From 63110f10e225eaebacb38df7781350e36c3e13ce Mon Sep 17 00:00:00 2001
From: xin gu <418294249@qq.com>
Date: Thu, 29 Aug 2024 10:33:34 +0800
Subject: [PATCH] sync container-runtimes dual-stack-support high-availability
 sysctl-cluster

---
 .../container-runtimes.md                     | 24 ++++++------
 .../tools/kubeadm/dual-stack-support.md       | 37 ++++++++++---------
 .../tools/kubeadm/high-availability.md        |  8 ++--
 .../administer-cluster/sysctl-cluster.md      |  4 +-
 4 files changed, 38 insertions(+), 35 deletions(-)

diff --git a/content/zh-cn/docs/setup/production-environment/container-runtimes.md b/content/zh-cn/docs/setup/production-environment/container-runtimes.md
index 5c726733c4788..bb5142fafd4c8 100644
--- a/content/zh-cn/docs/setup/production-environment/container-runtimes.md
+++ b/content/zh-cn/docs/setup/production-environment/container-runtimes.md
@@ -240,18 +240,6 @@ the `cgroupDriver` field under `KubeletConfiguration`, kubeadm defaults it to `s
 `KubeletConfiguration` 下设置 `cgroupDriver` 字段，kubeadm 默认使用 `systemd`。
 {{< /note >}}
 
-<!--
-In Kubernetes v1.28, with the `KubeletCgroupDriverFromCRI`
-[feature gate](/docs/reference/command-line-tools-reference/feature-gates/)
-enabled and a container runtime that supports the `RuntimeConfig` CRI RPC,
-the kubelet automatically detects the appropriate cgroup driver from the runtime,
-and ignores the `cgroupDriver` setting within the kubelet configuration.
--->
-在 Kubernetes v1.28 中，启用 `KubeletCgroupDriverFromCRI`
-[特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/)结合支持
-`RuntimeConfig` CRI RPC 的容器运行时，kubelet 会自动从运行时检测适当的 Cgroup
-驱动程序，并忽略 kubelet 配置中的 `cgroupDriver` 设置。
-
 <!--
 If you configure `systemd` as the cgroup driver for the kubelet, you must also
 configure `systemd` as the cgroup driver for the container runtime. Refer to
@@ -263,6 +251,18 @@ the documentation for your container runtime for instructions. For example:
 *  [containerd](#containerd-systemd)
 *  [CRI-O](#cri-o)
 
+<!--
+In Kubernetes {{< skew currentVersion >}}, with the `KubeletCgroupDriverFromCRI`
+[feature gate](/docs/reference/command-line-tools-reference/feature-gates/)
+enabled and a container runtime that supports the `RuntimeConfig` CRI RPC,
+the kubelet automatically detects the appropriate cgroup driver from the runtime,
+and ignores the `cgroupDriver` setting within the kubelet configuration.
+-->
+在 Kubernetes {{< skew currentVersion >}} 中，启用 `KubeletCgroupDriverFromCRI`
+[特性门控](/zh-cn/docs/reference/command-line-tools-reference/feature-gates/)结合支持
+`RuntimeConfig` CRI RPC 的容器运行时，kubelet 会自动从运行时检测适当的 Cgroup
+驱动程序，并忽略 kubelet 配置中的 `cgroupDriver` 设置。
+
 {{< caution >}}
 <!--
 Changing the cgroup driver of a Node that has joined a cluster is a sensitive operation. 
diff --git a/content/zh-cn/docs/setup/production-environment/tools/kubeadm/dual-stack-support.md b/content/zh-cn/docs/setup/production-environment/tools/kubeadm/dual-stack-support.md
index cf06797531c55..3630493c40dc2 100644
--- a/content/zh-cn/docs/setup/production-environment/tools/kubeadm/dual-stack-support.md
+++ b/content/zh-cn/docs/setup/production-environment/tools/kubeadm/dual-stack-support.md
@@ -92,29 +92,30 @@ kubeadm init --pod-network-cidr=10.244.0.0/16,2001:db8:42:0::/56 --service-cidr=
 
 <!--
 To make things clearer, here is an example kubeadm 
-[configuration file](/docs/reference/config-api/kubeadm-config.v1beta3/) 
+[configuration file](/docs/reference/config-api/kubeadm-config.v1beta4/) 
 `kubeadm-config.yaml` for the primary dual-stack control plane node.
 -->
 为了更便于理解，参看下面的名为 `kubeadm-config.yaml` 的 kubeadm
-[配置文件](/zh-cn/docs/reference/config-api/kubeadm-config.v1beta3/)，
+[配置文件](/zh-cn/docs/reference/config-api/kubeadm-config.v1beta4/)，
 该文件用于双协议栈控制面的主控制节点。
 
 ```yaml
 ---
-apiVersion: kubeadm.k8s.io/v1beta3
+apiVersion: kubeadm.k8s.io/v1beta4
 kind: ClusterConfiguration
 networking:
   podSubnet: 10.244.0.0/16,2001:db8:42:0::/56
   serviceSubnet: 10.96.0.0/16,2001:db8:42:1::/112
 ---
-apiVersion: kubeadm.k8s.io/v1beta3
+apiVersion: kubeadm.k8s.io/v1beta4
 kind: InitConfiguration
 localAPIEndpoint:
   advertiseAddress: "10.100.0.1"
   bindPort: 6443
 nodeRegistration:
   kubeletExtraArgs:
-    node-ip: 10.100.0.2,fd00:1:2:3::2
+  - name: "node-ip"
+    value: "10.100.0.2,fd00:1:2:3::2"
 ```
 
 <!--
@@ -153,7 +154,7 @@ The `--apiserver-advertise-address` flag does not support dual-stack.
 
 Before joining a node, make sure that the node has IPv6 routable network interface and allows IPv6 forwarding.
 
-Here is an example kubeadm [configuration file](/docs/reference/config-api/kubeadm-config.v1beta3/)
+Here is an example kubeadm [configuration file](/docs/reference/config-api/kubeadm-config.v1beta4/)
 `kubeadm-config.yaml` for joining a worker node to the cluster.
 -->
 ### 向双协议栈集群添加节点   {#join-a-node-to-dual-stack-cluster}
@@ -161,7 +162,7 @@ Here is an example kubeadm [configuration file](/docs/reference/config-api/kubea
 在添加节点之前，请确保该节点具有 IPv6 可路由的网络接口并且启用了 IPv6 转发。
 
 下面的名为 `kubeadm-config.yaml` 的 kubeadm
-[配置文件](/zh-cn/docs/reference/config-api/kubeadm-config.v1beta3/)
+[配置文件](/zh-cn/docs/reference/config-api/kubeadm-config.v1beta4/)
 示例用于向集群中添加工作节点。
 
 <!--
@@ -179,22 +180,23 @@ discovery:
     # 请更改上面的认证信息，使之与你的集群中实际使用的令牌和 CA 证书匹配
 nodeRegistration:
   kubeletExtraArgs:
-    node-ip: 10.100.0.3,fd00:1:2:3::3
+  - name: "node-ip"
+    value: "10.100.0.2,fd00:1:2:3::3"
 ```
 
 <!--
-Also, here is an example kubeadm [configuration file](/docs/reference/config-api/kubeadm-config.v1beta3/)
+Also, here is an example kubeadm [configuration file](/docs/reference/config-api/kubeadm-config.v1beta4/)
 `kubeadm-config.yaml` for joining another control plane node to the cluster.
 -->
 下面的名为 `kubeadm-config.yaml` 的 kubeadm
-[配置文件](/zh-cn/docs/reference/config-api/kubeadm-config.v1beta3/)
+[配置文件](/zh-cn/docs/reference/config-api/kubeadm-config.v1beta4/)
 示例用于向集群中添加另一个控制面节点。
 
 <!--
 # change auth info above to match the actual token and CA certificate hash for your cluster
 -->
 ```yaml
-apiVersion: kubeadm.k8s.io/v1beta3
+apiVersion: kubeadm.k8s.io/v1beta4
 kind: JoinConfiguration
 controlPlane:
   localAPIEndpoint:
@@ -209,7 +211,8 @@ discovery:
     # 请更改上面的认证信息，使之与你的集群中实际使用的令牌和 CA 证书匹配
 nodeRegistration:
   kubeletExtraArgs:
-    node-ip: 10.100.0.4,fd00:1:2:3::4
+  - name: "node-ip"
+    value: "10.100.0.2,fd00:1:2:3::4"
 ```
 
 <!--
@@ -241,15 +244,15 @@ You can deploy a single-stack cluster that has the dual-stack networking feature
 
 <!--
 To make things more clear, here is an example kubeadm
-[configuration file](/docs/reference/config-api/kubeadm-config.v1beta3/)
+[configuration file](/docs/reference/config-api/kubeadm-config.v1beta4/)
 `kubeadm-config.yaml` for the single-stack control plane node.
 -->
 为了更便于理解，参看下面的名为 `kubeadm-config.yaml` 的 kubeadm
-[配置文件](/zh-cn/docs/reference/config-api/kubeadm-config.v1beta3/)示例，
+[配置文件](/zh-cn/docs/reference/config-api/kubeadm-config.v1beta4/)示例，
 该文件用于单协议栈控制面节点。
 
 ```yaml
-apiVersion: kubeadm.k8s.io/v1beta3
+apiVersion: kubeadm.k8s.io/v1beta4
 kind: ClusterConfiguration
 networking:
   podSubnet: 10.244.0.0/16
@@ -261,8 +264,8 @@ networking:
 <!--
 * [Validate IPv4/IPv6 dual-stack](/docs/tasks/network/validate-dual-stack) networking
 * Read about [Dual-stack](/docs/concepts/services-networking/dual-stack/) cluster networking
-* Learn more about the kubeadm [configuration format](/docs/reference/config-api/kubeadm-config.v1beta3/)
+* Learn more about the kubeadm [configuration format](/docs/reference/config-api/kubeadm-config.v1beta4/)
 -->
 * [验证 IPv4/IPv6 双协议栈](/zh-cn/docs/tasks/network/validate-dual-stack)联网
 * 阅读[双协议栈](/zh-cn/docs/concepts/services-networking/dual-stack/)集群网络
-* 进一步了解 kubeadm [配置格式](/zh-cn/docs/reference/config-api/kubeadm-config.v1beta3/)
+* 进一步了解 kubeadm [配置格式](/zh-cn/docs/reference/config-api/kubeadm-config.v1beta4/)
diff --git a/content/zh-cn/docs/setup/production-environment/tools/kubeadm/high-availability.md b/content/zh-cn/docs/setup/production-environment/tools/kubeadm/high-availability.md
index e9b6a26c1414b..5b2f3d7af2885 100644
--- a/content/zh-cn/docs/setup/production-environment/tools/kubeadm/high-availability.md
+++ b/content/zh-cn/docs/setup/production-environment/tools/kubeadm/high-availability.md
@@ -310,13 +310,13 @@ option. Your cluster requirements may need a different configuration.
    {{< note >}}
    <!--
    The `kubeadm init` flags `--config` and `--certificate-key` cannot be mixed, therefore if you want
-   to use the [kubeadm configuration](/docs/reference/config-api/kubeadm-config.v1beta3/)
+   to use the [kubeadm configuration](/docs/reference/config-api/kubeadm-config.v1beta4/)
    you must add the `certificateKey` field in the appropriate config locations
    (under `InitConfiguration` and `JoinConfiguration: controlPlane`).
    -->
    在使用 `kubeadm init` 时，标记 `--config` 和 `--certificate-key` 不能混用，
    因此如果你要使用
-   [kubeadm 配置](/zh-cn/docs/reference/config-api/kubeadm-config.v1beta3/)，你必须在相应的配置结构
+   [kubeadm 配置](/zh-cn/docs/reference/config-api/kubeadm-config.v1beta4/)，你必须在相应的配置结构
    （位于 `InitConfiguration` 和 `JoinConfiguration: controlPlane`）添加 `certificateKey` 字段。
    {{< /note >}}
 
@@ -512,7 +512,7 @@ in the kubeadm config file.
 
    ```yaml
    ---
-   apiVersion: kubeadm.k8s.io/v1beta3
+   apiVersion: kubeadm.k8s.io/v1beta4
    kind: ClusterConfiguration
    kubernetesVersion: stable
    controlPlaneEndpoint: "LOAD_BALANCER_DNS:LOAD_BALANCER_PORT" # change this (see below)
@@ -534,7 +534,7 @@ in the kubeadm config file.
 
    ```yaml
    ---
-   apiVersion: kubeadm.k8s.io/v1beta3
+   apiVersion: kubeadm.k8s.io/v1beta4
    kind: ClusterConfiguration
    kubernetesVersion: stable
    controlPlaneEndpoint: "LOAD_BALANCER_DNS:LOAD_BALANCER_PORT" # change this (see below)
diff --git a/content/zh-cn/docs/tasks/administer-cluster/sysctl-cluster.md b/content/zh-cn/docs/tasks/administer-cluster/sysctl-cluster.md
index 0c9506bf0b252..99e4d0611e2cb 100644
--- a/content/zh-cn/docs/tasks/administer-cluster/sysctl-cluster.md
+++ b/content/zh-cn/docs/tasks/administer-cluster/sysctl-cluster.md
@@ -156,12 +156,12 @@ The following sysctls are supported in the _safe_ set:
 There are some exceptions to the set of safe sysctls:
 
 - The `net.*` sysctls are not allowed with host networking enabled.
-- The `net.ipv4.tcp_syncookies` sysctl is not namespaced on Linux kernel version 4.4 or lower.
+- The `net.ipv4.tcp_syncookies` sysctl is not namespaced on Linux kernel version 4.5 or lower.
 -->
 安全 sysctl 参数有一些例外：
 
 - `net.*` sysctl 参数不允许在启用主机网络的情况下使用。
-- `net.ipv4.tcp_syncookies` sysctl 参数在 Linux 内核 4.4 或更低的版本中是无命名空间的。
+- `net.ipv4.tcp_syncookies` sysctl 参数在 Linux 内核 4.5 或更低的版本中是无命名空间的。
 {{< /note >}}
 
 <!--