[zh]Sync reference-1

[zh]Sync reference-1

[zh]Sync reference-1

[zh]Sync reference-1

[zh]Sync reference-1

content/zh/docs/reference/kubernetes-api/common-definitions/list-meta.md

@@ -74,18 +74,14 @@ ListMeta describes metadata that synthetic resources must have, including lists
   更多信息：https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency。
 
 <!--
-- **selfLink** (string)
-
-  selfLink is a URL representing this object. Populated by the system. Read-only.
-  
-  DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.
+  Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
 -->
 
 - **selfLink** (string)
   
   selfLink 表示此对象的 URL，由系统填充，只读。
   
-  已弃用。 Kubernetes 将在 1.20 版本中停止传播该字段，并计划在 1.21 版本中删除该字段。
+  已弃用：selfLink 是一个遗留的只读字段，不再由系统填充。
 
 
 

content/zh/docs/reference/kubernetes-api/common-definitions/object-meta.md

@@ -391,10 +391,11 @@ ObjectMeta 是所有持久化资源必须具有的元数据，其中包括用户
 - **clusterName** (string)
 
   <!-- 
-  The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.
+  Deprecated: ClusterName is a legacy field that was always cleared by the system and never used; it will be removed completely in 1.25.
+  The name in the go struct is changed to help clients detect accidental use.
   -->
-  对象所属的集群的名称。这用于区分不同集群中具有相同名称和命名空间的资源。
-  该字段现在没有在任何地方设置，如果在创建或更新请求中设置，apiserver 将忽略它。
+  已弃用：clusterName 是一个总是被系统清除并且从未使用过的遗留字段；它将在 1.25 中完全删除。
+  go 结构体中的对应字段名称已更改，以帮助客户端检测意外使用。
 
 
 

content/zh/docs/reference/kubernetes-api/common-parameters/common-parameters.md

@@ -86,6 +86,32 @@ A selector to restrict the list of returned objects by their fields. Defaults to
 根据返回对象的字段限制返回对象列表的选择器。默认为返回所有字段。
 <hr>
 
+## fieldValidation {#fieldValidation}
+
+<!--
+fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields, provided that the `ServerSideFieldValidation` feature gate is also enabled.
+-->
+fieldValidation 指示服务器如何处理请求（POST/PUT/PATCH）中包含未知或重复字段的对象，
+前提是 `ServerSideFieldValidation` 特性门控也已启用。
+<!--
+Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23 and is the default behavior when the `ServerSideFieldValidation` feature gate is disabled.
+-->
+有效值为：
+- Ignore：这将忽略从对象中默默删除的所有未知字段，并将忽略除解码器遇到的最后一个重复字段之外的所有字段。
+  这是在 v1.23 之前的默认行为，也是当 `ServerSideFieldValidation` 特性门控被禁用时的默认行为。
+<!--
+- Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default when the `ServerSideFieldValidation` feature gate is enabled.
+-->
+- Warn：这将针对从对象中删除的各个未知字段以及所遇到的各个重复字段，分别通过标准警告响应头发出警告。
+  如果没有其他错误，请求仍然会成功，并且只会保留所有重复字段中的最后一个。
+  这是启用 `ServerSideFieldValidation` 特性门控时的默认值。
+<!--
+- Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
+-->
+- Strict：如果从对象中删除任何未知字段，或者存在任何重复字段，将使请求失败并返回 BadRequest 错误。
+
+<hr>
+
 ## force {#force}
 <!--
 Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

content/zh/docs/reference/labels-annotations-taints/_index.md

@@ -1008,6 +1008,30 @@ kubelet 检查 `/proc/sys/kernel/pid_max` 大小的 D 值和 Kubernetes 在 Node
 以获取可用 PID 数量，并将其作为 `pid.available` 指标值。
 然后该指标与在 kubelet 上设置的相应阈值进行比较，以确定是否应该添加/删除 Node 状况和污点。
 
+### node.kubernetes.io/out-of-service
+<!--
+Example: `node.kubernetes.io/out-of-service:NoExecute`
+A user can manually add the taint to a Node marking it out-of-service. If the `NodeOutOfServiceVolumeDetach` 
+[feature gate](/docs/reference/command-line-tools-reference/feature-gates/) is enabled on
+`kube-controller-manager`, and a Node is marked out-of-service with this taint, the pods on the node will be forcefully deleted if there are no matching tolerations on it and volume detach operations for the pods terminating on the node will happen immediately. This allows the Pods on the out-of-service node to recover quickly on a different node.
+-->
+例子：`node.kubernetes.io/out-of-service:NoExecute`
+
+用户可以手动将污点添加到节点，将其标记为停止服务。
+如果 `kube-controller-manager` 上启用了 `NodeOutOfServiceVolumeDetach`
+[特性门控](/zh/docs/reference/command-line-tools-reference/feature-gates/)，
+并且一个节点被这个污点标记为停止服务，如果节点上的 Pod 没有对应的容忍度，
+这类 Pod 将被强制删除，并且，针对在节点上被终止 Pod 的卷分离操作将被立即执行。
+
+{{< caution >}}
+<!--
+Refer to
+[Non-graceful node shutdown](/docs/concepts/architecture/nodes/#non-graceful-node-shutdown)
+for further details about when and how to use this taint.
+-->
+有关何时以及如何使用此污点的更多详细信息，请参阅[非正常节点关闭](/zh/docs/concepts/architecture/nodes/#non-graceful-node-shutdown)。
+{{< /caution >}}
+
 <!--
 ### node.cloudprovider.kubernetes.io/uninitialized
 
@@ -1233,11 +1257,34 @@ based on setting `securityContext` within the Pod's `.spec`.
 seccomp 配置文件应用于 Pod 或其容器的步骤。
 该教程介绍了在 Kubernetes 中配置 seccomp 的支持机制，基于在 Pod 的 `.spec` 中设置 `securityContext`。
 
+### snapshot.storage.kubernetes.io/allowVolumeModeChange
+<!--
+Example: `snapshot.storage.kubernetes.io/allowVolumeModeChange: "true"`
+Used on: VolumeSnapshotContent
+-->
+例子：`snapshot.storage.kubernetes.io/allowVolumeModeChange: "true"`
+
+用于：VolumeSnapshotContent
+
+<!--
+Value can either be `true` or `false`.
+This determines whether a user can modify the mode of the source volume when a
+{{< glossary_tooltip text="PersistentVolumeClaim" term_id="persistent-volume-claim" >}} is being created from a VolumeSnapshot.
+Refer to [Converting the volume mode of a Snapshot](/docs/concepts/storage/volume-snapshots/#convert-volume-mode) and the [Kubernetes CSI Developer Documentation](https://kubernetes-csi.github.io/docs/) for more information.
+-->
+值可以是 `true` 或者 `false`。
+这决定了当从 VolumeSnapshot 创建 {{< glossary_tooltip text="PersistentVolumeClaim" term_id="persistent-volume-claim" >}}
+时，用户是否可以修改源卷的模式。
+更多信息请参阅[转换快照的卷模式](/zh/docs/concepts/storage/volume-snapshots/#convert-volume-mode)和
+[Kubernetes CSI 开发者文档](https://kubernetes-csi.github.io/docs/)。
+
 <!--
 ## Annotations used for audit
 
 - [`authorization.k8s.io/decision`](/docs/reference/labels-annotations-taints/audit-annotations/#authorization-k8s-io-decision)
 - [`authorization.k8s.io/reason`](/docs/reference/labels-annotations-taints/audit-annotations/#authorization-k8s-io-reason)
+- [`insecure-sha1.invalid-cert.kubernetes.io/$hostname`](/docs/reference/labels-annotations-taints/audit-annotations/#insecure-sha1-invalid-cert-kubernetes-io-hostname)
+- [`missing-san.invalid-cert.kubernetes.io/$hostname`](/docs/reference/labels-annotations-taints/audit-annotations/#missing-san-invalid-cert-kubernetes-io-hostname)
 - [`pod-security.kubernetes.io/audit-violations`](/docs/reference/labels-annotations-taints/audit-annotations/#pod-security-kubernetes-io-audit-violations)
 - [`pod-security.kubernetes.io/enforce-policy`](/docs/reference/labels-annotations-taints/audit-annotations/#pod-security-kubernetes-io-enforce-policy)
 - [`pod-security.kubernetes.io/exempt`](/docs/reference/labels-annotations-taints/audit-annotations/#pod-security-kubernetes-io-exempt)
@@ -1248,8 +1295,124 @@ See more details on the [Audit Annotations](/docs/reference/labels-annotations-t
 
 - [`authorization.k8s.io/decision`](/zh/docs/reference/labels-annotations-taints/audit-annotations/#authorization-k8s-io-decision)
 - [`authorization.k8s.io/reason`](/zh/docs/reference/labels-annotations-taints/audit-annotations/#authorization-k8s-io-reason)
+- [`insecure-sha1.invalid-cert.kubernetes.io/$hostname`](/zh/docs/reference/labels-annotations-taints/audit-annotations/#insecure-sha1-invalid-cert-kubernetes-io-hostname)
+- [`missing-san.invalid-cert.kubernetes.io/$hostname`](/zh/docs/reference/labels-annotations-taints/audit-annotations/#missing-san-invalid-cert-kubernetes-io-hostname)
 - [`pod-security.kubernetes.io/audit-violations`](/zh/docs/reference/labels-annotations-taints/audit-annotations/#pod-security-kubernetes-io-audit-violations)
 - [`pod-security.kubernetes.io/enforce-policy`](/zh/zh/docs/reference/labels-annotations-taints/audit-annotations/#pod-security-kubernetes-io-enforce-policy)
 - [`pod-security.kubernetes.io/exempt`](/zh/docs/reference/labels-annotations-taints/audit-annotations/#pod-security-kubernetes-io-exempt)
 
-在[审计注解](/zh/docs/reference/labels-annotations-taints/audit-annotations/)页面上查看更多详细信息。
+在[审计注解](/zh/docs/reference/labels-annotations-taints/audit-annotations/)页面上查看更多详细信息。
+
+## kubeadm
+
+### kubeadm.alpha.kubernetes.io/cri-socket
+
+<!--
+Example: `kubeadm.alpha.kubernetes.io/cri-socket: unix:///run/containerd/container.sock`
+Used on: Node
+-->
+例子：`kubeadm.alpha.kubernetes.io/cri-socket: unix:///run/containerd/container.sock`
+
+用于：Node
+
+<!--
+Annotation that kubeadm uses to preserve the CRI socket information given to kubeadm at `init`/`join` time for later use.
+kubeadm annotates the Node object with this information. The annotation remains "alpha", since ideally this should be a field in KubeletConfiguration instead.
+-->
+kubeadm 用来保存 `init`/`join` 时提供给 kubeadm 以后使用的 CRI 套接字信息的注解。
+kubeadm 使用此信息为 Node 对象设置注解。
+此注解仍然是 “alpha” 阶段，因为理论上这应该是 KubeletConfiguration 中的一个字段。
+
+### kubeadm.kubernetes.io/etcd.advertise-client-urls
+
+<!--
+Example: `kubeadm.kubernetes.io/etcd.advertise-client-urls: https://172.17.0.18:2379`
+Used on: Pod
+-->
+例子：`kubeadm.kubernetes.io/etcd.advertise-client-urls: https://172.17.0.18:2379`
+
+用于：Pod
+
+<!--
+Annotation that kubeadm places on locally managed etcd pods to keep track of a list of URLs where etcd clients should connect to. This is used mainly for etcd cluster health check purposes.
+-->
+kubeadm 为本地管理的 etcd Pod 设置的注解，用来跟踪 etcd 客户端应连接到的 URL 列表。
+这主要用于 etcd 集群健康检查目的。
+
+### kubeadm.kubernetes.io/kube-apiserver.advertise-address.endpoint
+
+<!--
+Example: `kubeadm.kubernetes.io/kube-apiserver.advertise-address.endpoint: https//172.17.0.18:6443`
+Used on: Pod
+-->
+例子：`kubeadm.kubernetes.io/kube-apiserver.advertise-address.endpoint: https//172.17.0.18:6443`
+
+用于：Pod
+
+<!--
+Annotation that kubeadm places on locally managed kube-apiserver pods to keep track of the exposed advertise address/port endpoint for that API server instance.
+-->
+kubeadm 为本地管理的 kube-apiserver Pod 设置的注解，用以跟踪该 API 服务器实例的公开宣告地址/端口端点。
+
+### kubeadm.kubernetes.io/component-config.hash
+
+<!--
+Used on: ConfigMap
+Example: `kubeadm.kubernetes.io/component-config.hash: 2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae`
+-->
+例子：`kubeadm.kubernetes.io/component-config.hash: 2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae`
+
+用于：ConfigMap
+
+<!--
+Annotation that kubeadm places on ConfigMaps that it manages for configuring components. It contains a hash (SHA-256) used to determine if the user has applied settings different from the kubeadm defaults for a particular component.
+-->
+kubeadm 为它所管理的 ConfigMaps 设置的注解，用于配置组件。它包含一个哈希（SHA-256）值，
+用于确定用户是否应用了不同于特定组件的 kubeadm 默认设置的设置。
+
+### node-role.kubernetes.io/control-plane
+
+<!--
+Used on: Node
+
+Label that kubeadm applies on the control plane nodes that it manages.
+-->
+用于：Node
+
+kubeadm 在其管理的控制平面节点上应用的标签。
+
+### node-role.kubernetes.io/control-plane
+
+<!--
+Used on: Node
+
+Example: `node-role.kubernetes.io/control-plane:NoSchedule`
+-->
+例子：`node-role.kubernetes.io/control-plane:NoSchedule`
+
+用于：Node
+
+<!--
+Taint that kubeadm applies on control plane nodes to allow only critical workloads to schedule on them.
+-->
+kubeadm 应用在控制平面节点上的污点，仅允许在其上调度关键工作负载。
+
+### node-role.kubernetes.io/master
+
+<!--
+Used on: Node
+
+Example: `node-role.kubernetes.io/master:NoSchedule`
+-->
+例子：`node-role.kubernetes.io/master:NoSchedule`
+
+用于：Node
+
+<!--
+Taint that kubeadm applies on control plane nodes to allow only critical workloads to schedule on them.
+Starting in v1.20, this taint is deprecated in favor of `node-role.kubernetes.io/control-plane` and will be removed in v1.25.
+-->
+kubeadm 应用在控制平面节点上的污点，仅允许在其上调度关键工作负载。
+{{< note >}}
+从 v1.20 开始，此污点已弃用，并将在 v1.25 中将其删除，取而代之的是 `node-role.kubernetes.io/control-plane`。
+{{< /note >}}