Skip to content

Commit

Permalink
Merge pull request kubernetes#36154 from ydFu/fix-404-link
Browse files Browse the repository at this point in the history
[zh] Fix some 404 links
  • Loading branch information
k8s-ci-robot authored Aug 22, 2022
2 parents dff7efc + bb92531 commit 5706c58
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 20 deletions.
30 changes: 13 additions & 17 deletions content/zh-cn/docs/concepts/security/pod-security-policy.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@ content_type: concept
weight: 30
-->

<!-- overview -->

{{< feature-state for_k8s_version="v1.21" state="deprecated" >}}

{{< caution >}}
Expand Down Expand Up @@ -50,9 +52,9 @@ administrator to control the following:
-->
## 什么是 Pod 安全策略? {#what-is-a-pod-security-policy}

**Pod 安全策略(Pod Security Policy)**是集群级别的资源,它能够控制 Pod
**Pod 安全策略(Pod Security Policy)** 是集群级别的资源,它能够控制 Pod
规约中与安全性相关的各个方面。
[PodSecurityPolicy](/zh-cn/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#podsecuritypolicy-v1beta1-policy)
[PodSecurityPolicy](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#podsecuritypolicy-v1beta1-policy)
对象定义了一组 Pod 运行时必须遵循的条件及相关字段的默认值,只有 Pod 满足这些条件才会被系统接受。
Pod 安全策略允许管理员控制如下操作:

Expand Down Expand Up @@ -269,7 +271,7 @@ paired with system groups to grant access to all pods run in the namespace:

<!--
For more examples of RBAC bindings, see
[Role Binding Examples](/docs/reference/access-authn-authz/rbac#role-binding-examples).
[RoleBinding examples](/docs/reference/access-authn-authz/rbac#role-binding-examples).
For a complete example of authorizing a PodSecurityPolicy, see [below](#example).
-->
参阅[角色绑定示例](/zh-cn/docs/reference/access-authn-authz/rbac#role-binding-examples)查看
Expand Down Expand Up @@ -310,7 +312,7 @@ PodSecurityPolicy 正在被一个新的、简化的 `PodSecurity`
- {{< example file="policy/restricted-psp.yaml" >}}Restricted{{< /example >}}

<!--
2. Only bind PSPs to entire namespaces, by using the `system:serviceaccounts:<namespace>` group
1. Only bind PSPs to entire namespaces, by using the `system:serviceaccounts:<namespace>` group
(where `<namespace>` is the target namespace). For example:

```yaml
Expand Down Expand Up @@ -357,7 +359,7 @@ PodSecurityPolicy 正在被一个新的、简化的 `PodSecurity`
<!--
### Troubleshooting

- The [Controller Manager](/docs/reference/command-line-tools-reference/kube-controller-manager/)
- The [controller manager](/docs/reference/command-line-tools-reference/kube-controller-manager/)
must be run against the secured API port and must not have superuser permissions. See
[Controlling Access to the Kubernetes API](/docs/concepts/security/controlling-access)
to learn about API server access controls.
Expand Down Expand Up @@ -620,9 +622,9 @@ kubectl-user get pod pause -o yaml | grep kubernetes.io/psp
```

<!--
The output is similar to this:
The output is similar to this
-->
输出类似于
输出类似于

```
kubernetes.io/psp: example
Expand Down Expand Up @@ -679,18 +681,15 @@ Let's try that again, slightly differently:
kubectl-user create deployment pause --image=k8s.gcr.io/pause
```

输出为:

```

```none
deployment "pause" created
```

```shell
kubectl-user get pods
```

输出为:

```
No resources found.
```
Expand All @@ -699,7 +698,6 @@ No resources found.
kubectl-user get events | head -n 2
```

输出为:
```
LASTSEEN FIRSTSEEN COUNT NAME KIND SUBOBJECT TYPE REASON SOURCE MESSAGE
1m 2m 15 pause-7774d79b5 ReplicaSet Warning FailedCreate replicaset-controller Error creating: pods "pause-7774d79b5-" is forbidden: no providers available to validate pod request
Expand Down Expand Up @@ -791,9 +789,7 @@ up separately:
kubectl-admin delete psp example
```

输出类似于:

```none
```
podsecuritypolicy "example" deleted
```

Expand Down Expand Up @@ -1379,5 +1375,5 @@ Refer to the [Sysctl documentation](/docs/tasks/administer-cluster/sysctl-cluste

- 参阅 [Pod 安全标准](/zh-cn/docs/concepts/security/pod-security-standards/),
了解策略建议。
- 阅读 [PodSecurityPolicy 参考](/zh-cn/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#podsecuritypolicy-v1beta1-policy),
- 阅读 [PodSecurityPolicy 参考](/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#podsecuritypolicy-v1beta1-policy),
了解 API 细节。
2 changes: 1 addition & 1 deletion content/zh-cn/docs/reference/glossary/host-aliases.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
title: HostAliases
id: HostAliases
date: 2019-01-31
full_link: /zh-cn/docs/reference/generated/kubernetes-api/{{< param "version" >}}/#hostalias-v1-core
full_link: /docs/reference/generated/kubernetes-api/{{< param "version" >}}/#hostalias-v1-core
short_description: >
主机别名 (HostAliases) 是一组 IP 地址和主机名的映射,用于注入到 Pod 内的 hosts 文件。
Expand Down
3 changes: 1 addition & 2 deletions content/zh-cn/docs/reference/glossary/kubelet.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
title: Kubelet
id: kubelet
date: 2018-04-12
full_link: /zh-cn/docs/reference/generated/kubelet
full_link: /docs/reference/generated/kubelet
short_description: >
一个在集群中每个节点上运行的代理。它保证容器都运行在 Pod 中。
Expand Down Expand Up @@ -38,4 +38,3 @@ The kubelet takes a set of PodSpecs that are provided through various mechanisms
kubelet 接收一组通过各类机制提供给它的 PodSpecs,
确保这些 PodSpecs 中描述的容器处于运行状态且健康。
kubelet 不会管理不是由 Kubernetes 创建的容器。

0 comments on commit 5706c58

Please sign in to comment.