[apisix] branch master updated: docs: update discovery Kubernetes doc formatting (#7957)

[sp...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

spacewander pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git


The following commit(s) were added to refs/heads/master by this push:
     new d89dfce1c docs: update discovery Kubernetes doc formatting (#7957)
d89dfce1c is described below

commit d89dfce1cd900c2cbad288ac03283d18768d4929
Author: Sylvia <39...@users.noreply.github.com>
AuthorDate: Wed Sep 21 14:02:21 2022 +0800

    docs: update discovery Kubernetes doc formatting (#7957)
---
 docs/en/latest/discovery/kubernetes.md | 151 +++++++++++++++++----------------
 docs/zh/latest/discovery/kubernetes.md | 129 ++++++++++++++--------------
 2 files changed, 141 insertions(+), 139 deletions(-)

diff --git a/docs/en/latest/discovery/kubernetes.md b/docs/en/latest/discovery/kubernetes.md
index d95cdcceb..04e01f6ca 100644
--- a/docs/en/latest/discovery/kubernetes.md
+++ b/docs/en/latest/discovery/kubernetes.md
@@ -1,5 +1,12 @@
 ---
 title: Kubernetes
+keywords:
+  - Kubernetes
+  - Apache APISIX
+  - Service discovery
+  - Cluster
+  - API Gateway
+description: This article introduce how to perform service discovery based on Kubernetes in Apache APISIX and summarize related issues.
 ---
 
 <!--
@@ -23,14 +30,13 @@ title: Kubernetes
 
 ## Summary
 
-The [_Kubernetes_](https://kubernetes.io/) service discovery [_List-Watch_](https://kubernetes.io/docs/reference/using-api/api-concepts/) real-time changes of [_Endpoints_](https://kubernetes.io/docs/concepts/services-networking/service/) resources,
-then store theirs value into ngx.shared.DICT \
-Discovery also provides a node query interface in accordance with the [_APISIX Discovery Specification_](https://github.com/apache/apisix/blob/master/docs/en/latest/discovery.md)
+The [_Kubernetes_](https://kubernetes.io/) service discovery [_List-Watch_](https://kubernetes.io/docs/reference/using-api/api-concepts/) real-time changes of [_Endpoints_](https://kubernetes.io/docs/concepts/services-networking/service/) resources, then store theirs value into `ngx.shared.DICT`.
+
+Discovery also provides a node query interface in accordance with the [_APISIX Discovery Specification_](https://github.com/apache/apisix/blob/master/docs/en/latest/discovery.md).
 
 ## How To Use
 
-Kubernetes service discovery both support single-cluster and multi-cluster mode, \
-applicable to the case where the service is distributed in a single or multiple Kubernetes clusters.
+Kubernetes service discovery both support single-cluster and multi-cluster mode, applicable to the case where the service is distributed in a single or multiple Kubernetes clusters.
 
 ### Single-Cluster Mode Configuration
 
@@ -112,10 +118,10 @@ discovery:
 
 The Kubernetes service discovery provides a query interface in accordance with the [_APISIX Discovery Specification_](https://github.com/apache/apisix/blob/master/docs/en/latest/discovery.md).
 
-**function:** \
+**function:**
  nodes(service_name)
 
-**description:** \
+**description:**
   nodes() function attempts to look up the ngx.shared.DICT for nodes corresponding to service_name, \
   service_name should match pattern: _[namespace]/[name]:[portName]_
 
@@ -125,7 +131,7 @@ The Kubernetes service discovery provides a query interface in accordance with t
 
   + portName: The ports.name value in the Kubernetes endpoints, if there is no ports.name, use targetPort, port instead
 
-**return value:** \
+**return value:**
   if the Kubernetes endpoints value is as follows:
 
   ```yaml
@@ -222,10 +228,10 @@ Multi-Kubernetes service discovery does not fill default values for service and
 
 The Kubernetes service discovery provides a query interface in accordance with the [_APISIX Discovery Specification_](https://github.com/apache/apisix/blob/master/docs/en/latest/discovery.md).
 
-**function:** \
+**function:**
 nodes(service_name)
 
-**description:** \
+**description:**
 nodes() function attempts to look up the ngx.shared.DICT for nodes corresponding to service_name, \
 service_name should match pattern: _[id]/[namespace]/[name]:[portName]_
 
@@ -237,7 +243,7 @@ service_name should match pattern: _[id]/[namespace]/[name]:[portName]_
 
 + portName: The ports.name value in the Kubernetes endpoints, if there is no ports.name, use targetPort, port instead
 
-**return value:** \
+**return value:**
 if the Kubernetes endpoints value is as follows:
 
   ```yaml
@@ -274,73 +280,68 @@ a nodes("release/default/plat-dev:port") call will get follow result:
 
 ## Q&A
 
-> Q: Why only support configuration token to access _Kubernetes APIServer_ \
-> A: Usually, we will use three ways to complete the authentication of _Kubernetes APIServer_:
->
->+ mTLS
->+ token
->+ basic authentication
->
-> Because lua-resty-http does not currently support mTLS, and basic authentication is not recommended,\
-> So currently only the token authentication method is implemented
+**Q: Why only support configuration token to access _Kubernetes APIServer_?**
 
----
+A: Usually, we will use three ways to complete the authentication of _Kubernetes APIServer_:
 
-> Q: APISIX inherits Nginx's multiple process model, does it mean that each nginx worker process will [_List-Watch_](https://kubernetes.io/docs/reference/using-api/api-concepts/) kubernetes endpoints resources \
-> A: The Kubernetes service discovery only uses privileged processes to [_List-Watch_](https://kubernetes.io/docs/reference/using-api/api-concepts/) Kubernetes endpoints resources, then store theirs value \
-> into ngx.shared.DICT, worker processes get results by querying ngx.shared.DICT
++ mTLS
++ Token
++ Basic authentication
 
----
+Because lua-resty-http does not currently support mTLS, and basic authentication is not recommended, so currently only the token authentication method is implemented.
+
+**Q: APISIX inherits Nginx's multiple process model, does it mean that each nginx worker process will [_List-Watch_](https://kubernetes.io/docs/reference/using-api/api-concepts/) kubernetes endpoints resources?**
+
+A: The Kubernetes service discovery only uses privileged processes to [_List-Watch_](https://kubernetes.io/docs/reference/using-api/api-concepts/) Kubernetes endpoints resources, then store theirs value into `ngx.shared.DICT`, worker processes get results by querying `ngx.shared.DICT`.
 
-> Q: What permissions do [_ServiceAccount_](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/) require \
-> A: ServiceAccount requires the permissions of cluster-level [ get, list, watch ] endpoints resources, the declarative definition is as follows:
->
->```yaml
->kind: ServiceAccount
->apiVersion: v1
->metadata:
-> name: apisix-test
-> namespace: default
->---
->
->kind: ClusterRole
->apiVersion: rbac.authorization.k8s.io/v1
->metadata:
-> name: apisix-test
->rules:
->- apiGroups: [ "" ]
->  resources: [ endpoints ]
->  verbs: [ get,list,watch ]
->---
->
->apiVersion: rbac.authorization.k8s.io/v1
->kind: ClusterRoleBinding
->metadata:
-> name: apisix-test
->roleRef:
-> apiGroup: rbac.authorization.k8s.io
-> kind: ClusterRole
-> name: apisix-test
->subjects:
-> - kind: ServiceAccount
->   name: apisix-test
->   namespace: default
->```
+**Q: What permissions do [_ServiceAccount_](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/) require?**
+
+A: ServiceAccount requires the permissions of cluster-level [ get, list, watch ] endpoints resources, the declarative definition is as follows:
+
+```yaml
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+ name: apisix-test
+ namespace: default
+---
 
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: apisix-test
+rules:
+- apiGroups: [ "" ]
+  resources: [ endpoints ]
+  verbs: [ get,list,watch ]
 ---
-> Q: How to get [_ServiceAccount_](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/) token value \
-> A: Assume your [_ServiceAccount_](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/) located in namespace apisix and name is Kubernetes-discovery, you can use the following steps to get token value
->
-> 1. Get secret name: \
-> you can execute the following command, the output of the first column is the secret name we want
->
-> ```shell
-> kubectl -n apisix get secrets | grep kubernetes-discovery
-> ```
->
-> 2. Get token value: \
-> assume secret resources name is kubernetes-discovery-token-c64cv, you can execute the following command, the output is the service account token value we want
->
-> ```shell
-> kubectl -n apisix get secret kubernetes-discovery-token-c64cv -o jsonpath={.data.token} | base64 -d
-> ```
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: apisix-test
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: apisix-test
+subjects:
+ - kind: ServiceAccount
+   name: apisix-test
+   namespace: default
+```
+
+**Q: How to get [_ServiceAccount_](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/) token value?**
+
+A: Assume your [_ServiceAccount_](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/) located in namespace apisix and name is Kubernetes-discovery, you can use the following steps to get token value.
+
+ 1. Get secret name. You can execute the following command, the output of the first column is the secret name we want:
+
+ ```shell
+ kubectl -n apisix get secrets | grep kubernetes-discovery
+ ```
+
+ 2. Get token value. Assume secret resources name is kubernetes-discovery-token-c64cv, you can execute the following command, the output is the service account token value we want:
+
+ ```shell
+ kubectl -n apisix get secret kubernetes-discovery-token-c64cv -o jsonpath={.data.token} | base64 -d
+ ```
diff --git a/docs/zh/latest/discovery/kubernetes.md b/docs/zh/latest/discovery/kubernetes.md
index e1bc22122..173428820 100644
--- a/docs/zh/latest/discovery/kubernetes.md
+++ b/docs/zh/latest/discovery/kubernetes.md
@@ -1,5 +1,12 @@
 ---
 title: Kubernetes
+keywords:
+  - Kubernetes
+  - Apache APISIX
+  - 服务发现
+  - 集群
+  - API 网关
+description: 本文将介绍如何在 Apache APISIX 中基于 Kubernetes 进行服务发现以及相关问题汇总。
 ---
 
 <!--
@@ -271,74 +278,68 @@ nodes("release/default/plat-dev:port") 调用会得到如下的返回值：
 
 ## Q&A
 
-> Q: 为什么只支持配置 token 来访问 Kubernetes APIServer \
-> A: 一般情况下，我们有三种方式可以完成与 Kubernetes APIServer 的认证：
->
->+ mTLS
->+ token
->+ basic authentication
->
-> 因为 lua-resty-http 目前不支持 mTLS, basic authentication 不被推荐使用，\
-> 所以当前只实现了 token 认证方式
+**Q: 为什么只支持配置 token 来访问 Kubernetes APIServer?**
 
----
+A: 一般情况下，我们有三种方式可以完成与 Kubernetes APIServer 的认证：
 
-> Q: APISIX 继承了 Nginx 的多进程模型，是否意味着每个 APISIX 工作进程都会监听 Kubernetes Endpoints \
-> A: Kubernetes 服务发现只使用特权进程监听 Kubernetes Endpoints，然后将其值存储\
-> 到 ngx.shared.DICT，工作进程通过查询 ngx.shared.DICT 来获取结果
+- mTLS
+- Token
+- Basic authentication
 
----
+因为 lua-resty-http 目前不支持 mTLS, Basic authentication 不被推荐使用，所以当前只实现了 Token 认证方式。
+
+**Q: APISIX 继承了 NGINX 的多进程模型，是否意味着每个 APISIX 工作进程都会监听 Kubernetes Endpoints？**
+
+A: Kubernetes 服务发现只使用特权进程监听 Kubernetes Endpoints，然后将其值存储到 `ngx.shared.DICT` 中，工作进程通过查询 `ngx.shared.DICT` 来获取结果。
 
-> Q: [_ServiceAccount_](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/) 需要的权限有哪些 \
-> A: [_ServiceAccount_](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/) 需要集群级 [ get,list,watch ] endpoints 资源的的权限，其声明式定义如下：
->
->```yaml
->kind: ServiceAccount
->apiVersion: v1
->metadata:
-> name: apisix-test
-> namespace: default
->---
->
->kind: ClusterRole
->apiVersion: rbac.authorization.k8s.io/v1
->metadata:
-> name: apisix-test
->rules:
->- apiGroups: [ "" ]
->  resources: [ endpoints ]
->  verbs: [ get,list,watch ]
->---
->
->apiVersion: rbac.authorization.k8s.io/v1
->kind: ClusterRoleBinding
->metadata:
-> name: apisix-test
->roleRef:
-> apiGroup: rbac.authorization.k8s.io
-> kind: ClusterRole
-> name: apisix-test
->subjects:
-> - kind: ServiceAccount
->   name: apisix-test
->   namespace: default
->```
+**Q: [_ServiceAccount_](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/) 需要的权限有哪些？**
+
+A: [_ServiceAccount_](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/) 需要集群级 [ get,list,watch ] endpoints 资源的的权限，其声明式定义如下：
+
+```yaml
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+ name: apisix-test
+ namespace: default
+---
 
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: apisix-test
+rules:
+- apiGroups: [ "" ]
+  resources: [ endpoints ]
+  verbs: [ get,list,watch ]
 ---
 
-> Q: 怎样获取指定 [_ServiceAccount_](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/) 的 Token 值 \
-> A: 假定你指定的 [_ServiceAccount_](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/) 资源名为 “kubernetes-discovery“, 命名空间为 “apisix”, 请按如下步骤获取其 Token 值
->
-> 1. 获取 _Secret_ 资源名: \
-     > 执行以下命令，输出的第一列内容就是目标 _Secret_ 资源名
->
-> ```shell
-> kubectl -n apisix get secrets | grep kubernetes-discovery
-> ```
->
-> 2. 获取 Token 值: \
-     > 假定你获取到的 _Secret_ 资源名为 "kubernetes-discovery-token-c64cv", 执行以下命令，输出内容就是目标 Token 值
->
-> ```shell
-> kubectl -n apisix get secret kubernetes-discovery-token-c64cv -o jsonpath={.data.token} | base64 -d
-> ```
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: apisix-test
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: apisix-test
+subjects:
+ - kind: ServiceAccount
+   name: apisix-test
+   namespace: default
+```
+
+**Q: 怎样获取指定 [_ServiceAccount_](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/) 的 Token 值？**
+
+A: 假定你指定的 [_ServiceAccount_](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/) 资源名为 “kubernetes-discovery“, 命名空间为 “apisix”, 请按如下步骤获取其 Token 值。
+
+ 1. 获取 _Secret_ 资源名。执行以下命令，输出的第一列内容就是目标 _Secret_ 资源名：
+
+ ```shell
+ kubectl -n apisix get secrets | grep kubernetes-discovery
+ ```
+
+ 2. 获取 Token 值。假定你获取到的 _Secret_ 资源名为 "kubernetes-discovery-token-c64cv", 执行以下命令，输出内容就是目标 Token 值：
+
+ ```shell
+ kubectl -n apisix get secret kubernetes-discovery-token-c64cv -o jsonpath={.data.token} | base64 -d
+ ```