From 9ab6ab21500ca50bd924b60338c16d48958d7d01 Mon Sep 17 00:00:00 2001
From: "yanrong.shi" <yanrong.shi@daocloud.io>
Date: Sat, 30 Jul 2022 09:32:46 +0800
Subject: [PATCH] Update configure-gmsa.md

---
 .../configure-pod-container/configure-gmsa.md | 21 ++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/content/zh-cn/docs/tasks/configure-pod-container/configure-gmsa.md b/content/zh-cn/docs/tasks/configure-pod-container/configure-gmsa.md
index cddd497ff6..3c8ec41a08 100644
--- a/content/zh-cn/docs/tasks/configure-pod-container/configure-gmsa.md
+++ b/content/zh-cn/docs/tasks/configure-pod-container/configure-gmsa.md
@@ -102,7 +102,7 @@ The [YAML template](https://github.com/kubernetes-sigs/windows-gmsa/blob/master/
 来部署和配置上述 GMSA Webhook 及相关联的对象。你还可以在运行脚本时设置 `--dry-run=server`
 选项以便审查脚本将会对集群做出的变更。
 
-脚本所使用的[YAML 模板](https://github.com/kubernetes-sigs/windows-gmsa/blob/master/admission-webhook/deploy/gmsa-webhook.yml.tpl)
+脚本所使用的 [YAML 模板](https://github.com/kubernetes-sigs/windows-gmsa/blob/master/admission-webhook/deploy/gmsa-webhook.yml.tpl)
 也可用于手动部署 Webhook 及相关联的对象，不过需要对其中的参数作适当替换。
 
 <!-- steps -->
@@ -164,7 +164,7 @@ Following are the steps for generating a GMSA credential spec YAML manually in J
 The following YAML configuration describes a GMSA credential spec named `gmsa-WebApp1`:
 
 ```yaml
-apiVersion: windows.k8s.io/v1alpha1
+apiVersion: windows.k8s.io/v1
 kind: GMSACredentialSpec
 metadata:
   name: gmsa-WebApp1  #This is an arbitrary name but it will be used as a reference
@@ -410,7 +410,12 @@ If you are having difficulties getting GMSA to work in your environment, there a
 <!--
 First, make sure the credspec has been passed to the Pod.  To do this you will need to `exec` into one of your Pods and check the output of the `nltest.exe /parentdomain` command.
 -->
-首先，确保 credspec 已传递给 Pod。为此，你需要先运行 `exec` 进入到你的一个 Pod 中并检查 `nltest.exe /parentdomain` 命令的输出。
+首先，确保 credspec 已传递给 Pod。为此，你需要先运行 `exec`
+进入到你的一个 Pod 中并检查 `nltest.exe /parentdomain` 命令的输出。
+
+<!--
+In the example below the Pod did not get the credspec correctly:
+-->
 在下面的例子中，Pod 未能正确地获得凭据规约：
 
 ```PowerShell
@@ -421,6 +426,7 @@ kubectl exec -it iis-auth-7776966999-n5nzr powershell.exe
 `nltest.exe /parentdomain` results in the following error:
 -->
 `nltest.exe /parentdomain` 导致以下错误：
+
 ```output
 Getting parent domain failed: Status = 1722 0x6ba RPC_S_SERVER_UNAVAILABLE
 ```
@@ -454,6 +460,15 @@ If the DNS and communication test passes, next you will need to check if the Pod
 nltest.exe /query
 ```
 
+<!--
+Results in the following output:
+-->
+结果输出如下：
+
+```output
+I_NetLogonControl failed: Status = 1722 0x6ba RPC_S_SERVER_UNAVAILABLE
+```
+
 <!--
 This tells us that for some reason, the Pod was unable to logon to the domain using the account specified in the credspec.  You can try to repair the secure channel by running the following:
 -->