Merge pull request #47117 from asa3311/sync-zh-131

[zh] sync kubeadm-reconfigure configure-service-account kubectl-node-debug custom-resource-definitions

content/zh-cn/docs/tasks/administer-cluster/kubeadm/kubeadm-reconfigure.md

@@ -156,15 +156,15 @@ kubeadm 将控制平面组件作为位于 `/etc/kubernetes/manifests`
 <!--
 Such changes may include:
 - `extraArgs` - requires updating the list of flags passed to a component container
-- `extraMounts` - requires updated the volume mounts for a component container
-- `*SANs` - requires writing new certificates with updated Subject Alternative Names.
+- `extraVolumes` - requires updating the volume mounts for a component container
+- `*SANs` - requires writing new certificates with updated Subject Alternative Names
 
 Before proceeding with these changes, make sure you have backed up the directory `/etc/kubernetes/`.
 -->
 
 此类更改可能包括:
 - `extraArgs` - 需要更新传递给组件容器的标志列表
-- `extraMounts` - 需要更新组件容器的卷挂载
+- `extraVolumes` - 需要更新组件容器的卷挂载
 - `*SANs` - 需要使用更新的主题备用名称编写新证书
 
 在继续进行这些更改之前，请确保你已备份目录 `/etc/kubernetes/`。

content/zh-cn/docs/tasks/configure-pod-container/configure-service-account.md

@@ -421,12 +421,12 @@ token:          ...
 
 {{< note >}}
 <!--
-The content of `token` is elided here.
+The content of `token` is omitted here.
 
 Take care not to display the contents of a `kubernetes.io/service-account-token`
 Secret somewhere that your terminal / computer screen could be seen by an onlooker.
 -->
-这里将 `token` 的内容抹去了。
+这里将 `token` 的内容省略了。
 
 注意在你的终端或者计算机屏幕可能被旁观者看到的场合，不要显示
 `kubernetes.io/service-account-token` 的内容。

content/zh-cn/docs/tasks/debug/debug-cluster/kubectl-node-debug.md

@@ -124,7 +124,8 @@ When creating a debugging session on a Node, keep in mind that:
 * Although the container runs in the host IPC, Network, and PID namespaces,
   the pod isn't privileged. This means that reading some process information might fail
   because access to that information is restricted to superusers. For example, `chroot /host` will fail.
-  If you need a privileged pod, create it manually.
+  If you need a privileged pod, create it manually or use the `--profile=sysadmin` flag.
+* By applying [Debugging Profiles](/docs/tasks/debug/debug-application/debug-running-pod/#debugging-profiles), you can set specific properties such as [securityContext](/docs/tasks/configure-pod-container/security-context/) to a debugging Pod.
 -->
 当在节点上创建一个调试会话时，需谨记：
 
@@ -132,7 +133,9 @@ When creating a debugging session on a Node, keep in mind that:
 * 节点的根文件系统将被挂载在 `/host`。
 * 尽管容器运行在主机 IPC、Network 和 PID 名字空间中，但 Pod 没有特权。
   这意味着读取某些进程信息可能会失败，这是因为访问这些信息仅限于超级用户 (superuser)。
-  例如，`chroot /host` 将失败。如果你需要一个有特权的 Pod，请手动创建。
+  例如，`chroot /host` 将失败。如果你需要一个有特权的 Pod，请手动创建或使用 `--profile=sysadmin` 标志。
+* 通过应用[调试配置](/zh-cn/docs/tasks/debug/debug-application/debug-running-pod/#debugging-profiles)，
+  你可以为调试 Pod 设置特定的属性，例如 [securityContext](/zh-cn/docs/tasks/configure-pod-container/security-context/)。
 
 ## {{% heading "cleanup" %}}
 

content/zh-cn/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions.md

@@ -2660,7 +2660,6 @@ may also be used with field selectors when included in the `spec.versions[*].sel
 -->
 #### 自定义资源的可选字段    {#crd-selectable-fields}
 
-{{< feature-state state="alpha" for_k8s_version="v1.30" >}}
 {{< feature-state feature_gate_name="CustomResourceFieldSelectors" >}}
 
 <!--