Merge pull request #36089 from windsonsea/labanntai

[zh-cn] resync /labels-annotations-taints/_index.md
2022-08-18 23:57:51 -07:00 · 2022-08-18 23:57:51 -07:00 · b8c5811d1e
parent 9ca7f41edb e1f0a3b65b
commit b8c5811d1e
1 changed files with 228 additions and 143 deletions
--- a/content/zh-cn/docs/reference/labels-annotations-taints/_index.md
+++ b/content/zh-cn/docs/reference/labels-annotations-taints/_index.md
@ -28,7 +28,7 @@ Kubernetes 将所有标签和注解保留在 kubernetes.io Namespace中。
 ### app.kubernetes.io/component
-Example: `app.kubernetes.io/component=database`
+Example: `app.kubernetes.io/component: "database"`
 Used on: All Objects
@ -38,9 +38,9 @@ One of the [recommended labels](/docs/concepts/overview/working-with-objects/com
 -->
 ## API 对象上使用的标签、注解和污点
-### app.kubernetes.io/component
+### app.kubernetes.io/component {#app-kubernetes-io-component}
-例子: `app.kubernetes.io/component=database`
+例子: `app.kubernetes.io/component: "database"`
 用于: 所有对象
@ -48,18 +48,20 @@ One of the [recommended labels](/docs/concepts/overview/working-with-objects/com
 [推荐标签](/zh-cn/docs/concepts/overview/working-with-objects/common-labels/#labels)之一。
-<!-- ### app.kubernetes.io/created-by
+<!--
 ### app.kubernetes.io/created-by
-Example: `app.kubernetes.io/created-by=controller-manager`
+Example: `app.kubernetes.io/created-by: "controller-manager"`
 Used on: All Objects
 The controller/user who created this resource.
-One of the [recommended labels](/docs/concepts/overview/working-with-objects/common-labels/#labels). -->
+One of the [recommended labels](/docs/concepts/overview/working-with-objects/common-labels/#labels).
-### app.kubernetes.io/created-by
+-->
 ### app.kubernetes.io/created-by {#app-kubernetes-io-created-by}
-示例：`app.kubernetes.io/created-by=controller-manager`
+示例：`app.kubernetes.io/created-by: "controller-manager"`
 用于：所有对象
@ -67,18 +69,20 @@ One of the [recommended labels](/docs/concepts/overview/working-with-objects/com
 [推荐标签](/zh-cn/docs/concepts/overview/working-with-objects/common-labels/#labels)之一。
-<!-- ### app.kubernetes.io/instance
+<!--
 ### app.kubernetes.io/instance
-Example: `app.kubernetes.io/instance=mysql-abcxzy`
+Example: `app.kubernetes.io/instance: "mysql-abcxzy"`
 Used on: All Objects
 A unique name identifying the instance of an application.
-One of the [recommended labels](/docs/concepts/overview/working-with-objects/common-labels/#labels). -->
+One of the [recommended labels](/docs/concepts/overview/working-with-objects/common-labels/#labels).
-### app.kubernetes.io/instance
+-->
 ### app.kubernetes.io/instance {#app-kubernetes-io-instance}
-示例：`app.kubernetes.io/instance=mysql-abcxzy`
+示例：`app.kubernetes.io/instance: "mysql-abcxzy"`
 用于：所有对象
@ -86,18 +90,20 @@ One of the [recommended labels](/docs/concepts/overview/working-with-objects/com
 [推荐标签](/zh-cn/docs/concepts/overview/working-with-objects/common-labels/#labels)之一。
-<!-- ### app.kubernetes.io/managed-by
+<!--
 ### app.kubernetes.io/managed-by
-Example: `app.kubernetes.io/managed-by=helm`
+Example: `app.kubernetes.io/managed-by: "helm"`
 Used on: All Objects
 The tool being used to manage the operation of an application.
-One of the [recommended labels](/docs/concepts/overview/working-with-objects/common-labels/#labels). -->
+One of the [recommended labels](/docs/concepts/overview/working-with-objects/common-labels/#labels).
-### app.kubernetes.io/managed-by
+-->
 ### app.kubernetes.io/managed-by {#app-kubernetes-io-manged-by}
-示例：`app.kubernetes.io/managed-by=helm`
+示例：`app.kubernetes.io/managed-by: "helm"`
 用于：所有对象
@ -105,19 +111,21 @@ One of the [recommended labels](/docs/concepts/overview/working-with-objects/com
 [推荐标签](/zh-cn/docs/concepts/overview/working-with-objects/common-labels/#labels)之一。
-<!-- ### app.kubernetes.io/name
+<!--
 ### app.kubernetes.io/name
-Example: `app.kubernetes.io/name=mysql`
+Example: `app.kubernetes.io/name: "mysql"`
 Used on: All Objects
 The name of the application.
-One of the [recommended labels](/docs/concepts/overview/working-with-objects/common-labels/#labels). -->
+One of the [recommended labels](/docs/concepts/overview/working-with-objects/common-labels/#labels).
 -->
-### app.kubernetes.io/name
+### app.kubernetes.io/name {#app-kubernetes-io-name}
-示例：`app.kubernetes.io/name=mysql`
+示例：`app.kubernetes.io/name: "mysql"`
 用于：所有对象
@ -125,18 +133,20 @@ One of the [recommended labels](/docs/concepts/overview/working-with-objects/com
 [推荐标签](/zh-cn/docs/concepts/overview/working-with-objects/common-labels/#labels)之一。
-<!-- ### app.kubernetes.io/part-of
+<!--
 ### app.kubernetes.io/part-of
-Example: `app.kubernetes.io/part-of=wordpress`
+Example: `app.kubernetes.io/part-of: "wordpress"`
 Used on: All Objects
 The name of a higher level application this one is part of.
-One of the [recommended labels](/docs/concepts/overview/working-with-objects/common-labels/#labels). -->
+One of the [recommended labels](/docs/concepts/overview/working-with-objects/common-labels/#labels).
-### app.kubernetes.io/part-of
+-->
 ### app.kubernetes.io/part-of {#app-kubernetes-io-part-of}
-示例：`app.kubernetes.io/part-of=wordpress`
+示例：`app.kubernetes.io/part-of: "wordpress"`
 用于：所有对象
@ -144,18 +154,20 @@ One of the [recommended labels](/docs/concepts/overview/working-with-objects/com
 [推荐标签](/zh-cn/docs/concepts/overview/working-with-objects/common-labels/#labels)之一。
-<!-- ### app.kubernetes.io/version
+<!--
 ### app.kubernetes.io/version
-Example: `app.kubernetes.io/version="5.7.21"`
+Example: `app.kubernetes.io/version: "5.7.21"`
 Used on: All Objects
 The current version of the application (e.g., a semantic version, revision hash, etc.).
-One of the [recommended labels](/docs/concepts/overview/working-with-objects/common-labels/#labels). -->
+One of the [recommended labels](/docs/concepts/overview/working-with-objects/common-labels/#labels).
-### app.kubernetes.io/version
+-->
 ### app.kubernetes.io/version {#app-kubernetes-io-version}
-示例：`app.kubernetes.io/version="5.7.21"`
+示例：`app.kubernetes.io/version: "5.7.21"`
 用于：所有对象
@ -166,23 +178,25 @@ One of the [recommended labels](/docs/concepts/overview/working-with-objects/com
 <!-- 
 ### kubernetes.io/arch
-Example: `kubernetes.io/arch=amd64`
+Example: `kubernetes.io/arch: "amd64"`
 Used on: Node
-The Kubelet populates this with `runtime.GOARCH` as defined by Go. This can be handy if you are mixing arm and x86 nodes. -->
+The Kubelet populates this with `runtime.GOARCH` as defined by Go. This can be handy if you are mixing arm and x86 nodes.
 -->
 ### kubernetes.io/arch {#kubernetes-io-arch}
-例子：`kubernetes.io/arch=amd64`
+例子：`kubernetes.io/arch: "amd64"`
 用于：Node
 Kubelet 使用 Go 定义的 `runtime.GOARCH` 填充它。如果你混合使用 ARM 和 X86 节点，这会很方便。
 <!--
 ### kubernetes.io/os
-Example: `kubernetes.io/os=linux`
+Example: `kubernetes.io/os: "linux"`
 Used on: Node
@ -190,15 +204,16 @@ The Kubelet populates this with `runtime.GOOS` as defined by Go. This can be han
 -->
 ### kubernetes.io/os {#kubernetes-io-os}
-例子：`kubernetes.io/os=linux`
+例子：`kubernetes.io/os: "linux"`
 用于：Node
 Kubelet 使用 Go 定义的 `runtime.GOOS` 填充它。如果你在集群中混合使用操作系统（例如：混合 Linux 和 Windows 节点），这会很方便。
 <!--
 ### kubernetes.io/metadata.name
-Example: `kubernetes.io/metadata.name=mynamespace`
+Example: `kubernetes.io/metadata.name: "mynamespace"`
 Used on: Namespaces
@ -211,14 +226,15 @@ This is useful if you want to target a specific namespace with a label
 -->
 ### kubernetes.io/metadata.name {#kubernetes-io-metadata-name}
-例子：`kubernetes.io/metadata.name=mynamespace`
+例子：`kubernetes.io/metadata.name: "mynamespace"`
 用于：Namespace
 Kubernetes API 服务器（{{<glossary_tooltip text="控制平面" term_id="control-plane" >}} 的一部分）在所有 Namespace 上设置此标签。
 标签值被设置 Namespace 的名称。你无法更改此标签的值。
-如果你想使用标签{{<glossary_tooltip text="选择器" term_id="selector" >}}定位特定 Namespace，这很有用。
+如果你想使用标签{{<glossary_tooltip text="选择算符" term_id="selector" >}}定位特定 Namespace，这很有用。
 <!--
 ### beta.kubernetes.io/arch (deprecated)
@ -239,7 +255,7 @@ This label has been deprecated. Please use `kubernetes.io/os` instead.
 <!--
 ### kubernetes.io/hostname {#kubernetesiohostname}
-Example: `kubernetes.io/hostname=ip-172-20-114-199.ec2.internal`
+Example: `kubernetes.io/hostname: "ip-172-20-114-199.ec2.internal"`
 Used on: Node
@ -249,7 +265,7 @@ This label is also used as part of the topology hierarchy.  See [topology.kubern
 -->
 ### kubernetes.io/hostname {#kubernetesiohostname}
-例子：`kubernetes.io/hostname=ip-172-20-114-199.ec2.internal`
+例子：`kubernetes.io/hostname: "ip-172-20-114-199.ec2.internal"`
 用于：Node
@ -260,7 +276,7 @@ Kubelet 使用主机名填充此标签。请注意，可以通过将 `--hostname
 <!--
 ### kubernetes.io/change-cause {#change-cause}
-Example: `kubernetes.io/change-cause=kubectl edit --record deployment foo`
+Example: `kubernetes.io/change-cause: "kubectl edit --record deployment foo"`
 Used on: All Objects
@ -270,7 +286,7 @@ It is populated when adding `--record` to a `kubectl` command that may change an
 -->
 ### kubernetes.io/change-cause {#change-cause}
-例子：`kubernetes.io/change-cause=kubectl edit --record deployment foo`
+例子：`kubernetes.io/change-cause: "kubectl edit --record deployment foo"`
 用于：所有对象
@ -310,12 +326,13 @@ The value for this annotation must be **true** to take effect. This annotation i
 用于：ServiceAccount
-此注解的值必须为 **true** 才能生效。此注解表示作为此服务帐户运行的 Pod 只能引用在服务帐户的 `secrets` 字段中指定的 Secret API 对象。
+此注解的值必须为 **true** 才能生效。此注解表示作为此服务帐户运行的 Pod
 只能引用在服务帐户的 `secrets` 字段中指定的 Secret API 对象。
 <!--
 ### controller.kubernetes.io/pod-deletion-cost {#pod-deletion-cost}
-Example: `controller.kubernetes.io/pod-deletion-cost=10`
+Example: `controller.kubernetes.io/pod-deletion-cost: "10"`
 Used on: Pod
@ -324,11 +341,46 @@ which allows users to influence ReplicaSet downscaling order. The annotation par
 -->
 ### controller.kubernetes.io/pod-deletion-cost {#pod-deletion-cost}
-例子：`controller.kubernetes.io/pod-deletion-cost=10`
+例子：`controller.kubernetes.io/pod-deletion-cost: "10"`
 用于：Pod
-该注解用于设置 [Pod 删除成本](/zh-cn/docs/concepts/workloads/controllers/replicaset/#pod-deletion-cost)允许用户影响 ReplicaSet 缩减顺序。注解解析为 `int32` 类型。
+该注解用于设置
 [Pod 删除成本](/zh-cn/docs/concepts/workloads/controllers/replicaset/#pod-deletion-cost)允许用户影响
 ReplicaSet 缩减顺序。注解解析为 `int32` 类型。
 <!--
 ### cluster-autoscaler.kubernetes.io/enable-ds-eviction
 Example: `cluster-autoscaler.kubernetes.io/enable-ds-eviction: "true"`
 Used on: Pod
 This annotation controls whether a DaemonSet pod should be evicted by a ClusterAutoscaler.
 This annotation needs to be specified on DaemonSet pods in a DaemonSet manifest.
 When this annotation is set to `"true"`, the ClusterAutoscaler is allowed to evict a DaemonSet Pod,
 even if other rules would normally prevent that. To disallow the ClusterAutoscaler from evicting DaemonSet pods,
 you can set this annotation to `"false"` for important DaemonSet pods.
 If this annotation is not set, then the Cluster Autoscaler follows its overall behaviour (i.e evict the DaemonSets based on its configuration).
 -->
 ### cluster-autoscaler.kubernetes.io/enable-ds-eviction {#enable-ds-eviction}
 例子：`cluster-autoscaler.kubernetes.io/enable-ds-eviction: "true"`
 用于：Pod
 该注解控制 DaemonSet Pod 是否应由 ClusterAutoscaler 驱逐。
 该注解需要在 DaemonSet 清单中的 DaemonSet Pod 上指定。
 当该注解设为 `"true"` 时，即使其他规则通常会阻止驱逐，也将允许 ClusterAutoscaler 驱逐 DaemonSet Pod。
 要取消允许 ClusterAutoscaler 驱逐 DaemonSet Pod，你可以为重要的 DaemonSet Pod 将该注解设为 `"false"`。
 如果未设置该注解，则 Cluster Autoscaler 将遵循其整体行为（即根据其配置驱逐 DaemonSet）。
 {{< note >}}
 <!--
 This annotation only impacts DaemonSet pods.
 -->
 该注解仅影响 DaemonSet Pod。
 {{< /note >}}
 <!-- 
 ### kubernetes.io/ingress-bandwidth
@ -349,7 +401,7 @@ rate is bits per second, as a [Quantity](/docs/reference/kubernetes-api/common-d
 For example, `10M` means 10 megabits per second. 
 -->
-### kubernetes.io/ingress-bandwidth
+### kubernetes.io/ingress-bandwidth {#ingerss-bandwidth}
 {{< note >}}
 入站流量控制注解是一项实验性功能。
@ -387,7 +439,7 @@ rate is bits per second, as a [Quantity](/docs/reference/kubernetes-api/common-d
 For example, `10M` means 10 megabits per second. 
 -->
-### kubernetes.io/egress-bandwidth
+### kubernetes.io/egress-bandwidth {#egress-bandwidth}
 {{< note >}}
 出站流量控制注解是一项实验性功能。
@ -417,7 +469,7 @@ Starting in v1.17, this label is deprecated in favor of [node.kubernetes.io/inst
 <!--
 ### node.kubernetes.io/instance-type {#nodekubernetesioinstance-type}
-Example: `node.kubernetes.io/instance-type=m3.medium`
+Example: `node.kubernetes.io/instance-type: "m3.medium"`
 Used on: Node
@ -428,12 +480,13 @@ to rely on the Kubernetes scheduler to perform resource-based scheduling. You sh
 -->
 ### node.kubernetes.io/instance-type {#nodekubernetesioinstance-type}
-例子：`node.kubernetes.io/instance-type=m3.medium`
+例子：`node.kubernetes.io/instance-type: "m3.medium"`
 用于：Node
 Kubelet 使用 `cloudprovider` 定义的实例类型填充它。
-仅当你使用 `cloudprovider` 时才会设置此项。如果你希望将某些工作负载定位到某些实例类型，则此设置非常方便，但通常你希望依靠 Kubernetes 调度程序来执行基于资源的调度。
+仅当你使用 `cloudprovider` 时才会设置此项。如果你希望将某些工作负载定位到某些实例类型，则此设置非常方便，
 但通常你希望依靠 Kubernetes 调度程序来执行基于资源的调度。
 你应该基于属性而不是实例类型来调度（例如：需要 GPU，而不是需要 `g2.2xlarge`）。
 <!--
@ -469,7 +522,7 @@ Starting in v1.17, this label is deprecated in favor of [topology.kubernetes.io/
 Example:
-`statefulset.kubernetes.io/pod-name=mystatefulset-7`
+`statefulset.kubernetes.io/pod-name: "mystatefulset-7"`
 When a StatefulSet controller creates a Pod for the StatefulSet, the control plane
 sets this label on that Pod. The value of the label is the name of the Pod being created.
@ -479,7 +532,7 @@ StatefulSet topic for more details.
 -->
 ### statefulset.kubernetes.io/pod-name {#statefulsetkubernetesiopod-name}
-例子：`statefulset.kubernetes.io/pod-name=mystatefulset-7`
+例子：`statefulset.kubernetes.io/pod-name: "mystatefulset-7"`
 当 StatefulSet 控制器为 StatefulSet 创建 Pod 时，控制平面会在该 Pod 上设置此标签。标签的值是正在创建的 Pod 的名称。
@ -490,13 +543,13 @@ StatefulSet topic for more details.
 Example:
-`topology.kubernetes.io/region=us-east-1`
+`topology.kubernetes.io/region: "us-east-1"`
 See [topology.kubernetes.io/zone](#topologykubernetesiozone).
 -->
 ### topology.kubernetes.io/region {#topologykubernetesioregion}
-例子：`topology.kubernetes.io/region=us-east-1`
+例子：`topology.kubernetes.io/region: "us-east-1"`
 请参阅 [topology.kubernetes.io/zone](#topologykubernetesiozone)。
@ -505,9 +558,9 @@ See [topology.kubernetes.io/zone](#topologykubernetesiozone).
 Example:
-`topology.kubernetes.io/zone=us-east-1c`
+`topology.kubernetes.io/zone: "us-east-1c"`
-Used on: Node、PersistentVolume
+Used on: Node, PersistentVolume
 On Node: The `kubelet` or the external `cloud-controller-manager` populates this with the information as provided by the `cloudprovider`.  This will be set only if you are using a `cloudprovider`. However, you should consider setting this on nodes if it makes sense in your topology.
@ -520,11 +573,12 @@ A region represents a larger domain, made up of one or more zones.  It is uncomm
 -->
 ### topology.kubernetes.io/zone {#topologykubernetesiozone}
-例子：`topology.kubernetes.io/zone=us-east-1c`
+例子：`topology.kubernetes.io/zone: "us-east-1c"`
 用于：Node、PersistentVolume
-在 Node 上：`kubelet` 或外部 `cloud-controller-manager` 使用 `cloudprovider` 提供的信息填充它。仅当你使用 `cloudprovider` 时才会设置此项。
+在 Node 上：`kubelet` 或外部 `cloud-controller-manager` 使用 `cloudprovider` 提供的信息填充它。
 仅当你使用 `cloudprovider` 时才会设置此项。
 但是，如果它在你的拓扑中有意义，你应该考虑在 Node 上设置它。
 在 PersistentVolume 上：拓扑感知卷配置器将自动在 `PersistentVolume` 上设置 Node 亲和性约束。
@ -533,8 +587,10 @@ A region represents a larger domain, made up of one or more zones.  It is uncomm
 但 Zone 的常见属性包括 Zone 内非常低的网络延迟、Zone 内的免费网络流量以及与其他 Zone 的故障独立性。
 例如，一个 Zone 内的 Node 可能共享一个网络交换机，但不同 Zone 中的 Node 无法共享交换机。
-一个 Region 代表一个更大的域，由一个或多个 Zone 组成。Kubernetes 集群跨多个 Region 并不常见，虽然 Zone 或 Region 的确切定义留给基础设施实现，
+一个 Region 代表一个更大的域，由一个或多个 Zone 组成。Kubernetes 集群跨多个 Region 并不常见，
-但 Region 的共同属性包括它们之间的网络延迟比它们内部更高，它们之间的网络流量成本非零，以及与其他 Zone 或 Region 的故障独立性。
+虽然 Zone 或 Region 的确切定义留给基础设施实现，
 但 Region 的共同属性包括它们之间的网络延迟比它们内部更高，它们之间的网络流量成本非零，
 以及与其他 Zone 或 Region 的故障独立性。
 例如，一个 Region 内的 Node 可能共享电力基础设施（例如 UPS 或发电机），但不同 Region 的 Node 通常不会共享电力基础设施。
 <!--
@ -551,8 +607,8 @@ Kubernetes 对 Zone 和 Region 的结构做了一些假设：
 <!--
 It should be safe to assume that topology labels do not change.  Even though labels are strictly mutable, consumers of them can assume that a given node is not going to be moved between zones without being destroyed and recreated.
 -->
-你可以大胆假设拓扑标签不会改变。尽管严格地讲标签是可变的，但节点的用户可以假设给定
+你可以大胆假设拓扑标签不会改变。尽管严格地讲标签是可变的，
-节点只能通过销毁和重新创建才能完成 Zone 间移动。
+但节点的用户可以假设给定节点只能通过销毁和重新创建才能完成 Zone 间移动。
 <!--
 Kubernetes can use this information in various ways.  For example, the scheduler automatically tries to spread the Pods in a ReplicaSet across nodes in a single-zone cluster (to reduce the impact of node failures, see [kubernetes.io/hostname](#kubernetesiohostname)). With multiple-zone clusters, this spreading behavior also applies to zones (to reduce the impact of zone failures). This is achieved via _SelectorSpreadPriority_.
@ -560,12 +616,12 @@ Kubernetes can use this information in various ways.  For example, the scheduler
 Kubernetes 可以通过多种方式使用这些信息。例如，调度程序会自动尝试将 ReplicaSet 中的 Pod
 分布在单 Zone 集群中的多个节点上（以便减少节点故障的影响，请参阅 [kubernetes.io/hostname](#kubernetesiohostname)）。
 对于多 Zone 集群，这种分布行为也适用于 Zone（以减少 Zone 故障的影响）。
-Zone 级别的 Pod 分布是通过 _SelectorSpreadPriority_ 实现的。
+Zone 级别的 Pod 分布是通过 **SelectorSpreadPriority** 实现的。
 <!--
 _SelectorSpreadPriority_ is a best effort placement. If the zones in your cluster are heterogeneous (for example: different numbers of nodes, different types of nodes, or different pod resource requirements), this placement might prevent equal spreading of your Pods across zones. If desired, you can use homogenous zones (same number and types of nodes) to reduce the probability of unequal spreading.
 -->
-_SelectorSpreadPriority_ 是一个尽力而为的放置机制。如果集群中的 Zone 是异构的
+**SelectorSpreadPriority** 是一个尽力而为的放置机制。如果集群中的 Zone 是异构的
 （例如：节点数量不同、节点类型不同或 Pod 资源需求有别等），这种放置机制可能会让你的
 Pod 无法实现跨 Zone 均匀分布。
 如果需要，你可以使用同质 Zone（节点数量和类型均相同）来减少不均匀分布的可能性。
@ -573,7 +629,7 @@ Pod 无法实现跨 Zone 均匀分布。
 <!--
 The scheduler (through the _VolumeZonePredicate_ predicate) also will ensure that Pods, that claim a given volume, are only placed into the same zone as that volume. Volumes cannot be attached across zones.
 -->
-调度程序还将（通过 _VolumeZonePredicate_ 条件）确保申领给定卷的 Pod 仅被放置在与该卷相同的 Zone 中。
+调度程序还将（通过 **VolumeZonePredicate** 条件）确保申领给定卷的 Pod 仅被放置在与该卷相同的 Zone 中。
 卷不能跨 Zone 挂接。
 <!--
@ -581,12 +637,13 @@ If `PersistentVolumeLabel` does not support automatic labeling of your Persisten
 adding the labels manually (or adding support for `PersistentVolumeLabel`). With `PersistentVolumeLabel`, the scheduler prevents Pods from mounting volumes in a different zone. If your infrastructure doesn't have this constraint, you don't need to add the zone labels to the volumes at all.
 -->
 你应该考虑手动添加标签（或添加对 `PersistentVolumeLabel` 的支持）。
-基于 `PersistentVolumeLabel`，调度程序可以防止 Pod 挂载来自其他 Zone 的卷。如果你的基础架构没有此限制，则不需要将 Zone 标签添加到卷上。
+基于 `PersistentVolumeLabel`，调度程序可以防止 Pod 挂载来自其他 Zone 的卷。
 如果你的基础架构没有此限制，则不需要将 Zone 标签添加到卷上。
 <!--
 ### volume.beta.kubernetes.io/storage-provisioner (deprecated)
-Example: `volume.beta.kubernetes.io/storage-provisioner: k8s.io/minikube-hostpath`
+Example: `volume.beta.kubernetes.io/storage-provisioner: "k8s.io/minikube-hostpath"`
 Used on: PersistentVolumeClaim
@ -594,12 +651,34 @@ This annotation has been deprecated.
 -->
 ### volume.beta.kubernetes.io/storage-provisioner (已弃用) {#volume-beta-kubernetes-io-storage-provisioner}
-例子：`volume.beta.kubernetes.io/storage-provisioner: k8s.io/minikube-hostpath`
+例子：`volume.beta.kubernetes.io/storage-provisioner: "k8s.io/minikube-hostpath"`
 用于：PersistentVolumeClaim
 此注解已被弃用。
 <!--
 ### volume.beta.kubernetes.io/mount-options (deprecated) {#mount-options}
 Example : `volume.beta.kubernetes.io/mount-options: "ro,soft"`
 Used on: PersistentVolume
 A Kubernetes administrator can specify additional [mount options](/docs/concepts/storage/persistent-volumes/#mount-options) for when a PersistentVolume is mounted on a node.
 This annotation has been deprecated.
 -->
 ### volume.beta.kubernetes.io/mount-options（已弃用） {#mount-options}
 例子：`volume.beta.kubernetes.io/mount-options: "ro,soft"`
 用于：PersistentVolume
 针对 PersistentVolume 挂载到一个节点上的情形，
 Kubernetes 管理员可以指定更多的[挂载选项](/zh-cn/docs/concepts/storage/persistent-volumes/#mount-options)。
 该注解已弃用。
 <!--
 ### volume.kubernetes.io/storage-provisioner
@ -616,7 +695,7 @@ This annotation will be added to dynamic provisioning required PVC.
 <!--
 ### node.kubernetes.io/windows-build {#nodekubernetesiowindows-build}
-Example: `node.kubernetes.io/windows-build=10.0.17763`
+Example: `node.kubernetes.io/windows-build: "10.0.17763"`
 Used on: Node
@ -626,7 +705,7 @@ The label's value is in the format "MajorVersion.MinorVersion.BuildNumber".
 -->
 ### node.kubernetes.io/windows-build {#nodekubernetesiowindows-build}
-例子：`node.kubernetes.io/windows-build=10.0.17763`
+例子：`node.kubernetes.io/windows-build: "10.0.17763"`
 用于：Node
@ -637,7 +716,7 @@ The label's value is in the format "MajorVersion.MinorVersion.BuildNumber".
 <!--
 ### service.kubernetes.io/headless {#servicekubernetesioheadless}
-Example: `service.kubernetes.io/headless=""`
+Example: `service.kubernetes.io/headless: ""`
 Used on: Service
@ -645,7 +724,7 @@ The control plane adds this label to an Endpoints object when the owning Service
 -->
 ### service.kubernetes.io/headless {#servicekubernetesioheadless}
-例子：`service.kubernetes.io/headless=""`
+例子：`service.kubernetes.io/headless: ""`
 用于：Service
@ -654,7 +733,7 @@ The control plane adds this label to an Endpoints object when the owning Service
 <!--
 ### kubernetes.io/service-name {#kubernetesioservice-name}
-Example: `kubernetes.io/service-name="nginx"`
+Example: `kubernetes.io/service-name: "nginx"`
 Used on: Service
@ -662,7 +741,7 @@ Kubernetes uses this label to differentiate multiple Services. Used currently fo
 -->
 ### kubernetes.io/service-name {#kubernetesioservice-name}
-例子：`kubernetes.io/service-name="nginx"`
+例子：`kubernetes.io/service-name: "nginx"`
 用于：Service
@ -678,7 +757,7 @@ Used on: Secret
 This annotation records the {{< glossary_tooltip term_id="name" text="name">}} of the
 ServiceAccount that the token (stored in the Secret of type `kubernetes.io/service-account-token`) represents.
 -->
-### kubernetes.io/service-account.name
+### kubernetes.io/service-account.name {#service-account-name}
 示例：`kubernetes.io/service-account.name: "sa-name"`
@ -697,7 +776,7 @@ Used on: Secret
 This annotation records the {{< glossary_tooltip term_id="uid" text="unique ID" >}} of the
 ServiceAccount that the token (stored in the Secret of type `kubernetes.io/service-account-token`) represents.
 -->
-### kubernetes.io/service-account.uid
+### kubernetes.io/service-account.uid {#service-account-uid}
 示例：`kubernetes.io/service-account.uid: da68f9c6-9d26-11e7-b84e-002dc52800da`
@ -709,7 +788,7 @@ ServiceAccount 的{{<glossary_tooltip term_id="uid" text="唯一 ID" >}}。
 <!--
 ### endpointslice.kubernetes.io/managed-by {#endpointslicekubernetesiomanaged-by}
-Example: `endpointslice.kubernetes.io/managed-by="controller"`
+Example: `endpointslice.kubernetes.io/managed-by: "controller"`
 Used on: EndpointSlices
@ -717,7 +796,7 @@ The label is used to indicate the controller or entity that manages an EndpointS
 -->
 ### endpointslice.kubernetes.io/managed-by {#endpointslicekubernetesiomanaged-by}
-例子：`endpointslice.kubernetes.io/managed-by="controller"`
+例子：`endpointslice.kubernetes.io/managed-by: "controller"`
 用于：EndpointSlice
@ -727,7 +806,7 @@ The label is used to indicate the controller or entity that manages an EndpointS
 <!--
 ### endpointslice.kubernetes.io/skip-mirror {#endpointslicekubernetesioskip-mirror}
-Example: `endpointslice.kubernetes.io/skip-mirror="true"`
+Example: `endpointslice.kubernetes.io/skip-mirror: "true"`
 Used on: Endpoints
@ -735,7 +814,7 @@ The label can be set to `"true"` on an Endpoints resource to indicate that the E
 -->
 ### endpointslice.kubernetes.io/skip-mirror {#endpointslicekubernetesioskip-mirror}
-例子：`endpointslice.kubernetes.io/skip-mirror="true"`
+例子：`endpointslice.kubernetes.io/skip-mirror: "true"`
 用于：Endpoints
@ -745,7 +824,7 @@ The label can be set to `"true"` on an Endpoints resource to indicate that the E
 <!--
 ### service.kubernetes.io/service-proxy-name {#servicekubernetesioservice-proxy-name}
-Example: `service.kubernetes.io/service-proxy-name="foo-bar"`
+Example: `service.kubernetes.io/service-proxy-name: "foo-bar"`
 Used on: Service
@ -753,7 +832,7 @@ The kube-proxy has this label for custom proxy, which delegates service control
 -->
 ### service.kubernetes.io/service-proxy-name {#servicekubernetesioservice-proxy-name}
-例子：`service.kubernetes.io/service-proxy-name="foo-bar"`
+例子：`service.kubernetes.io/service-proxy-name: "foo-bar"`
 用于：Service
@ -766,7 +845,7 @@ Example: `experimental.windows.kubernetes.io/isolation-type: "hyperv"`
 Used on: Pod
-The annotation is used to run Windows containers with Hyper-V isolation. To use Hyper-V isolation feature and create a Hyper-V isolated container, the kubelet should be started with feature gates HyperVContainer=true and the Pod should include the annotation experimental.windows.kubernetes.io/isolation-type=hyperv.
+The annotation is used to run Windows containers with Hyper-V isolation. To use Hyper-V isolation feature and create a Hyper-V isolated container, the kubelet should be started with feature gates HyperVContainer=true and the Pod should include the annotation `experimental.windows.kubernetes.io/isolation-type: hyperv`.
 -->
 ### experimental.windows.kubernetes.io/isolation-type (已弃用) {#experimental-windows-kubernetes-io-isolation-type}
@ -816,18 +895,17 @@ Starting in v1.18, this annotation is deprecated in favor of `spec.ingressClassN
 {{</note>}}
 <!--
-### storageclass.kubernetes.io/is-default-class
+### ingressclass.kubernetes.io/is-default-class
-Example: `storageclass.kubernetes.io/is-default-class=true`
+Example: `ingressclass.kubernetes.io/is-default-class: "true"`
-Used on: StorageClass
+Used on: IngressClass
-When a single StorageClass resource has this annotation set to `"true"`, new PersistentVolumeClaim
+When a single IngressClass resource has this annotation set to `"true"`, new Ingress resource without a class specified will be assigned this default class.
 resource without a class specified will be assigned this default class.
 -->
 ### storageclass.kubernetes.io/is-default-class {#storageclass-kubernetes-io-is-default-class}
-例子：`storageclass.kubernetes.io/is-default-class=true`
+例子：`ingressclass.kubernetes.io/is-default-class: "true"`
 用于：StorageClass
@ -953,52 +1031,52 @@ Use [Taints and Tolerations](/docs/concepts/scheduling-eviction/taint-and-tolera
 <!--
 ### node.kubernetes.io/not-ready
-Example: `node.kubernetes.io/not-ready:NoExecute`
+Example: `node.kubernetes.io/not-ready: "NoExecute"`
 The node controller detects whether a node is ready by monitoring its health and adds or removes this taint accordingly.
 ### node.kubernetes.io/unreachable
-Example: `node.kubernetes.io/unreachable:NoExecute`
+Example: `node.kubernetes.io/unreachable: "NoExecute"`
 The node controller adds the taint to a node corresponding to the [NodeCondition](/docs/concepts/architecture/nodes/#condition) `Ready` being `Unknown`.
 -->
 ### node.kubernetes.io/not-ready {#node-kubernetes-io-not-ready}
-例子：`node.kubernetes.io/not-ready:NoExecute`
+例子：`node.kubernetes.io/not-ready: "NoExecute"`
 Node 控制器通过监控 Node 的健康状况来检测 Node 是否准备就绪，并相应地添加或删除此污点。
 ### node.kubernetes.io/unreachable {#node-kubernetes-io-unreachable}
-例子：`node.kubernetes.io/unreachable:NoExecute`
+例子：`node.kubernetes.io/unreachable: "NoExecute"`
-Node 控制器将此污点添加到对应[节点状况](/zh-cn/docs/concepts/architecture/nodes/#condition) `Ready`
+Node 控制器将此污点添加到对应[节点状况](/zh-cn/docs/concepts/architecture/nodes/#condition)`Ready`
 为 `Unknown` 的 Node 上。
 <!--
 ### node.kubernetes.io/unschedulable
-Example: `node.kubernetes.io/unschedulable:NoSchedule`
+Example: `node.kubernetes.io/unschedulable: "NoSchedule"`
 The taint will be added to a node when initializing the node to avoid race condition.
 -->
 ### node.kubernetes.io/unschedulable {#node-kubernetes-io-unschedulable}
-例子：`node.kubernetes.io/unschedulable:NoSchedule`
+例子：`node.kubernetes.io/unschedulable: "NoSchedule"`
 在初始化 Node 期间，为避免竞争条件，此污点将被添加到 Node 上。
 <!--
 ### node.kubernetes.io/memory-pressure
-Example: `node.kubernetes.io/memory-pressure:NoSchedule`
+Example: `node.kubernetes.io/memory-pressure: "NoSchedule"`
 The kubelet detects memory pressure based on `memory.available` and `allocatableMemory.available` observed on a Node. The observed values are then compared to the corresponding thresholds that can be set on the kubelet to determine if the Node condition and taint should be added/removed.
 -->
 ### node.kubernetes.io/memory-pressure {#node-kubernetes-io-memory-pressure}
-例子：`node.kubernetes.io/memory-pressure:NoSchedule`
+例子：`node.kubernetes.io/memory-pressure: "NoSchedule"`
 kubelet 根据在 Node 上观察到的 `memory.available` 和 `allocatableMemory.available` 检测内存压力。
 然后将观察到的值与可以在 kubelet 上设置的相应阈值进行比较，以确定是否应添加/删除 Node 状况和污点。
@ -1006,27 +1084,28 @@ kubelet 根据在 Node 上观察到的 `memory.available` 和 `allocatableMemory
 <!--
 ### node.kubernetes.io/disk-pressure
-Example: `node.kubernetes.io/disk-pressure:NoSchedule`
+Example: `node.kubernetes.io/disk-pressure :"NoSchedule"`
 The kubelet detects disk pressure based on `imagefs.available`, `imagefs.inodesFree`, `nodefs.available` and `nodefs.inodesFree`(Linux only) observed on a Node. The observed values are then compared to the corresponding thresholds that can be set on the kubelet to determine if the Node condition and taint should be added/removed.
 -->
 ### node.kubernetes.io/disk-pressure {#node-kubernetes-io-disk-pressure}
-例子：`node.kubernetes.io/disk-pressure:NoSchedule`
+例子：`node.kubernetes.io/disk-pressure :"NoSchedule"`
-kubelet 根据在 Node 上观察到的 `imagefs.available`、`imagefs.inodesFree`、`nodefs.available` 和 `nodefs.inodesFree`（仅限 Linux ）检测磁盘压力。
+kubelet 根据在 Node 上观察到的 `imagefs.available`、`imagefs.inodesFree`、`nodefs.available`
 和 `nodefs.inodesFree`（仅限 Linux ）检测磁盘压力。
 然后将观察到的值与可以在 kubelet 上设置的相应阈值进行比较，以确定是否应添加/删除 Node 状况和污点。
 <!--
 ### node.kubernetes.io/network-unavailable
-Example: `node.kubernetes.io/network-unavailable:NoSchedule`
+Example: `node.kubernetes.io/network-unavailable: "NoSchedule"`
 This is initially set by the kubelet when the cloud provider used indicates a requirement for additional network configuration. Only when the route on the cloud is configured properly will the taint be removed by the cloud provider.
 -->
 ### node.kubernetes.io/network-unavailable {#node-kubernetes-io-network-unavailable}
-例子：`node.kubernetes.io/network-unavailable:NoSchedule`
+例子：`node.kubernetes.io/network-unavailable: "NoSchedule"`
 当使用的云驱动指示需要额外的网络配置时，此注解最初由 kubelet 设置。
 只有云上的路由被正确地配置了，此污点才会被云驱动移除
@ -1034,21 +1113,22 @@ This is initially set by the kubelet when the cloud provider used indicates a re
 <!--
 ### node.kubernetes.io/pid-pressure
-Example: `node.kubernetes.io/pid-pressure:NoSchedule`
+Example: `node.kubernetes.io/pid-pressure: "NoSchedule"`
 The kubelet checks D-value of the size of `/proc/sys/kernel/pid_max` and the PIDs consumed by Kubernetes on a node to get the number of available PIDs that referred to as the `pid.available` metric. The metric is then compared to the corresponding threshold that can be set on the kubelet to determine if the node condition and taint should be added/removed.
 -->
 ### node.kubernetes.io/pid-pressure {#node-kubernetes-io-pid-pressure}
-例子：`node.kubernetes.io/pid-pressure:NoSchedule`
+例子：`node.kubernetes.io/pid-pressure: "NoSchedule"`
 kubelet 检查 `/proc/sys/kernel/pid_max` 大小的 D 值和 Kubernetes 在 Node 上消耗的 PID，
 以获取可用 PID 数量，并将其作为 `pid.available` 指标值。
 然后该指标与在 kubelet 上设置的相应阈值进行比较，以确定是否应该添加/删除 Node 状况和污点。
-### node.kubernetes.io/out-of-service
+### node.kubernetes.io/out-of-service {#out-of-service}
 <!--
 Example: `node.kubernetes.io/out-of-service:NoExecute`
 A user can manually add the taint to a Node marking it out-of-service. If the `NodeOutOfServiceVolumeDetach` 
 [feature gate](/docs/reference/command-line-tools-reference/feature-gates/) is enabled on
 `kube-controller-manager`, and a Node is marked out-of-service with this taint, the pods on the node will be forcefully deleted if there are no matching tolerations on it and volume detach operations for the pods terminating on the node will happen immediately. This allows the Pods on the out-of-service node to recover quickly on a different node.
@ -1073,13 +1153,13 @@ for further details about when and how to use this taint.
 <!--
 ### node.cloudprovider.kubernetes.io/uninitialized
-Example: `node.cloudprovider.kubernetes.io/uninitialized:NoSchedule`
+Example: `node.cloudprovider.kubernetes.io/uninitialized: "NoSchedule"`
 Sets this taint on a node to mark it as unusable, when kubelet is started with the "external" cloud provider, until a controller from the cloud-controller-manager initializes this node, and then removes the taint.
 -->
 ### node.cloudprovider.kubernetes.io/uninitialized {#node-cloudprovider-kubernetes-io-shutdown}
-例子：`node.cloudprovider.kubernetes.io/uninitialized:NoSchedule`
+例子：`node.cloudprovider.kubernetes.io/uninitialized: "NoSchedule"`
 在使用“外部”云驱动启动 kubelet 时，在 Node 上设置此污点以将其标记为不可用，直到来自
 cloud-controller-manager 的控制器初始化此 Node，然后移除污点。
@ -1087,13 +1167,13 @@ cloud-controller-manager 的控制器初始化此 Node，然后移除污点。
 <!--
 ### node.cloudprovider.kubernetes.io/shutdown
-Example: `node.cloudprovider.kubernetes.io/shutdown:NoSchedule`
+Example: `node.cloudprovider.kubernetes.io/shutdown: "NoSchedule"`
 If a Node is in a cloud provider specified shutdown state, the Node gets tainted accordingly with `node.cloudprovider.kubernetes.io/shutdown` and the taint effect of `NoSchedule`.
 -->
 ### node.cloudprovider.kubernetes.io/shutdown {#node-cloudprovider-kubernetes-io-shutdown}
-例子：`node.cloudprovider.kubernetes.io/shutdown:NoSchedule`
+例子：`node.cloudprovider.kubernetes.io/shutdown: "NoSchedule"`
 如果 Node 处于云驱动所指定的关闭状态，则 Node 会相应地被设置污点，对应的污点和效果为
 `node.cloudprovider.kubernetes.io/shutdown` 和 `NoSchedule`。
@ -1101,7 +1181,7 @@ If a Node is in a cloud provider specified shutdown state, the Node gets tainted
 <!--
 ### pod-security.kubernetes.io/enforce
-Example: `pod-security.kubernetes.io/enforce: baseline`
+Example: `pod-security.kubernetes.io/enforce: "baseline"`
 Used on: Namespace
@ -1115,7 +1195,7 @@ for more information.
 -->
 ### pod-security.kubernetes.io/enforce {#pod-security-kubernetes-io-enforce}
-例子：`pod-security.kubernetes.io/enforce: baseline`
+例子：`pod-security.kubernetes.io/enforce: "baseline"`
 用于：Namespace
@ -1128,7 +1208,7 @@ for more information.
 <!--
 ### pod-security.kubernetes.io/enforce-version
-Example: `pod-security.kubernetes.io/enforce-version: {{< skew currentVersion >}}`
+Example: `pod-security.kubernetes.io/enforce-version: "{{< skew currentVersion >}}"`
 Used on: Namespace
@ -1141,19 +1221,20 @@ for more information.
 -->
 ### pod-security.kubernetes.io/enforce-version {#pod-security-kubernetes-io-enforce-version}
-例子：`pod-security.kubernetes.io/enforce-version: {{< skew currentVersion >}}`
+例子：`pod-security.kubernetes.io/enforce-version: "{{< skew currentVersion >}}"`
 用于：Namespace
 值**必须**是 `latest` 或格式为 `v<MAJOR>.<MINOR>` 的有效 Kubernetes 版本。
-此注解决定了在验证提交的 Pod 时要应用的 [Pod 安全标准](/zh-cn/docs/concepts/security/pod-security-standards)策略的版本。
+此注解决定了在验证提交的 Pod 时要应用的
 [Pod 安全标准](/zh-cn/docs/concepts/security/pod-security-standards)策略的版本。
 请参阅[在名字空间级别实施 Pod 安全性](/zh-cn/docs/concepts/security/pod-security-admission)了解更多信息。
 <!--
 ### pod-security.kubernetes.io/audit
-Example: `pod-security.kubernetes.io/audit: baseline`
+Example: `pod-security.kubernetes.io/audit: "baseline"`
 Used on: Namespace
@ -1167,7 +1248,7 @@ for more information.
 -->
 ### pod-security.kubernetes.io/audit {#pod-security-kubernetes-io-audit}
-例子：`pod-security.kubernetes.io/audit: baseline`
+例子：`pod-security.kubernetes.io/audit: "baseline"`
 用于：Namespace
@ -1181,7 +1262,7 @@ for more information.
 <!--
 ### pod-security.kubernetes.io/audit-version
-Example: `pod-security.kubernetes.io/audit-version: {{< skew currentVersion >}}`
+Example: `pod-security.kubernetes.io/audit-version: "{{< skew currentVersion >}}"`
 Used on: Namespace
@ -1194,19 +1275,20 @@ for more information.
 -->
 ### pod-security.kubernetes.io/audit-version {#pod-security-kubernetes-io-audit-version}
-例子：`pod-security.kubernetes.io/audit-version: {{< skew currentVersion >}}`
+例子：`pod-security.kubernetes.io/audit-version: "{{< skew currentVersion >}}"`
 用于：Namespace
 值**必须**是 `latest` 或格式为 `v<MAJOR>.<MINOR>` 的有效 Kubernetes 版本。
-此注解决定了在验证提交的 Pod 时要应用的  [Pod 安全标准](/zh-cn/docs/concepts/security/pod-security-standards)策略的版本。
+此注解决定了在验证提交的 Pod 时要应用的
 [Pod 安全标准](/zh-cn/docs/concepts/security/pod-security-standards)策略的版本。
 请参阅[在名字空间级别实施 Pod 安全性](/zh-cn/docs/concepts/security/pod-security-admission)了解更多信息。
 <!--
 ### pod-security.kubernetes.io/warn
-Example: `pod-security.kubernetes.io/warn: baseline`
+Example: `pod-security.kubernetes.io/warn: "baseline"`
 Used on: Namespace
@ -1222,7 +1304,7 @@ for more information.
 -->
 ### pod-security.kubernetes.io/warn {#pod-security-kubernetes-io-warn}
-例子：`pod-security.kubernetes.io/warn: baseline`
+例子：`pod-security.kubernetes.io/warn: "baseline"`
 用于：Namespace
@ -1236,7 +1318,7 @@ for more information.
 <!--
 ### pod-security.kubernetes.io/warn-version
-Example: `pod-security.kubernetes.io/warn-version: {{< skew currentVersion >}}`
+Example: `pod-security.kubernetes.io/warn-version: "{{< skew currentVersion >}}"`
 Used on: Namespace
@ -1250,7 +1332,7 @@ for more information.
 -->
 ### pod-security.kubernetes.io/warn-version {#pod-security-kubernetes-io-warn-version}
-例子：`pod-security.kubernetes.io/warn-version: {{< skew currentVersion >}}`
+例子：`pod-security.kubernetes.io/warn-version: "{{< skew currentVersion >}}"`
 用于：Namespace
@ -1261,7 +1343,6 @@ for more information.
 请参阅[在名字空间级别实施 Pod 安全性](/zh-cn/docs/concepts/security/pod-security-admission)了解更多信息。
 <!--
 ### kubernetes.io/psp (deprecated) {#kubernetes-io-psp}
@ -1272,7 +1353,6 @@ This annotation is only relevant if you are using [PodSecurityPolicies](/docs/co
 When the PodSecurityPolicy admission controller admits a Pod, the admission controller
 modifies the Pod to have this annotation.
 The value of the annotation is the name of the PodSecurityPolicy that was used for validation.
 -->
 ### kubernetes.io/psp（已弃用） {#kubernetes-io-psp}
@ -1319,9 +1399,10 @@ based on setting `securityContext` within the Pod's `.spec`.
 seccomp 配置文件应用于 Pod 或其容器的步骤。
 该教程介绍了在 Kubernetes 中配置 seccomp 的支持机制，基于在 Pod 的 `.spec` 中设置 `securityContext`。
-### snapshot.storage.kubernetes.io/allowVolumeModeChange
+### snapshot.storage.kubernetes.io/allowVolumeModeChange {#allow-volume-mode-change}
 <!--
 Example: `snapshot.storage.kubernetes.io/allowVolumeModeChange: "true"`
 Used on: VolumeSnapshotContent
 -->
 例子：`snapshot.storage.kubernetes.io/allowVolumeModeChange: "true"`
@ -1355,6 +1436,8 @@ See more details on the [Audit Annotations](/docs/reference/labels-annotations-t
 -->
 ## 用于审计的注解    {#annonations-used-for-audit}
 <!-- sorted by annotation -->
 - [`authorization.k8s.io/decision`](/zh-cn/docs/reference/labels-annotations-taints/audit-annotations/#authorization-k8s-io-decision)
 - [`authorization.k8s.io/reason`](/zh-cn/docs/reference/labels-annotations-taints/audit-annotations/#authorization-k8s-io-reason)
 - [`insecure-sha1.invalid-cert.kubernetes.io/$hostname`](/zh-cn/docs/reference/labels-annotations-taints/audit-annotations/#insecure-sha1-invalid-cert-kubernetes-io-hostname)
@ -1365,9 +1448,9 @@ See more details on the [Audit Annotations](/docs/reference/labels-annotations-t
 在[审计注解](/zh-cn/docs/reference/labels-annotations-taints/audit-annotations/)页面上查看更多详细信息。
-## kubeadm
+## kubeadm  {#kubeadm}
-### kubeadm.alpha.kubernetes.io/cri-socket
+### kubeadm.alpha.kubernetes.io/cri-socket  {#cri-socket}
 <!--
 Example: `kubeadm.alpha.kubernetes.io/cri-socket: unix:///run/containerd/container.sock`
@ -1385,7 +1468,7 @@ kubeadm 用来保存 `init`/`join` 时提供给 kubeadm 以后使用的 CRI 套
 kubeadm 使用此信息为 Node 对象设置注解。
 此注解仍然是 “alpha” 阶段，因为理论上这应该是 KubeletConfiguration 中的一个字段。
-### kubeadm.kubernetes.io/etcd.advertise-client-urls
+### kubeadm.kubernetes.io/etcd.advertise-client-urls  {#etcd-advertise-client-urls}
 <!--
 Example: `kubeadm.kubernetes.io/etcd.advertise-client-urls: https://172.17.0.18:2379`
@ -1401,7 +1484,7 @@ Annotation that kubeadm places on locally managed etcd pods to keep track of a l
 kubeadm 为本地管理的 etcd Pod 设置的注解，用来跟踪 etcd 客户端应连接到的 URL 列表。
 这主要用于 etcd 集群健康检查目的。
-### kubeadm.kubernetes.io/kube-apiserver.advertise-address.endpoint
+### kubeadm.kubernetes.io/kube-apiserver.advertise-address.endpoint {#kube-apiserver-advertise-address-endpoint}
 <!--
 Example: `kubeadm.kubernetes.io/kube-apiserver.advertise-address.endpoint: https//172.17.0.18:6443`
@ -1416,7 +1499,7 @@ Annotation that kubeadm places on locally managed kube-apiserver pods to keep tr
 -->
 kubeadm 为本地管理的 kube-apiserver Pod 设置的注解，用以跟踪该 API 服务器实例的公开宣告地址/端口端点。
-### kubeadm.kubernetes.io/component-config.hash
+### kubeadm.kubernetes.io/component-config.hash {#component-config-hash}
 <!--
 Used on: ConfigMap
@ -1472,9 +1555,11 @@ Example: `node-role.kubernetes.io/master:NoSchedule`
 <!--
 Taint that kubeadm applies on control plane nodes to allow only critical workloads to schedule on them.
 Starting in v1.20, this taint is deprecated in favor of `node-role.kubernetes.io/control-plane` and will be removed in v1.25.
 -->
 kubeadm 应用在控制平面节点上的污点，仅允许在其上调度关键工作负载。
 {{< note >}}
 从 v1.20 开始，此污点已弃用，并将在 v1.25 中将其删除，取而代之的是 `node-role.kubernetes.io/control-plane`。
 {{< /note >}}