sync ephemeral-volumes storage-classes windows-storage

content/zh-cn/docs/concepts/storage/ephemeral-volumes.md

@@ -375,7 +375,7 @@ PVC 对象还保持着卷的当前状态。
 
 <!--
 Naming of the automatically created PVCs is deterministic: the name is
-a combination of Pod name and volume name, with a hyphen (`-`) in the
+a combination of the Pod name and volume name, with a hyphen (`-`) in the
 middle. In the example above, the PVC name will be
 `my-app-scratch-volume`.  This deterministic naming makes it easier to
 interact with the PVC because one does not have to search for it once
@@ -421,18 +421,14 @@ same namespace, so that these conflicts can't occur.
 ### 安全 {#security}
 
 <!--
-Enabling the GenericEphemeralVolume feature allows users to create
-PVCs indirectly if they can create Pods, even if they do not have
-permission to create PVCs directly. Cluster administrators must be
-aware of this. If this does not fit their security model, they should
-use an [admission webhook](/docs/reference/access-authn-authz/extensible-admission-controllers/)
-that rejects objects like Pods that have a generic ephemeral volume.
+Using generic ephemeral volumes allows users to create PVCs indirectly
+if they can create Pods, even if they do not have permission to create PVCs directly.
+Cluster administrators must be aware of this. If this does not fit their security model,
+they should use an [admission webhook](/docs/reference/access-authn-authz/extensible-admission-controllers/)
 -->
-启用 GenericEphemeralVolume 特性会有一些副作用，用户能创建 Pod 就能间接地创建 PVC，
-即使他们没有权限直接创建 PVC。
-集群管理员必须意识到这一点。
-如果这不符合他们的安全模型，他们应该使用[准入 Webhook](/zh-cn/docs/reference/access-authn-authz/extensible-admission-controllers/)
-拒绝包含通用临时卷的对象，例如 Pod。
+只要用户有权限创建 Pod，就可以使用通用的临时卷间接地创建持久卷申领（PVCs），
+即使他们没有权限直接创建 PVCs。集群管理员必须注意这一点。如果这与他们的安全模型相悖，
+他们应该使用[准入 Webhook](/zh-cn/docs/reference/access-authn-authz/extensible-admission-controllers/)。
 
 <!--
 The normal [namespace quota for PVCs](/docs/concepts/policy/resource-quotas/#storage-resource-quota)

content/zh-cn/docs/concepts/storage/storage-classes.md

@@ -395,7 +395,7 @@ parameters:
 volumeBindingMode: WaitForFirstConsumer
 allowedTopologies:
 - matchLabelExpressions:
-  - key: failure-domain.beta.kubernetes.io/zone
+  - key: topology.kubernetes.io/zone
     values:
     - us-central-1a
     - us-central-1b
@@ -762,6 +762,15 @@ Kubernetes for vSphere 中尝试进行持久卷管理。
 
 ### Ceph RBD  {#ceph-rbd}
 
+{{< note >}}
+{{< feature-state state="deprecated" for_k8s_version="v1.28" >}}
+<!--
+This internal provisioner of Ceph RBD is deprecated. Please use
+[CephFS RBD CSI driver](https://github.com/ceph/ceph-csi).
+-->
+Ceph RBD 的内部驱动程序已被弃用。请使用 [CephFS RBD CSI驱动程序](https://github.com/ceph/ceph-csi)。
+{{< /note >}}
+
 ```yaml
 apiVersion: storage.k8s.io/v1
 kind: StorageClass

content/zh-cn/docs/concepts/storage/windows-storage.md

@@ -120,14 +120,10 @@ The following in-tree plugins support persistent storage on Windows nodes:
 以下树内（In-Tree）插件支持 Windows 节点上的持久存储：
 
 <!--
-* [`awsElasticBlockStore`](/docs/concepts/storage/volumes/#awselasticblockstore)
-* [`azureDisk`](/docs/concepts/storage/volumes/#azuredisk)
 * [`azureFile`](/docs/concepts/storage/volumes/#azurefile)
 * [`gcePersistentDisk`](/docs/concepts/storage/volumes/#gcepersistentdisk)
 * [`vsphereVolume`](/docs/concepts/storage/volumes/#vspherevolume)
 -->
-* [`awsElasticBlockStore`](/zh-cn/docs/concepts/storage/volumes/#awselasticblockstore)
-* [`azureDisk`](/zh-cn/docs/concepts/storage/volumes/#azuredisk)
 * [`azureFile`](/zh-cn/docs/concepts/storage/volumes/#azurefile)
 * [`gcePersistentDisk`](/zh-cn/docs/concepts/storage/volumes/#gcepersistentdisk)
 * [`vsphereVolume`](/zh-cn/docs/concepts/storage/volumes/#vspherevolume)