From 09c5eed5ebbfbcfad1ce3e5ce67a59c821370f6c Mon Sep 17 00:00:00 2001 From: xin Date: Tue, 15 Dec 2020 11:34:10 +0800 Subject: [PATCH] sync with english version. --- .../access-authn-authz/authentication.md | 76 +++++++++++++++++++ 1 file changed, 76 insertions(+) diff --git a/content/zh/docs/reference/access-authn-authz/authentication.md b/content/zh/docs/reference/access-authn-authz/authentication.md index b54ca2f148778..d72e8e9d2bd2b 100644 --- a/content/zh/docs/reference/access-authn-authz/authentication.md +++ b/content/zh/docs/reference/access-authn-authz/authentication.md @@ -1387,11 +1387,35 @@ users: args: - "arg1" - "arg2" + + # Text shown to the user when the executable doesn't seem to be present. Optional. + installHint: | + example-client-go-exec-plugin is required to authenticate + to the current cluster. It can be installed: + + On macOS: brew install example-client-go-exec-plugin + + On Ubuntu: apt-get install example-client-go-exec-plugin + + On Fedora: dnf install example-client-go-exec-plugin + + ... + + # Whether or not to provide cluster information, which could potentially contain + # very large CA data, to this exec plugin as a part of the KUBERNETES_EXEC_INFO + # environment variable. + provideClusterInfo: true clusters: - name: my-cluster cluster: server: "https://172.17.4.100:6443" certificate-authority: "/etc/kubernetes/ca.pem" + extensions: + - name: client.authentication.k8s.io/exec # reserved extension name for per cluster exec config + extension: + arbitrary: config + this: can be provided via the KUBERNETES_EXEC_INFO environment variable upon setting provideClusterInfo + you: ["can", "put", "anything", "here"] contexts: - name: my-cluster context: @@ -1427,11 +1451,32 @@ users: args: - "arg1" - "arg2" + + # 当可执行文件不存在时显示给用户的文本。可选的。 + installHint: | + 需要example-client-go-exec-plugin来验证当前集群。可以通过以下命令安装: + + MacOS: brew install example-client-go-exec-plugin + + Ubuntu: apt-get install example-client-go-exec-plugin + + Fedora: dnf install example-client-go-exec-plugin + + ... + + # 是否向这个 exec 插件提供集群信息(可能包含非常大的CA数据),作为KUBERNETES_EXEC_INFO环境变量的一部分。 + provideClusterInfo: true clusters: - name: my-cluster cluster: server: "https://172.17.4.100:6443" certificate-authority: "/etc/kubernetes/ca.pem" + extensions: + - name: client.authentication.k8s.io/exec # 为每个集群 exec 配置保留的扩展名 + extension: + arbitrary: config + this: can be provided via the KUBERNETES_EXEC_INFO environment variable upon setting provideClusterInfo + you: ["can", "put", "anything", "here"] contexts: - name: my-cluster context: @@ -1551,3 +1596,34 @@ RFC3339 timestamp. Presence or absence of an expiry has the following impact: } } ``` + + + +该插件可以选择使用环境变量`KUBERNETES_EXEC_INFO`进行调用, +该变量包含了此插件获取凭据的集群信息。此信息可用于执行群集特定的凭据获取逻辑。为了启用此行为,必须在 [kubeconfig](/zh/docs/concepts/configuration/organize-cluster-access-kubeconfig/)中的 exec 用户字段上设置`provideClusterInfo`字段。下面是上述`KUBERNETES_EXEC_INFO`环境变量的示例。 + +```json +{ + "apiVersion": "client.authentication.k8s.io/v1beta1", + "kind": "ExecCredential", + "spec": { + "cluster": { + "server": "https://172.17.4.100:6443", + "certificate-authority-data": "LS0t...", + "config": { + "arbitrary": "config", + "this": "can be provided via the KUBERNETES_EXEC_INFO environment variable upon setting provideClusterInfo", + "you": ["can", "put", "anything", "here"] + } + } + } +} +``` \ No newline at end of file