><span class="">策略资源</span></a></label> <ul class="ul-4 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-policy-resources-limit-range-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-policy-resources-limit-range-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-policy-resources-limit-range-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/policy-resources/limit-range-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-policy-resources-limit-range-v1"><span class="">LimitRange</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-policy-resources-resource-quota-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-policy-resources-resource-quota-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-policy-resources-resource-quota-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/policy-resources/resource-quota-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-policy-resources-resource-quota-v1"><span class="">ResourceQuota</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-policy-resources-network-policy-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-policy-resources-network-policy-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-policy-resources-network-policy-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/policy-resources/network-policy-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-policy-resources-network-policy-v1"><span class="">NetworkPolicy</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-policy-resources-pod-disruption-budget-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-policy-resources-pod-disruption-budget-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-policy-resources-pod-disruption-budget-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/policy-resources/pod-disruption-budget-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-policy-resources-pod-disruption-budget-v1"><span class="">PodDisruptionBudget</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-policy-resources-ip-address-v1alpha1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-policy-resources-ip-address-v1alpha1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-policy-resources-ip-address-v1alpha1-check"><a href="/zh-cn/docs/reference/kubernetes-api/policy-resources/ip-address-v1alpha1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-policy-resources-ip-address-v1alpha1"><span class="">IPAddress v1alpha1</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-reference-kubernetes-api-extend-resources-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-extend-resources-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-extend-resources-check"><a href="/zh-cn/docs/reference/kubernetes-api/extend-resources/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-reference-kubernetes-api-extend-resources"><span class="">扩展资源</span></a></label> <ul class="ul-4 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-extend-resources-custom-resource-definition-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-extend-resources-custom-resource-definition-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-extend-resources-custom-resource-definition-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/extend-resources/custom-resource-definition-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-extend-resources-custom-resource-definition-v1"><span class="">CustomResourceDefinition</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-extend-resources-mutating-webhook-configuration-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-extend-resources-mutating-webhook-configuration-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-extend-resources-mutating-webhook-configuration-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/extend-resources/mutating-webhook-configuration-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-extend-resources-mutating-webhook-configuration-v1"><span class="">MutatingWebhookConfiguration</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-extend-resources-validating-webhook-configuration-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-extend-resources-validating-webhook-configuration-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-extend-resources-validating-webhook-configuration-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/extend-resources/validating-webhook-configuration-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-extend-resources-validating-webhook-configuration-v1"><span class="">ValidatingWebhookConfiguration</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-docs-reference-kubernetes-api-extend-resources-validating-admission-policy-v1beta1-li"> <input type="checkbox" id="m-docs-reference-kubernetes-api-extend-resources-validating-admission-policy-v1beta1-check"/> <label for="m-docs-reference-kubernetes-api-extend-resources-validating-admission-policy-v1beta1-check"><a href="/docs/reference/kubernetes-api/extend-resources/validating-admission-policy-v1beta1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-docs-reference-kubernetes-api-extend-resources-validating-admission-policy-v1beta1"><span class="">ValidatingAdmissionPolicy v1beta1</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-check"><a href="/zh-cn/docs/reference/kubernetes-api/cluster-resources/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-reference-kubernetes-api-cluster-resources"><span class="">集群资源</span></a></label> <ul class="ul-4 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-node-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-node-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-node-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/cluster-resources/node-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-node-v1"><span class="">Node</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-namespace-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-namespace-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-namespace-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/cluster-resources/namespace-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-namespace-v1"><span class="">Namespace</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-event-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-event-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-event-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/cluster-resources/event-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-event-v1"><span class="">Event</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-api-service-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-api-service-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-api-service-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/cluster-resources/api-service-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-api-service-v1"><span class="">APIService</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-lease-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-lease-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-lease-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/cluster-resources/lease-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-lease-v1"><span class="">Lease</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-runtime-class-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-runtime-class-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-runtime-class-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/cluster-resources/runtime-class-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-runtime-class-v1"><span class="">RuntimeClass</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-flow-schema-v1beta3-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-flow-schema-v1beta3-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-flow-schema-v1beta3-check"><a href="/zh-cn/docs/reference/kubernetes-api/cluster-resources/flow-schema-v1beta3/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-flow-schema-v1beta3"><span class="">FlowSchema v1beta3</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-priority-level-configuration-v1beta3-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-priority-level-configuration-v1beta3-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-priority-level-configuration-v1beta3-check"><a href="/zh-cn/docs/reference/kubernetes-api/cluster-resources/priority-level-configuration-v1beta3/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-priority-level-configuration-v1beta3"><span class="">PriorityLevelConfiguration v1beta3</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-binding-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-binding-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-binding-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/cluster-resources/binding-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-binding-v1"><span class="">Binding</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-component-status-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-component-status-v1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-component-status-v1-check"><a href="/zh-cn/docs/reference/kubernetes-api/cluster-resources/component-status-v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-component-status-v1"><span class="">ComponentStatus</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-cluster-cidr-v1alpha1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-cluster-cidr-v1alpha1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-cluster-cidr-v1alpha1-check"><a href="/zh-cn/docs/reference/kubernetes-api/cluster-resources/cluster-cidr-v1alpha1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-cluster-resources-cluster-cidr-v1alpha1"><span class="">ClusterCIDR v1alpha1</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-common-definitions-check"><a href="/zh-cn/docs/reference/kubernetes-api/common-definitions/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions"><span class="">公共定义</span></a></label> <ul class="ul-4 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-delete-options-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-delete-options-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-common-definitions-delete-options-check"><a href="/zh-cn/docs/reference/kubernetes-api/common-definitions/delete-options/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-delete-options"><span class="">DeleteOptions</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-label-selector-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-label-selector-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-common-definitions-label-selector-check"><a href="/zh-cn/docs/reference/kubernetes-api/common-definitions/label-selector/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-label-selector"><span class="">LabelSelector</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-list-meta-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-list-meta-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-common-definitions-list-meta-check"><a href="/zh-cn/docs/reference/kubernetes-api/common-definitions/list-meta/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-list-meta"><span class="">ListMeta</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-local-object-reference-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-local-object-reference-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-common-definitions-local-object-reference-check"><a href="/zh-cn/docs/reference/kubernetes-api/common-definitions/local-object-reference/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-local-object-reference"><span class="">LocalObjectReference</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-node-selector-requirement-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-node-selector-requirement-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-common-definitions-node-selector-requirement-check"><a href="/zh-cn/docs/reference/kubernetes-api/common-definitions/node-selector-requirement/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-node-selector-requirement"><span class="">NodeSelectorRequirement</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-object-field-selector-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-object-field-selector-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-common-definitions-object-field-selector-check"><a href="/zh-cn/docs/reference/kubernetes-api/common-definitions/object-field-selector/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-object-field-selector"><span class="">ObjectFieldSelector</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-object-meta-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-object-meta-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-common-definitions-object-meta-check"><a href="/zh-cn/docs/reference/kubernetes-api/common-definitions/object-meta/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-object-meta"><span class="">ObjectMeta</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-object-reference-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-object-reference-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-common-definitions-object-reference-check"><a href="/zh-cn/docs/reference/kubernetes-api/common-definitions/object-reference/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-object-reference"><span class="">ObjectReference</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-patch-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-patch-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-common-definitions-patch-check"><a href="/zh-cn/docs/reference/kubernetes-api/common-definitions/patch/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-patch"><span class="">Patch</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-quantity-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-quantity-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-common-definitions-quantity-check"><a href="/zh-cn/docs/reference/kubernetes-api/common-definitions/quantity/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-quantity"><span class="">Quantity</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-resource-field-selector-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-resource-field-selector-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-common-definitions-resource-field-selector-check"><a href="/zh-cn/docs/reference/kubernetes-api/common-definitions/resource-field-selector/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-resource-field-selector"><span class="">ResourceFieldSelector</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-status-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-status-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-common-definitions-status-check"><a href="/zh-cn/docs/reference/kubernetes-api/common-definitions/status/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-status"><span class="">Status</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-typed-local-object-reference-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-typed-local-object-reference-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-common-definitions-typed-local-object-reference-check"><a href="/zh-cn/docs/reference/kubernetes-api/common-definitions/typed-local-object-reference/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-common-definitions-typed-local-object-reference"><span class="">TypedLocalObjectReference</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-reference-kubernetes-api-other-resources-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-other-resources-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-other-resources-check"><a href="/zh-cn/docs/reference/kubernetes-api/other-resources/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-reference-kubernetes-api-other-resources"><span class="">其他资源</span></a></label> <ul class="ul-4 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-docs-reference-kubernetes-api-other-resources-validating-admission-policy-binding-list-v1beta1-li"> <input type="checkbox" id="m-docs-reference-kubernetes-api-other-resources-validating-admission-policy-binding-list-v1beta1-check"/> <label for="m-docs-reference-kubernetes-api-other-resources-validating-admission-policy-binding-list-v1beta1-check"><a href="/docs/reference/kubernetes-api/other-resources/validating-admission-policy-binding-list-v1beta1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-docs-reference-kubernetes-api-other-resources-validating-admission-policy-binding-list-v1beta1"><span class="">ValidatingAdmissionPolicyBindingList v1beta1</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-other-resources-validating-admission-policy-binding-list-v1alpha1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-other-resources-validating-admission-policy-binding-list-v1alpha1-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-other-resources-validating-admission-policy-binding-list-v1alpha1-check"><a href="/zh-cn/docs/reference/kubernetes-api/other-resources/validating-admission-policy-binding-list-v1alpha1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-other-resources-validating-admission-policy-binding-list-v1alpha1"><span class="">ValidatingAdmissionPolicyBindingList v1beta1</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubernetes-api-common-parameters-common-parameters-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubernetes-api-common-parameters-common-parameters-check"/> <label for="m-zh-cn-docs-reference-kubernetes-api-common-parameters-common-parameters-check"><a href="/zh-cn/docs/reference/kubernetes-api/common-parameters/common-parameters/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubernetes-api-common-parameters-common-parameters"><span class="">常用参数</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-reference-instrumentation-li"> <input type="checkbox" id="m-zh-cn-docs-reference-instrumentation-check"/> <label for="m-zh-cn-docs-reference-instrumentation-check"><a href="/zh-cn/docs/reference/instrumentation/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-reference-instrumentation"><span class="">插桩</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-instrumentation-slis-li"> <input type="checkbox" id="m-zh-cn-docs-reference-instrumentation-slis-check"/> <label for="m-zh-cn-docs-reference-instrumentation-slis-check"><a href="/zh-cn/docs/reference/instrumentation/slis/" title="Kubernetes 组件 SLI 指标" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-instrumentation-slis"><span class="">服务水平指示器指标</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-instrumentation-cri-pod-container-metrics-li"> <input type="checkbox" id="m-zh-cn-docs-reference-instrumentation-cri-pod-container-metrics-check"/> <label for="m-zh-cn-docs-reference-instrumentation-cri-pod-container-metrics-check"><a href="/zh-cn/docs/reference/instrumentation/cri-pod-container-metrics/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-instrumentation-cri-pod-container-metrics"><span class="">CRI Pod 和容器指标</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-instrumentation-node-metrics-li"> <input type="checkbox" id="m-zh-cn-docs-reference-instrumentation-node-metrics-check"/> <label for="m-zh-cn-docs-reference-instrumentation-node-metrics-check"><a href="/zh-cn/docs/reference/instrumentation/node-metrics/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-instrumentation-node-metrics"><span class="">节点指标数据</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-docs-reference-instrumentation-metrics-li"> <input type="checkbox" id="m-docs-reference-instrumentation-metrics-check"/> <label for="m-docs-reference-instrumentation-metrics-check"><a href="/docs/reference/instrumentation/metrics/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-docs-reference-instrumentation-metrics"><span class="">Kubernetes Metrics Reference</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-reference-issues-security-li"> <input type="checkbox" id="m-zh-cn-docs-reference-issues-security-check"/> <label for="m-zh-cn-docs-reference-issues-security-check"><a href="/zh-cn/docs/reference/issues-security/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-reference-issues-security"><span class="">Kubernetes 问题和安全</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-issues-security-issues-li"> <input type="checkbox" id="m-zh-cn-docs-reference-issues-security-issues-check"/> <label for="m-zh-cn-docs-reference-issues-security-issues-check"><a href="/zh-cn/docs/reference/issues-security/issues/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-issues-security-issues"><span class="">Kubernetes 问题追踪</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-issues-security-security-li"> <input type="checkbox" id="m-zh-cn-docs-reference-issues-security-security-check"/> <label for="m-zh-cn-docs-reference-issues-security-security-check"><a href="/zh-cn/docs/reference/issues-security/security/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-issues-security-security"><span class="">Kubernetes 安全和信息披露</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-issues-security-official-cve-feed-li"> <input type="checkbox" id="m-zh-cn-docs-reference-issues-security-official-cve-feed-check"/> <label for="m-zh-cn-docs-reference-issues-security-official-cve-feed-check"><a href="/zh-cn/docs/reference/issues-security/official-cve-feed/" title="官方 CVE 订阅源" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-issues-security-official-cve-feed"><span class="">CVE feed</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-reference-node-li"> <input type="checkbox" id="m-zh-cn-docs-reference-node-check"/> <label for="m-zh-cn-docs-reference-node-check"><a href="/zh-cn/docs/reference/node/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-reference-node"><span class="">节点参考信息</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-node-kubelet-checkpoint-api-li"> <input type="checkbox" id="m-zh-cn-docs-reference-node-kubelet-checkpoint-api-check"/> <label for="m-zh-cn-docs-reference-node-kubelet-checkpoint-api-check"><a href="/zh-cn/docs/reference/node/kubelet-checkpoint-api/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-node-kubelet-checkpoint-api"><span class="">Kubelet Checkpoint API</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-node-topics-on-dockershim-and-cri-compatible-runtimes-li"> <input type="checkbox" id="m-zh-cn-docs-reference-node-topics-on-dockershim-and-cri-compatible-runtimes-check"/> <label for="m-zh-cn-docs-reference-node-topics-on-dockershim-and-cri-compatible-runtimes-check"><a href="/zh-cn/docs/reference/node/topics-on-dockershim-and-cri-compatible-runtimes/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-node-topics-on-dockershim-and-cri-compatible-runtimes"><span class="">关于 dockershim 移除和使用兼容 CRI 运行时的文章</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-node-device-plugin-api-versions-li"> <input type="checkbox" id="m-zh-cn-docs-reference-node-device-plugin-api-versions-check"/> <label for="m-zh-cn-docs-reference-node-device-plugin-api-versions-check"><a href="/zh-cn/docs/reference/node/device-plugin-api-versions/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-node-device-plugin-api-versions"><span class="">Kubelet 设备管理器 API 版本</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-node-node-status-li"> <input type="checkbox" id="m-zh-cn-docs-reference-node-node-status-check"/> <label for="m-zh-cn-docs-reference-node-node-status-check"><a href="/zh-cn/docs/reference/node/node-status/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-node-node-status"><span class="">节点状态</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-node-node-labels-li"> <input type="checkbox" id="m-zh-cn-docs-reference-node-node-labels-check"/> <label for="m-zh-cn-docs-reference-node-node-labels-check"><a href="/zh-cn/docs/reference/node/node-labels/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-node-node-labels"><span class=""></span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-reference-networking-li"> <input type="checkbox" id="m-zh-cn-docs-reference-networking-check"/> <label for="m-zh-cn-docs-reference-networking-check"><a href="/zh-cn/docs/reference/networking/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-reference-networking"><span class="">网络参考</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-networking-service-protocols-li"> <input type="checkbox" id="m-zh-cn-docs-reference-networking-service-protocols-check"/> <label for="m-zh-cn-docs-reference-networking-service-protocols-check"><a href="/zh-cn/docs/reference/networking/service-protocols/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-networking-service-protocols"><span class="">Service 所用的协议</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-networking-ports-and-protocols-li"> <input type="checkbox" id="m-zh-cn-docs-reference-networking-ports-and-protocols-check"/> <label for="m-zh-cn-docs-reference-networking-ports-and-protocols-check"><a href="/zh-cn/docs/reference/networking/ports-and-protocols/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-networking-ports-and-protocols"><span class="">端口和协议</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-networking-virtual-ips-li"> <input type="checkbox" id="m-zh-cn-docs-reference-networking-virtual-ips-check"/> <label for="m-zh-cn-docs-reference-networking-virtual-ips-check"><a href="/zh-cn/docs/reference/networking/virtual-ips/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-networking-virtual-ips"><span class="">虚拟 IP 和服务代理</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-reference-setup-tools-li"> <input type="checkbox" id="m-zh-cn-docs-reference-setup-tools-check"/> <label for="m-zh-cn-docs-reference-setup-tools-check"><a href="/zh-cn/docs/reference/setup-tools/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-reference-setup-tools"><span class="">安装工具</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-reference-setup-tools-kubeadm-li"> <input type="checkbox" id="m-zh-cn-docs-reference-setup-tools-kubeadm-check"/> <label for="m-zh-cn-docs-reference-setup-tools-kubeadm-check"><a href="/zh-cn/docs/reference/setup-tools/kubeadm/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-reference-setup-tools-kubeadm"><span class="">Kubeadm</span></a></label> <ul class="ul-4 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-init-li"> <input type="checkbox" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-init-check"/> <label for="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-init-check"><a href="/zh-cn/docs/reference/setup-tools/kubeadm/kubeadm-init/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-init"><span class="">kubeadm init</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-join-li"> <input type="checkbox" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-join-check"/> <label for="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-join-check"><a href="/zh-cn/docs/reference/setup-tools/kubeadm/kubeadm-join/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-join"><span class="">kubeadm join</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-upgrade-li"> <input type="checkbox" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-upgrade-check"/> <label for="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-upgrade-check"><a href="/zh-cn/docs/reference/setup-tools/kubeadm/kubeadm-upgrade/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-upgrade"><span class="">kubeadm upgrade</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-config-li"> <input type="checkbox" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-config-check"/> <label for="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-config-check"><a href="/zh-cn/docs/reference/setup-tools/kubeadm/kubeadm-config/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-config"><span class="">kubeadm config</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-reset-li"> <input type="checkbox" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-reset-check"/> <label for="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-reset-check"><a href="/zh-cn/docs/reference/setup-tools/kubeadm/kubeadm-reset/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-reset"><span class="">kubeadm reset</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-token-li"> <input type="checkbox" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-token-check"/> <label for="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-token-check"><a href="/zh-cn/docs/reference/setup-tools/kubeadm/kubeadm-token/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-token"><span class="">kubeadm token</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-version-li"> <input type="checkbox" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-version-check"/> <label for="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-version-check"><a href="/zh-cn/docs/reference/setup-tools/kubeadm/kubeadm-version/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-version"><span class="">kubeadm version</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-alpha-li"> <input type="checkbox" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-alpha-check"/> <label for="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-alpha-check"><a href="/zh-cn/docs/reference/setup-tools/kubeadm/kubeadm-alpha/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-alpha"><span class="">kubeadm alpha</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-certs-li"> <input type="checkbox" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-certs-check"/> <label for="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-certs-check"><a href="/zh-cn/docs/reference/setup-tools/kubeadm/kubeadm-certs/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-certs"><span class="">kubeadm certs</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-init-phase-li"> <input type="checkbox" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-init-phase-check"/> <label for="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-init-phase-check"><a href="/zh-cn/docs/reference/setup-tools/kubeadm/kubeadm-init-phase/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-init-phase"><span class="">kubeadm init phase</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-join-phase-li"> <input type="checkbox" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-join-phase-check"/> <label for="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-join-phase-check"><a href="/zh-cn/docs/reference/setup-tools/kubeadm/kubeadm-join-phase/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-join-phase"><span class="">kubeadm join phase</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-kubeconfig-li"> <input type="checkbox" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-kubeconfig-check"/> <label for="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-kubeconfig-check"><a href="/zh-cn/docs/reference/setup-tools/kubeadm/kubeadm-kubeconfig/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-kubeconfig"><span class="">kubeadm kubeconfig</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-reset-phase-li"> <input type="checkbox" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-reset-phase-check"/> <label for="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-reset-phase-check"><a href="/zh-cn/docs/reference/setup-tools/kubeadm/kubeadm-reset-phase/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-reset-phase"><span class="">kubeadm reset phase</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-upgrade-phase-li"> <input type="checkbox" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-upgrade-phase-check"/> <label for="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-upgrade-phase-check"><a href="/zh-cn/docs/reference/setup-tools/kubeadm/kubeadm-upgrade-phase/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-setup-tools-kubeadm-kubeadm-upgrade-phase"><span class="">kubeadm upgrade phase</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-setup-tools-kubeadm-implementation-details-li"> <input type="checkbox" id="m-zh-cn-docs-reference-setup-tools-kubeadm-implementation-details-check"/> <label for="m-zh-cn-docs-reference-setup-tools-kubeadm-implementation-details-check"><a href="/zh-cn/docs/reference/setup-tools/kubeadm/implementation-details/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-setup-tools-kubeadm-implementation-details"><span class="">实现细节</span></a></label> </li> </ul> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-reference-kubectl-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubectl-check"/> <label for="m-zh-cn-docs-reference-kubectl-check"><a href="/zh-cn/docs/reference/kubectl/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-reference-kubectl"><span class="">命令行工具 (kubectl)</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubectl-cheatsheet-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubectl-cheatsheet-check"/> <label for="m-zh-cn-docs-reference-kubectl-cheatsheet-check"><a href="/zh-cn/docs/reference/kubectl/cheatsheet/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubectl-cheatsheet"><span class="">kubectl 备忘单</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubectl-kubectl-cmds-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubectl-kubectl-cmds-check"/> <label for="m-zh-cn-docs-reference-kubectl-kubectl-cmds-check"><a href="/zh-cn/docs/reference/kubectl/kubectl-cmds/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubectl-kubectl-cmds"><span class="">kubectl 命令</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubectl-kubectl-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubectl-kubectl-check"/> <label for="m-zh-cn-docs-reference-kubectl-kubectl-check"><a href="/zh-cn/docs/reference/kubectl/kubectl/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubectl-kubectl"><span class="">kubectl</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubectl-jsonpath-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubectl-jsonpath-check"/> <label for="m-zh-cn-docs-reference-kubectl-jsonpath-check"><a href="/zh-cn/docs/reference/kubectl/jsonpath/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubectl-jsonpath"><span class="">JSONPath 支持</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubectl-docker-cli-to-kubectl-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubectl-docker-cli-to-kubectl-check"/> <label for="m-zh-cn-docs-reference-kubectl-docker-cli-to-kubectl-check"><a href="/zh-cn/docs/reference/kubectl/docker-cli-to-kubectl/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubectl-docker-cli-to-kubectl"><span class="">适用于 Docker 用户的 kubectl</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-kubectl-conventions-li"> <input type="checkbox" id="m-zh-cn-docs-reference-kubectl-conventions-check"/> <label for="m-zh-cn-docs-reference-kubectl-conventions-check"><a href="/zh-cn/docs/reference/kubectl/conventions/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-kubectl-conventions"><span class="">kubectl 的用法约定</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-reference-debug-cluster-li"> <input type="checkbox" id="m-zh-cn-docs-reference-debug-cluster-check"/> <label for="m-zh-cn-docs-reference-debug-cluster-check"><a href="/zh-cn/docs/reference/debug-cluster/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-reference-debug-cluster"><span class="">调试集群</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-debug-cluster-flow-control-li"> <input type="checkbox" id="m-zh-cn-docs-reference-debug-cluster-flow-control-check"/> <label for="m-zh-cn-docs-reference-debug-cluster-flow-control-check"><a href="/zh-cn/docs/reference/debug-cluster/flow-control/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-debug-cluster-flow-control"><span class="">流控</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-reference-command-line-tools-reference-li"> <input type="checkbox" id="m-zh-cn-docs-reference-command-line-tools-reference-check"/> <label for="m-zh-cn-docs-reference-command-line-tools-reference-check"><a href="/zh-cn/docs/reference/command-line-tools-reference/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-reference-command-line-tools-reference"><span class="">组件工具</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-command-line-tools-reference-feature-gates-li"> <input type="checkbox" id="m-zh-cn-docs-reference-command-line-tools-reference-feature-gates-check"/> <label for="m-zh-cn-docs-reference-command-line-tools-reference-feature-gates-check"><a href="/zh-cn/docs/reference/command-line-tools-reference/feature-gates/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-command-line-tools-reference-feature-gates"><span class="">特性门控</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-command-line-tools-reference-feature-gates-removed-li"> <input type="checkbox" id="m-zh-cn-docs-reference-command-line-tools-reference-feature-gates-removed-check"/> <label for="m-zh-cn-docs-reference-command-line-tools-reference-feature-gates-removed-check"><a href="/zh-cn/docs/reference/command-line-tools-reference/feature-gates-removed/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-command-line-tools-reference-feature-gates-removed"><span class="">特性门控(已移除)</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-command-line-tools-reference-kubelet-li"> <input type="checkbox" id="m-zh-cn-docs-reference-command-line-tools-reference-kubelet-check"/> <label for="m-zh-cn-docs-reference-command-line-tools-reference-kubelet-check"><a href="/zh-cn/docs/reference/command-line-tools-reference/kubelet/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-command-line-tools-reference-kubelet"><span class="">kubelet</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-command-line-tools-reference-kube-apiserver-li"> <input type="checkbox" id="m-zh-cn-docs-reference-command-line-tools-reference-kube-apiserver-check"/> <label for="m-zh-cn-docs-reference-command-line-tools-reference-kube-apiserver-check"><a href="/zh-cn/docs/reference/command-line-tools-reference/kube-apiserver/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-command-line-tools-reference-kube-apiserver"><span class="">kube-apiserver</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-command-line-tools-reference-kube-controller-manager-li"> <input type="checkbox" id="m-zh-cn-docs-reference-command-line-tools-reference-kube-controller-manager-check"/> <label for="m-zh-cn-docs-reference-command-line-tools-reference-kube-controller-manager-check"><a href="/zh-cn/docs/reference/command-line-tools-reference/kube-controller-manager/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-command-line-tools-reference-kube-controller-manager"><span class="">kube-controller-manager</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-command-line-tools-reference-kube-proxy-li"> <input type="checkbox" id="m-zh-cn-docs-reference-command-line-tools-reference-kube-proxy-check"/> <label for="m-zh-cn-docs-reference-command-line-tools-reference-kube-proxy-check"><a href="/zh-cn/docs/reference/command-line-tools-reference/kube-proxy/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-command-line-tools-reference-kube-proxy"><span class="">kube-proxy</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-command-line-tools-reference-kube-scheduler-li"> <input type="checkbox" id="m-zh-cn-docs-reference-command-line-tools-reference-kube-scheduler-check"/> <label for="m-zh-cn-docs-reference-command-line-tools-reference-kube-scheduler-check"><a href="/zh-cn/docs/reference/command-line-tools-reference/kube-scheduler/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-command-line-tools-reference-kube-scheduler"><span class="">kube-scheduler</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-reference-config-api-li"> <input type="checkbox" id="m-zh-cn-docs-reference-config-api-check"/> <label for="m-zh-cn-docs-reference-config-api-check"><a href="/zh-cn/docs/reference/config-api/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-reference-config-api"><span class="">配置 API</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-config-api-apiserver-eventratelimit-v1alpha1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-config-api-apiserver-eventratelimit-v1alpha1-check"/> <label for="m-zh-cn-docs-reference-config-api-apiserver-eventratelimit-v1alpha1-check"><a href="/zh-cn/docs/reference/config-api/apiserver-eventratelimit.v1alpha1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-config-api-apiserver-eventratelimit-v1alpha1"><span class="">Event Rate Limit Configuration (v1alpha1)</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-config-api-imagepolicy-v1alpha1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-config-api-imagepolicy-v1alpha1-check"/> <label for="m-zh-cn-docs-reference-config-api-imagepolicy-v1alpha1-check"><a href="/zh-cn/docs/reference/config-api/imagepolicy.v1alpha1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-config-api-imagepolicy-v1alpha1"><span class="">Image Policy API (v1alpha1)</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-config-api-kubeconfig-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-config-api-kubeconfig-v1-check"/> <label for="m-zh-cn-docs-reference-config-api-kubeconfig-v1-check"><a href="/zh-cn/docs/reference/config-api/kubeconfig.v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-config-api-kubeconfig-v1"><span class="">kube 配置 (v1)</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-config-api-apiserver-admission-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-config-api-apiserver-admission-v1-check"/> <label for="m-zh-cn-docs-reference-config-api-apiserver-admission-v1-check"><a href="/zh-cn/docs/reference/config-api/apiserver-admission.v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-config-api-apiserver-admission-v1"><span class="">kube-apiserver Admission (v1)</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-config-api-apiserver-audit-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-config-api-apiserver-audit-v1-check"/> <label for="m-zh-cn-docs-reference-config-api-apiserver-audit-v1-check"><a href="/zh-cn/docs/reference/config-api/apiserver-audit.v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-config-api-apiserver-audit-v1"><span class="">kube-apiserver Audit 配置 (v1)</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-config-api-apiserver-encryption-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-config-api-apiserver-encryption-v1-check"/> <label for="m-zh-cn-docs-reference-config-api-apiserver-encryption-v1-check"><a href="/zh-cn/docs/reference/config-api/apiserver-encryption.v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-config-api-apiserver-encryption-v1"><span class="">kube-apiserver 加密配置(v1)</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-config-api-apiserver-config-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-config-api-apiserver-config-v1-check"/> <label for="m-zh-cn-docs-reference-config-api-apiserver-config-v1-check"><a href="/zh-cn/docs/reference/config-api/apiserver-config.v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-config-api-apiserver-config-v1"><span class="">kube-apiserver 配置 (v1)</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-config-api-apiserver-config-v1alpha1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-config-api-apiserver-config-v1alpha1-check"/> <label for="m-zh-cn-docs-reference-config-api-apiserver-config-v1alpha1-check"><a href="/zh-cn/docs/reference/config-api/apiserver-config.v1alpha1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-config-api-apiserver-config-v1alpha1"><span class="">kube-apiserver 配置 (v1alpha1)</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-config-api-apiserver-config-v1beta1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-config-api-apiserver-config-v1beta1-check"/> <label for="m-zh-cn-docs-reference-config-api-apiserver-config-v1beta1-check"><a href="/zh-cn/docs/reference/config-api/apiserver-config.v1beta1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-config-api-apiserver-config-v1beta1"><span class="">kube-apiserver 配置 (v1beta1)</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-docs-reference-config-api-kube-controller-manager-config-v1alpha1-li"> <input type="checkbox" id="m-docs-reference-config-api-kube-controller-manager-config-v1alpha1-check"/> <label for="m-docs-reference-config-api-kube-controller-manager-config-v1alpha1-check"><a href="/docs/reference/config-api/kube-controller-manager-config.v1alpha1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-docs-reference-config-api-kube-controller-manager-config-v1alpha1"><span class="">kube-controller-manager Configuration (v1alpha1)</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-config-api-kube-proxy-config-v1alpha1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-config-api-kube-proxy-config-v1alpha1-check"/> <label for="m-zh-cn-docs-reference-config-api-kube-proxy-config-v1alpha1-check"><a href="/zh-cn/docs/reference/config-api/kube-proxy-config.v1alpha1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-config-api-kube-proxy-config-v1alpha1"><span class="">kube-proxy 配置 (v1alpha1)</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-config-api-kube-scheduler-config-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-config-api-kube-scheduler-config-v1-check"/> <label for="m-zh-cn-docs-reference-config-api-kube-scheduler-config-v1-check"><a href="/zh-cn/docs/reference/config-api/kube-scheduler-config.v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-config-api-kube-scheduler-config-v1"><span class="">kube-scheduler 配置 (v1)</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-config-api-kube-scheduler-config-v1beta3-li"> <input type="checkbox" id="m-zh-cn-docs-reference-config-api-kube-scheduler-config-v1beta3-check"/> <label for="m-zh-cn-docs-reference-config-api-kube-scheduler-config-v1beta3-check"><a href="/zh-cn/docs/reference/config-api/kube-scheduler-config.v1beta3/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-config-api-kube-scheduler-config-v1beta3"><span class="">kube-scheduler 配置 (v1beta3)</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-docs-reference-config-api-kubeadm-config-v1beta4-li"> <input type="checkbox" id="m-docs-reference-config-api-kubeadm-config-v1beta4-check"/> <label for="m-docs-reference-config-api-kubeadm-config-v1beta4-check"><a href="/docs/reference/config-api/kubeadm-config.v1beta4/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-docs-reference-config-api-kubeadm-config-v1beta4"><span class="">kubeadm Configuration (v1beta4)</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-config-api-kubeadm-config-v1beta3-li"> <input type="checkbox" id="m-zh-cn-docs-reference-config-api-kubeadm-config-v1beta3-check"/> <label for="m-zh-cn-docs-reference-config-api-kubeadm-config-v1beta3-check"><a href="/zh-cn/docs/reference/config-api/kubeadm-config.v1beta3/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-config-api-kubeadm-config-v1beta3"><span class="">kubeadm 配置 (v1beta3)</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-config-api-kubelet-credentialprovider-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-config-api-kubelet-credentialprovider-v1-check"/> <label for="m-zh-cn-docs-reference-config-api-kubelet-credentialprovider-v1-check"><a href="/zh-cn/docs/reference/config-api/kubelet-credentialprovider.v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-config-api-kubelet-credentialprovider-v1"><span class="">Kubelet CredentialProvider (v1)</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-config-api-kubelet-credentialprovider-v1alpha1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-config-api-kubelet-credentialprovider-v1alpha1-check"/> <label for="m-zh-cn-docs-reference-config-api-kubelet-credentialprovider-v1alpha1-check"><a href="/zh-cn/docs/reference/config-api/kubelet-credentialprovider.v1alpha1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-config-api-kubelet-credentialprovider-v1alpha1"><span class="">Kubelet CredentialProvider (v1alpha1)</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-config-api-kubelet-credentialprovider-v1beta1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-config-api-kubelet-credentialprovider-v1beta1-check"/> <label for="m-zh-cn-docs-reference-config-api-kubelet-credentialprovider-v1beta1-check"><a href="/zh-cn/docs/reference/config-api/kubelet-credentialprovider.v1beta1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-config-api-kubelet-credentialprovider-v1beta1"><span class="">Kubelet CredentialProvider (v1beta1)</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-config-api-kubelet-config-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-config-api-kubelet-config-v1-check"/> <label for="m-zh-cn-docs-reference-config-api-kubelet-config-v1-check"><a href="/zh-cn/docs/reference/config-api/kubelet-config.v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-config-api-kubelet-config-v1"><span class="">Kubelet 配置 (v1)</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-config-api-kubelet-config-v1alpha1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-config-api-kubelet-config-v1alpha1-check"/> <label for="m-zh-cn-docs-reference-config-api-kubelet-config-v1alpha1-check"><a href="/zh-cn/docs/reference/config-api/kubelet-config.v1alpha1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-config-api-kubelet-config-v1alpha1"><span class="">Kubelet 配置 (v1alpha1)</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-config-api-kubelet-config-v1beta1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-config-api-kubelet-config-v1beta1-check"/> <label for="m-zh-cn-docs-reference-config-api-kubelet-config-v1beta1-check"><a href="/zh-cn/docs/reference/config-api/kubelet-config.v1beta1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-config-api-kubelet-config-v1beta1"><span class="">Kubelet 配置 (v1beta1)</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-config-api-apiserver-webhookadmission-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-config-api-apiserver-webhookadmission-v1-check"/> <label for="m-zh-cn-docs-reference-config-api-apiserver-webhookadmission-v1-check"><a href="/zh-cn/docs/reference/config-api/apiserver-webhookadmission.v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-config-api-apiserver-webhookadmission-v1"><span class="">WebhookAdmission 配置 (v1)</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-config-api-client-authentication-v1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-config-api-client-authentication-v1-check"/> <label for="m-zh-cn-docs-reference-config-api-client-authentication-v1-check"><a href="/zh-cn/docs/reference/config-api/client-authentication.v1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-config-api-client-authentication-v1"><span class="">客户端身份认证(Client Authentication) (v1)</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-config-api-client-authentication-v1beta1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-config-api-client-authentication-v1beta1-check"/> <label for="m-zh-cn-docs-reference-config-api-client-authentication-v1beta1-check"><a href="/zh-cn/docs/reference/config-api/client-authentication.v1beta1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-config-api-client-authentication-v1beta1"><span class="">客户端身份认证(Client Authentication)(v1beta1)</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-reference-external-api-li"> <input type="checkbox" id="m-zh-cn-docs-reference-external-api-check"/> <label for="m-zh-cn-docs-reference-external-api-check"><a href="/zh-cn/docs/reference/external-api/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-reference-external-api"><span class="">外部 API</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-external-api-external-metrics-v1beta1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-external-api-external-metrics-v1beta1-check"/> <label for="m-zh-cn-docs-reference-external-api-external-metrics-v1beta1-check"><a href="/zh-cn/docs/reference/external-api/external-metrics.v1beta1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-external-api-external-metrics-v1beta1"><span class="">Kubernetes 外部指标 (v1beta1)</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-external-api-metrics-v1beta1-li"> <input type="checkbox" id="m-zh-cn-docs-reference-external-api-metrics-v1beta1-check"/> <label for="m-zh-cn-docs-reference-external-api-metrics-v1beta1-check"><a href="/zh-cn/docs/reference/external-api/metrics.v1beta1/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-external-api-metrics-v1beta1"><span class="">Kubernetes 指标 (v1beta1)</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-external-api-custom-metrics-v1beta2-li"> <input type="checkbox" id="m-zh-cn-docs-reference-external-api-custom-metrics-v1beta2-check"/> <label for="m-zh-cn-docs-reference-external-api-custom-metrics-v1beta2-check"><a href="/zh-cn/docs/reference/external-api/custom-metrics.v1beta2/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-external-api-custom-metrics-v1beta2"><span class="">Kubernetes 自定义指标 (v1beta2)</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-reference-scheduling-li"> <input type="checkbox" id="m-zh-cn-docs-reference-scheduling-check"/> <label for="m-zh-cn-docs-reference-scheduling-check"><a href="/zh-cn/docs/reference/scheduling/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-reference-scheduling"><span class="">调度</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-scheduling-config-li"> <input type="checkbox" id="m-zh-cn-docs-reference-scheduling-config-check"/> <label for="m-zh-cn-docs-reference-scheduling-config-check"><a href="/zh-cn/docs/reference/scheduling/config/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-scheduling-config"><span class="">调度器配置</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-scheduling-policies-li"> <input type="checkbox" id="m-zh-cn-docs-reference-scheduling-policies-check"/> <label for="m-zh-cn-docs-reference-scheduling-policies-check"><a href="/zh-cn/docs/reference/scheduling/policies/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-scheduling-policies"><span class="">调度策略</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-reference-tools-li"> <input type="checkbox" id="m-zh-cn-docs-reference-tools-check"/> <label for="m-zh-cn-docs-reference-tools-check"><a href="/zh-cn/docs/reference/tools/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-reference-tools"><span class="">其他工具</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-reference-tools-map-crictl-dockercli-li"> <input type="checkbox" id="m-zh-cn-docs-reference-tools-map-crictl-dockercli-check"/> <label for="m-zh-cn-docs-reference-tools-map-crictl-dockercli-check"><a href="/zh-cn/docs/reference/tools/map-crictl-dockercli/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-reference-tools-map-crictl-dockercli"><span class="">从 Docker 命令行映射到 crictl</span></a></label> </li> </ul> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-contribute-li"> <input type="checkbox" id="m-zh-cn-docs-contribute-check"/> <label for="m-zh-cn-docs-contribute-check"><a href="/zh-cn/docs/contribute/" title="为 K8s 文档出一份力" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-contribute"><span class="">贡献</span></a></label> <ul class="ul-2 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-contribute-suggesting-improvements-li"> <input type="checkbox" id="m-zh-cn-docs-contribute-suggesting-improvements-check"/> <label for="m-zh-cn-docs-contribute-suggesting-improvements-check"><a href="/zh-cn/docs/contribute/suggesting-improvements/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-contribute-suggesting-improvements"><span class="">提出内容改进建议</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-contribute-new-content-li"> <input type="checkbox" id="m-zh-cn-docs-contribute-new-content-check"/> <label for="m-zh-cn-docs-contribute-new-content-check"><a href="/zh-cn/docs/contribute/new-content/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-contribute-new-content"><span class="">贡献新内容</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-contribute-new-content-open-a-pr-li"> <input type="checkbox" id="m-zh-cn-docs-contribute-new-content-open-a-pr-check"/> <label for="m-zh-cn-docs-contribute-new-content-open-a-pr-check"><a href="/zh-cn/docs/contribute/new-content/open-a-pr/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-contribute-new-content-open-a-pr"><span class="">发起拉取请求(PR)</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-contribute-new-content-new-features-li"> <input type="checkbox" id="m-zh-cn-docs-contribute-new-content-new-features-check"/> <label for="m-zh-cn-docs-contribute-new-content-new-features-check"><a href="/zh-cn/docs/contribute/new-content/new-features/" title="为发行版本撰写功能特性文档" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-contribute-new-content-new-features"><span class="">为发行版本撰写文档</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-contribute-new-content-blogs-case-studies-li"> <input type="checkbox" id="m-zh-cn-docs-contribute-new-content-blogs-case-studies-check"/> <label for="m-zh-cn-docs-contribute-new-content-blogs-case-studies-check"><a href="/zh-cn/docs/contribute/new-content/blogs-case-studies/" title="提交博客和案例分析" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-contribute-new-content-blogs-case-studies"><span class="">博客和案例分析</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-contribute-review-li"> <input type="checkbox" id="m-zh-cn-docs-contribute-review-check"/> <label for="m-zh-cn-docs-contribute-review-check"><a href="/zh-cn/docs/contribute/review/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-contribute-review"><span class="">评阅变更</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-contribute-review-reviewing-prs-li"> <input type="checkbox" id="m-zh-cn-docs-contribute-review-reviewing-prs-check"/> <label for="m-zh-cn-docs-contribute-review-reviewing-prs-check"><a href="/zh-cn/docs/contribute/review/reviewing-prs/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-contribute-review-reviewing-prs"><span class="">评审 PR</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-contribute-review-for-approvers-li"> <input type="checkbox" id="m-zh-cn-docs-contribute-review-for-approvers-check"/> <label for="m-zh-cn-docs-contribute-review-for-approvers-check"><a href="/zh-cn/docs/contribute/review/for-approvers/" title="评阅人和批准人文档" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-contribute-review-for-approvers"><span class="">评阅人和批准人</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-contribute-localization-li"> <input type="checkbox" id="m-zh-cn-docs-contribute-localization-check"/> <label for="m-zh-cn-docs-contribute-localization-check"><a href="/zh-cn/docs/contribute/localization/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-contribute-localization"><span class="">本地化 Kubernetes 文档</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-contribute-participate-li"> <input type="checkbox" id="m-zh-cn-docs-contribute-participate-check"/> <label for="m-zh-cn-docs-contribute-participate-check"><a href="/zh-cn/docs/contribute/participate/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-contribute-participate"><span class="">参与 SIG Docs</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-contribute-participate-roles-and-responsibilities-li"> <input type="checkbox" id="m-zh-cn-docs-contribute-participate-roles-and-responsibilities-check"/> <label for="m-zh-cn-docs-contribute-participate-roles-and-responsibilities-check"><a href="/zh-cn/docs/contribute/participate/roles-and-responsibilities/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-contribute-participate-roles-and-responsibilities"><span class="">角色与责任</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-contribute-participate-issue-wrangler-li"> <input type="checkbox" id="m-zh-cn-docs-contribute-participate-issue-wrangler-check"/> <label for="m-zh-cn-docs-contribute-participate-issue-wrangler-check"><a href="/zh-cn/docs/contribute/participate/issue-wrangler/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-contribute-participate-issue-wrangler"><span class="">Issue 管理者</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-contribute-participate-pr-wranglers-li"> <input type="checkbox" id="m-zh-cn-docs-contribute-participate-pr-wranglers-check"/> <label for="m-zh-cn-docs-contribute-participate-pr-wranglers-check"><a href="/zh-cn/docs/contribute/participate/pr-wranglers/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-contribute-participate-pr-wranglers"><span class="">PR 管理者</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-contribute-generate-ref-docs-li"> <input type="checkbox" id="m-zh-cn-docs-contribute-generate-ref-docs-check"/> <label for="m-zh-cn-docs-contribute-generate-ref-docs-check"><a href="/zh-cn/docs/contribute/generate-ref-docs/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-contribute-generate-ref-docs"><span class="">更新参考文档</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-contribute-generate-ref-docs-quickstart-li"> <input type="checkbox" id="m-zh-cn-docs-contribute-generate-ref-docs-quickstart-check"/> <label for="m-zh-cn-docs-contribute-generate-ref-docs-quickstart-check"><a href="/zh-cn/docs/contribute/generate-ref-docs/quickstart/" title="参考文档快速入门" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-contribute-generate-ref-docs-quickstart"><span class="">Quickstart</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-contribute-generate-ref-docs-contribute-upstream-li"> <input type="checkbox" id="m-zh-cn-docs-contribute-generate-ref-docs-contribute-upstream-check"/> <label for="m-zh-cn-docs-contribute-generate-ref-docs-contribute-upstream-check"><a href="/zh-cn/docs/contribute/generate-ref-docs/contribute-upstream/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-contribute-generate-ref-docs-contribute-upstream"><span class="">为上游 Kubernetes 代码库做出贡献</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-contribute-generate-ref-docs-kubernetes-api-li"> <input type="checkbox" id="m-zh-cn-docs-contribute-generate-ref-docs-kubernetes-api-check"/> <label for="m-zh-cn-docs-contribute-generate-ref-docs-kubernetes-api-check"><a href="/zh-cn/docs/contribute/generate-ref-docs/kubernetes-api/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-contribute-generate-ref-docs-kubernetes-api"><span class="">为 Kubernetes API 生成参考文档</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-contribute-generate-ref-docs-kubectl-li"> <input type="checkbox" id="m-zh-cn-docs-contribute-generate-ref-docs-kubectl-check"/> <label for="m-zh-cn-docs-contribute-generate-ref-docs-kubectl-check"><a href="/zh-cn/docs/contribute/generate-ref-docs/kubectl/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-contribute-generate-ref-docs-kubectl"><span class="">为 kubectl 命令集生成参考文档</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-contribute-generate-ref-docs-kubernetes-components-li"> <input type="checkbox" id="m-zh-cn-docs-contribute-generate-ref-docs-kubernetes-components-check"/> <label for="m-zh-cn-docs-contribute-generate-ref-docs-kubernetes-components-check"><a href="/zh-cn/docs/contribute/generate-ref-docs/kubernetes-components/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-contribute-generate-ref-docs-kubernetes-components"><span class="">为 Kubernetes 组件和工具生成参考文档</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-contribute-generate-ref-docs-prerequisites-ref-docs-li"> <input type="checkbox" id="m-zh-cn-docs-contribute-generate-ref-docs-prerequisites-ref-docs-check"/> <label for="m-zh-cn-docs-contribute-generate-ref-docs-prerequisites-ref-docs-check"><a href="/zh-cn/docs/contribute/generate-ref-docs/prerequisites-ref-docs/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-contribute-generate-ref-docs-prerequisites-ref-docs"><span class=""></span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section with-child" id="m-zh-cn-docs-contribute-style-li"> <input type="checkbox" id="m-zh-cn-docs-contribute-style-check"/> <label for="m-zh-cn-docs-contribute-style-check"><a href="/zh-cn/docs/contribute/style/" class="align-left pl-0 td-sidebar-link td-sidebar-link__section" id="m-zh-cn-docs-contribute-style"><span class="">文档样式概述</span></a></label> <ul class="ul-3 foldable"> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-contribute-style-content-guide-li"> <input type="checkbox" id="m-zh-cn-docs-contribute-style-content-guide-check"/> <label for="m-zh-cn-docs-contribute-style-content-guide-check"><a href="/zh-cn/docs/contribute/style/content-guide/" title="文档内容指南" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-contribute-style-content-guide"><span class="">内容指南</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-contribute-style-style-guide-li"> <input type="checkbox" id="m-zh-cn-docs-contribute-style-style-guide-check"/> <label for="m-zh-cn-docs-contribute-style-style-guide-check"><a href="/zh-cn/docs/contribute/style/style-guide/" title="文档样式指南" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-contribute-style-style-guide"><span class="">样式指南</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-contribute-style-diagram-guide-li"> <input type="checkbox" id="m-zh-cn-docs-contribute-style-diagram-guide-check"/> <label for="m-zh-cn-docs-contribute-style-diagram-guide-check"><a href="/zh-cn/docs/contribute/style/diagram-guide/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-contribute-style-diagram-guide"><span class="">图表指南</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-contribute-style-write-new-topic-li"> <input type="checkbox" id="m-zh-cn-docs-contribute-style-write-new-topic-check"/> <label for="m-zh-cn-docs-contribute-style-write-new-topic-check"><a href="/zh-cn/docs/contribute/style/write-new-topic/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-contribute-style-write-new-topic"><span class="">撰写新主题</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-contribute-style-page-content-types-li"> <input type="checkbox" id="m-zh-cn-docs-contribute-style-page-content-types-check"/> <label for="m-zh-cn-docs-contribute-style-page-content-types-check"><a href="/zh-cn/docs/contribute/style/page-content-types/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-contribute-style-page-content-types"><span class="">页面内容类型</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-contribute-style-content-organization-li"> <input type="checkbox" id="m-zh-cn-docs-contribute-style-content-organization-check"/> <label for="m-zh-cn-docs-contribute-style-content-organization-check"><a href="/zh-cn/docs/contribute/style/content-organization/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-contribute-style-content-organization"><span class="">内容组织</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-contribute-style-hugo-shortcodes-li"> <input type="checkbox" id="m-zh-cn-docs-contribute-style-hugo-shortcodes-check"/> <label for="m-zh-cn-docs-contribute-style-hugo-shortcodes-check"><a href="/zh-cn/docs/contribute/style/hugo-shortcodes/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-contribute-style-hugo-shortcodes"><span class="">定制 Hugo 短代码</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-contribute-advanced-li"> <input type="checkbox" id="m-zh-cn-docs-contribute-advanced-check"/> <label for="m-zh-cn-docs-contribute-advanced-check"><a href="/zh-cn/docs/contribute/advanced/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-contribute-advanced"><span class="">进阶贡献</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-contribute-analytics-li"> <input type="checkbox" id="m-zh-cn-docs-contribute-analytics-check"/> <label for="m-zh-cn-docs-contribute-analytics-check"><a href="/zh-cn/docs/contribute/analytics/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-contribute-analytics"><span class="">查看站点分析</span></a></label> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-contribute-localization-zh-li"> <input type="checkbox" id="m-zh-cn-docs-contribute-localization-zh-check"/> <label for="m-zh-cn-docs-contribute-localization-zh-check"><a href="/zh-cn/docs/contribute/localization_zh/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-contribute-localization-zh"><span class="">中文本地化样式指南</span></a></label> </li> </ul> </li> <li class="td-sidebar-nav__section-title td-sidebar-nav__section without-child" id="m-zh-cn-docs-test-li"> <input type="checkbox" id="m-zh-cn-docs-test-check"/> <label for="m-zh-cn-docs-test-check"><a href="/zh-cn/docs/test/" class="align-left pl-0 td-sidebar-link td-sidebar-link__page" id="m-zh-cn-docs-test"><span class="">测试页面(中文版)</span></a></label> </li> </ul> </li> </ul> </nav> </div> </div> <div id="maindoc" class="split pl-md-5 row"> <main role="main" class="col-xl-8"> <nav aria-label="breadcrumb" class="td-breadcrumbs"> <ol class="breadcrumb"> <li class="breadcrumb-item"> <a href="https://kubernetes.io/zh-cn/docs/">Kubernetes 文档</a> </li> <li class="breadcrumb-item"> <a href="https://kubernetes.io/zh-cn/docs/reference/">参考</a> </li> <li class="breadcrumb-item"> <a href="https://kubernetes.io/zh-cn/docs/reference/access-authn-authz/">API 访问控制</a> </li> <li class="breadcrumb-item active" aria-current="page"> <a href="https://kubernetes.io/zh-cn/docs/reference/access-authn-authz/extensible-admission-controllers/">动态准入控制</a> </li> </ol> </nav> <section id="deprecation-warning"> <div class="content deprecation-warning pageinfo"> <h3> 你正在查看的文档所针对的是 Kubernetes 版本: v1.28 </h3> <p> Kubernetes v1.28 版本的文档已不再维护。你现在看到的版本来自于一份静态的快照。如需查阅最新文档,请点击 <a href="https://kubernetes.io/docs/home/">最新版本。</a> </p> </div> </section> <div class="td-content"> <h1>动态准入控制</h1> <!-- reviewers: - smarterclayton - lavalamp - caesarxuchao - deads2k - liggitt - jpbetz title: Dynamic Admission Control content_type: concept weight: 40 --> <!-- overview --> <!-- In addition to [compiled-in admission plugins](/docs/reference/access-authn-authz/admission-controllers/), admission plugins can be developed as extensions and run as webhooks configured at runtime. This page describes how to build, configure, use, and monitor admission webhooks. --> <p>除了<a href="/zh-cn/docs/reference/access-authn-authz/admission-controllers/">内置的 admission 插件</a>, 准入插件可以作为扩展独立开发,并以运行时所配置的 Webhook 的形式运行。 此页面描述了如何构建、配置、使用和监视准入 Webhook。</p> <!-- body --> <!-- ## What are admission webhooks? --> <h2 id="what-are-admission-webhooks">什么是准入 Webhook?</h2> <!-- Admission webhooks are HTTP callbacks that receive admission requests and do something with them. You can define two types of admission webhooks, [validating admission webhook](/docs/reference/access-authn-authz/admission-controllers/#validatingadmissionwebhook) and [mutating admission webhook](/docs/reference/access-authn-authz/admission-controllers/#mutatingadmissionwebhook). Mutating admission webhooks are invoked first, and can modify objects sent to the API server to enforce custom defaults. --> <p>准入 Webhook 是一种用于接收准入请求并对其进行处理的 HTTP 回调机制。 可以定义两种类型的准入 Webhook, 即<a href="/zh-cn/docs/reference/access-authn-authz/admission-controllers/#validatingadmissionwebhook">验证性质的准入 Webhook</a> 和<a href="/zh-cn/docs/reference/access-authn-authz/admission-controllers/#mutatingadmissionwebhook">变更性质的准入 Webhook</a>。 变更性质的准入 Webhook 会先被调用。它们可以修改发送到 API 服务器的对象以执行自定义的设置默认值操作。</p> <!-- After all object modifications are complete, and after the incoming object is validated by the API server, validating admission webhooks are invoked and can reject requests to enforce custom policies. --> <p>在完成了所有对象修改并且 API 服务器也验证了所传入的对象之后, 验证性质的 Webhook 会被调用,并通过拒绝请求的方式来强制实施自定义的策略。</p> <div class="alert alert-info note callout" role="alert"> <strong>说明:</strong> <!-- Admission webhooks that need to guarantee they see the final state of the object in order to enforce policy should use a validating admission webhook, since objects can be modified after being seen by mutating webhooks. --> <p>如果准入 Webhook 需要保证它们所看到的是对象的最终状态以实施某种策略。 则应使用验证性质的准入 Webhook,因为对象被修改性质 Webhook 看到之后仍然可能被修改。 </div> <!-- ## Experimenting with admission webhooks Admission webhooks are essentially part of the cluster control-plane. You should write and deploy them with great caution. Please read the [user guides](/docs/reference/access-authn-authz/extensible-admission-controllers/#write-an-admission-webhook-server) for instructions if you intend to write/deploy production-grade admission webhooks. In the following, we describe how to quickly experiment with admission webhooks. --> <h2 id="experimenting-with-admission-webhooks">尝试准入 Webhook</h2> <p>准入 Webhook 本质上是集群控制平面的一部分。你应该非常谨慎地编写和部署它们。 如果你打算编写或者部署生产级准入 Webhook, 请阅读<a href="/zh-cn/docs/reference/access-authn-authz/extensible-admission-controllers/#write-an-admission-webhook-server">用户指南</a>以获取相关说明。 在下文中,我们将介绍如何快速试验准入 Webhook。</p> <!-- ### Prerequisites * Ensure that MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controllers are enabled. [Here](/docs/reference/access-authn-authz/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use) is a recommended set of admission controllers to enable in general. * Ensure that the `admissionregistration.k8s.io/v1` API is enabled. --> <h3 id="prerequisites">先决条件</h3> <ul> <li> <p>确保启用 MutatingAdmissionWebhook 和 ValidatingAdmissionWebhook 控制器。 <a href="/zh-cn/docs/reference/access-authn-authz/admission-controllers/#is-there-a-recommended-set-of-admission-controllers-to-use">这里</a> 是一组推荐的 admission 控制器,通常可以启用。</p> </li> <li> <p>确保启用了 <code>admissionregistration.k8s.io/v1</code> API。</p> </li> </ul> <!-- ### Write an admission webhook server --> <h3 id="write-an-admission-webhook-server">编写一个准入 Webhook 服务器</h3> <!-- Please refer to the implementation of the [admission webhook server](https://github.com/kubernetes/kubernetes/blob/release-1.21/test/images/agnhost/webhook/main.go) that is validated in a Kubernetes e2e test. The webhook handles the `AdmissionReview` request sent by the API servers, and sends back its decision as an `AdmissionReview` object in the same version it received. --> <p>请参阅 Kubernetes e2e 测试中的 <a href="https://github.com/kubernetes/kubernetes/blob/release-1.21/test/images/agnhost/webhook/main.go">Admission Webhook 服务器</a> 的实现。Webhook 处理由 API 服务器发送的 <code>AdmissionReview</code> 请求,并且将其决定作为 <code>AdmissionReview</code> 对象以相同版本发送回去。</p> <!-- See the [webhook request](#request) section for details on the data sent to webhooks. --> <p>有关发送到 Webhook 的数据的详细信息,请参阅 <a href="#request">Webhook 请求</a>。</p> <!-- See the [webhook response](#response) section for the data expected from webhooks. --> <p>要获取来自 Webhook 的预期数据,请参阅 <a href="#response">Webhook 响应</a>。</p> <!-- The example admission webhook server leaves the `ClientAuth` field [empty](https://github.com/kubernetes/kubernetes/blob/v1.22.0/test/images/agnhost/webhook/config.go#L38-L39), which defaults to `NoClientCert`. This means that the webhook server does not authenticate the identity of the clients, supposedly API servers. If you need mutual TLS or other ways to authenticate the clients, see how to [authenticate API servers](#authenticate-apiservers). --> <p>示例准入 Webhook 服务器置 <code>ClientAuth</code> 字段为<a href="https://github.com/kubernetes/kubernetes/blob/v1.22.0/test/images/agnhost/webhook/config.go#L38-L39">空</a>, 默认为 <code>NoClientCert</code> 。这意味着 Webhook 服务器不会验证客户端的身份,认为其是 API 服务器。 如果你需要双向 TLS 或其他方式来验证客户端, 请参阅如何<a href="#authenticate-apiservers">对 API 服务器进行身份认证</a>。</p> <!-- ### Deploy the admission webhook service --> <h3 id="deploy-the-admission-webhook-service">部署准入 Webhook 服务</h3> <!-- The webhook server in the e2e test is deployed in the Kubernetes cluster, via the [deployment API](/docs/reference/generated/kubernetes-api/v1.28/#deployment-v1-apps). The test also creates a [service](/docs/reference/generated/kubernetes-api/v1.28/#service-v1-core) as the front-end of the webhook server. See [code](https://github.com/kubernetes/kubernetes/blob/v1.22.0/test/e2e/apimachinery/webhook.go#L748). --> <p>e2e 测试中的 Webhook 服务器通过 <a href="/docs/reference/generated/kubernetes-api/v1.28/#deployment-v1-apps">deployment API</a> 部署在 Kubernetes 集群中。该测试还将创建一个 <a href="/docs/reference/generated/kubernetes-api/v1.28/#service-v1-core">Service</a> 作为 Webhook 服务器的前端。 参见<a href="https://github.com/kubernetes/kubernetes/blob/v1.22.0/test/e2e/apimachinery/webhook.go#L748">相关代码</a>。</p> <!-- You may also deploy your webhooks outside of the cluster. You will need to update your webhook configurations accordingly. --> <p>你也可以在集群外部署 Webhook。这样做需要相应地更新你的 Webhook 配置。</p> <!-- ### Configure admission webhooks on the fly --> <h3 id="configure-admission-webhooks-on-the-fly">即时配置准入 Webhook</h3> <!-- You can dynamically configure what resources are subject to what admission webhooks via [ValidatingWebhookConfiguration](/docs/reference/generated/kubernetes-api/v1.28/#validatingwebhookconfiguration-v1-admissionregistration-k8s-io) or [MutatingWebhookConfiguration](/docs/reference/generated/kubernetes-api/v1.28/#mutatingwebhookconfiguration-v1-admissionregistration-k8s-io). --> <p>你可以通过 <a href="/docs/reference/generated/kubernetes-api/v1.28/#validatingwebhookconfiguration-v1-admissionregistration-k8s-io">ValidatingWebhookConfiguration</a> 或者 <a href="/docs/reference/generated/kubernetes-api/v1.28/#mutatingwebhookconfiguration-v1-admissionregistration-k8s-io">MutatingWebhookConfiguration</a> 动态配置哪些资源要被哪些准入 Webhook 处理。</p> <!-- The following is an example `ValidatingWebhookConfiguration`, a mutating webhook configuration is similar. See the [webhook configuration](#webhook-configuration) section for details about each config field. --> <p>以下是一个 <code>ValidatingWebhookConfiguration</code> 示例,Mutating Webhook 配置与此类似。 有关每个配置字段的详细信息,请参阅 <a href="#webhook-configuration">Webhook 配置</a>部分。</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#008000;font-weight:bold">apiVersion</span>:<span style="color:#bbb"> </span>admissionregistration.k8s.io/v1<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">kind</span>:<span style="color:#bbb"> </span>ValidatingWebhookConfiguration<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">metadata</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">name</span>:<span style="color:#bbb"> </span><span style="color:#b44">"pod-policy.example.com"</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">webhooks</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span>- <span style="color:#008000;font-weight:bold">name</span>:<span style="color:#bbb"> </span><span style="color:#b44">"pod-policy.example.com"</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">rules</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>- <span style="color:#008000;font-weight:bold">apiGroups</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">""</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">apiVersions</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">"v1"</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">operations</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">"CREATE"</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">resources</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">"pods"</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">scope</span>:<span style="color:#bbb"> </span><span style="color:#b44">"Namespaced"</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">clientConfig</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">service</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">namespace</span>:<span style="color:#bbb"> </span><span style="color:#b44">"example-namespace"</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">name</span>:<span style="color:#bbb"> </span><span style="color:#b44">"example-service"</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">caBundle</span>:<span style="color:#bbb"> </span><CA_BUNDLE><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">admissionReviewVersions</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">"v1"</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">sideEffects</span>:<span style="color:#bbb"> </span>None<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">timeoutSeconds</span>:<span style="color:#bbb"> </span><span style="color:#666">5</span><span style="color:#bbb"> </span></span></span></code></pre></div><div class="alert alert-info note callout" role="alert"> <strong>说明:</strong> <!-- You must replace the `<CA_BUNDLE>` in the above example by a valid CA bundle which is a PEM-encoded (field value is Base64 encoded) CA bundle for validating the webhook's server certificate. --> <p>你必须在以上示例中将 <code><CA_BUNDLE></code> 替换为一个有效的 CA 证书包, 这是一个用 PEM 编码的(字段值是 Base64 编码) CA 证书包,用于校验 Webhook 的服务器证书。 </div> <!-- The `scope` field specifies if only cluster-scoped resources ("Cluster") or namespace-scoped resources ("Namespaced") will match this rule. "∗" means that there are no scope restrictions. --> <p><code>scope</code> 字段指定是仅集群范围的资源(Cluster)还是名字空间范围的资源资源(Namespaced)将与此规则匹配。 <code>*</code> 表示没有范围限制。</p> <div class="alert alert-info note callout" role="alert"> <strong>说明:</strong> <!-- When using `clientConfig.service`, the server cert must be valid for `<svc_name>.<svc_namespace>.svc`. --> <p>当使用 <code>clientConfig.service</code> 时,服务器证书必须对 <code><svc_name>.<svc_namespace>.svc</code> 有效。 </div> <div class="alert alert-info note callout" role="alert"> <strong>说明:</strong> <!-- Default timeout for a webhook call is 10 seconds, You can set the `timeout` and it is encouraged to use a short timeout for webhooks. If the webhook call times out, the request is handled according to the webhook's failure policy. --> <p>Webhook 调用的默认超时是 10 秒,你可以设置 <code>timeout</code> 并建议对 Webhook 设置较短的超时时间。 如果 Webhook 调用超时,则根据 Webhook 的失败策略处理请求。 </div> <!-- When an API server receives a request that matches one of the `rules`, the API server sends an `admissionReview` request to webhook as specified in the `clientConfig`. After you create the webhook configuration, the system will take a few seconds to honor the new configuration. --> <p>当一个 API 服务器收到与 <code>rules</code> 相匹配的请求时, 该 API 服务器将按照 <code>clientConfig</code> 中指定的方式向 Webhook 发送一个 <code>admissionReview</code> 请求。</p> <p>创建 Webhook 配置后,系统将花费几秒钟使新配置生效。</p> <!-- ### Authenticate API servers {#authenticate-apiservers} --> <h3 id="authenticate-apiservers">对 API 服务器进行身份认证</h3> <!-- If your admission webhooks require authentication, you can configure the API servers to use basic auth, bearer token, or a cert to authenticate itself to the webhooks. There are three steps to complete the configuration. --> <p>如果你的 Webhook 需要身份验证,则可以将 API 服务器配置为使用基本身份验证、持有者令牌或证书来向 Webhook 提供身份证明。完成此配置需要三个步骤。</p> <!-- * When starting the API server, specify the location of the admission control configuration file via the `--admission-control-config-file` flag. * In the admission control configuration file, specify where the MutatingAdmissionWebhook controller and ValidatingAdmissionWebhook controller should read the credentials. The credentials are stored in kubeConfig files (yes, the same schema that's used by kubectl), so the field name is `kubeConfigFile`. Here is an example admission control configuration file: --> <ul> <li> <p>启动 API 服务器时,通过 <code>--admission-control-config-file</code> 参数指定准入控制配置文件的位置。</p> </li> <li> <p>在准入控制配置文件中,指定 MutatingAdmissionWebhook 控制器和 ValidatingAdmissionWebhook 控制器应该读取凭据的位置。 凭证存储在 kubeConfig 文件中(是的,与 kubectl 使用的模式相同),因此字段名称为 <code>kubeConfigFile</code>。 以下是一个准入控制配置文件示例:</p> </li> </ul> <ul class="nav nav-tabs" id="admissionconfiguration-example1" role="tablist"><li class="nav-item"><a data-toggle="tab" class="nav-link active" href="#admissionconfiguration-example1-0" role="tab" aria-controls="admissionconfiguration-example1-0" aria-selected="true">apiserver.config.k8s.io/v1</a></li> <li class="nav-item"><a data-toggle="tab" class="nav-link" href="#admissionconfiguration-example1-1" role="tab" aria-controls="admissionconfiguration-example1-1">apiserver.k8s.io/v1alpha1</a></li></ul> <div class="tab-content" id="admissionconfiguration-example1"><div id="admissionconfiguration-example1-0" class="tab-pane show active" role="tabpanel" aria-labelledby="admissionconfiguration-example1-0"> <p><div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#008000;font-weight:bold">apiVersion</span>:<span style="color:#bbb"> </span>apiserver.config.k8s.io/v1<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">kind</span>:<span style="color:#bbb"> </span>AdmissionConfiguration<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">plugins</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span>- <span style="color:#008000;font-weight:bold">name</span>:<span style="color:#bbb"> </span>ValidatingAdmissionWebhook<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">configuration</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">apiVersion</span>:<span style="color:#bbb"> </span>apiserver.config.k8s.io/v1<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">kind</span>:<span style="color:#bbb"> </span>WebhookAdmissionConfiguration<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">kubeConfigFile</span>:<span style="color:#bbb"> </span><span style="color:#b44">"<path-to-kubeconfig-file>"</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span>- <span style="color:#008000;font-weight:bold">name</span>:<span style="color:#bbb"> </span>MutatingAdmissionWebhook<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">configuration</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">apiVersion</span>:<span style="color:#bbb"> </span>apiserver.config.k8s.io/v1<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">kind</span>:<span style="color:#bbb"> </span>WebhookAdmissionConfiguration<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">kubeConfigFile</span>:<span style="color:#bbb"> </span><span style="color:#b44">"<path-to-kubeconfig-file>"</span><span style="color:#bbb"> </span></span></span></code></pre></div></div> <div id="admissionconfiguration-example1-1" class="tab-pane" role="tabpanel" aria-labelledby="admissionconfiguration-example1-1"> <p><!-- ```yaml # Deprecated in v1.17 in favor of apiserver.config.k8s.io/v1 apiVersion: apiserver.k8s.io/v1alpha1 kind: AdmissionConfiguration plugins: - name: ValidatingAdmissionWebhook configuration: # Deprecated in v1.17 in favor of apiserver.config.k8s.io/v1, kind=WebhookAdmissionConfiguration apiVersion: apiserver.config.k8s.io/v1alpha1 kind: WebhookAdmission kubeConfigFile: "<path-to-kubeconfig-file>" - name: MutatingAdmissionWebhook configuration: # Deprecated in v1.17 in favor of apiserver.config.k8s.io/v1, kind=WebhookAdmissionConfiguration apiVersion: apiserver.config.k8s.io/v1alpha1 kind: WebhookAdmission kubeConfigFile: "<path-to-kubeconfig-file>" ``` --> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#080;font-style:italic"># 1.17 中被淘汰,推荐使用 apiserver.config.k8s.io/v1</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">apiVersion</span>:<span style="color:#bbb"> </span>apiserver.k8s.io/v1alpha1<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">kind</span>:<span style="color:#bbb"> </span>AdmissionConfiguration<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">plugins</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span>- <span style="color:#008000;font-weight:bold">name</span>:<span style="color:#bbb"> </span>ValidatingAdmissionWebhook<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">configuration</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 1.17 中被淘汰,推荐使用 apiserver.config.k8s.io/v1,kind = WebhookAdmissionConfiguration</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">apiVersion</span>:<span style="color:#bbb"> </span>apiserver.config.k8s.io/v1alpha1<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">kind</span>:<span style="color:#bbb"> </span>WebhookAdmission<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">kubeConfigFile</span>:<span style="color:#bbb"> </span><span style="color:#b44">"<path-to-kubeconfig-file>"</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span>- <span style="color:#008000;font-weight:bold">name</span>:<span style="color:#bbb"> </span>MutatingAdmissionWebhook<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">configuration</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 1.17 中被淘汰,推荐使用 apiserver.config.k8s.io/v1,kind = WebhookAdmissionConfiguration</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">apiVersion</span>:<span style="color:#bbb"> </span>apiserver.config.k8s.io/v1alpha1<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">kind</span>:<span style="color:#bbb"> </span>WebhookAdmission<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">kubeConfigFile</span>:<span style="color:#bbb"> </span><span style="color:#b44">"<path-to-kubeconfig-file>"</span><span style="color:#bbb"> </span></span></span></code></pre></div></div></div> <!-- For more information about `AdmissionConfiguration`, see the [AdmissionConfiguration (v1) reference](/docs/reference/config-api/apiserver-webhookadmission.v1/). See the [webhook configuration](#webhook-configuration) section for details about each config field. In the kubeConfig file, provide the credentials: --> <p>有关 <code>AdmissionConfiguration</code> 的更多信息,请参见 <a href="/docs/reference/config-api/apiserver-webhookadmission.v1/">AdmissionConfiguration (v1) reference</a>。 有关每个配置字段的详细信息,请参见 <a href="#webhook-%E9%85%8D%E7%BD%AE">Webhook 配置</a>部分。</p> <p>在 kubeConfig 文件中,提供证书凭据:</p> <!-- ```yaml apiVersion: v1 kind: Config users: # name should be set to the DNS name of the service or the host (including port) of the URL the webhook is configured to speak to. # If a non-443 port is used for services, it must be included in the name when configuring 1.16+ API servers. # # For a webhook configured to speak to a service on the default port (443), specify the DNS name of the service: # - name: webhook1.ns1.svc # user: ... # # For a webhook configured to speak to a service on non-default port (e.g. 8443), specify the DNS name and port of the service in 1.16+: # - name: webhook1.ns1.svc:8443 # user: ... # and optionally create a second stanza using only the DNS name of the service for compatibility with 1.15 API servers: # - name: webhook1.ns1.svc # user: ... # # For webhooks configured to speak to a URL, match the host (and port) specified in the webhook's URL. Examples: # A webhook with `url: https://www.example.com`: # - name: www.example.com # user: ... # # A webhook with `url: https://www.example.com:443`: # - name: www.example.com:443 # user: ... # # A webhook with `url: https://www.example.com:8443`: # - name: www.example.com:8443 # user: ... # - name: 'webhook1.ns1.svc' user: client-certificate-data: "<pem encoded certificate>" client-key-data: "<pem encoded key>" # The `name` supports using * to wildcard-match prefixing segments. - name: '*.webhook-company.org' user: password: "<password>" username: "<name>" # '*' is the default match. - name: '*' user: token: "<token>" ``` --> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#008000;font-weight:bold">apiVersion</span>:<span style="color:#bbb"> </span>v1<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">kind</span>:<span style="color:#bbb"> </span>Config<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">users</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#080;font-style:italic"># 名称应设置为服务的 DNS 名称或配置了 Webhook 的 URL 的主机名(包括端口)。</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#080;font-style:italic"># 如果将非 443 端口用于服务,则在配置 1.16+ API 服务器时,该端口必须包含在名称中。</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#080;font-style:italic">#</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#080;font-style:italic"># 对于配置在默认端口(443)上与服务对话的 Webhook,请指定服务的 DNS 名称:</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#080;font-style:italic"># - name: webhook1.ns1.svc</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#080;font-style:italic"># user: ...</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#080;font-style:italic">#</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#080;font-style:italic"># 对于配置在非默认端口(例如 8443)上与服务对话的 Webhook,请在 1.16+ 中指定服务的 DNS 名称和端口:</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#080;font-style:italic"># - name: webhook1.ns1.svc:8443</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#080;font-style:italic"># user: ...</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#080;font-style:italic"># 并可以选择仅使用服务的 DNS 名称来创建第二节,以与 1.15 API 服务器版本兼容:</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#080;font-style:italic"># - name: webhook1.ns1.svc</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#080;font-style:italic"># user: ...</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#080;font-style:italic">#</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#080;font-style:italic"># 对于配置为使用 URL 的 webhook,请匹配在 webhook 的 URL 中指定的主机(和端口)。</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#080;font-style:italic"># 带有 `url: https://www.example.com` 的 webhook:</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#080;font-style:italic"># - name: www.example.com</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#080;font-style:italic"># user: ...</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#080;font-style:italic">#</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#080;font-style:italic"># 带有 `url: https://www.example.com:443` 的 webhook:</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#080;font-style:italic"># - name: www.example.com:443</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#080;font-style:italic"># user: ...</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#080;font-style:italic">#</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#080;font-style:italic"># 带有 `url: https://www.example.com:8443` 的 webhook:</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#080;font-style:italic"># - name: www.example.com:8443</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#080;font-style:italic"># user: ...</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#080;font-style:italic">#</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span>- <span style="color:#008000;font-weight:bold">name</span>:<span style="color:#bbb"> </span><span style="color:#b44">'webhook1.ns1.svc'</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">user</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">client-certificate-data</span>:<span style="color:#bbb"> </span><span style="color:#b44">"<pem encoded certificate>"</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">client-key-data</span>:<span style="color:#bbb"> </span><span style="color:#b44">"<pem encoded key>"</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#080;font-style:italic"># `name` 支持使用 * 通配符匹配前缀段。</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span>- <span style="color:#008000;font-weight:bold">name</span>:<span style="color:#bbb"> </span><span style="color:#b44">'*.webhook-company.org'</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">user</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">password</span>:<span style="color:#bbb"> </span><span style="color:#b44">"<password>"</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">username</span>:<span style="color:#bbb"> </span><span style="color:#b44">"<name>"</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#080;font-style:italic"># '*' 是默认匹配项。</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span>- <span style="color:#008000;font-weight:bold">name</span>:<span style="color:#bbb"> </span><span style="color:#b44">'*'</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">user</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">token</span>:<span style="color:#bbb"> </span><span style="color:#b44">"<token>"</span><span style="color:#bbb"> </span></span></span></code></pre></div><!-- Of course you need to set up the webhook server to handle these authentication requests. --> <p>当然,你需要设置 Webhook 服务器来处理这些身份验证请求。</p> <!-- ## Webhook request and response --> <h2 id="webhook-request-and-response">Webhook 请求与响应</h2> <!-- ### Request Webhooks are sent as POST requests, with `Content-Type: application/json`, with an `AdmissionReview` API object in the `admission.k8s.io` API group serialized to JSON as the body. Webhooks can specify what versions of `AdmissionReview` objects they accept with the `admissionReviewVersions` field in their configuration: --> <h3 id="request">请求</h3> <p>Webhook 发送 POST 请求时,请设置 <code>Content-Type: application/json</code> 并对 <code>admission.k8s.io</code> API 组中的 <code>AdmissionReview</code> 对象进行序列化,将所得到的 JSON 作为请求的主体。</p> <p>Webhook 可以在配置中的 <code>admissionReviewVersions</code> 字段指定可接受的 <code>AdmissionReview</code> 对象版本:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#008000;font-weight:bold">apiVersion</span>:<span style="color:#bbb"> </span>admissionregistration.k8s.io/v1<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">kind</span>:<span style="color:#bbb"> </span>ValidatingWebhookConfiguration<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">webhooks</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span>- <span style="color:#008000;font-weight:bold">name</span>:<span style="color:#bbb"> </span>my-webhook.example.com<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">admissionReviewVersions</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">"v1"</span>,<span style="color:#bbb"> </span><span style="color:#b44">"v1beta1"</span>]<span style="color:#bbb"> </span></span></span></code></pre></div><!-- `admissionReviewVersions` is a required field when creating webhook configurations. Webhooks are required to support at least one `AdmissionReview` version understood by the current and previous API server. --> <p>创建 Webhook 配置时,<code>admissionReviewVersions</code> 是必填字段。 Webhook 必须支持至少一个当前和以前的 API 服务器都可以解析的 <code>AdmissionReview</code> 版本。</p> <!-- API servers send the first `AdmissionReview` version in the `admissionReviewVersions` list they support. If none of the versions in the list are supported by the API server, the configuration will not be allowed to be created. If an API server encounters a webhook configuration that was previously created and does not support any of the `AdmissionReview` versions the API server knows how to send, attempts to call to the webhook will fail and be subject to the [failure policy](#failure-policy). This example shows the data contained in an `AdmissionReview` object for a request to update the `scale` subresource of an `apps/v1` `Deployment`: --> <p>API 服务器将发送的是 <code>admissionReviewVersions</code> 列表中所支持的第一个 <code>AdmissionReview</code> 版本。如果 API 服务器不支持列表中的任何版本,则不允许创建配置。</p> <p>如果 API 服务器遇到以前创建的 Webhook 配置,并且不支持该 API 服务器知道如何发送的任何 <code>AdmissionReview</code> 版本,则调用 Webhook 的尝试将失败,并依据<a href="#failure-policy">失败策略</a>进行处理。</p> <p>此示例显示了 <code>AdmissionReview</code> 对象中包含的数据,该数据用于请求更新 <code>apps/v1</code> <code>Deployment</code> 的 <code>scale</code> 子资源:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#008000;font-weight:bold">apiVersion</span>:<span style="color:#bbb"> </span>admission.k8s.io/v1<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">kind</span>:<span style="color:#bbb"> </span>AdmissionReview<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">request</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 唯一标识此准入回调的随机 uid</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">uid</span>:<span style="color:#bbb"> </span>705ab4f5-6393-11e8-b7cc-42010a800002<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 传入完全正确的 group/version/kind 对象</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">kind</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">group</span>:<span style="color:#bbb"> </span>autoscaling<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">version</span>:<span style="color:#bbb"> </span>v1<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">kind</span>:<span style="color:#bbb"> </span>Scale<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 修改 resource 的完全正确的的 group/version/kind</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">resource</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">group</span>:<span style="color:#bbb"> </span>apps<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">version</span>:<span style="color:#bbb"> </span>v1<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">resource</span>:<span style="color:#bbb"> </span>deployments<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># subResource(如果请求是针对 subResource 的)</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">subResource</span>:<span style="color:#bbb"> </span>scale<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 在对 API 服务器的原始请求中,传入对象的标准 group/version/kind</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 仅当 Webhook 指定 `matchPolicy: Equivalent` 且将对 API 服务器的原始请求</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 转换为 Webhook 注册的版本时,这才与 `kind` 不同。</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">requestKind</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">group</span>:<span style="color:#bbb"> </span>autoscaling<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">version</span>:<span style="color:#bbb"> </span>v1<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">kind</span>:<span style="color:#bbb"> </span>Scale<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 在对 API 服务器的原始请求中正在修改的资源的标准 group/version/kind</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 仅当 Webhook 指定了 `matchPolicy:Equivalent` 并且将对 API 服务器的原始请求转换为</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># Webhook 注册的版本时,这才与 `resource` 不同。</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">requestResource</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">group</span>:<span style="color:#bbb"> </span>apps<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">version</span>:<span style="color:#bbb"> </span>v1<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">resource</span>:<span style="color:#bbb"> </span>deployments<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># subResource(如果请求是针对 subResource 的)</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 仅当 Webhook 指定了 `matchPolicy:Equivalent` 并且将对</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># API 服务器的原始请求转换为该 Webhook 注册的版本时,这才与 `subResource` 不同。</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">requestSubResource</span>:<span style="color:#bbb"> </span>scale<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 被修改资源的名称</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">name</span>:<span style="color:#bbb"> </span>my-deployment<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 如果资源是属于名字空间(或者是名字空间对象),则这是被修改的资源的名字空间</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">namespace</span>:<span style="color:#bbb"> </span>my-namespace<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 操作可以是 CREATE、UPDATE、DELETE 或 CONNECT</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">operation</span>:<span style="color:#bbb"> </span>UPDATE<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">userInfo</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 向 API 服务器发出请求的经过身份验证的用户的用户名</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">username</span>:<span style="color:#bbb"> </span>admin<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 向 API 服务器发出请求的经过身份验证的用户的 UID</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">uid</span>:<span style="color:#bbb"> </span>014fbff9a07c<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 向 API 服务器发出请求的经过身份验证的用户的组成员身份</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">groups</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>- system:authenticated<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>- my-admin-group<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 向 API 服务器发出请求的用户相关的任意附加信息</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 该字段由 API 服务器身份验证层填充,并且如果 webhook 执行了任何</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># SubjectAccessReview 检查,则应将其包括在内。</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">extra</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">some-key</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>- some-value1<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>- some-value2<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># object 是被接纳的新对象。</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 对于 DELETE 操作,它为 null。</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">object</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">apiVersion</span>:<span style="color:#bbb"> </span>autoscaling/v1<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">kind</span>:<span style="color:#bbb"> </span>Scale<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># oldObject 是现有对象。</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 对于 CREATE 和 CONNECT 操作,它为 null。</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">oldObject</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">apiVersion</span>:<span style="color:#bbb"> </span>autoscaling/v1<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">kind</span>:<span style="color:#bbb"> </span>Scale<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># options 包含要接受的操作的选项,例如 meta.k8s.io/v CreateOptions、UpdateOptions 或 DeleteOptions。</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 对于 CONNECT 操作,它为 null。</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">options</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">apiVersion</span>:<span style="color:#bbb"> </span>meta.k8s.io/v1<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">kind</span>:<span style="color:#bbb"> </span>UpdateOptions<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># dryRun 表示 API 请求正在以 `dryrun` 模式运行,并且将不会保留。</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 带有副作用的 Webhook 应该避免在 dryRun 为 true 时激活这些副作用。</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 有关更多详细信息,请参见 http://k8s.io/zh-cn/docs/reference/using-api/api-concepts/#make-a-dry-run-request</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">dryRun</span>:<span style="color:#bbb"> </span><span style="color:#a2f;font-weight:bold">False</span><span style="color:#bbb"> </span></span></span></code></pre></div><!-- ### Response --> <h3 id="response">响应</h3> <!-- Webhooks respond with a 200 HTTP status code, `Content-Type: application/json`, and a body containing an `AdmissionReview` object (in the same version they were sent), with the `response` stanza populated, serialized to JSON. --> <p>Webhook 使用 HTTP 200 状态码、<code>Content-Type: application/json</code> 和一个包含 <code>AdmissionReview</code> 对象的 JSON 序列化格式来发送响应。该 <code>AdmissionReview</code> 对象与发送的版本相同,且其中包含的 <code>response</code> 字段已被有效填充。</p> <!-- At a minimum, the `response` stanza must contain the following fields: * `uid`, copied from the `request.uid` sent to the webhook * `allowed`, either set to `true` or `false` Example of a minimal response from a webhook to allow a request: --> <p><code>response</code> 至少必须包含以下字段:</p> <ul> <li><code>uid</code>,从发送到 Webhook 的 <code>request.uid</code> 中复制而来</li> <li><code>allowed</code>,设置为 <code>true</code> 或 <code>false</code></li> </ul> <!-- Example of a minimal response from a webhook to allow a request: --> <p>Webhook 允许请求的最简单响应示例:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-json" data-lang="json"><span style="display:flex;"><span>{ </span></span><span style="display:flex;"><span> <span style="color:#008000;font-weight:bold">"apiVersion"</span>: <span style="color:#b44">"admission.k8s.io/v1"</span>, </span></span><span style="display:flex;"><span> <span style="color:#008000;font-weight:bold">"kind"</span>: <span style="color:#b44">"AdmissionReview"</span>, </span></span><span style="display:flex;"><span> <span style="color:#008000;font-weight:bold">"response"</span>: { </span></span><span style="display:flex;"><span> <span style="color:#008000;font-weight:bold">"uid"</span>: <span style="color:#b44">"<value from request.uid>"</span>, </span></span><span style="display:flex;"><span> <span style="color:#008000;font-weight:bold">"allowed"</span>: <span style="color:#a2f;font-weight:bold">true</span> </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span>} </span></span></code></pre></div><!-- Example of a minimal response from a webhook to forbid a request: --> <p>Webhook 禁止请求的最简单响应示例:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-json" data-lang="json"><span style="display:flex;"><span>{ </span></span><span style="display:flex;"><span> <span style="color:#008000;font-weight:bold">"apiVersion"</span>: <span style="color:#b44">"admission.k8s.io/v1"</span>, </span></span><span style="display:flex;"><span> <span style="color:#008000;font-weight:bold">"kind"</span>: <span style="color:#b44">"AdmissionReview"</span>, </span></span><span style="display:flex;"><span> <span style="color:#008000;font-weight:bold">"response"</span>: { </span></span><span style="display:flex;"><span> <span style="color:#008000;font-weight:bold">"uid"</span>: <span style="color:#b44">"<value from request.uid>"</span>, </span></span><span style="display:flex;"><span> <span style="color:#008000;font-weight:bold">"allowed"</span>: <span style="color:#a2f;font-weight:bold">false</span> </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span>} </span></span></code></pre></div><!-- When rejecting a request, the webhook can customize the http code and message returned to the user using the `status` field. The specified status object is returned to the user. See the [API documentation](/docs/reference/generated/kubernetes-api/v1.28/#status-v1-meta) for details about the `status` type. Example of a response to forbid a request, customizing the HTTP status code and message presented to the user: --> <p>当拒绝请求时,Webhook 可以使用 <code>status</code> 字段自定义 http 响应码和返回给用户的消息。 有关状态类型的详细信息,请参见 <a href="/docs/reference/generated/kubernetes-api/v1.28/#status-v1-meta">API 文档</a>。 禁止请求的响应示例,它定制了向用户显示的 HTTP 状态码和消息:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-json" data-lang="json"><span style="display:flex;"><span>{ </span></span><span style="display:flex;"><span> <span style="color:#008000;font-weight:bold">"apiVersion"</span>: <span style="color:#b44">"admission.k8s.io/v1"</span>, </span></span><span style="display:flex;"><span> <span style="color:#008000;font-weight:bold">"kind"</span>: <span style="color:#b44">"AdmissionReview"</span>, </span></span><span style="display:flex;"><span> <span style="color:#008000;font-weight:bold">"response"</span>: { </span></span><span style="display:flex;"><span> <span style="color:#008000;font-weight:bold">"uid"</span>: <span style="color:#b44">"<value from request.uid>"</span>, </span></span><span style="display:flex;"><span> <span style="color:#008000;font-weight:bold">"allowed"</span>: <span style="color:#a2f;font-weight:bold">false</span>, </span></span><span style="display:flex;"><span> <span style="color:#008000;font-weight:bold">"status"</span>: { </span></span><span style="display:flex;"><span> <span style="color:#008000;font-weight:bold">"code"</span>: <span style="color:#666">403</span>, </span></span><span style="display:flex;"><span> <span style="color:#008000;font-weight:bold">"message"</span>: <span style="color:#b44">"You cannot do this because it is Tuesday and your name starts with A"</span> </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span>} </span></span></code></pre></div><!-- When allowing a request, a mutating admission webhook may optionally modify the incoming object as well. This is done using the `patch` and `patchType` fields in the response. The only currently supported `patchType` is `JSONPatch`. See [JSON patch](https://jsonpatch.com/) documentation for more details. For `patchType: JSONPatch`, the `patch` field contains a base64-encoded array of JSON patch operations. --> <p>当允许请求时,mutating准入 Webhook 也可以选择修改传入的对象。 这是通过在响应中使用 <code>patch</code> 和 <code>patchType</code> 字段来完成的。 当前唯一支持的 <code>patchType</code> 是 <code>JSONPatch</code>。 有关更多详细信息,请参见 <a href="https://jsonpatch.com/">JSON patch</a>。 对于 <code>patchType: JSONPatch</code>,<code>patch</code> 字段包含一个以 base64 编码的 JSON patch 操作数组。</p> <!-- As an example, a single patch operation that would set `spec.replicas` would be `[{"op": "add", "path": "/spec/replicas", "value": 3}]` Base64-encoded, this would be `W3sib3AiOiAiYWRkIiwgInBhdGgiOiAiL3NwZWMvcmVwbGljYXMiLCAidmFsdWUiOiAzfV0=` --> <p>例如,设置 <code>spec.replicas</code> 的单个补丁操作将是 <code>[{"op": "add", "path": "/spec/replicas", "value": 3}]</code>。</p> <p>如果以 Base64 形式编码,结果将是 <code>W3sib3AiOiAiYWRkIiwgInBhdGgiOiAiL3NwZWMvcmVwbGljYXMiLCAidmFsdWUiOiAzfV0=</code></p> <!-- So a webhook response to add that label would be: --> <p>因此,添加该标签的 Webhook 响应为:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-json" data-lang="json"><span style="display:flex;"><span>{ </span></span><span style="display:flex;"><span> <span style="color:#008000;font-weight:bold">"apiVersion"</span>: <span style="color:#b44">"admission.k8s.io/v1"</span>, </span></span><span style="display:flex;"><span> <span style="color:#008000;font-weight:bold">"kind"</span>: <span style="color:#b44">"AdmissionReview"</span>, </span></span><span style="display:flex;"><span> <span style="color:#008000;font-weight:bold">"response"</span>: { </span></span><span style="display:flex;"><span> <span style="color:#008000;font-weight:bold">"uid"</span>: <span style="color:#b44">"<value from request.uid>"</span>, </span></span><span style="display:flex;"><span> <span style="color:#008000;font-weight:bold">"allowed"</span>: <span style="color:#a2f;font-weight:bold">true</span>, </span></span><span style="display:flex;"><span> <span style="color:#008000;font-weight:bold">"patchType"</span>: <span style="color:#b44">"JSONPatch"</span>, </span></span><span style="display:flex;"><span> <span style="color:#008000;font-weight:bold">"patch"</span>: <span style="color:#b44">"W3sib3AiOiAiYWRkIiwgInBhdGgiOiAiL3NwZWMvcmVwbGljYXMiLCAidmFsdWUiOiAzfV0="</span> </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span>} </span></span></code></pre></div><!-- Admission webhooks can optionally return warning messages that are returned to the requesting client in HTTP `Warning` headers with a warning code of 299. Warnings can be sent with allowed or rejected admission responses. --> <p>准入 Webhook 可以选择性地返回在 HTTP <code>Warning</code> 头中返回给请求客户端的警告消息,警告代码为 299。 警告可以与允许或拒绝的准入响应一起发送。</p> <!-- If you're implementing a webhook that returns a warning: * Don't include a "Warning:" prefix in the message * Use warning messages to describe problems the client making the API request should correct or be aware of * Limit warnings to 120 characters if possible --> <p>如果你正在实现返回一条警告的 webhook,则:</p> <ul> <li>不要在消息中包括 "Warning:" 前缀</li> <li>使用警告消息描述该客户端进行 API 请求时会遇到或应意识到的问题</li> <li>如果可能,将警告限制为 120 个字符</li> </ul> <div class="alert alert-warning caution callout" role="alert"> <strong>注意:</strong> <!-- Individual warning messages over 256 characters may be truncated by the API server before being returned to clients. If more than 4096 characters of warning messages are added (from all sources), additional warning messages are ignored. --> <p>超过 256 个字符的单条警告消息在返回给客户之前可能会被 API 服务器截断。 如果超过 4096 个字符的警告消息(来自所有来源),则额外的警告消息会被忽略。 </div> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-json" data-lang="json"><span style="display:flex;"><span>{ </span></span><span style="display:flex;"><span> <span style="color:#008000;font-weight:bold">"apiVersion"</span>: <span style="color:#b44">"admission.k8s.io/v1"</span>, </span></span><span style="display:flex;"><span> <span style="color:#008000;font-weight:bold">"kind"</span>: <span style="color:#b44">"AdmissionReview"</span>, </span></span><span style="display:flex;"><span> <span style="color:#008000;font-weight:bold">"response"</span>: { </span></span><span style="display:flex;"><span> <span style="color:#008000;font-weight:bold">"uid"</span>: <span style="color:#b44">"<value from request.uid>"</span>, </span></span><span style="display:flex;"><span> <span style="color:#008000;font-weight:bold">"allowed"</span>: <span style="color:#a2f;font-weight:bold">true</span>, </span></span><span style="display:flex;"><span> <span style="color:#008000;font-weight:bold">"warnings"</span>: [ </span></span><span style="display:flex;"><span> <span style="color:#b44">"duplicate envvar entries specified with name MY_ENV"</span>, </span></span><span style="display:flex;"><span> <span style="color:#b44">"memory request less than 4MB specified for container mycontainer, which will not start successfully"</span> </span></span><span style="display:flex;"><span> ] </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span>} </span></span></code></pre></div><!-- ## Webhook configuration --> <h2 id="webhook-configuration">Webhook 配置</h2> <!-- To register admission webhooks, create `MutatingWebhookConfiguration` or `ValidatingWebhookConfiguration` API objects. The name of a `MutatingWebhookConfiguration` or a `ValidatingWebhookConfiguration` object must be a valid [DNS subdomain name](/docs/concepts/overview/working-with-objects/names#dns-subdomain-names). Each configuration can contain one or more webhooks. If multiple webhooks are specified in a single configuration, each must be given a unique name. This is required in order to make resulting audit logs and metrics easier to match up to active configurations. Each webhook defines the following things. --> <p>要注册准入 Webhook,请创建 <code>MutatingWebhookConfiguration</code> 或 <code>ValidatingWebhookConfiguration</code> API 对象。 <code>MutatingWebhookConfiguration</code> 或<code>ValidatingWebhookConfiguration</code> 对象的名称必须是有效的 <a href="/zh-cn/docs/concepts/overview/working-with-objects/names#dns-subdomain-names">DNS 子域名</a>。</p> <p>每种配置可以包含一个或多个 Webhook。如果在单个配置中指定了多个 Webhook,则应为每个 Webhook 赋予一个唯一的名称。 这是必需的,以使生成的审计日志和指标更易于与激活的配置相匹配。</p> <p>每个 Webhook 定义以下内容。</p> <!-- ### Matching requests: rules --> <h3 id="matching-requests-rules">匹配请求-规则</h3> <!-- Each webhook must specify a list of rules used to determine if a request to the API server should be sent to the webhook. Each rule specifies one or more operations, apiGroups, apiVersions, and resources, and a resource scope: --> <p>每个 Webhook 必须指定用于确定是否应将对 apiserver 的请求发送到 webhook 的规则列表。 每个规则都指定一个或多个 operations、apiGroups、apiVersions 和 resources 以及资源的 scope:</p> <!-- * `operations` lists one or more operations to match. Can be `"CREATE"`, `"UPDATE"`, `"DELETE"`, `"CONNECT"`, or `"*"` to match all. * `apiGroups` lists one or more API groups to match. `""` is the core API group. `"*"` matches all API groups. * `apiVersions` lists one or more API versions to match. `"*"` matches all API versions. * `resources` lists one or more resources to match. * `"*"` matches all resources, but not subresources. * `"*/*"` matches all resources and subresources. * `"pods/*"` matches all subresources of pods. * `"*/status"` matches all status subresources. * `scope` specifies a scope to match. Valid values are `"Cluster"`, `"Namespaced"`, and `"*"`. Subresources match the scope of their parent resource. Default is `"*"`. * `"Cluster"` means that only cluster-scoped resources will match this rule (Namespace API objects are cluster-scoped). * `"Namespaced"` means that only namespaced resources will match this rule. * `"*"` means that there are no scope restrictions. --> <ul> <li> <p><code>operations</code> 列出一个或多个要匹配的操作。 可以是 <code>CREATE</code>、<code>UPDATE</code>、<code>DELETE</code>、<code>CONNECT</code> 或 <code>*</code> 以匹配所有内容。</p> </li> <li> <p><code>apiGroups</code> 列出了一个或多个要匹配的 API 组。<code>""</code> 是核心 API 组。<code>"*"</code> 匹配所有 API 组。</p> </li> <li> <p><code>apiVersions</code> 列出了一个或多个要匹配的 API 版本。<code>"*"</code> 匹配所有 API 版本。</p> </li> <li> <p><code>resources</code> 列出了一个或多个要匹配的资源。</p> <ul> <li><code>"*"</code> 匹配所有资源,但不包括子资源。</li> <li><code>"*/*"</code> 匹配所有资源,包括子资源。</li> <li><code>"pods/*"</code> 匹配 pod 的所有子资源。</li> <li><code>"*/status"</code> 匹配所有 status 子资源。</li> </ul> </li> <li> <p><code>scope</code> 指定要匹配的范围。有效值为 <code>"Cluster"</code>、<code>"Namespaced"</code> 和 <code>"*"</code>。 子资源匹配其父资源的范围。默认值为 <code>"*"</code>。</p> <ul> <li><code>"Cluster"</code> 表示只有集群作用域的资源才能匹配此规则(API 对象 Namespace 是集群作用域的)。</li> <li><code>"Namespaced"</code> 意味着仅具有名字空间的资源才符合此规则。</li> <li><code>"*"</code> 表示没有作用域限制。</li> </ul> </li> </ul> <!-- If an incoming request matches one of the specified `operations`, `groups`, `versions`, `resources`, and `scope` for any of a webhook's `rules`, the request is sent to the webhook. Here are other examples of rules that could be used to specify which resources should be intercepted. Match `CREATE` or `UPDATE` requests to `apps/v1` and `apps/v1beta1` `deployments` and `replicasets`: --> <p>如果传入请求与任何 Webhook <code>rules</code> 的指定 <code>operations</code>、<code>groups</code>、<code>versions</code>、 <code>resources</code> 和 <code>scope</code> 匹配,则该请求将发送到 Webhook。</p> <p>以下是可用于指定应拦截哪些资源的规则的其他示例。</p> <p>匹配针对 <code>apps/v1</code> 和 <code>apps/v1beta1</code> 组中 <code>deployments</code> 和 <code>replicasets</code> 资源的 <code>CREATE</code> 或 <code>UPDATE</code> 请求:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#008000;font-weight:bold">apiVersion</span>:<span style="color:#bbb"> </span>admissionregistration.k8s.io/v1<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">kind</span>:<span style="color:#bbb"> </span>ValidatingWebhookConfiguration<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#00f;font-weight:bold">...</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">webhooks</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span>- <span style="color:#008000;font-weight:bold">name</span>:<span style="color:#bbb"> </span>my-webhook.example.com<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">rules</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>- <span style="color:#008000;font-weight:bold">operations</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">"CREATE"</span>,<span style="color:#bbb"> </span><span style="color:#b44">"UPDATE"</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">apiGroups</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">"apps"</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">apiVersions</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">"v1"</span>,<span style="color:#bbb"> </span><span style="color:#b44">"v1beta1"</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">resources</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">"deployments"</span>,<span style="color:#bbb"> </span><span style="color:#b44">"replicasets"</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">scope</span>:<span style="color:#bbb"> </span><span style="color:#b44">"Namespaced"</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>...<span style="color:#bbb"> </span></span></span></code></pre></div><!-- Match create requests for all resources (but not subresources) in all API groups and versions: --> <p>匹配所有 API 组和版本中的所有资源(但不包括子资源)的创建请求:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#008000;font-weight:bold">apiVersion</span>:<span style="color:#bbb"> </span>admissionregistration.k8s.io/v1<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">kind</span>:<span style="color:#bbb"> </span>ValidatingWebhookConfiguration<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">webhooks</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>- <span style="color:#008000;font-weight:bold">name</span>:<span style="color:#bbb"> </span>my-webhook.example.com<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">rules</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>- <span style="color:#008000;font-weight:bold">operations</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">"CREATE"</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">apiGroups</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">"*"</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">apiVersions</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">"*"</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">resources</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">"*"</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">scope</span>:<span style="color:#bbb"> </span><span style="color:#b44">"*"</span><span style="color:#bbb"> </span></span></span></code></pre></div><!-- Match update requests for all `status` subresources in all API groups and versions: --> <p>匹配所有 API 组和版本中所有 <code>status</code> 子资源的更新请求:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#008000;font-weight:bold">apiVersion</span>:<span style="color:#bbb"> </span>admissionregistration.k8s.io/v1<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">kind</span>:<span style="color:#bbb"> </span>ValidatingWebhookConfiguration<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">webhooks</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>- <span style="color:#008000;font-weight:bold">name</span>:<span style="color:#bbb"> </span>my-webhook.example.com<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">rules</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>- <span style="color:#008000;font-weight:bold">operations</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">"UPDATE"</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">apiGroups</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">"*"</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">apiVersions</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">"*"</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">resources</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">"*/status"</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">scope</span>:<span style="color:#bbb"> </span><span style="color:#b44">"*"</span><span style="color:#bbb"> </span></span></span></code></pre></div><!-- ### Matching requests: objectSelector --> <h3 id="matching-requests-objectselector">匹配请求:objectSelector</h3> <!-- Webhooks may optionally limit which requests are intercepted based on the labels of the objects they would be sent, by specifying an `objectSelector`. If specified, the objectSelector is evaluated against both the object and oldObject that would be sent to the webhook, and is considered to match if either object matches the selector. --> <p>通过指定 <code>objectSelector</code>,Webhook 能够根据可能发送的对象的标签来限制哪些请求被拦截。 如果指定,则将对 <code>objectSelector</code> 和可能发送到 Webhook 的 object 和 oldObject 进行评估。如果两个对象之一与选择器匹配,则认为该请求已匹配。</p> <!-- A null object (`oldObject` in the case of create, or `newObject` in the case of delete), or an object that cannot have labels (like a `DeploymentRollback` or a `PodProxyOptions` object) is not considered to match. --> <p>空对象(对于创建操作而言为 <code>oldObject</code>,对于删除操作而言为 <code>newObject</code>), 或不能带标签的对象(例如 <code>DeploymentRollback</code> 或 <code>PodProxyOptions</code> 对象) 被认为不匹配。</p> <!-- Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. --> <p>仅当选择使用 Webhook 时才使用对象选择器,因为最终用户可以通过设置标签来 跳过准入 Webhook。</p> <!-- This example shows a mutating webhook that would match a `CREATE` of any resource (but not subresources) with the label `foo: bar`: --> <p>这个例子展示了一个变更性质的 Webhook,它将匹配带有标签 <code>foo:bar</code> 的所有资源(但不包括子资源)的 <code>CREATE</code> 操作:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#008000;font-weight:bold">apiVersion</span>:<span style="color:#bbb"> </span>admissionregistration.k8s.io/v1<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">kind</span>:<span style="color:#bbb"> </span>MutatingWebhookConfiguration<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">webhooks</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span>- <span style="color:#008000;font-weight:bold">name</span>:<span style="color:#bbb"> </span>my-webhook.example.com<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">objectSelector</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">matchLabels</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">foo</span>:<span style="color:#bbb"> </span>bar<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">rules</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>- <span style="color:#008000;font-weight:bold">operations</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">"CREATE"</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">apiGroups</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">"*"</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">apiVersions</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">"*"</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">resources</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">"*"</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">scope</span>:<span style="color:#bbb"> </span><span style="color:#b44">"*"</span><span style="color:#bbb"> </span></span></span></code></pre></div><!-- See [labels concept](/docs/concepts/overview/working-with-objects/labels) for more examples of label selectors. --> <p>有关标签选择器的更多示例,请参见<a href="/zh-cn/docs/concepts/overview/working-with-objects/labels">标签</a>。</p> <!-- ### Matching requests: namespaceSelector --> <h3 id="matching-requests-namespaceselector">匹配请求:namespaceSelector</h3> <!-- Webhooks may optionally limit which requests for namespaced resources are intercepted, based on the labels of the containing namespace, by specifying a `namespaceSelector`. --> <p>通过指定 <code>namespaceSelector</code>, Webhook 可以根据具有名字空间的资源所处的名字空间的标签来选择拦截哪些资源的操作。</p> <!-- The `namespaceSelector` decides whether to run the webhook on a request for a namespaced resource (or a Namespace object), based on whether the namespace's labels match the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is a cluster scoped resource other than a Namespace, `namespaceSelector` has no effect. --> <p><code>namespaceSelector</code> 根据名字空间的标签是否匹配选择器,决定是否针对具名字空间的资源 (或 Namespace 对象)的请求运行 webhook。 如果对象是除 Namespace 以外的集群范围的资源,则 <code>namespaceSelector</code> 标签无效。</p> <!-- This example shows a mutating webhook that matches a `CREATE` of any namespaced resource inside a namespace that does not have a "runlevel" label of "0" or "1": --> <p>本例给出的变更性质的 Webhook 将匹配到对名字空间中具名字空间的资源的 <code>CREATE</code> 请求, 前提是这些资源不含值为 "0" 或 "1" 的 "runlevel" 标签:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#008000;font-weight:bold">apiVersion</span>:<span style="color:#bbb"> </span>admissionregistration.k8s.io/v1<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">kind</span>:<span style="color:#bbb"> </span>MutatingWebhookConfiguration<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">webhooks</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>- <span style="color:#008000;font-weight:bold">name</span>:<span style="color:#bbb"> </span>my-webhook.example.com<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">namespaceSelector</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">matchExpressions</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>- <span style="color:#008000;font-weight:bold">key</span>:<span style="color:#bbb"> </span>runlevel<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">operator</span>:<span style="color:#bbb"> </span>NotIn<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">values</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">"0"</span>,<span style="color:#bbb"> </span><span style="color:#b44">"1"</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">rules</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>- <span style="color:#008000;font-weight:bold">operations</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">"CREATE"</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">apiGroups</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">"*"</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">apiVersions</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">"*"</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">resources</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">"*"</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">scope</span>:<span style="color:#bbb"> </span><span style="color:#b44">"Namespaced"</span><span style="color:#bbb"> </span></span></span></code></pre></div><!-- This example shows a validating webhook that matches a `CREATE` of any namespaced resource inside a namespace that is associated with the "environment" of "prod" or "staging": --> <p>此示例显示了一个验证性质的 Webhook,它将匹配到对某名字空间中的任何具名字空间的资源的 <code>CREATE</code> 请求,前提是该名字空间具有值为 "prod" 或 "staging" 的 "environment" 标签:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#008000;font-weight:bold">apiVersion</span>:<span style="color:#bbb"> </span>admissionregistration.k8s.io/v1<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">kind</span>:<span style="color:#bbb"> </span>ValidatingWebhookConfiguration<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">webhooks</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>- <span style="color:#008000;font-weight:bold">name</span>:<span style="color:#bbb"> </span>my-webhook.example.com<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">namespaceSelector</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">matchExpressions</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>- <span style="color:#008000;font-weight:bold">key</span>:<span style="color:#bbb"> </span>environment<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">operator</span>:<span style="color:#bbb"> </span>In<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">values</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">"prod"</span>,<span style="color:#bbb"> </span><span style="color:#b44">"staging"</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">rules</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>- <span style="color:#008000;font-weight:bold">operations</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">"CREATE"</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">apiGroups</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">"*"</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">apiVersions</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">"*"</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">resources</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">"*"</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">scope</span>:<span style="color:#bbb"> </span><span style="color:#b44">"Namespaced"</span><span style="color:#bbb"> </span></span></span></code></pre></div><!-- See [labels concept](/docs/concepts/overview/working-with-objects/labels) for more examples of label selectors. --> <p>有关标签选择器的更多示例,请参见 <a href="/zh-cn/docs/concepts/overview/working-with-objects/labels">标签</a>。</p> <!-- ### Matching requests: matchPolicy --> <h3 id="matching-requests-matchpolicy">匹配请求:matchPolicy</h3> <!-- API servers can make objects available via multiple API groups or versions. --> <p>API 服务器可以通过多个 API 组或版本来提供对象。</p> <!-- For example, if a webhook only specified a rule for some API groups/versions (like `apiGroups:["apps"], apiVersions:["v1","v1beta1"]`), and a request was made to modify the resource via another API group/version (like `extensions/v1beta1`), the request would not be sent to the webhook. --> <p>例如,如果一个 Webhook 仅为某些 API 组/版本指定了规则(例如 <code>apiGroups:["apps"], apiVersions:["v1","v1beta1"]</code>),而修改资源的请求是通过另一个 API 组/版本(例如 <code>extensions/v1beta1</code>)发出的,该请求将不会被发送到 Webhook。</p> <!-- The `matchPolicy` lets a webhook define how its `rules` are used to match incoming requests. Allowed values are `Exact` or `Equivalent`. --> <p><code>matchPolicy</code> 允许 Webhook 定义如何使用其 <code>rules</code> 匹配传入的请求。 允许的值为 <code>Exact</code> 或 <code>Equivalent</code>。</p> <!-- * `Exact` means a request should be intercepted only if it exactly matches a specified rule. * `Equivalent` means a request should be intercepted if modifies a resource listed in `rules`, even via another API group or version. In the example given above, the webhook that only registered for `apps/v1` could use `matchPolicy`: * `matchPolicy: Exact` would mean the `extensions/v1beta1` request would not be sent to the webhook * `matchPolicy: Equivalent` means the `extensions/v1beta1` request would be sent to the webhook (with the objects converted to a version the webhook had specified: `apps/v1`) --> <ul> <li><code>Exact</code> 表示仅当请求与指定规则完全匹配时才应拦截该请求。</li> <li><code>Equivalent</code> 表示如果某个请求意在修改 <code>rules</code> 中列出的资源, 即使该请求是通过其他 API 组或版本发起,也应拦截该请求。</li> </ul> <p>在上面给出的示例中,仅为 <code>apps/v1</code> 注册的 Webhook 可以使用 <code>matchPolicy</code>:</p> <ul> <li><code>matchPolicy: Exact</code> 表示不会将 <code>extensions/v1beta1</code> 请求发送到 Webhook</li> <li><code>matchPolicy:Equivalent</code> 表示将 <code>extensions/v1beta1</code> 请求发送到 Webhook (将对象转换为 Webhook 指定的版本:<code>apps/v1</code>)</li> </ul> <!-- Specifying `Equivalent` is recommended, and ensures that webhooks continue to intercept the resources they expect when upgrades enable new versions of the resource in the API server. --> <p>建议指定 <code>Equivalent</code>,确保升级后启用 API 服务器中资源的新版本时, Webhook 继续拦截他们期望的资源。</p> <!-- When a resource stops being served by the API server, it is no longer considered equivalent to other versions of that resource that are still served. For example, `extensions/v1beta1` deployments were first deprecated and then removed (in Kubernetes v1.16). Since that removal, a webhook with a `apiGroups:["extensions"], apiVersions:["v1beta1"], resources:["deployments"]` rule does not intercept deployments created via `apps/v1` APIs. For that reason, webhooks should prefer registering for stable versions of resources. --> <p>当 API 服务器停止提供某资源时,该资源不再被视为等同于该资源的其他仍在提供服务的版本。 例如,<code>extensions/v1beta1</code> 中的 Deployment 已被废弃,计划在 v1.16 中移除。</p> <p>移除后,带有 <code>apiGroups:["extensions"], apiVersions:["v1beta1"], resources: ["deployments"]</code> 规则的 Webhook 将不再拦截通过 <code>apps/v1</code> API 来创建的 Deployment。 因此,Webhook 应该优先注册稳定版本的资源。</p> <!-- This example shows a validating webhook that intercepts modifications to deployments (no matter the API group or version), and is always sent an `apps/v1` `Deployment` object: --> <p>此示例显示了一个验证性质的 Webhook,该 Webhook 拦截对 Deployment 的修改(无论 API 组或版本是什么), 始终会发送一个 <code>apps/v1</code> 版本的 Deployment 对象:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#008000;font-weight:bold">apiVersion</span>:<span style="color:#bbb"> </span>admissionregistration.k8s.io/v1<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">kind</span>:<span style="color:#bbb"> </span>ValidatingWebhookConfiguration<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">webhooks</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span>- <span style="color:#008000;font-weight:bold">name</span>:<span style="color:#bbb"> </span>my-webhook.example.com<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">matchPolicy</span>:<span style="color:#bbb"> </span>Equivalent<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">rules</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>- <span style="color:#008000;font-weight:bold">operations</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">"CREATE"</span>,<span style="color:#b44">"UPDATE"</span>,<span style="color:#b44">"DELETE"</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">apiGroups</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">"apps"</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">apiVersions</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">"v1"</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">resources</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">"deployments"</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">scope</span>:<span style="color:#bbb"> </span><span style="color:#b44">"Namespaced"</span><span style="color:#bbb"> </span></span></span></code></pre></div><!-- The `matchPolicy` for an admission webhooks defaults to `Equivalent`. --> <p>准入 Webhook 所用的 <code>matchPolicy</code> 默认为 <code>Equivalent</code>。</p> <!-- ### Matching requests: `matchConditions` --> <h3 id="matching-requests-matchConditions">匹配请求:<code>matchConditions</code> </h3> <div style="margin-top: 10px; margin-bottom: 10px;"> <b>特性状态:</b> <code>Kubernetes v1.28 [beta]</code> </div> <!-- You can define _match conditions_ for webhooks if you need fine-grained request filtering. These conditions are useful if you find that match rules, `objectSelectors` and `namespaceSelectors` still doesn't provide the filtering you want over when to call out over HTTP. Match conditions are [CEL expressions](/docs/reference/using-api/cel/). All match conditions must evaluate to true for the webhook to be called. --> <p>如果你需要细粒度地过滤请求,你可以为 Webhook 定义<strong>匹配条件</strong>。 如果你发现匹配规则、<code>objectSelectors</code> 和 <code>namespaceSelectors</code> 仍然不能提供你想要的何时进行 HTTP 调用的过滤条件,那么添加这些条件会很有用。 匹配条件是 <a href="/zh-cn/docs/reference/using-api/cel/">CEL 表达式</a>。 所有匹配条件都必须为 true 才能调用 Webhook。</p> <!-- Here is an example illustrating a few different uses for match conditions: --> <p>以下是一个例子,说明了匹配条件的几种不同用法:</p> <!-- ```yaml apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration webhooks: - name: my-webhook.example.com matchPolicy: Equivalent rules: - operations: ['CREATE','UPDATE'] apiGroups: ['*'] apiVersions: ['*'] resources: ['*'] failurePolicy: 'Ignore' # Fail-open (optional) sideEffects: None clientConfig: service: namespace: my-namespace name: my-webhook caBundle: '<omitted>' # You can have up to 64 matchConditions per webhook matchConditions: - name: 'exclude-leases' # Each match condition must have a unique name expression: '!(request.resource.group == "coordination.k8s.io" && request.resource.resource == "leases")' # Match non-lease resources. - name: 'exclude-kubelet-requests' expression: '!("system:nodes" in request.userInfo.groups)' # Match requests made by non-node users. - name: 'rbac' # Skip RBAC requests, which are handled by the second webhook. expression: 'request.resource.group != "rbac.authorization.k8s.io"' # This example illustrates the use of the 'authorizer'. The authorization check is more expensive # than a simple expression, so in this example it is scoped to only RBAC requests by using a second # webhook. Both webhooks can be served by the same endpoint. - name: rbac.my-webhook.example.com matchPolicy: Equivalent rules: - operations: ['CREATE','UPDATE'] apiGroups: ['rbac.authorization.k8s.io'] apiVersions: ['*'] resources: ['*'] failurePolicy: 'Fail' # Fail-closed (the default) sideEffects: None clientConfig: service: namespace: my-namespace name: my-webhook caBundle: '<omitted>' # You can have up to 64 matchConditions per webhook matchConditions: - name: 'breakglass' # Skip requests made by users authorized to 'breakglass' on this webhook. # The 'breakglass' API verb does not need to exist outside this check. expression: '!authorizer.group("admissionregistration.k8s.io").resource("validatingwebhookconfigurations").name("my-webhook.example.com").check("breakglass").allowed()' ``` --> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#008000;font-weight:bold">apiVersion</span>:<span style="color:#bbb"> </span>admissionregistration.k8s.io/v1<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">kind</span>:<span style="color:#bbb"> </span>ValidatingWebhookConfiguration<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">webhooks</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>- <span style="color:#008000;font-weight:bold">name</span>:<span style="color:#bbb"> </span>my-webhook.example.com<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">matchPolicy</span>:<span style="color:#bbb"> </span>Equivalent<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">rules</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>- <span style="color:#008000;font-weight:bold">operations</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">'CREATE'</span>,<span style="color:#b44">'UPDATE'</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">apiGroups</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">'*'</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">apiVersions</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">'*'</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">resources</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">'*'</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">failurePolicy</span>:<span style="color:#bbb"> </span><span style="color:#b44">'Ignore'</span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 失败时继续处理请求但跳过 Webhook (可选值)</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">sideEffects</span>:<span style="color:#bbb"> </span>None<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">clientConfig</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">service</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">namespace</span>:<span style="color:#bbb"> </span>my-namespace<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">name</span>:<span style="color:#bbb"> </span>my-webhook<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">caBundle</span>:<span style="color:#bbb"> </span><span style="color:#b44">'<omitted>'</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 你可以为每个 Webhook 配置最多 64 个 matchConditions</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">matchConditions</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>- <span style="color:#008000;font-weight:bold">name</span>:<span style="color:#bbb"> </span><span style="color:#b44">'exclude-leases'</span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 每个匹配条件必须有唯一的名称</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">expression</span>:<span style="color:#bbb"> </span><span style="color:#b44">'!(request.resource.group == "coordination.k8s.io" && request.resource.resource == "leases")'</span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 匹配非租约资源</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>- <span style="color:#008000;font-weight:bold">name</span>:<span style="color:#bbb"> </span><span style="color:#b44">'exclude-kubelet-requests'</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">expression</span>:<span style="color:#bbb"> </span><span style="color:#b44">'!("system:nodes" in request.userInfo.groups)'</span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 匹配非节点用户发出的请求</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>- <span style="color:#008000;font-weight:bold">name</span>:<span style="color:#bbb"> </span><span style="color:#b44">'rbac'</span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 跳过 RBAC 请求,该请求将由第二个 Webhook 处理</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">expression</span>:<span style="color:#bbb"> </span><span style="color:#b44">'request.resource.group != "rbac.authorization.k8s.io"'</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 这个示例演示了如何使用 “authorizer”。</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 授权检查比简单的表达式更复杂,因此在这个示例中,使用第二个 Webhook 来针对 RBAC 请求进行处理。</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 两个 Webhook 都可以由同一个端点提供服务。</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>- <span style="color:#008000;font-weight:bold">name</span>:<span style="color:#bbb"> </span>rbac.my-webhook.example.com<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">matchPolicy</span>:<span style="color:#bbb"> </span>Equivalent<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">rules</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>- <span style="color:#008000;font-weight:bold">operations</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">'CREATE'</span>,<span style="color:#b44">'UPDATE'</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">apiGroups</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">'rbac.authorization.k8s.io'</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">apiVersions</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">'*'</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">resources</span>:<span style="color:#bbb"> </span>[<span style="color:#b44">'*'</span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">failurePolicy</span>:<span style="color:#bbb"> </span><span style="color:#b44">'Fail'</span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 失败时拒绝请求 (默认值)</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">sideEffects</span>:<span style="color:#bbb"> </span>None<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">clientConfig</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">service</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">namespace</span>:<span style="color:#bbb"> </span>my-namespace<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">name</span>:<span style="color:#bbb"> </span>my-webhook<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">caBundle</span>:<span style="color:#bbb"> </span><span style="color:#b44">'<omitted>'</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 你可以为每个 Webhook 配置最多 64 个 matchConditions</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">matchConditions</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>- <span style="color:#008000;font-weight:bold">name</span>:<span style="color:#bbb"> </span><span style="color:#b44">'breakglass'</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 跳过由授权给 “breakglass” 的用户在这个 Webhook 上发起的请求。</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># “breakglass” API 不需要在这个检查之外存在。</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">expression</span>:<span style="color:#bbb"> </span><span style="color:#b44">'!authorizer.group("admissionregistration.k8s.io").resource("validatingwebhookconfigurations").name("my-webhook.example.com").check("breakglass").allowed()'</span><span style="color:#bbb"> </span></span></span></code></pre></div><div class="alert alert-info note callout" role="alert"> <strong>说明:</strong> <!-- You can define up to 64 elements in the `matchConditions` field per webhook. --> <p>你可以为每个 Webhook 在 <code>matchConditions</code> 字段中定义最多 64 个匹配条件。 </div> <!-- Match conditions have access to the following CEL variables: --> <p>匹配条件可以访问以下 CEL 变量:</p> <!-- - `object` - The object from the incoming request. The value is null for DELETE requests. The object version may be converted based on the [matchPolicy](#matching-requests-matchpolicy). --> <ul> <li><code>object</code> - 来自传入请求的对象。对于 DELETE 请求,该值为 null。 该对象版本可能根据 <a href="#matching-requests-matchpolicy">matchPolicy</a> 进行转换。</li> </ul> <!-- - `oldObject` - The existing object. The value is null for CREATE requests. --> <ul> <li><code>oldObject</code> - 现有对象。对于 CREATE 请求,该值为 null。</li> </ul> <!-- - `request` - The request portion of the [AdmissionReview](#request), excluding `object` and `oldObject`. --> <ul> <li><code>request</code> - <a href="#request">AdmissionReview</a> 的请求部分,不包括 object 和 oldObject。</li> </ul> <!-- - `authorizer` - A CEL Authorizer. May be used to perform authorization checks for the principal (authenticated user) of the request. See [Authz](https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz) in the Kubernetes CEL library documentation for more details. --> <ul> <li><code>authorizer</code> - 一个 CEL 鉴权组件。可用于对请求的主体(经过身份认证的用户)执行鉴权检查。 更多详细信息,请参阅 Kubernetes CEL 库文档中的 <a href="https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz">Authz</a>。</li> </ul> <!-- - `authorizer.requestResource` - A shortcut for an authorization check configured with the request resource (group, resource, (subresource), namespace, name). --> <ul> <li><code>authorizer.requestResource</code> - 对配置的请求资源(组、资源、(子资源)、名字空间、名称)进行授权检查的快捷方式。</li> </ul> <!-- For more information on CEL expressions, refer to the [Common Expression Language in Kubernetes reference](/docs/reference/using-api/cel/). --> <p>了解有关 CEL 表达式的更多信息,请参阅 <a href="/zh-cn/docs/reference/using-api/cel/">Kubernetes 参考文档中的通用表达式语言</a>。</p> <!-- In the event of an error evaluating a match condition the webhook is never called. Whether to reject the request is determined as follows: --> <p>如果在对匹配条件求值时出现错误,则不会调用 Webhook。根据以下方式确定是否拒绝请求:</p> <!-- 1. If **any** match condition evaluated to `false` (regardless of other errors), the API server skips the webhook. --> <ol> <li>如果<strong>任何一个</strong>匹配条件求值结果为 <code>false</code>(不管其他错误),API 服务器将跳过 Webhook。</li> </ol> <!-- 1. Otherwise: - for [`failurePolicy: Fail`](#failure-policy), reject the request (without calling the webhook). - for [`failurePolicy: Ignore`](#failure-policy), proceed with the request but skip the webhook. --> <ol> <li>否则: <ul> <li>对于 <a href="#failure-policy"><code>failurePolicy: Fail</code></a>,拒绝请求(不调用 Webhook)。</li> <li>对于 <a href="#failure-policy"><code>failurePolicy: Ignore</code></a>,继续处理请求但跳过 Webhook。</li> </ul> </li> </ol> <!-- ### Contacting the webhook --> <h3 id="contacting-the-webhook">调用 Webhook</h3> <!-- Once the API server has determined a request should be sent to a webhook, it needs to know how to contact the webhook. This is specified in the `clientConfig` stanza of the webhook configuration. Webhooks can either be called via a URL or a service reference, and can optionally include a custom CA bundle to use to verify the TLS connection. --> <p>API 服务器确定请求应发送到 Webhook 后,它需要知道如何调用 webhook。 此信息在 Webhook 配置的 <code>clientConfig</code> 节中指定。</p> <p>Webhook 可以通过 URL 或服务引用来调用,并且可以选择包含自定义 CA 包,以用于验证 TLS 连接。</p> <!-- #### URL --> <h4 id="url">URL</h4> <!-- `url` gives the location of the webhook, in standard URL form (`scheme://host:port/path`). --> <p><code>url</code> 以标准 URL 形式给出 Webhook 的位置(<code>scheme://host:port/path</code>)。</p> <!-- The `host` should not refer to a service running in the cluster; use a service reference by specifying the `service` field instead. The host might be resolved via external DNS in some API servers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address. --> <p><code>host</code> 不应引用集群中运行的服务;通过指定 <code>service</code> 字段来使用服务引用。 主机可以通过某些 API 服务器中的外部 DNS 进行解析。 (例如,<code>kube-apiserver</code> 无法解析集群内 DNS,因为这将违反分层规则)。<code>host</code> 也可以是 IP 地址。</p> <!-- Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an API server which might need to make calls to this webhook. Such installations are likely to be non-portable or not readily run in a new cluster. --> <p>请注意,将 <code>localhost</code> 或 <code>127.0.0.1</code> 用作 <code>host</code> 是有风险的, 除非你非常小心地在所有运行 apiserver 的、可能需要对此 Webhook 进行调用的主机上运行。这样的安装方式可能不具有可移植性,即很难在新集群中启用。</p> <!-- The scheme must be "https"; the URL must begin with "https://". --> <p>scheme 必须为 "https";URL 必须以 "https://" 开头。</p> <!-- Attempting to use a user or basic auth (for example `user:password@`) is not allowed. Fragments (`#...`) and query parameters (`?...`) are also not allowed. --> <p>使用用户或基本身份验证(例如:"user:password@")是不允许的。 使用片段("#...")和查询参数("?...")也是不允许的。</p> <!-- Here is an example of a mutating webhook configured to call a URL (and expects the TLS certificate to be verified using system trust roots, so does not specify a caBundle): --> <p>这是配置为调用 URL 的变更性质的 Webhook 的示例 (并且期望使用系统信任根证书来验证 TLS 证书,因此不指定 caBundle):</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#008000;font-weight:bold">apiVersion</span>:<span style="color:#bbb"> </span>admissionregistration.k8s.io/v1<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">kind</span>:<span style="color:#bbb"> </span>MutatingWebhookConfiguration<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">webhooks</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span>- <span style="color:#008000;font-weight:bold">name</span>:<span style="color:#bbb"> </span>my-webhook.example.com<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">clientConfig</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">url</span>:<span style="color:#bbb"> </span><span style="color:#b44">"https://my-webhook.example.com:9443/my-webhook-path"</span><span style="color:#bbb"> </span></span></span></code></pre></div><!-- #### Service reference --> <h4 id="service-reference">服务引用 </h4> <!-- The `service` stanza inside `clientConfig` is a reference to the service for this webhook. If the webhook is running within the cluster, then you should use `service` instead of `url`. The service namespace and name are required. The port is optional and defaults to 443. The path is optional and defaults to "/". --> <p><code>clientConfig</code> 内部的 Service 是对该 Webhook 服务的引用。 如果 Webhook 在集群中运行,则应使用 <code>service</code> 而不是 <code>url</code>。 服务的 <code>namespace</code> 和 <code>name</code> 是必需的。 <code>port</code> 是可选的,默认值为 443。<code>path</code> 是可选的,默认为 "/"。</p> <!-- Here is an example of a mutating webhook configured to call a service on port "1234" at the subpath "/my-path", and to verify the TLS connection against the ServerName `my-service-name.my-service-namespace.svc` using a custom CA bundle: --> <p>这是一个 mutating Webhook 的示例,该 mutating Webhook 配置为在子路径 "/my-path" 端口 "1234" 上调用服务,并使用自定义 CA 包针对 ServerName <code>my-service-name.my-service-namespace.svc</code> 验证 TLS 连接:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#008000;font-weight:bold">apiVersion</span>:<span style="color:#bbb"> </span>admissionregistration.k8s.io/v1<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">kind</span>:<span style="color:#bbb"> </span>MutatingWebhookConfiguration<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">webhooks</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span>- <span style="color:#008000;font-weight:bold">name</span>:<span style="color:#bbb"> </span>my-webhook.example.com<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">clientConfig</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">caBundle</span>:<span style="color:#bbb"> </span><CA_BUNDLE><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">service</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">namespace</span>:<span style="color:#bbb"> </span>my-service-namespace<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">name</span>:<span style="color:#bbb"> </span>my-service-name<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">path</span>:<span style="color:#bbb"> </span>/my-path<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">port</span>:<span style="color:#bbb"> </span><span style="color:#666">1234</span><span style="color:#bbb"> </span></span></span></code></pre></div><div class="alert alert-info note callout" role="alert"> <strong>说明:</strong> <!-- You must replace the `<CA_BUNDLE>` in the above example by a valid CA bundle which is a PEM-encoded CA bundle for validating the webhook's server certificate. --> <p>你必须在以上示例中将 <code><CA_BUNDLE></code> 替换为一个有效的 VA 证书包, 这是一个用 PEM 编码的 CA 证书包,用于校验 Webhook 的服务器证书。 </div> <!-- ### Side effects --> <h3 id="side-effects">副作用</h3> <!-- Webhooks typically operate only on the content of the `AdmissionReview` sent to them. Some webhooks, however, make out-of-band changes as part of processing admission requests. --> <p>Webhook 通常仅对发送给他们的 <code>AdmissionReview</code> 内容进行操作。 但是,某些 Webhook 在处理 admission 请求时会进行带外更改。</p> <!-- Webhooks that make out-of-band changes ("side effects") must also have a reconciliation mechanism (like a controller) that periodically determines the actual state of the world, and adjusts the out-of-band data modified by the admission webhook to reflect reality. This is because a call to an admission webhook does not guarantee the admitted object will be persisted as is, or at all. Later webhooks can modify the content of the object, a conflict could be encountered while writing to storage, or the server could power off before persisting the object. --> <p>进行带外更改的(产生“副作用”的) Webhook 必须具有协调机制(如控制器), 该机制定期确定事物的实际状态,并调整由准入 Webhook 修改的带外数据以反映现实情况。 这是因为对准入 Webhook 的调用不能保证所准入的对象将原样保留,或根本不保留。 以后,Webhook 可以修改对象的内容,在写入存储时可能会发生冲突, 或者服务器可以在持久保存对象之前关闭电源。</p> <!-- Additionally, webhooks with side effects must skip those side-effects when `dryRun: true` admission requests are handled. A webhook must explicitly indicate that it will not have side-effects when run with `dryRun`, or the dry-run request will not be sent to the webhook and the API request will fail instead. --> <p>此外,处理 <code>dryRun: true</code> admission 请求时,具有副作用的 Webhook 必须避免产生副作用。 一个 Webhook 必须明确指出在使用 <code>dryRun</code> 运行时不会有副作用, 否则 <code>dry-run</code> 请求将不会发送到该 Webhook,而 API 请求将会失败。</p> <!-- Webhooks indicate whether they have side effects using the `sideEffects` field in the webhook configuration: * `None`: calling the webhook will have no side effects. * `NoneOnDryRun`: calling the webhook will possibly have side effects, but if a request with `dryRun: true` is sent to the webhook, the webhook will suppress the side effects (the webhook is `dryRun`-aware). --> <p>Webhook 使用 Webhook 配置中的 <code>sideEffects</code> 字段显示它们是否有副作用:</p> <ul> <li><code>None</code>:调用 Webhook 没有副作用。</li> <li><code>NoneOnDryRun</code>:调用 Webhook 可能会有副作用,但是如果将带有 <code>dryRun: true</code> 属性的请求发送到 webhook,则 Webhook 将抑制副作用(该 Webhook 可识别 <code>dryRun</code>)。</li> </ul> <!-- Here is an example of a validating webhook indicating it has no side effects on `dryRun: true` requests: --> <p>这是一个 validating Webhook 的示例,表明它对 <code>dryRun: true</code> 请求没有副作用:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#008000;font-weight:bold">apiVersion</span>:<span style="color:#bbb"> </span>admissionregistration.k8s.io/v1<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">kind</span>:<span style="color:#bbb"> </span>ValidatingWebhookConfiguration<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">webhooks</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>- <span style="color:#008000;font-weight:bold">name</span>:<span style="color:#bbb"> </span>my-webhook.example.com<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">sideEffects</span>:<span style="color:#bbb"> </span>NoneOnDryRun<span style="color:#bbb"> </span></span></span></code></pre></div><!-- ### Timeouts --> <h3 id="timeouts">超时</h3> <!-- Because webhooks add to API request latency, they should evaluate as quickly as possible. `timeoutSeconds` allows configuring how long the API server should wait for a webhook to respond before treating the call as a failure. --> <p>由于 Webhook 会增加 API 请求的延迟,因此应尽快完成自身的操作。 <code>timeoutSeconds</code> 用来配置在将调用视为失败之前,允许 API 服务器等待 Webhook 响应的时间长度。</p> <!-- If the timeout expires before the webhook responds, the webhook call will be ignored or the API call will be rejected based on the [failure policy](#failure-policy). The timeout value must be between 1 and 30 seconds. Here is an example of a validating webhook with a custom timeout of 2 seconds: --> <p>如果超时在 Webhook 响应之前被触发,则基于<a href="#failure-policy">失败策略</a>,将忽略 Webhook 调用或拒绝 API 调用。</p> <p>超时值必须设置在 1 到 30 秒之间。</p> <p>这是一个自定义超时设置为 2 秒的 validating Webhook 的示例:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#008000;font-weight:bold">apiVersion</span>:<span style="color:#bbb"> </span>admissionregistration.k8s.io/v1<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">kind</span>:<span style="color:#bbb"> </span>ValidatingWebhookConfiguration<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">webhooks</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>- <span style="color:#008000;font-weight:bold">name</span>:<span style="color:#bbb"> </span>my-webhook.example.com<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">timeoutSeconds</span>:<span style="color:#bbb"> </span><span style="color:#666">2</span><span style="color:#bbb"> </span></span></span></code></pre></div><!-- The timeout for an admission webhook defaults to 10 seconds. --> <p>准入 Webhook 所用的超时时间默认为 10 秒。</p> <!-- ### Reinvocation policy --> <h3 id="reinvocation-policy">再调用策略 </h3> <!-- A single ordering of mutating admissions plugins (including webhooks) does not work for all cases (see https://issue.k8s.io/64333 as an example). A mutating webhook can add a new sub-structure to the object (like adding a `container` to a `pod`), and other mutating plugins which have already run may have opinions on those new structures (like setting an `imagePullPolicy` on all containers). --> <p>变更性质的准入插件(包括 Webhook)的任何一种排序方式都不会适用于所有情况。 (参见 <a href="https://issue.k8s.io/64333">https://issue.k8s.io/64333</a> 示例)。 变更性质的 Webhook 可以向对象中添加新的子结构(例如向 <code>pod</code> 中添加 <code>container</code>), 已经运行的其他修改插件可能会对这些新结构有影响 (就像在所有容器上设置 <code>imagePullPolicy</code> 一样)。</p> <!-- To allow mutating admission plugins to observe changes made by other plugins, built-in mutating admission plugins are re-run if a mutating webhook modifies an object, and mutating webhooks can specify a `reinvocationPolicy` to control whether they are reinvoked as well. --> <p>要允许变更性质的准入插件感应到其他插件所做的更改, 如果变更性质的 Webhook 修改了一个对象,则会重新运行内置的变更性质的准入插件, 并且变更性质的 Webhook 可以指定 <code>reinvocationPolicy</code> 来控制是否也重新调用它们。</p> <!-- `reinvocationPolicy` may be set to `Never` or `IfNeeded`. It defaults to `Never`. --> <p>可以将 <code>reinvocationPolicy</code> 设置为 <code>Never</code> 或 <code>IfNeeded</code>。 默认为 <code>Never</code>。</p> <!-- * `Never`: the webhook must not be called more than once in a single admission evaluation. * `IfNeeded`: the webhook may be called again as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call. --> <ul> <li><code>Never</code>: 在一次准入测试中,不得多次调用 Webhook。</li> <li><code>IfNeeded</code>: 如果在最初的 Webhook 调用之后被其他对象的插件修改了被接纳的对象, 则可以作为准入测试的一部分再次调用该 webhook。</li> </ul> <!-- The important elements to note are: --> <p>要注意的重要因素有:</p> <!-- * The number of additional invocations is not guaranteed to be exactly one. * If additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. * Webhooks that use this option may be reordered to minimize the number of additional invocations. * To validate an object after all mutations are guaranteed complete, use a validating admission webhook instead (recommended for webhooks with side-effects). --> <ul> <li>不能保证附加调用的次数恰好是一。</li> <li>如果其他调用导致对该对象的进一步修改,则不能保证再次调用 Webhook。</li> <li>使用此选项的 Webhook 可能会重新排序,以最大程度地减少额外调用的次数。</li> <li>要在确保所有修改都完成后验证对象,请改用验证性质的 Webhook (推荐用于有副作用的 Webhook)。</li> </ul> <!-- Here is an example of a mutating webhook opting into being re-invoked if later admission plugins modify the object: --> <p>这是一个变更性质的 Webhook 的示例,该 Webhook 在以后的准入插件修改对象时被重新调用:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#008000;font-weight:bold">apiVersion</span>:<span style="color:#bbb"> </span>admissionregistration.k8s.io/v1<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">kind</span>:<span style="color:#bbb"> </span>MutatingWebhookConfiguration<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">webhooks</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span>- <span style="color:#008000;font-weight:bold">name</span>:<span style="color:#bbb"> </span>my-webhook.example.com<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">reinvocationPolicy</span>:<span style="color:#bbb"> </span>IfNeeded<span style="color:#bbb"> </span></span></span></code></pre></div><!-- Mutating webhooks must be [idempotent](#idempotence), able to successfully process an object they have already admitted and potentially modified. This is true for all mutating admission webhooks, since any change they can make in an object could already exist in the user-provided object, but it is essential for webhooks that opt into reinvocation. --> <p>变更性质的 Webhook 必须具有<a href="#idempotence">幂等</a>性, 并且能够成功处理已被接纳并可能被修改的对象的变更性质的 Webhook。 对于所有变更性质的准入 Webhook 都是如此, 因为它们可以在对象中进行的任何更改可能已经存在于用户提供的对象中,但是对于选择重新调用的 Webhook 来说是必不可少的。</p> <!-- ### Failure policy --> <h3 id="failure-policy">失败策略</h3> <!-- `failurePolicy` defines how unrecognized errors and timeout errors from the admission webhook are handled. Allowed values are `Ignore` or `Fail`. * `Ignore` means that an error calling the webhook is ignored and the API request is allowed to continue. * `Fail` means that an error calling the webhook causes the admission to fail and the API request to be rejected. Here is a mutating webhook configured to reject an API request if errors are encountered calling the admission webhook: --> <p><code>failurePolicy</code> 定义了如何处理准入 Webhook 中无法识别的错误和超时错误。允许的值为 <code>Ignore</code> 或 <code>Fail</code>。</p> <ul> <li><code>Ignore</code> 表示调用 Webhook 的错误将被忽略并且允许 API 请求继续。</li> <li><code>Fail</code> 表示调用 Webhook 的错误导致准入失败并且 API 请求被拒绝。</li> </ul> <p>这是一个变更性质的 webhook,配置为在调用准入 Webhook 遇到错误时拒绝 API 请求:</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#008000;font-weight:bold">apiVersion</span>:<span style="color:#bbb"> </span>admissionregistration.k8s.io/v1<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">kind</span>:<span style="color:#bbb"> </span>MutatingWebhookConfiguration<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span><span style="color:#008000;font-weight:bold">webhooks</span>:<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span>- <span style="color:#008000;font-weight:bold">name</span>:<span style="color:#bbb"> </span>my-webhook.example.com<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">failurePolicy</span>:<span style="color:#bbb"> </span>Fail<span style="color:#bbb"> </span></span></span></code></pre></div><!-- The default `failurePolicy` for an admission webhooks is `Fail`. --> <p>准入 Webhook 所用的默认 <code>failurePolicy</code> 是 <code>Fail</code>。</p> <!-- ## Monitoring admission webhooks --> <h2 id="monitoring-admission-webhooks">监控 Admission Webhook </h2> <!-- The API server provides ways to monitor admission webhook behaviors. These monitoring mechanisms help cluster admins to answer questions like: 1. Which mutating webhook mutated the object in a API request? 2. What change did the mutating webhook applied to the object? 3. Which webhooks are frequently rejecting API requests? What's the reason for a rejection? --> <p>API 服务器提供了监视准入 Webhook 行为的方法。这些监视机制可帮助集群管理员回答以下问题:</p> <ol> <li>哪个变更性质的 Webhook 改变了 API 请求中的对象?</li> <li>变更性质的 Webhook 对对象做了哪些更改?</li> <li>哪些 Webhook 经常拒绝 API 请求?是什么原因拒绝?</li> </ol> <!-- ### Mutating webhook auditing annotations --> <h3 id="mutating-webhook-auditing-annotations">Mutating Webhook 审计注解</h3> <!-- Sometimes it's useful to know which mutating webhook mutated the object in a API request, and what change did the webhook apply. --> <p>有时,了解 API 请求中的哪个变更性质的 Webhook 使对象改变以及该 Webhook 应用了哪些更改很有用。</p> <!-- The Kubernetes API server performs [auditing](/docs/tasks/debug/debug-cluster/audit/) on each mutating webhook invocation. Each invocation generates an auditing annotation capturing if a request object is mutated by the invocation, and optionally generates an annotation capturing the applied patch from the webhook admission response. The annotations are set in the audit event for given request on given stage of its execution, which is then pre-processed according to a certain policy and written to a backend. --> <p>Kubernetes API 服务器针对每个变更性质的 Webhook 调用执行<a href="/zh-cn/docs/tasks/debug/debug-cluster/audit/">审计</a>操作。 每个调用都会生成一个审计注解,记述请求对象是否发生改变, 可选地还可以根据 Webhook 的准入响应生成一个注解,记述所应用的修补。 针对给定请求的给定执行阶段,注解被添加到审计事件中, 然后根据特定策略进行预处理并写入后端。</p> <!-- The audit level of a event determines which annotations get recorded: --> <p>事件的审计级别决定了要记录哪些注解:</p> <!-- - At `Metadata` audit level or higher, an annotation with key - At `Metadata` audit level or higher, an annotation with key `mutation.webhook.admission.k8s.io/round_{round idx}_index_{order idx}` gets logged with JSON payload indicating a webhook gets invoked for given request and whether it mutated the object or not. --> <ul> <li> <p>在 <code>Metadata</code> 或更高审计级别上,将使用 JSON 负载记录带有键名 <code>mutation.webhook.admission.k8s.io/round_{round idx}_index_{order idx}</code> 的注解, 该注解表示针对给定请求调用了 Webhook,以及该 Webhook 是否更改了对象。</p> <!-- For example, the following annotation gets recorded for a webhook being reinvoked. The webhook is ordered the third in the mutating webhook chain, and didn't mutated the request object during the invocation. --> <p>例如,对于正在被重新调用的某 Webhook,所记录的注解如下。 Webhook 在 mutating Webhook 链中排在第三个位置,并且在调用期间未改变请求对象。</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#080;font-style:italic"># 审计事件相关记录</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span>{<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">"kind": </span><span style="color:#b44">"Event"</span>,<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">"apiVersion": </span><span style="color:#b44">"audit.k8s.io/v1"</span>,<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">"annotations": </span>{<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">"mutation.webhook.admission.k8s.io/round_1_index_2": "{\"configuration\":\"my-mutating-webhook-configuration.example.com\",\"webhook\":\"my-webhook.example.com\",\"mutated\": </span><span style="color:#a2f;font-weight:bold">false</span>}"<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 其他注解</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>...<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>}<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 其他字段</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>...<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span>}<span style="color:#bbb"> </span></span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#080;font-style:italic"># 反序列化的注解值</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span>{<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">"configuration": </span><span style="color:#b44">"my-mutating-webhook-configuration.example.com"</span>,<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">"webhook": </span><span style="color:#b44">"my-webhook.example.com"</span>,<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">"mutated": </span><span style="color:#a2f;font-weight:bold">false</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span>}<span style="color:#bbb"> </span></span></span></code></pre></div><!-- The following annotation gets recorded for a webhook being invoked in the first round. The webhook is ordered the first in the mutating webhook chain, and mutated the request object during the invocation. --> <p>对于在第一轮中调用的 Webhook,所记录的注解如下。 Webhook 在 mutating Webhook 链中排在第一位,并在调用期间改变了请求对象。</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#080;font-style:italic"># 审计事件相关记录</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span>{<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">"kind": </span><span style="color:#b44">"Event"</span>,<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">"apiVersion": </span><span style="color:#b44">"audit.k8s.io/v1"</span>,<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">"annotations": </span>{<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">"mutation.webhook.admission.k8s.io/round_0_index_0": "{\"configuration\":\"my-mutating-webhook-configuration.example.com\",\"webhook\":\"my-webhook-always-mutate.example.com\",\"mutated\": </span><span style="color:#a2f;font-weight:bold">true</span>}"<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 其他注解</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>...<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>}<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 其他字段</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>...<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span>}<span style="color:#bbb"> </span></span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#080;font-style:italic"># 反序列化的注解值</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span>{<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">"configuration": </span><span style="color:#b44">"my-mutating-webhook-configuration.example.com"</span>,<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">"webhook": </span><span style="color:#b44">"my-webhook-always-mutate.example.com"</span>,<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">"mutated": </span><span style="color:#a2f;font-weight:bold">true</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span>}<span style="color:#bbb"> </span></span></span></code></pre></div></li> </ul> <!-- - At `Request` audit level or higher, an annotation with key `patch.webhook.admission.k8s.io/round_{round idx}_index_{order idx}` gets logged with JSON payload indicating a webhook gets invoked for given request and what patch gets applied to the request object. --> <ul> <li> <p>在 <code>Request</code> 或更高审计级别上,将使用 JSON 负载记录带有键名为 <code>patch.webhook.admission.k8s.io/round_{round idx}_index_{order idx}</code> 的注解, 该注解表明针对给定请求调用了 Webhook 以及应用于请求对象之上的修改。</p> <!-- For example, the following annotation gets recorded for a webhook being reinvoked. The webhook is ordered the fourth in the mutating webhook chain, and responded with a JSON patch which got applied to the request object. --> <p>例如,以下是针对正在被重新调用的某 Webhook 所记录的注解。 Webhook 在变更性质的 Webhook 链中排在第四,并在其响应中包含一个 JSON 补丁, 该补丁已被应用于请求对象。</p> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#080;font-style:italic"># 审计事件相关记录</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span>{<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">"kind": </span><span style="color:#b44">"Event"</span>,<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">"apiVersion": </span><span style="color:#b44">"audit.k8s.io/v1"</span>,<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">"annotations": </span>{<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">"patch.webhook.admission.k8s.io/round_1_index_3": </span><span style="color:#b44">"{\"configuration\":\"my-other-mutating-webhook-configuration.example.com\",\"webhook\":\"my-webhook-always-mutate.example.com\",\"patch\":[{\"op\":\"add\",\"path\":\"/data/mutation-stage\",\"value\":\"yes\"}],\"patchType\":\"JSONPatch\"}"</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 其他注解</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>...<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>}<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#080;font-style:italic"># 其他字段</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>...<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span>}<span style="color:#bbb"> </span></span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#080;font-style:italic"># 反序列化的注解值</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span>{<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">"configuration": </span><span style="color:#b44">"my-other-mutating-webhook-configuration.example.com"</span>,<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">"webhook": </span><span style="color:#b44">"my-webhook-always-mutate.example.com"</span>,<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">"patchType": </span><span style="color:#b44">"JSONPatch"</span>,<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">"patch": </span>[<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>{<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">"op": </span><span style="color:#b44">"add"</span>,<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">"path": </span><span style="color:#b44">"/data/mutation-stage"</span>,<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span><span style="color:#008000;font-weight:bold">"value": </span><span style="color:#b44">"yes"</span><span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>}<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"> </span>]<span style="color:#bbb"> </span></span></span><span style="display:flex;"><span><span style="color:#bbb"></span>}<span style="color:#bbb"> </span></span></span></code></pre></div></li> </ul> <!-- ### Admission webhook metrics --> <h3 id="admission-webhook-metrics">准入 Webhook 度量值</h3> <!-- The API server exposes Prometheus metrics from the `/metrics` endpoint, which can be used for monitoring and diagnosing API server status. The following metrics record status related to admission webhooks. --> <p>API 服务器从 <code>/metrics</code> 端点公开 Prometheus 指标,这些指标可用于监控和诊断 API 服务器状态。 以下指标记录了与准入 Webhook 相关的状态。</p> <!-- #### API server admission webhook rejection count --> <h4 id="api-server-admission-webhook-rejection-count">apiserver 准入 Webhook 拒绝次数</h4> <!-- Sometimes it's useful to know which admission webhooks are frequently rejecting API requests, and the reason for a rejection. The API server exposes a Prometheus counter metric recording admission webhook rejections. The metrics are labelled to identify the causes of webhook rejection(s): --> <p>有时,了解哪些准入 Webhook 经常拒绝 API 请求以及拒绝的原因是很有用的。</p> <p>在 v1.16+ 中,kube-apiserver 提供了 Prometheus 计数器度量值,记录 准入 Webhook 的拒绝次数。 度量值的标签给出了 Webhook 拒绝该请求的原因:</p> <!-- - `name`: the name of the webhook that rejected a request. - `operation`: the operation type of the request, can be one of `CREATE`, `UPDATE`, `DELETE` and `CONNECT`. - `type`: the admission webhook type, can be one of `admit` and `validating`. - `error_type`: identifies if an error occurred during the webhook invocation that caused the rejection. Its value can be one of: - `calling_webhook_error`: unrecognized errors or timeout errors from the admission webhook happened and the webhook's [Failure policy](#failure-policy) is set to `Fail`. - `no_error`: no error occurred. The webhook rejected the request with `allowed: false` in the admission response. The metrics label `rejection_code` records the `.status.code` set in the admission response. - `apiserver_internal_error`: an API server internal error happened. - `rejection_code`: the HTTP status code set in the admission response when a webhook rejected a request. --> <ul> <li><code>name</code>:拒绝请求 Webhook 的名称。</li> <li><code>operation</code>:请求的操作类型可以是 <code>CREATE</code>、<code>UPDATE</code>、<code>DELETE</code> 和 <code>CONNECT</code> 其中之一。</li> <li><code>type</code>:Admission Webhook 类型,可以是 <code>admit</code> 和 <code>validating</code> 其中之一。</li> <li><code>error_type</code>:标识在 Webhook 调用期间是否发生了错误并且导致了拒绝。其值可以是以下之一: <ul> <li><code>calling_webhook_error</code>:发生了来自准入 Webhook 的无法识别的错误或超时错误, 并且 Webhook 的 <a href="#failure-policy">失败策略</a> 设置为 <code>Fail</code>。</li> <li><code>no_error</code>:未发生错误。Webhook 在准入响应中以 <code>allowed: false</code> 值拒绝了请求。 度量标签 <code>rejection_code</code> 记录了在准入响应中设置的 <code>.status.code</code>。</li> <li><code>apiserver_internal_error</code>:apiserver 发生内部错误。</li> </ul> </li> <li><code>rejection_code</code>:当 Webhook 拒绝请求时,在准入响应中设置的 HTTP 状态码。</li> </ul> <!-- Example of the rejection count metrics: --> <p>拒绝计数指标示例:</p> <pre tabindex="0"><code># HELP apiserver_admission_webhook_rejection_count [ALPHA] Admission webhook rejection count, identified by name and broken out for each admission type (validating or admit) and operation. Additional labels specify an error type (calling_webhook_error or apiserver_internal_error if an error occurred; no_error otherwise) and optionally a non-zero rejection code if the webhook rejects the request with an HTTP status code (honored by the apiserver when the code is greater or equal to 400). Codes greater than 600 are truncated to 600, to keep the metrics cardinality bounded. # TYPE apiserver_admission_webhook_rejection_count counter apiserver_admission_webhook_rejection_count{error_type="calling_webhook_error",name="always-timeout-webhook.example.com",operation="CREATE",rejection_code="0",type="validating"} 1 apiserver_admission_webhook_rejection_count{error_type="calling_webhook_error",name="invalid-admission-response-webhook.example.com",operation="CREATE",rejection_code="0",type="validating"} 1 apiserver_admission_webhook_rejection_count{error_type="no_error",name="deny-unwanted-configmap-data.example.com",operation="CREATE",rejection_code="400",type="validating"} 13 </code></pre><!-- ## Best practices and warnings ### Idempotence --> <h2 id="best-practices-and-warnings">最佳实践和警告</h2> <h3 id="idempotence">幂等性 </h3> <!-- An idempotent mutating admission webhook is able to successfully process an object it has already admitted and potentially modified. The admission can be applied multiple times without changing the result beyond the initial application. --> <p>幂等的变更性质的准入 Webhook 能够成功处理已经被它接纳甚或修改的对象。 即使多次执行该准入测试,也不会产生与初次执行结果相异的结果。</p> <!-- #### Example of idempotent mutating admission webhooks: 1. For a `CREATE` pod request, set the field `.spec.securityContext.runAsNonRoot` of the pod to true, to enforce security best practices. 2. For a `CREATE` pod request, if the field `.spec.containers[].resources.limits` of a container is not set, set default resource limits. 3. For a `CREATE` pod request, inject a sidecar container with name `foo-sidecar` if no container with the name `foo-sidecar` already exists. In the cases above, the webhook can be safely reinvoked, or admit an object that already has the fields set. --> <h4 id="example-of-idempotent-mutating-admission-webhooks">幂等 mutating admission Webhook 的示例:</h4> <ol> <li>对于 <code>CREATE</code> Pod 请求,将 Pod 的字段 <code>.spec.securityContext.runAsNonRoot</code> 设置为 true,以实施安全最佳实践。</li> <li>对于 <code>CREATE</code> Pod 请求,如果未设置容器的字段 <code>.spec.containers[].resources.limits</code>,设置默认资源限制值。</li> <li>对于 <code>CREATE</code> pod 请求,如果 Pod 中不存在名为 <code>foo-sidecar</code> 的边车容器, 向 Pod 注入一个 <code>foo-sidecar</code> 容器。</li> </ol> <p>在上述情况下,可以安全地重新调用 Webhook,或接受已经设置了字段的对象。</p> <!-- #### Example of non-idempotent mutating admission webhooks: --> <h4 id="example-of-non-idempotent-mutating-admission-webhooks">非幂等 mutating admission Webhook 的示例:</h4> <!-- 1. For a `CREATE` pod request, inject a sidecar container with name `foo-sidecar` suffixed with the current timestamp (e.g. `foo-sidecar-19700101-000000`). 2. For a `CREATE`/`UPDATE` pod request, reject if the pod has label `"env"` set, otherwise add an `"env": "prod"` label to the pod. 3. For a `CREATE` pod request, blindly append a sidecar container named `foo-sidecar` without looking to see if there is already a `foo-sidecar` container in the pod. --> <ol> <li>对于 <code>CREATE</code> pod 请求,注入名称为 <code>foo-sidecar</code> 并带有当前时间戳的 边车容器(例如 <code>foo-sidecar-19700101-000000</code>)。</li> <li>对于 <code>CREATE/UPDATE</code> pod 请求,如果容器已设置标签 <code>"env"</code> 则拒绝, 否则将 <code>"env": "prod"</code> 标签添加到容器。</li> <li>对于 <code>CREATE</code> pod 请求,盲目地添加一个名为 <code>foo-sidecar</code> 的边车容器, 而未查看 Pod 中是否已经有 <code>foo-sidecar</code> 容器。</li> </ol> <!-- In the first case above, reinvoking the webhook can result in the same sidecar being injected multiple times to a pod, each time with a different container name. Similarly the webhook can inject duplicated containers if the sidecar already exists in a user-provided pod. In the second case above, reinvoking the webhook will result in the webhook failing on its own output. In the third case above, reinvoking the webhook will result in duplicated containers in the pod spec, which makes the request invalid and rejected by the API server. --> <p>在上述第一种情况下,重新调用该 Webhook 可能导致同一个 Sidecar 容器 多次注入到 Pod 中,而且每次使用不同的容器名称。 类似地,如果 Sidecar 已存在于用户提供的 Pod 中,则 Webhook 可能注入重复的容器。</p> <p>在上述第二种情况下,重新调用 Webhook 将导致 Webhook 自身输出失败。</p> <p>在上述第三种情况下,重新调用 Webhook 将导致 Pod 规范中的容器重复, 从而使请求无效并被 API 服务器拒绝。</p> <!-- ### Intercepting all versions of an object It is recommended that admission webhooks should always intercept all versions of an object by setting `.webhooks[].matchPolicy` to `Equivalent`. It is also recommended that admission webhooks should prefer registering for stable versions of resources. Failure to intercept all versions of an object can result in admission policies not being enforced for requests in certain versions. See [Matching requests: matchPolicy](#matching-requests-matchpolicy) for examples. --> <h3 id="intercepting-all-versions-of-an-object">拦截对象的所有版本</h3> <p>建议通过将 <code>.webhooks[].matchPolicy</code> 设置为 <code>Equivalent</code>, 以确保准入 Webhooks 始终拦截对象的所有版本。 建议准入 Webhooks 应该更偏向注册资源的稳定版本。 如果无法拦截对象的所有版本,可能会导致准入策略未再某些版本的请求上执行。 有关示例,请参见<a href="#matching-requests-matchpolicy">匹配请求:matchPolicy</a>。</p> <!-- ### Availability It is recommended that admission webhooks should evaluate as quickly as possible (typically in milliseconds), since they add to API request latency. It is encouraged to use a small timeout for webhooks. See [Timeouts](#timeouts) for more detail. It is recommended that admission webhooks should leverage some format of load-balancing, to provide high availability and performance benefits. If a webhook is running within the cluster, you can run multiple webhook backends behind a service to leverage the load-balancing that service supports. --> <h3 id="availability">可用性 </h3> <p>建议准入 Webhook 尽快完成执行(时长通常是毫秒级),因为它们会增加 API 请求的延迟。 建议对 Webhook 使用较小的超时值。有关更多详细信息,请参见<a href="#timeouts">超时</a>。</p> <p>建议 Admission Webhook 应该采用某种形式的负载均衡机制,以提供高可用性和高性能。 如果集群中正在运行 Webhook,则可以在服务后面运行多个 Webhook 后端,以利用该服务支持的负载均衡。</p> <!-- ### Guaranteeing the final state of the object is seen Admission webhooks that need to guarantee they see the final state of the object in order to enforce policy should use a validating admission webhook, since objects can be modified after being seen by mutating webhooks. For example, a mutating admission webhook is configured to inject a sidecar container with name "foo-sidecar" on every `CREATE` pod request. If the sidecar *must* be present, a validating admisson webhook should also be configured to intercept `CREATE` pod requests, and validate that a container with name "foo-sidecar" with the expected configuration exists in the to-be-created object. --> <h3 id="guaranteeing-the-final-state-of-the-object-is-seen">确保看到对象的最终状态</h3> <p>如果某准入 Webhook 需要保证自己能够看到对象的最终状态以实施策略, 则应该使用一个验证性质的 webhook, 因为可以通过 mutating Webhook 看到对象后对其进行修改。</p> <p>例如,一个变更性质的准入 Webhook 被配置为在每个 <code>CREATE</code> Pod 请求中注入一个名称为 "foo-sidecar" 的 sidecar 容器。</p> <p>如果<em>必须</em>存在边车容器,则还应配置一个验证性质的准入 Webhook 以拦截 <code>CREATE</code> Pod 请求,并验证要创建的对象中是否存在具有预期配置的名称为 "foo-sidecar" 的容器。</p> <!-- ### Avoiding deadlocks in self-hosted webhooks A webhook running inside the cluster might cause deadlocks for its own deployment if it is configured to intercept resources required to start its own pods. For example, a mutating admission webhook is configured to admit `CREATE` pod requests only if a certain label is set in the pod (e.g. `"env": "prod"`). The webhook server runs in a deployment which doesn't set the `"env"` label. When a node that runs the webhook server pods becomes unhealthy, the webhook deployment will try to reschedule the pods to another node. However the requests will get rejected by the existing webhook server since the `"env"` label is unset, and the migration cannot happen. It is recommended to exclude the namespace where your webhook is running with a [namespaceSelector](#matching-requests-namespaceselector). --> <h3 id="avoiding-deadlocks-in-self-hosted-webhooks">避免自托管的 Webhooks 中出现死锁</h3> <p>如果集群内的 Webhook 配置能够拦截启动其自己的 Pod 所需的资源, 则该 Webhook 可能导致其自身部署时发生死锁。</p> <p>例如,某变更性质的准入 Webhook 配置为仅当 Pod 中设置了某个标签 (例如 <code>"env": "prod"</code>)时,才接受 <code>CREATE</code> Pod 请求。 Webhook 服务器在未设置 <code>"env"</code> 标签的 Deployment 中运行。当运行 Webhook 服务器的 容器的节点运行不正常时,Webhook 部署尝试将容器重新调度到另一个节点。 但是,由于未设置 <code>"env"</code> 标签,因此请求将被现有的 Webhook 服务器拒绝,并且调度迁移不会发生。</p> <p>建议使用 <a href="#matching-requests-namespaceselector">namespaceSelector</a> 排除 Webhook 所在的名字空间。</p> <!-- ### Side effects It is recommended that admission webhooks should avoid side effects if possible, which means the webhooks operate only on the content of the `AdmissionReview` sent to them, and do not make out-of-band changes. The `.webhooks[].sideEffects` field should be set to `None` if a webhook doesn't have any side effect. If side effects are required during the admission evaluation, they must be suppressed when processing an `AdmissionReview` object with `dryRun` set to `true`, and the `.webhooks[].sideEffects` field should be set to `NoneOnDryRun`. See [Side effects](#side-effects) for more detail. --> <h3 id="side-effects">副作用 </h3> <p>建议准入 Webhook 应尽可能避免副作用,这意味着该准入 Webhook 仅对发送给他们的 <code>AdmissionReview</code> 的内容起作用,并且不要进行额外更改。 如果 Webhook 没有任何副作用,则 <code>.webhooks[].sideEffects</code> 字段应设置为 <code>None</code>。</p> <p>如果在准入执行期间存在副作用,则应在处理 <code>dryRun</code> 为 <code>true</code> 的 <code>AdmissionReview</code> 对象时避免产生副作用,并且其 <code>.webhooks[].sideEffects</code> 字段应设置为 <code>NoneOnDryRun</code>。更多详细信息,请参见<a href="#side-effects">副作用</a>。</p> <!-- ### Avoiding operating on the kube-system namespace --> <h3 id="avoiding-operating-on-the-kube-system-namespace">避免对 kube-system 名字空间进行操作</h3> <!-- The `kube-system` namespace contains objects created by the Kubernetes system, e.g. service accounts for the control plane components, pods like `kube-dns`. Accidentally mutating or rejecting requests in the `kube-system` namespace may cause the control plane components to stop functioning or introduce unknown behavior. If your admission webhooks don't intend to modify the behavior of the Kubernetes control plane, exclude the `kube-system` namespace from being intercepted using a [`namespaceSelector`](#matching-requests-namespaceselector). --> <p><code>kube-system</code> 名字空间包含由 Kubernetes 系统创建的对象, 例如用于控制平面组件的服务账号,诸如 <code>kube-dns</code> 之类的 Pod 等。 意外更改或拒绝 <code>kube-system</code> 名字空间中的请求可能会导致控制平面组件停止运行或者导致未知行为发生。 如果你的准入 Webhook 不想修改 Kubernetes 控制平面的行为,请使用 <a href="#matching-requests-namespaceselector"><code>namespaceSelector</code></a> 避免拦截 <code>kube-system</code> 名字空间。</p> </div> <div id="pre-footer"> <h2>反馈</h2> <p class="feedback--prompt">此页是否对你有帮助? </p> <button class="btn btn-primary mb-4 feedback--yes">是</button> <button class="btn btn-primary mb-4 feedback--no">否</button> <p class="feedback--response feedback--response__hidden"> 感谢反馈。如果你有一个关于如何使用 Kubernetes 的具体问题需要答案,可以访问 <a target="_blank" rel="noopener" href="https://stackoverflow.com/questions/tagged/kubernetes"> Stack Overflow</a>. 在 GitHub 仓库上登记新的问题 <a class="feedback--link" target="_blank" rel="noopener" href="https://github.com/kubernetes/website/issues/new?title=Issue%20with%20k8s.io"> 报告问题</a> 或者 <a class="feedback--link" target="_blank" rel="noopener" href="https://github.com/kubernetes/website/issues/new?title=Improvement%20for%20k8s.io"> 提出改进建议</a>. </p> </div> <script> const yes = document.querySelector('.feedback--yes'); const no = document.querySelector('.feedback--no'); document.querySelectorAll('.feedback--link').forEach(link => { link.href = link.href + window.location.pathname; }); const sendFeedback = (value) => { if (!gtag) { console.log('!gtag'); } gtag('event', 'click', { 'event_category': 'Helpful', 'event_label': window.location.pathname, value }); }; const disableButtons = () => { yes.disabled = true; yes.classList.add('feedback--button__disabled'); no.disabled = true; no.classList.add('feedback--button__disabled'); }; yes.addEventListener('click', () => { sendFeedback(1); disableButtons(); document.querySelector('.feedback--response').classList.remove('feedback--response__hidden'); }); no.addEventListener('click', () => { sendFeedback(0); disableButtons(); document.querySelector('.feedback--response').classList.remove('feedback--response__hidden'); }); </script> <div class="text-muted mt-5 pt-3 border-top"> 最后修改 October 05, 2023 at 10:58 AM PST: <a href="https://github.com/kubernetes/website/commit/3ecbb41a7e8a0f85e871e29dbd674a22a0202149">[zh] Fix some links in the zh-cn localization site (3ecbb41a7e)</a> </div> </main> <div class="d-none d-xl-block td-toc d-print-none col-xl-4"> <div class="td-page-meta ml-2 pb-1 pt-2 mb-0"> <a href="https://github.com/kubernetes/website/edit/main/content/zh-cn/docs/reference/access-authn-authz/extensible-admission-controllers.md" target="_blank"><i class="fa fa-edit fa-fw"></i> 编辑此页</a> <a href="https://github.com/kubernetes/website/new/main/content/zh-cn/docs/reference/access-authn-authz/extensible-admission-controllers.md?filename=change-me.md&value=---%0Atitle%3A+%22Long+Page+Title%22%0AlinkTitle%3A+%22Short+Nav+Title%22%0Aweight%3A+100%0Adescription%3A+%3E-%0A+++++Page+description+for+heading+and+indexes.%0A---%0A%0A%23%23+Heading%0A%0AEdit+this+template+to+create+your+new+page.%0A%0A%2A+Give+it+a+good+name%2C+ending+in+%60.md%60+-+e.g.+%60getting-started.md%60%0A%2A+Edit+the+%22front+matter%22+section+at+the+top+of+the+page+%28weight+controls+how+its+ordered+amongst+other+pages+in+the+same+directory%3B+lowest+number+first%29.%0A%2A+Add+a+good+commit+message+at+the+bottom+of+the+page+%28%3C80+characters%3B+use+the+extended+description+field+for+more+detail%29.%0A%2A+Create+a+new+branch+so+you+can+preview+your+new+file+and+request+a+review+via+Pull+Request.%0A" target="_blank"><i class="fa fa-edit fa-fw"></i> 添加子页面</a> <a href="https://github.com/kubernetes/website/issues/new?title=%e5%8a%a8%e6%80%81%e5%87%86%e5%85%a5%e6%8e%a7%e5%88%b6" target="_blank"><i class="fab fa-github fa-fw"></i> 登记一个问题</a> <a id="print" href="https://kubernetes.io/zh-cn/docs/reference/access-authn-authz/_print/"><i class="fa fa-print fa-fw"></i> 整节打印</a> </div> <nav id="TableOfContents"> <ul> <li><a href="#what-are-admission-webhooks">什么是准入 Webhook?</a></li> <li><a href="#experimenting-with-admission-webhooks">尝试准入 Webhook</a> <ul> <li><a href="#prerequisites">先决条件</a></li> <li><a href="#write-an-admission-webhook-server">编写一个准入 Webhook 服务器</a></li> <li><a href="#deploy-the-admission-webhook-service">部署准入 Webhook 服务</a></li> <li><a href="#configure-admission-webhooks-on-the-fly">即时配置准入 Webhook</a></li> <li><a href="#authenticate-apiservers">对 API 服务器进行身份认证</a></li> </ul> </li> <li><a href="#webhook-request-and-response">Webhook 请求与响应</a> <ul> <li><a href="#request">请求</a></li> <li><a href="#response">响应</a></li> </ul> </li> <li><a href="#webhook-configuration">Webhook 配置</a> <ul> <li><a href="#matching-requests-rules">匹配请求-规则</a></li> <li><a href="#matching-requests-objectselector">匹配请求:objectSelector</a></li> <li><a href="#matching-requests-namespaceselector">匹配请求:namespaceSelector</a></li> <li><a href="#matching-requests-matchpolicy">匹配请求:matchPolicy</a></li> <li><a href="#matching-requests-matchConditions">匹配请求:<code>matchConditions</code> </a></li> <li><a href="#contacting-the-webhook">调用 Webhook</a></li> <li><a href="#side-effects">副作用</a></li> <li><a href="#timeouts">超时</a></li> <li><a href="#reinvocation-policy">再调用策略 </a></li> <li><a href="#failure-policy">失败策略</a></li> </ul> </li> <li><a href="#monitoring-admission-webhooks">监控 Admission Webhook </a> <ul> <li><a href="#mutating-webhook-auditing-annotations">Mutating Webhook 审计注解</a></li> <li><a href="#admission-webhook-metrics">准入 Webhook 度量值</a></li> </ul> </li> <li><a href="#best-practices-and-warnings">最佳实践和警告</a> <ul> <li><a href="#idempotence">幂等性 </a></li> <li><a href="#intercepting-all-versions-of-an-object">拦截对象的所有版本</a></li> <li><a href="#availability">可用性 </a></li> <li><a href="#guaranteeing-the-final-state-of-the-object-is-seen">确保看到对象的最终状态</a></li> <li><a href="#avoiding-deadlocks-in-self-hosted-webhooks">避免自托管的 Webhooks 中出现死锁</a></li> <li><a href="#side-effects">副作用 </a></li> <li><a href="#avoiding-operating-on-the-kube-system-namespace">避免对 kube-system 名字空间进行操作</a></li> </ul> </li> </ul> </nav> </div> </div> </div> </div> </div> <footer class="d-print-none"> <div class="footer__links"> <nav> <a class="text-white" href="/zh-cn/docs/home/">文档</a> <a class="text-white" href="/zh-cn/blog/">博客</a> <a class="text-white" href="/zh-cn/training/">培训</a> <a class="text-white" href="/zh-cn/partners/">合作伙伴</a> <a class="text-white" href="/zh-cn/community/">社区</a> <a class="text-white" href="/zh-cn/case-studies/">案例分析</a> </nav> </div> <div class="container-fluid"> <div class="row"> <div class="col-6 col-sm-2 text-xs-center order-sm-2"> <ul class="list-inline mb-0"> <li class="list-inline-item mx-2 h3" data-toggle="tooltip" data-placement="top" title="User mailing list" aria-label="User mailing list"> <a class="text-white" target="_blank" href="https://discuss.kubernetes.io"> <i class="fa fa-envelope"></i> </a> </li> <li class="list-inline-item mx-2 h3" data-toggle="tooltip" data-placement="top" title="Twitter" aria-label="Twitter"> <a class="text-white" target="_blank" href="https://twitter.com/kubernetesio"> <i class="fab fa-twitter"></i> </a> </li> <li class="list-inline-item mx-2 h3" data-toggle="tooltip" data-placement="top" title="Calendar" aria-label="Calendar"> <a class="text-white" target="_blank" href="https://calendar.google.com/calendar/embed?src=calendar%40kubernetes.io"> <i class="fas fa-calendar-alt"></i> </a> </li> <li class="list-inline-item mx-2 h3" data-toggle="tooltip" data-placement="top" title="Youtube" aria-label="Youtube"> <a class="text-white" target="_blank" href="https://youtube.com/kubernetescommunity"> <i class="fab fa-youtube"></i> </a> </li> </ul> </div> <div class="col-6 col-sm-2 text-right text-xs-center order-sm-3"> <ul class="list-inline mb-0"> <li class="list-inline-item mx-2 h3" data-toggle="tooltip" data-placement="top" title="GitHub" aria-label="GitHub"> <a class="text-white" target="_blank" href="https://github.com/kubernetes/kubernetes"> <i class="fab fa-github"></i> </a> </li> <li class="list-inline-item mx-2 h3" data-toggle="tooltip" data-placement="top" title="Slack" aria-label="Slack"> <a class="text-white" target="_blank" href="https://slack.k8s.io"> <i class="fab fa-slack"></i> </a> </li> <li class="list-inline-item mx-2 h3" data-toggle="tooltip" data-placement="top" title="Contribute" aria-label="Contribute"> <a class="text-white" target="_blank" href="https://git.k8s.io/community/contributors/guide"> <i class="fas fa-edit"></i> </a> </li> <li class="list-inline-item mx-2 h3" data-toggle="tooltip" data-placement="top" title="Stack Overflow" aria-label="Stack Overflow"> <a class="text-white" target="_blank" href="https://stackoverflow.com/questions/tagged/kubernetes"> <i class="fab fa-stack-overflow"></i> </a> </li> </ul> </div> <div class="col-12 col-sm-8 text-center order-sm-2"> <small class="text-white">© 2024 The Kubernetes 作者 | 文档发布基于 <a href="https://git.k8s.io/website/LICENSE" class="light-text">CC BY 4.0</a> 授权许可</small> <br/> <small class="text-white">Copyright © 2024 Linux 基金会®。保留所有权利。Linux 基金会已注册并使用商标。如需了解 Linux 基金会的商标列表,请访问<a href="https://www.linuxfoundation.org/trademark-usage" class="light-text">商标使用页面</a></small> <br/> <small class="text-white">ICP license: 京ICP备17074266号-3</small> </div> </div> </div> </footer> <script src="/js/jquery-3.6.0.min.js" integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" crossorigin="anonymous"></script> <script src="/js/popper-1.16.1.min.js" intregrity="sha384-9/reFTGAW83EW2RDu2S0VKaIzap3H66lZH81PoYlFhbGU+6BZp6G7niu735Sk7lN" crossorigin="anonymous"></script> <script src="/js/bootstrap-4.6.1.min.js" integrity="sha384-VHvPCCyXqtD5DqJeNxl2dtTyhF78xXNXdkwX1CZeRusQfRKp+tA7hAShOK/B/fQ2" crossorigin="anonymous"></script> <script src="/js/script.js"></script> <script async src="/js/mermaid-8.13.4.min.js" integrity="sha384-5hHNvPeMrNH14oM3IcQofDoBhiclNK3g2+hnEinKzQ07C4AliMeVpnvxuiwEGpaO" crossorigin="anonymous"></script> <script src="/js/main.min.5c0bf7f21dc4f66485f74efbbeeff28a7e4f8cddaac1bae47043159c922ff3a3.js" integrity="sha256-XAv38h3E9mSF9077vu/yin5PjN2qwbrkcEMVnJIv86M=" crossorigin="anonymous"></script> <script> let splitInstance = null; function enableSplitter(mediaQuery) { if (mediaQuery.matches) { if (!splitInstance) { splitInstance = Split(["#sidebarnav", "#maindoc"], { sizes: [20, 80], minSize: 100, }); } } else { if (splitInstance) { splitInstance.destroy(); splitInstance = null; } } } const screenWidthMediaQuery = window.matchMedia("(min-width: 768px)"); const eleNav = document.getElementById("sidebarnav"); if (eleNav !== null) { enableSplitter(screenWidthMediaQuery); screenWidthMediaQuery.addListener(enableSplitter); } </script> </body> </html>