From 87f943cf8bd207084251460285d26706fc79a242 Mon Sep 17 00:00:00 2001
From: windsonsea <haifeng.yao@daocloud.io>
Date: Fri, 10 Nov 2023 18:15:22 +0800
Subject: [PATCH] [zh] Sync feature-gates.md

---
 .../feature-gates.md                          | 249 ++++++------------
 1 file changed, 86 insertions(+), 163 deletions(-)

diff --git a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates.md b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates.md
index 5ae43d503b..72e4f5bdba 100644
--- a/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates.md
+++ b/content/zh-cn/docs/reference/command-line-tools-reference/feature-gates.md
@@ -125,18 +125,18 @@ For a reference to old feature gates that are removed, please refer to
 | `CPUManagerPolicyBetaOptions` | `true` | Beta | 1.23 | |
 | `CPUManagerPolicyOptions` | `false` | Alpha | 1.22 | 1.22 |
 | `CPUManagerPolicyOptions` | `true` | Beta | 1.23 | |
-|  CRDValidationRatcheting | false | Alpha | 1.28 |
+| `CRDValidationRatcheting` | `false` | Alpha | 1.28 | |
 | `CSIMigrationPortworx` | `false` | Alpha | 1.23 | 1.24 |
 | `CSIMigrationPortworx` | `false` | Beta | 1.25 | |
 | `CSINodeExpandSecret` | `false` | Alpha | 1.25 | 1.26 |
 | `CSINodeExpandSecret` | `true` | Beta | 1.27 | |
 | `CSIVolumeHealth` | `false` | Alpha | 1.21 | |
-| `CloudControllerManagerWebhook` | false | Alpha | 1.27 | |
-| `CloudDualStackNodeIPs` | false | Alpha | 1.27 | |
-| `ClusterTrustBundle` | false | Alpha | 1.27 | |
+| `CloudControllerManagerWebhook` | `false` | Alpha | 1.27 | |
+| `CloudDualStackNodeIPs` | `false` | Alpha | 1.27 | |
+| `ClusterTrustBundle` | `false` | Alpha | 1.27 | |
 | `ComponentSLIs` | `false` | Alpha | 1.26 | 1.26 |
 | `ComponentSLIs` | `true` | Beta | 1.27 | |
-| `ConsistentListFromCache` | `false` | Alpha | 1.28 |
+| `ConsistentListFromCache` | `false` | Alpha | 1.28 | |
 | `ContainerCheckpoint` | `false` | Alpha | 1.25 | |
 | `ContextualLogging` | `false` | Alpha | 1.24 | |
 | `CronJobsScheduledAnnotation` | `true` | Beta | 1.28 | |
@@ -148,9 +148,9 @@ For a reference to old feature gates that are removed, please refer to
 | `DisableCloudProviders` | `false` | Alpha | 1.22 | |
 | `DisableKubeletCloudCredentialProviders` | `false` | Alpha | 1.23 | |
 | `DynamicResourceAllocation` | `false` | Alpha | 1.26 | |
-| `ElasticIndexedJob` | `true` | Beta` | 1.27 | |
+| `ElasticIndexedJob` | `true` | Beta | 1.27 | |
 | `EventedPLEG` | `false` | Alpha | 1.26 | 1.26 |
-| `EventedPLEG` | `false` | Beta | 1.27 | - |
+| `EventedPLEG` | `false` | Beta | 1.27 | |
 | `GracefulNodeShutdown` | `false` | Alpha | 1.20 | 1.20 |
 | `GracefulNodeShutdown` | `true` | Beta | 1.21 | |
 | `GracefulNodeShutdownBasedOnPodPriority` | `false` | Alpha | 1.23 | 1.23 |
@@ -263,7 +263,7 @@ For a reference to old feature gates that are removed, please refer to
 | `ValidatingAdmissionPolicy` | `false` | Alpha | 1.26 | 1.27 |
 | `ValidatingAdmissionPolicy` | `false` | Beta | 1.28 | |
 | `VolumeCapacityPriority` | `false` | Alpha | 1.21 | |
-| `WatchList` | false | Alpha | 1.27 | |
+| `WatchList` | `false` | Alpha | 1.27 | |
 | `WinDSR` | `false` | Alpha | 1.14 | |
 | `WinOverlay` | `false` | Alpha | 1.14 | 1.19 |
 | `WinOverlay` | `true` | Beta | 1.20 | |
@@ -421,7 +421,8 @@ A *Beta* feature means:
 **Beta** 特性代表：
 
 <!--
-* Usually enabled by default. Beta API groups are [disabled by default](https://github.com/kubernetes/enhancements/tree/master/keps/sig-architecture/3136-beta-apis-off-by-default).
+* Usually enabled by default. Beta API groups are
+  [disabled by default](https://github.com/kubernetes/enhancements/tree/master/keps/sig-architecture/3136-beta-apis-off-by-default).
 * The feature is well tested. Enabling the feature is considered safe.
 * Support for the overall feature will not be dropped, though details may change.
 * The schema and/or semantics of objects may change in incompatible ways in a
@@ -519,31 +520,14 @@ Each feature gate is designed for enabling/disabling a specific feature:
 - `AppArmor`：在 Linux 节点上为 Pod 启用 AppArmor 机制的强制访问控制。
   请参见 [AppArmor 教程](/zh-cn/docs/tutorials/security/apparmor/)获取详细信息。
 <!--
-- `ContainerCheckpoint`: Enables the kubelet `checkpoint` API.
-  See [Kubelet Checkpoint API](/docs/reference/node/kubelet-checkpoint-api/) for more details.
-- `ControllerManagerLeaderMigration`: Enables Leader Migration for
-  [kube-controller-manager](/docs/tasks/administer-cluster/controller-manager-leader-migration/#initial-leader-migration-configuration) and
-  [cloud-controller-manager](/docs/tasks/administer-cluster/controller-manager-leader-migration/#deploy-cloud-controller-manager)
-  which allows a cluster operator to live migrate
-  controllers from the kube-controller-manager into an external controller-manager
-  (e.g. the cloud-controller-manager) in an HA cluster without downtime.
--->
-- `ContainerCheckpoint`：启用 kubelet `checkpoint` API。
-  参阅 [Kubelet Checkpoint API](/zh-cn/docs/reference/node/kubelet-checkpoint-api/) 获取更多详细信息。
-- `ControllerManagerLeaderMigration`：为
-  [kube-controller-manager](/zh-cn/docs/tasks/administer-cluster/controller-manager-leader-migration/#initial-leader-migration-configuration) 和
-  [cloud-controller-manager](/zh-cn/docs/tasks/administer-cluster/controller-manager-leader-migration/#deploy-cloud-controller-manager)
-  启用 Leader 迁移，它允许集群管理者在没有停机的高可用集群环境下，实时把 kube-controller-manager
-  迁移到外部的 controller-manager (例如 cloud-controller-manager) 中。
-<!--
 - `CPUManager`: Enable container level CPU affinity support, see
   [CPU Management Policies](/docs/tasks/administer-cluster/cpu-management-policies/).
 - `CPUManagerPolicyAlphaOptions`: This allows fine-tuning of CPUManager policies,
-  experimental, Alpha-quality options
+  experimental, Alpha-quality options.
   This feature gate guards *a group* of CPUManager options whose quality level is alpha.
   This feature gate will never graduate to beta or stable.
 - `CPUManagerPolicyBetaOptions`: This allows fine-tuning of CPUManager policies,
-  experimental, Beta-quality options
+  experimental, Beta-quality options.
   This feature gate guards *a group* of CPUManager options whose quality level is beta.
   This feature gate will never graduate to stable.
 - `CPUManagerPolicyOptions`: Allow fine-tuning of CPUManager policies.
@@ -558,38 +542,6 @@ Each feature gate is designed for enabling/disabling a specific feature:
   此特性门控永远不会被升级为稳定版本。
 - `CPUManagerPolicyOptions`：允许微调 CPU 管理策略。
 <!--
-- `CSIInlineVolume`: Enable CSI Inline volumes support for pods.
-- `CSIMigration`: Enables shims and translation logic to route volume
-  operations from in-tree plugins to corresponding pre-installed CSI plugins
--->
-- `CSIInlineVolume`：为 Pod 启用 CSI 内联卷支持。
-- `CSIMigration`：确保封装和转换逻辑能够将卷操作从内嵌插件路由到相应的预安装 CSI 插件。
-<!--
-- `CSIMigrationAWS`: Enables shims and translation logic to route volume
-  operations from the AWS-EBS in-tree plugin to EBS CSI plugin. Supports
-  falling back to in-tree EBS plugin for mount operations to nodes that have
-  the feature disabled or that do not have EBS CSI plugin installed and
-  configured. Does not support falling back for provision operations, for those
-  the CSI plugin must be installed and configured.
--->
-- `CSIMigrationAWS`：确保填充和转换逻辑能够将卷操作从 AWS-EBS 内嵌插件路由到 EBS CSI 插件。
-  如果节点禁用了此特性门控或者未安装和配置 EBS CSI 插件，支持回退到内嵌 EBS 插件来执行卷挂载操作。
-  不支持回退到这些插件来执行卷制备操作，因为需要安装并配置 CSI 插件。
-<!--
-- `CSIMigrationAzureDisk`: Enables shims and translation logic to route volume
-  operations from the Azure-Disk in-tree plugin to AzureDisk CSI plugin.
-  Supports falling back to in-tree AzureDisk plugin for mount operations to
-  nodes that have the feature disabled or that do not have AzureDisk CSI plugin
-  installed and configured. Does not support falling back for provision
-  operations, for those the CSI plugin must be installed and configured.
-  Requires CSIMigration feature flag enabled.
--->
-- `CSIMigrationAzureDisk`：确保填充和转换逻辑能够将卷操作从 AzureDisk 内嵌插件路由到
-  Azure 磁盘 CSI 插件。对于禁用了此特性的节点或者没有安装并配置 AzureDisk CSI
-  插件的节点，支持回退到内嵌（in-tree）AzureDisk 插件来执行磁盘挂载操作。
-  不支持回退到内嵌插件来执行磁盘制备操作，因为对应的 CSI 插件必须已安装且正确配置。
-  此特性需要启用 CSIMigration 特性标志。
-<!--
 - `CSIMigrationAzureFile`: Enables shims and translation logic to route volume
   operations from the Azure-File in-tree plugin to AzureFile CSI plugin.
   Supports falling back to in-tree AzureFile plugin for mount operations to
@@ -653,7 +605,7 @@ Each feature gate is designed for enabling/disabling a specific feature:
 -->
 - `CloudControllerManagerWebhook`：启用在云控制器管理器中的 Webhook。
 - `CloudDualStackNodeIPs`：允许在外部云驱动中通过 `kubelet --node-ip` 设置双协议栈。
-   有关详细信息，请参阅[配置 IPv4/IPv6 双协议栈](/zh-cn/docs/concepts/services-networking/dual-stack/#configure-ipv4-ipv6-dual-stack)。
+  有关详细信息，请参阅[配置 IPv4/IPv6 双协议栈](/zh-cn/docs/concepts/services-networking/dual-stack/#configure-ipv4-ipv6-dual-stack)。
 - `ClusterTrustBundle`：启用 ClusterTrustBundle 对象和 kubelet 集成。
 <!--
 - `ComponentSLIs`: Enable the `/metrics/slis` endpoint on Kubernetes components like
@@ -665,11 +617,11 @@ Each feature gate is designed for enabling/disabling a specific feature:
 - `ContainerCheckpoint`: Enables the kubelet `checkpoint` API.
   See [Kubelet Checkpoint API](/docs/reference/node/kubelet-checkpoint-api/) for more details.
 - `ContextualLogging`: When you enable this feature gate, Kubernetes components that support
-   contextual logging add extra detail to log output.
+  contextual logging add extra detail to log output.
 - `CronJobsScheduledAnnotation`: Set the scheduled job time as an
   {{< glossary_tooltip text="annotation" term_id="annotation" >}} on Jobs that were created
   on behalf of a CronJob.
-- `CronJobTimeZone`: Allow the use of the `timeZone` optional field in [CronJobs](/docs/concepts/workloads/controllers/cron-jobs/)
+- `CronJobTimeZone`: Allow the use of the `timeZone` optional field in [CronJobs](/docs/concepts/workloads/controllers/cron-jobs/).
 -->
 - `ComponentSLIs`: 在 kubelet、kube-scheduler、kube-proxy、kube-controller-manager、cloud-controller-manager
   等 Kubernetes 组件上启用 `/metrics/slis` 端点，从而允许你抓取健康检查指标。
@@ -684,12 +636,13 @@ Each feature gate is designed for enabling/disabling a specific feature:
 - `CronJobTimeZone`：允许在 [CronJobs](/zh-cn/docs/concepts/workloads/controllers/cron-jobs/)
   中使用 `timeZone` 可选字段。
 <!--
-- `CRDValidationRatcheting`: Enable updates to custom resources to contain 
-   violations of their OpenAPI schema if the offending portions of the resource
-   update did not change. See [Validation Ratcheting](/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#validation-ratcheting) for more details.
+- `CRDValidationRatcheting`: Enable updates to custom resources to contain
+  violations of their OpenAPI schema if the offending portions of the resource
+  update did not change. See [Validation Ratcheting](/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#validation-ratcheting)
+  for more details.
 - `CrossNamespaceVolumeDataSource`: Enable the usage of cross namespace volume data source
-   to allow you to specify a source namespace in the `dataSourceRef` field of a
-   PersistentVolumeClaim.
+  to allow you to specify a source namespace in the `dataSourceRef` field of a
+  PersistentVolumeClaim.
 - `CustomCPUCFSQuotaPeriod`: Enable nodes to change `cpuCFSQuotaPeriod` in
   [kubelet config](/docs/tasks/administer-cluster/kubelet-config-file/).
 - `CustomResourceValidationExpressions`: Enable expression language validation in CRD
@@ -733,7 +686,6 @@ Each feature gate is designed for enabling/disabling a specific feature:
   to authenticate to a cloud provider container registry for image pull credentials.
 - `DownwardAPIHugePages`: Enables usage of hugepages in
   [downward API](/docs/tasks/inject-data-application/downward-api-volume-expose-pod-information).
-- `DynamicResourceAllocation`: Enables support for resources with custom parameters and a lifecycle
 -->
 - `DisableCloudProviders`：禁用 `kube-apiserver`，`kube-controller-manager` 和
   `kubelet` 组件的 `--cloud-provider` 标志相关的所有功能。
@@ -742,9 +694,8 @@ Each feature gate is designed for enabling/disabling a specific feature:
 - `DownwardAPIHugePages`：
   允许在[下行（Downward）API](/zh-cn/docs/tasks/inject-data-application/downward-api-volume-expose-pod-information)
   中使用巨页信息。
-- `DynamicResourceAllocation`：启用对具有自定义参数和生命周期的资源的支持。
 <!--
-- `DynamicResourceAllocation": Enables support for resources with custom parameters and a lifecycle
+- `DynamicResourceAllocation`: Enables support for resources with custom parameters and a lifecycle
   that is independent of a Pod.
 - `ElasticIndexedJob`: Enables Indexed Jobs to be scaled up or down by mutating both
   `spec.completions` and `spec.parallelism` together such that `spec.completions == spec.parallelism`.
@@ -760,9 +711,6 @@ Each feature gate is designed for enabling/disabling a specific feature:
 - `EfficientWatchResumption`：允许将存储发起的书签（进度通知）事件传递给用户。
   这仅适用于监视操作。
 <!--
-- `EphemeralContainers`: Enable the ability to add
-  {{< glossary_tooltip text="ephemeral containers" term_id="ephemeral-container" >}}
-  to running pods.
 - `EventedPLEG`: Enable support for the kubelet to receive container life cycle events from the
   {{< glossary_tooltip text="container runtime" term_id="container-runtime" >}} via
   an extension to {{<glossary_tooltip term_id="cri" text="CRI">}}.
@@ -776,9 +724,6 @@ Each feature gate is designed for enabling/disabling a specific feature:
   now-corrected fault where Kubernetes ignored exec probe timeouts. See
   [readiness probes](/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes).
 -->
-- `EphemeralContainers`：启用添加
-  {{< glossary_tooltip text="临时容器" term_id="ephemeral-container" >}}
-  到正在运行的 Pod 的特性。
 - `EventedPLEG`：启用此特性后，kubelet 能够通过 {{<glossary_tooltip term_id="cri" text="CRI">}}
   扩展从{{< glossary_tooltip text="容器运行时" term_id="container-runtime" >}}接收容器生命周期事件。
   （PLEG 是 `Pod lifecycle event generator` 的缩写，即 Pod 生命周期事件生成器）。
@@ -789,25 +734,15 @@ Each feature gate is designed for enabling/disabling a specific feature:
   该缺陷导致 Kubernetes 会忽略 exec 探针的超时值设置。
   参阅[就绪态探针](/zh-cn/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes).
 <!--
-- `ExpandCSIVolumes`: Enable the expanding of CSI volumes.
 - `ExpandedDNSConfig`: Enable kubelet and kube-apiserver to allow more DNS
   search paths and longer list of DNS search paths. This feature requires container
-  runtime support(Containerd: v1.5.6 or higher, CRI-O: v1.22 or higher). See
+  runtime support (containerd: v1.5.6 or higher, CRI-O: v1.22 or higher). See
   [Expanded DNS Configuration](/docs/concepts/services-networking/dns-pod-service/#expanded-dns-configuration).
-- `ExpandInUsePersistentVolumes`: Enable expanding in-use PVCs. See
-  [Resizing an in-use PersistentVolumeClaim](/docs/concepts/storage/persistent-volumes/#resizing-an-in-use-persistentvolumeclaim).
-- `ExpandPersistentVolumes`: Enable the expanding of persistent volumes. See
-  [Expanding Persistent Volumes Claims](/docs/concepts/storage/persistent-volumes/#expanding-persistent-volumes-claims).
 -->
-- `ExpandCSIVolumes`：启用扩展 CSI 卷。
 - `ExpandedDNSConfig`：在 kubelet 和 kube-apiserver 上启用后，
   允许使用更多的 DNS 搜索域和搜索域列表。此功能特性需要容器运行时
-  （Containerd：v1.5.6 或更高，CRI-O：v1.22 或更高）的支持。
+  （containerd v1.5.6 或更高，CRI-O v1.22 或更高）的支持。
   参阅[扩展 DNS 配置](/zh-cn/docs/concepts/services-networking/dns-pod-service/#expanded-dns-configuration).
-- `ExpandInUsePersistentVolumes`：启用扩充使用中的 PVC 的尺寸。
-  请查阅[调整使用中的 PersistentVolumeClaim 的大小](/zh-cn/docs/concepts/storage/persistent-volumes/#resizing-an-in-use-persistentvolumeclaim)。
-- `ExpandPersistentVolumes`：允许扩充持久卷。
-  请查阅[扩展持久卷申领](/zh-cn/docs/concepts/storage/persistent-volumes/#expanding-persistent-volumes-claims)。
 <!--
 - `ExperimentalHostUserNamespaceDefaulting`: Enabling the defaulting user
   namespace to host. This is for containers that are using other host namespaces,
@@ -830,7 +765,7 @@ Each feature gate is designed for enabling/disabling a specific feature:
 <!--
 - `GracefulNodeShutdownBasedOnPodPriority`: Enables the kubelet to check Pod priorities
   when shutting down a node gracefully.
-- `GRPCContainerProbe`: Enables the gRPC probe method for {Liveness,Readiness,Startup}Probe.
+- `GRPCContainerProbe`: Enables the gRPC probe method for liveness, readiness and startup probes.
   See [Configure Liveness, Readiness and Startup Probes](/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-a-grpc-liveness-probe).
 - `HonorPVReclaimPolicy`: Honor persistent volume reclaim policy when it is `Delete` irrespective of PV-PVC deletion ordering.
   For more details, check the
@@ -839,7 +774,7 @@ Each feature gate is designed for enabling/disabling a specific feature:
 -->
 - `GracefulNodeShutdownBasedOnPodPriority`：允许 kubelet 在体面终止节点时检查
   Pod 的优先级。
-- `GRPCContainerProbe`：为 LivenessProbe、ReadinessProbe、StartupProbe 启用 gRPC 探针。
+- `GRPCContainerProbe`：为活跃态、就绪态和启动探针启用 gRPC 探针。
   参阅[配置活跃态、就绪态和启动探针](/zh-cn/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-a-grpc-liveness-probe)。
 - `HonorPVReclaimPolicy`：无论 PV 和 PVC 的删除顺序如何，当持久卷申领的策略为 `Delete`
   时，确保这种策略得到处理。
@@ -860,10 +795,6 @@ Each feature gate is designed for enabling/disabling a specific feature:
 - `IPTablesOwnershipCleanup`：这使得 kubelet 不再创建传统的 iptables 规则。
 - `InPlacePodVerticalScaling`：启用就地 Pod 垂直扩缩。
 <!--
-- `IdentifyPodOS`: Allows the Pod OS field to be specified. This helps in identifying
-  the OS of the pod authoritatively during the API server admission time.
-  In Kubernetes {{< skew currentVersion >}}, the allowed values for the `pod.spec.os.name`
-  are `windows` and `linux`.
 - `InTreePluginAWSUnregister`: Stops registering the aws-ebs in-tree plugin in kubelet
   and volume controllers.
 - `InTreePluginAzureDiskUnregister`: Stops registering the azuredisk in-tree plugin in kubelet
@@ -871,14 +802,6 @@ Each feature gate is designed for enabling/disabling a specific feature:
 - `InTreePluginAzureFileUnregister`: Stops registering the azurefile in-tree plugin in kubelet
   and volume controllers.
 -->
-- `IdentifyPodOS`：允许设置 Pod 的 OS 字段。这一设置有助于在 API 服务器准入期间确定性地辨识
-  Pod 的 OS。在 Kubernetes {{< skew currentVersion >}} 中，`pod.spec.os.name` 可选的值包括
-  `windows` 和 `linux`。
-- `ImmutableEphemeralVolumes`：允许将各个 Secret 和 ConfigMap 标记为不可变更的，
-  以提高安全性和性能。
-- `IngressClassNamespacedParams`：允许在 `IngressClass` 资源中使用名字空间范围的参数引用。
-  此功能为 `IngressClass.spec.parameters` 添加了两个字段 - `scope` 和 `namespace`。
-- `Initializers`：允许使用 Intializers 准入插件来异步协调对象创建操作。
 - `InTreePluginAWSUnregister`：在 kubelet 和卷控制器上关闭注册 aws-ebs 内嵌插件。
 - `InTreePluginAzureDiskUnregister`：在 kubelet 和卷控制器上关闭注册 azuredisk 内嵌插件。
 - `InTreePluginAzureFileUnregister`：在 kubelet 和卷控制器上关闭注册 azurefile 内嵌插件。
@@ -899,68 +822,62 @@ Each feature gate is designed for enabling/disabling a specific feature:
 <!--
 - `InTreePluginvSphereUnregister`: Stops registering the vSphere in-tree plugin in kubelet
   and volume controllers.
-- `IndexedJob`: Allows the [Job](/docs/concepts/workloads/controllers/job/)
-  controller to manage Pod completions per completion index.
-- `IngressClassNamespacedParams`: Allow namespace-scoped parameters reference in
-  `IngressClass` resource. This feature adds two fields - `Scope` and `Namespace`
-  to `IngressClass.spec.parameters`.
-- `Initializers`: Allow asynchronous coordination of object creation using the
-  Initializers admission plugin.
 -->
 - `InTreePluginvSphereUnregister`：在 kubelet 和卷控制器上关闭注册 vSphere 内嵌插件。
-- `IndexedJob`：允许 [Job](/zh-cn/docs/concepts/workloads/controllers/job/)
-  控制器根据完成索引来管理 Pod 完成。
-- `IngressClassNamespacedParams`：允许在 `IngressClass` 资源中引用名字空间范围的参数。
-  该特性增加了两个字段 —— `scope`、`namespace` 到 `IngressClass.spec.parameters`。
-- `Initializers`： 使用 Initializers 准入插件允许异步协调对象创建。
 <!--
 - `JobMutableNodeSchedulingDirectives`: Allows updating node scheduling directives in
-  the pod template of [Job](/docs/concepts/workloads/controllers/job).
+  the pod template of [Job](/docs/concepts/workloads/controllers/job/).
 - `JobBackoffLimitPerIndex`: Allows specifying the maximal number of pod
   retries per index in Indexed jobs.
 - `JobPodFailurePolicy`: Allow users to specify handling of pod failures based on container
   exit codes and pod conditions.
-- `JobPodReplacementPolicy`: Allows you to specify pod replacement for terminating pods in a [Job](/docs/concepts/workloads/controllers/job)
+- `JobPodReplacementPolicy`: Allows you to specify pod replacement for terminating pods in a
+  [Job](/docs/concepts/workloads/controllers/job/).
 - `JobReadyPods`: Enables tracking the number of Pods that have a `Ready`
   [condition](/docs/concepts/workloads/pods/pod-lifecycle/#pod-conditions).
   The count of `Ready` pods is recorded in the
   [status](/docs/reference/kubernetes-api/workload-resources/job-v1/#JobStatus)
-  of a [Job](/docs/concepts/workloads/controllers/job) status.
+  of a [Job](/docs/concepts/workloads/controllers/job/) status.
 -->
-- `JobMutableNodeSchedulingDirectives`：允许在 [Job](/zh-cn/docs/concepts/workloads/controllers/job)
+- `JobMutableNodeSchedulingDirectives`：允许在 [Job](/zh-cn/docs/concepts/workloads/controllers/job/)
   的 Pod 模板中更新节点调度指令。
 - `JobBackoffLimitPerIndex`：允许在索引作业中指定每个索引的最大 Pod 重试次数。
 - `JobPodFailurePolicy`：允许用户根据容器退出码和 Pod 状况来指定 Pod 失效的处理方法。
-- `JobPodReplacementPolicy`：允许你在 [Job](/zh-cn/docs/concepts/workloads/controllers/job)
+- `JobPodReplacementPolicy`：允许你在 [Job](/zh-cn/docs/concepts/workloads/controllers/job/)
   中为终止的 Pod 指定替代 Pod。
 - `JobReadyPods`：允许跟踪[状况](/zh-cn/docs/concepts/workloads/pods/pod-lifecycle/#pod-conditions)为
   `Ready` 的 Pod 的个数。`Ready` 的 Pod 记录在
-  [Job](/zh-cn/docs/concepts/workloads/controllers/job) 对象的
+  [Job](/zh-cn/docs/concepts/workloads/controllers/job/) 对象的
   [status](/zh-cn/docs/reference/kubernetes-api/workload-resources/job-v1/#JobStatus) 字段中。
 <!--
-- `JobTrackingWithFinalizers`: Enables tracking [Job](/docs/concepts/workloads/controllers/job)
+- `JobTrackingWithFinalizers`: Enables tracking [Job](/docs/concepts/workloads/controllers/job/)
   completions without relying on Pods remaining in the cluster indefinitely.
   The Job controller uses Pod finalizers and a field in the Job status to keep
   track of the finished Pods to count towards completion.
 -->
-- `JobTrackingWithFinalizers`：启用跟踪 [Job](/zh-cn/docs/concepts/workloads/controllers/job)
+- `JobTrackingWithFinalizers`：启用跟踪 [Job](/zh-cn/docs/concepts/workloads/controllers/job/)
   完成情况，而不是永远从集群剩余 Pod 来获取信息判断完成情况。Job 控制器使用
   Pod finalizers 和 Job 状态中的一个字段来跟踪已完成的 Pod 以计算完成。
 <!--
-- `KMSv1`: Enables KMS v1 API for encryption at rest. See [Using a KMS Provider for data encryption](/docs/tasks/administer-cluster/kms-provider) for more details.
-- `KMSv2`: Enables KMS v2 API for encryption at rest. See [Using a KMS Provider for data encryption](/docs/tasks/administer-cluster/kms-provider) for more details.
+- `KMSv1`: Enables KMS v1 API for encryption at rest. See
+  [Using a KMS Provider for data encryption](/docs/tasks/administer-cluster/kms-provider/)
+  for more details.
+- `KMSv2`: Enables KMS v2 API for encryption at rest. See
+  [Using a KMS Provider for data encryption](/docs/tasks/administer-cluster/kms-provider/)
+  for more details.
 - `KMSv2KDF`: Enables KMS v2 to generate single use data encryption keys.
-  See [Using a KMS Provider for data encryption](/docs/tasks/administer-cluster/kms-provider) for more details.
-  If the `KMSv2` feature gate is not enabled in your cluster, the value of the `KMSv2KDF` feature gate has no effect.
+  See [Using a KMS Provider for data encryption](/docs/tasks/administer-cluster/kms-provider/)
+  for more details. If the `KMSv2` feature gate is not enabled in your cluster, the value of
+  the `KMSv2KDF` feature gate has no effect.
 - `KubeProxyDrainingTerminatingNodes`: Implement connection draining for
   terminating nodes for `externalTrafficPolicy: Cluster` services.
 -->
 - `KMSv1`：启用 KMS v1 API 以进行数据静态加密。
-  详情参见[使用 KMS 提供程序进行数据加密](/zh-cn/docs/tasks/administer-cluster/kms-provider)。
+  详情参见[使用 KMS 提供程序进行数据加密](/zh-cn/docs/tasks/administer-cluster/kms-provider/)。
 - `KMSv2`：启用 KMS v2 API 以实现静态加密。
-  详情参见[使用 KMS 驱动进行数据加密](/zh-cn/docs/tasks/administer-cluster/kms-provider)。
+  详情参见[使用 KMS 驱动进行数据加密](/zh-cn/docs/tasks/administer-cluster/kms-provider/)。
 - `KMSv2KDF`：启用 KMS v2 以生成一次性数据加密密钥。
-  详情参见[使用 KMS 提供程序进行数据加密](/zh-cn/docs/tasks/administer-cluster/kms-provider)。
+  详情参见[使用 KMS 提供程序进行数据加密](/zh-cn/docs/tasks/administer-cluster/kms-provider/)。
   如果 `KMSv2` 特性门控在你的集群未被启用 ，则 `KMSv2KDF` 特性门控的值不会产生任何影响。
 - `KubeProxyDrainingTerminatingNodes`：为 `externalTrafficPolicy: Cluster` 服务实现正终止节点的连接排空。
 <!--
@@ -973,7 +890,7 @@ Each feature gate is designed for enabling/disabling a specific feature:
   line argument). If you enable this feature gate and the container runtime
   doesn't support it, the kubelet falls back to using the driver configured using
   the `cgroupDriver` configuration setting.
-  See [Configuring a cgroup driver](/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver)
+  See [Configuring a cgroup driver](/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver/)
   for more details.
 -->
 - `KubeletCgroupDriverFromCRI`：启用检测来自 {{<glossary_tooltip term_id="cri" text="CRI">}}
@@ -981,7 +898,7 @@ Each feature gate is designed for enabling/disabling a specific feature:
   也可以在支持 `RuntimeConfig` CRI 调用的 CRI 容器运行时所在节点上使用此特性门控。
   如果 CRI 和 kubelet 都支持此特性，kubelet 将忽略 `cgroupDriver` 配置设置（或已弃用的 `--cgroup-driver` 命令行参数）。
   如果你启用此特性门控但容器运行时不支持它，则 kubelet 将回退到使用通过 `cgroupDriver` 配置设置进行配置的驱动。
-  详情参见[配置 cgroup 驱动](/zh-cn/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver)。
+  详情参见[配置 cgroup 驱动](/zh-cn/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver/)。
 <!--
 - `KubeletInUserNamespace`: Enables support for running kubelet in a
   {{<glossary_tooltip text="user namespace" term_id="userns">}}.
@@ -997,7 +914,7 @@ Each feature gate is designed for enabling/disabling a specific feature:
   This API augments the [resource allocation reporting](/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/#monitoring-device-plugin-resources).
 - `KubeletPodResourcesGetAllocatable`: Enable the kubelet's pod resources
   `GetAllocatableResources` functionality. This API augments the
-  [resource allocation reporting](/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/#monitoring-device-plugin-resources)
+  [resource allocation reporting](/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/#monitoring-device-plugin-resources).
 -->
 - `KubeletPodResources`：启用 kubelet 上 Pod 资源 GRPC 端点。更多详细信息，
   请参见[支持设备监控](https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/compute-device-assignment.md)。
@@ -1007,15 +924,16 @@ Each feature gate is designed for enabling/disabling a specific feature:
   该 API 增强了[资源分配报告](/zh-cn/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/#monitoring-device-plugin-resources)
   包含有关可分配资源的信息，使客户端能够正确跟踪节点上的可用计算资源。
 <!--
-- `KubeletPodResourcesDynamicResources`: Extend the kubelet's pod resources gRPC endpoint to
+- `KubeletPodResourcesDynamicResources`: Extend the kubelet's pod resources gRPC endpoint
   to include resources allocated in `ResourceClaims` via `DynamicResourceAllocation` API.
-  See [resource allocation reporting](/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/#monitoring-device-plugin-resources) for more details.
-  with informations about the allocatable resources, enabling clients to properly
+  See [resource allocation reporting](/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/#monitoring-device-plugin-resources)
+  for more details. with informations about the allocatable resources, enabling clients to properly
   track the free compute resources on a node.
 - `KubeletTracing`: Add support for distributed tracing in the kubelet.
   When enabled, kubelet CRI interface and authenticated http servers are instrumented to generate
   OpenTelemetry trace spans.
-  See [Traces for Kubernetes System Components](/docs/concepts/cluster-administration/system-traces) for more details.
+  See [Traces for Kubernetes System Components](/docs/concepts/cluster-administration/system-traces/)
+  for more details.
 - `LegacyServiceAccountTokenNoAutoGeneration`: Stop auto-generation of Secret-based
   [service account tokens](/docs/concepts/security/service-accounts/#get-a-token).
 - `LegacyServiceAccountTokenCleanUp`: Enable cleaning up Secret-based
@@ -1024,8 +942,9 @@ Each feature gate is designed for enabling/disabling a specific feature:
 - `LegacyServiceAccountTokenTracking`: Track usage of Secret-based
   [service account tokens](/docs/concepts/security/service-accounts/#get-a-token).
 -->
-- `KubeletPodResourcesDynamicResources`：扩展 kubelet 的 pod 资源 gRPC 端点以包括通过 `DynamicResourceAllocation` API 在 `ResourceClaims` 中分配的资源。
-   有关详细信息，请参阅[资源分配报告](/zh-cn/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/#monitoring-device-plugin-resources)。
+- `KubeletPodResourcesDynamicResources`：扩展 kubelet 的 pod 资源 gRPC 端点以包括通过
+  `DynamicResourceAllocation` API 在 `ResourceClaims` 中分配的资源。
+  有关详细信息，请参阅[资源分配报告](/zh-cn/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/#monitoring-device-plugin-resources)。
 - `KubeletTracing`：新增在 Kubelet 中对分布式追踪的支持。
   启用时，kubelet CRI 接口和经身份验证的 http 服务器被插桩以生成 OpenTelemetry 追踪 span。
   参阅[针对 Kubernetes 系统组件的追踪](/zh-cn/docs/concepts/cluster-administration/system-traces/)
@@ -1037,10 +956,6 @@ Each feature gate is designed for enabling/disabling a specific feature:
 - `LegacyServiceAccountTokenTracking`：跟踪使用基于 Secret
   的[服务账号令牌](/zh-cn/docs/concepts/security/service-accounts/#get-a-token)。
 <!--
-- `LocalStorageCapacityIsolation`: Enable the consumption of
-  [local ephemeral storage](/docs/concepts/configuration/manage-resources-containers/)
-  and also the `sizeLimit` property of an
-  [emptyDir volume](/docs/concepts/storage/volumes/#emptydir).
 - `LocalStorageCapacityIsolationFSQuotaMonitoring`: When `LocalStorageCapacityIsolation`
   is enabled for
   [local ephemeral storage](/docs/concepts/configuration/manage-resources-containers/)
@@ -1049,9 +964,6 @@ Each feature gate is designed for enabling/disabling a specific feature:
   [emptyDir volume](/docs/concepts/storage/volumes/#emptydir) storage consumption rather than
   filesystem walk for better performance and accuracy.
 -->
-- `LocalStorageCapacityIsolation`：允许使用
-  [本地临时存储](/zh-cn/docs/concepts/configuration/manage-resources-containers/)
-  以及 [emptyDir 卷](/zh-cn/docs/concepts/storage/volumes/#emptydir)的 `sizeLimit` 属性。
 - `LocalStorageCapacityIsolationFSQuotaMonitoring`：如果
   [本地临时存储](/zh-cn/docs/concepts/configuration/manage-resources-containers/)启用了
   `LocalStorageCapacityIsolation`，并且
@@ -1132,16 +1044,17 @@ Each feature gate is designed for enabling/disabling a specific feature:
 <!--
 - `NodeOutOfServiceVolumeDetach`: When a Node is marked out-of-service using the
   `node.kubernetes.io/out-of-service` taint, Pods on the node will be forcefully deleted
-   if they can not tolerate this taint, and the volume detach operations for Pods terminating
-   on the node will happen immediately. The deleted Pods can recover quickly on different nodes.
+  if they can not tolerate this taint, and the volume detach operations for Pods terminating
+  on the node will happen immediately. The deleted Pods can recover quickly on different nodes.
 - `NodeSwap`: Enable the kubelet to allocate swap memory for Kubernetes workloads on a node.
   Must be used with `KubeletConfiguration.failSwapOn` set to false.
-  For more details, please see [swap memory](/docs/concepts/architecture/nodes/#swap-memory)
+  For more details, please see [swap memory](/docs/concepts/architecture/nodes/#swap-memory).
 - `OpenAPIEnums`: Enables populating "enum" fields of OpenAPI schemas in the
   spec returned from the API server.
 - `OpenAPIV3`: Enables the API server to publish OpenAPI v3.
-- `PDBUnhealthyPodEvictionPolicy`: Enables the `unhealthyPodEvictionPolicy` field of a `PodDisruptionBudget`. This specifies
-  when unhealthy pods should be considered for eviction. Please see [Unhealthy Pod Eviction Policy](/docs/tasks/run-application/configure-pdb/#unhealthy-pod-eviction-policy)
+- `PDBUnhealthyPodEvictionPolicy`: Enables the `unhealthyPodEvictionPolicy` field of a `PodDisruptionBudget`.
+  This specifies when unhealthy pods should be considered for eviction. Please see
+  [Unhealthy Pod Eviction Policy](/docs/tasks/run-application/configure-pdb/#unhealthy-pod-eviction-policy)
   for more details.
 -->
 - `NodeOutOfServiceVolumeDetach`：当使用 `node.kubernetes.io/out-of-service`
@@ -1158,11 +1071,13 @@ Each feature gate is designed for enabling/disabling a specific feature:
 <!--
 - `PersistentVolumeLastPhaseTransitionTime`: Adds a new field to PersistentVolume
   which holds a timestamp of when the volume last transitioned its phase.
-- `PodAndContainerStatsFromCRI`: Configure the kubelet to gather container and pod stats from the CRI container runtime rather than gathering them from cAdvisor.
-  As of 1.26, this also includes gathering metrics from CRI and emitting them over `/metrics/cadvisor` (rather than having cAdvisor emit them directly).
+- `PodAndContainerStatsFromCRI`: Configure the kubelet to gather container and pod stats from the
+  CRI container runtime rather than gathering them from cAdvisor. As of 1.26, this also includes
+  gathering metrics from CRI and emitting them over `/metrics/cadvisor` (rather than having cAdvisor emit them directly).
 - `PodDeletionCost`: Enable the [Pod Deletion Cost](/docs/concepts/workloads/controllers/replicaset/#pod-deletion-cost)
-   feature which allows users to influence ReplicaSet downscaling order.
-- `PodDisruptionConditions`: Enables support for appending a dedicated pod condition indicating that the pod is being deleted due to a disruption.
+  feature which allows users to influence ReplicaSet downscaling order.
+- `PodDisruptionConditions`: Enables support for appending a dedicated pod condition indicating that
+  the pod is being deleted due to a disruption.
 -->
 - `PersistentVolumeLastPhaseTransitionTime`：为 PersistentVolume 添加一个新字段，用于保存卷上一次转换阶段的时间戳。
 - `PodAndContainerStatsFromCRI`：配置 kubelet 从 CRI 容器运行时中而不是从 cAdvisor 中采集容器和 Pod 统计信息。
@@ -1173,7 +1088,10 @@ Each feature gate is designed for enabling/disabling a specific feature:
 <!--
 - `PodHostIPs`: Enable the `status.hostIPs` field for pods and the {{< glossary_tooltip term_id="downward-api" text="downward API" >}}.
   The field lets you expose host IP addresses to workloads.
-- `PodIndexLabel`: Enables the Job controller and StatefulSet controller to add the pod index as a label when creating new pods. See [Job completion mode docs](/docs/concepts/workloads/controllers/job#completion-mode) and [StatefulSet pod index label docs](/docs/concepts/workloads/controllers/statefulset/#pod-index-label) for more details.
+- `PodIndexLabel`: Enables the Job controller and StatefulSet controller to add the pod index as a label
+  when creating new pods. See [Job completion mode docs](/docs/concepts/workloads/controllers/job/#completion-mode)
+  and [StatefulSet pod index label docs](/docs/concepts/workloads/controllers/statefulset/#pod-index-label)
+  for more details.
 - `PodReadyToStartContainersCondition`: Enable the kubelet to mark the [PodReadyToStartContainers](/docs/concepts/workloads/pods/pod-lifecycle/#pod-has-network)
   condition on pods. This was previously (1.25-1.27) known as `PodHasNetworkCondition`.
 -->
@@ -1186,9 +1104,10 @@ Each feature gate is designed for enabling/disabling a specific feature:
   [PodReadyToStartContainers](/zh-cn/docs/concepts/workloads/pods/pod-lifecycle/#pod-has-network) 状况。
   此前（1.25-1.27 版本）称为 `PodHasNetworkCondition`。
 <!--
-- `PodSchedulingReadiness`: Enable setting `schedulingGates` field to control a Pod's [scheduling readiness](/docs/concepts/scheduling-eviction/pod-scheduling-readiness).
+- `PodSchedulingReadiness`: Enable setting `schedulingGates` field to control a Pod's
+  [scheduling readiness](/docs/concepts/scheduling-eviction/pod-scheduling-readiness/).
 -->
-- `PodSchedulingReadiness`：启用设置 `schedulingGates` 字段以控制 Pod 的[调度就绪](/zh-cn/docs/concepts/scheduling-eviction/pod-scheduling-readiness)。
+- `PodSchedulingReadiness`：启用设置 `schedulingGates` 字段以控制 Pod 的[调度就绪](/zh-cn/docs/concepts/scheduling-eviction/pod-scheduling-readiness/)。
 <!--
 - `ProbeTerminationGracePeriod`: Enable [setting probe-level
   `terminationGracePeriodSeconds`](/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#probe-level-terminationgraceperiodseconds)
@@ -1264,8 +1183,10 @@ Each feature gate is designed for enabling/disabling a specific feature:
   有助于减少无效的重新排队。调度器会在集群中发生可能导致 Pod 被重新调度的变化时，
   尝试重新进行 Pod 的调度。排队提示是一些内部信号，
   用于帮助调度器基于先前的调度尝试来筛选集群中与未调度的 Pod 相关的变化。
-
 <!--
+- `SeccompDefault`: Enables the use of `RuntimeDefault` as the default seccomp profile
+  for all workloads.
+  The seccomp profile is specified in the `securityContext` of a Pod and/or a Container.
 - `SecurityContextDeny`: This gate signals that the `SecurityContextDeny` admission controller is deprecated.
 - `ServerSideApply`: Enables the [Sever Side Apply (SSA)](/docs/reference/using-api/server-side-apply/)
   feature on the API Server.
@@ -1273,6 +1194,8 @@ Each feature gate is designed for enabling/disabling a specific feature:
   of resource schema is performed at the API server side rather than the client side
   (for example, the `kubectl create` or `kubectl apply` command line).
 -->
+- `SeccompDefault`：启用 `RuntimeDefault` 作为所有工作负载的默认 seccomp 配置文件。
+  此 seccomp 配置文件在 Pod 和/或 Container 的 `securityContext` 中被指定。
 - `SecurityContextDeny`: 此门控表示 `SecurityContextDeny` 准入控制器已弃用。
 - `ServerSideApply`：在 API 服务器上启用[服务器端应用（SSA）](/zh-cn/docs/reference/using-api/server-side-apply/)。
 - `ServerSideFieldValidation`：启用服务器端字段验证。
@@ -1316,9 +1239,8 @@ Each feature gate is designed for enabling/disabling a specific feature:
 - `StorageVersionHash`：允许 API 服务器在版本发现中公开存储版本的哈希值。
 <!--
 - `TopologyAwareHints`: Enables topology aware routing based on topology hints
-  in EndpointSlices. See [Topology Aware
-  Hints](/docs/concepts/services-networking/topology-aware-hints/) for more
-  details.
+  in EndpointSlices. See [Topology Aware Hints](/docs/concepts/services-networking/topology-aware-hints/)
+  for more details.
 - `TopologyManager`: Enable a mechanism to coordinate fine-grained hardware resource
   assignments for different components in Kubernetes. See
   [Control Topology Management Policies on a node](/docs/tasks/administer-cluster/topology-manager/).
@@ -1355,7 +1277,8 @@ Each feature gate is designed for enabling/disabling a specific feature:
 - `UserNamespacesSupport`：为 Pod 启用用户名字空间支持。
   在 Kubernetes v1.28 之前，此特性门控被命名为 `UserNamespacesStatelessPodsSupport`。
 <!--
-- `ValidatingAdmissionPolicy`: Enable [ValidatingAdmissionPolicy](/docs/reference/access-authn-authz/validating-admission-policy/) support for CEL validations be used in Admission Control.
+- `ValidatingAdmissionPolicy`: Enable [ValidatingAdmissionPolicy](/docs/reference/access-authn-authz/validating-admission-policy/)
+  support for CEL validations be used in Admission Control.
 - `VolumeCapacityPriority`: Enable support for prioritizing nodes in different
   topologies based on available PV capacity.
 -->