kubernetes
diff --git a/‎content/zh/docs/concepts/containers/images.md
Lines changed: 33 additions & 48 deletions b/‎content/zh/docs/concepts/containers/images.md
Lines changed: 33 additions & 48 deletions
diff --git a/‎content/zh/docs/setup/learning-environment/minikube.md
Lines changed: 1 addition & 3 deletions b/‎content/zh/docs/setup/learning-environment/minikube.md
Lines changed: 1 addition & 3 deletions
diff --git a/‎content/zh/docs/tasks/access-application-cluster/access-cluster.md
Lines changed: 1 addition & 1 deletion b/‎content/zh/docs/tasks/access-application-cluster/access-cluster.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎content/zh/docs/tasks/configure-pod-container/configure-projected-volume-storage.md
Lines changed: 48 additions & 43 deletions b/‎content/zh/docs/tasks/configure-pod-container/configure-projected-volume-storage.md
Lines changed: 48 additions & 43 deletions
@@ -89,34 +89,34 @@ Instead, specify a meaningful tag such as `v1.42.0`.
 <!--
 ## Updating Images
 
-The default pull policy is `IfNotPresent` which causes the Kubelet to skip
+The default pull policy is `IfNotPresent` which causes the
+{{< glossary_tooltip text="kubelet" term_id="kubelet" >}} to skip
 pulling an image if it already exists. If you would like to always force a pull,
 you can do one of the following:
--->
-## 更新镜像  {#updating-images}
-
-默认的镜像拉取策略是 `IfNotPresent`：在镜像已经存在的情况下，`kubelet` 将不再去拉取镜像。
-如果希望强制总是拉取镜像，你可以执行以下操作之一：
 
-<!--
 - set the `imagePullPolicy` of the container to `Always`.
 - omit the `imagePullPolicy` and use `:latest` as the tag for the image to use.
 - omit the `imagePullPolicy` and the tag for the image to use.
 - enable the [AlwaysPullImages](/docs/reference/access-authn-authz/admission-controllers/#alwayspullimages) admission controller.
+
+When `imagePullPolicy` is defined without a specific value, it is also set to `Always`.
 -->
+## 更新镜像  {#updating-images}
+
+默认的镜像拉取策略是 `IfNotPresent`：在镜像已经存在的情况下，
+{{< glossary_tooltip text="kubelet" term_id="kubelet" >}} 将不再去拉取镜像。
+如果希望强制总是拉取镜像，你可以执行以下操作之一：
+
 - 设置容器的 `imagePullPolicy` 为 `Always`。
 - 省略 `imagePullPolicy`，并使用 `:latest` 作为要使用的镜像的标签。
 - 省略 `imagePullPolicy` 和要使用的镜像标签。
 - 启用 [AlwaysPullImages](/zh/docs/reference/access-authn-authz/admission-controllers/#alwayspullimages)
   准入控制器（Admission Controller）。
 
-<!--
-When `imagePullPolicy` is defined without a specific value, it is also set to `Always`.
--->
 如果 `imagePullPolicy` 未被定义为特定的值，也会被设置为 `Always`。
 
 <!--
-## Building Multi-architecture Images with Manifests
+## Multi-architecture Images with Manifests
 
 As well as providing binary images, a container registry can also serve a [container image manifest](https://github.com/opencontainers/image-spec/blob/master/manifest.md). A manifest can reference image manifests for architecture-specific versions of an container. The idea is that you can have a name for an image (for example: `pause`, `example/mycontainer`, `kube-apiserver`) and allow different systems to fetch the right binary image for the machine architecture they are using.
 
@@ -139,27 +139,27 @@ YAML 文件也能兼容。
 <!--
 ## Using a Private Registry
 
-Private registries may require keys to read images from them.
+Private registries may require keys to read images from them.  
 Credentials can be provided in several ways:
 -->
-## 使用私有仓库  {#using-a-private-registry}
+## 使用私有仓库   {#using-a-private-registry}
 
 从私有仓库读取镜像时可能需要密钥。
-凭据信息可以用以下方式提供:
-
-<!--
-- Configuring Nodes to Authenticate to a Private Registry
-  - all pods can read any configured private registries
-  - requires node configuration by cluster administrator
-- Pre-pulled Images
-  - all pods can use any images cached on a node
-  - requires root access to all nodes to setup
-- Specifying ImagePullSecrets on a Pod
-  - only pods which provide own keys can access the private registry
-- Vendor-specific or local extensions
-  - if you're using a custom node configuration, you (or your cloud
-    provider) can implement your mechanism for authenticating the node
-    to the container registry.
+凭证可以用以下方式提供:
+
+<!--
+  - Configuring Nodes to Authenticate to a Private Registry
+    - all pods can read any configured private registries
+    - requires node configuration by cluster administrator
+  - Pre-pulled Images
+    - all pods can use any images cached on a node
+    - requires root access to all nodes to setup
+  - Specifying ImagePullSecrets on a Pod
+    - only pods which provide own keys can access the private registry
+  - Vendor-specific or local extensions
+    - if you're using a custom node configuration, you (or your cloud
+      provider) can implement your mechanism for authenticating the node
+      to the container registry.
 -->
 - 配置节点向私有仓库进行身份验证
   - 所有 Pod 均可读取任何已配置的私有仓库
@@ -174,9 +174,9 @@ Credentials can be provided in several ways:
     向容器仓库认证的机制
 
 <!--
-These options are explained in more detail below.
+These options are explaind in more detail below.
 -->
-下面将详细描述每一种方案。
+下面将详细描述每一项。
 
 <!--
 ### Configuring Nodes to authenticate to a Private Registry
@@ -299,21 +299,6 @@ EOF
 pod/private-image-test-1 created
 ```
 
-<!--
-If everything is working, then, after a few moments, you can run:
--->
-如果一切正常，一段时间后，可以运行:
-
-```shell
-kubectl logs private-image-test-1
-```
-
-并看到命令输出为：
-
-```
-SUCCESS
-```
-
 <!--
 If you suspect that the command failed, you can run:
 -->
@@ -388,7 +373,7 @@ All pods will have read access to any pre-pulled images.
 <!--
 ### Specifying ImagePullSecrets on a Pod
 -->
-### 为 Pod 设置 ImagePullSecrets
+### 在 Pod 上指定 ImagePullSecrets   {#specifying-imagepullsecrets-on-a-pod}
 
 <!--
 This is the recommended approach to run containers based on images
@@ -408,9 +393,9 @@ Kubernetes 支持在 Pod 中设置容器镜像仓库的密钥。
 
 Run the following command, substituting the appropriate uppercase values:
 -->
-#### 创建包含 Docker 配置的Secret
+#### 使用 Docker Config 创建 Secret   {#creating-a-secret-with-docker-config}
 
-将大写字母代替为合适的值，运行以下命令：
+运行以下命令，将大写字母代替为合适的值：
 
 ```shell
 kubectl create secret docker-registry <名称> \
 
@@ -374,12 +374,10 @@ minikube start --kubernetes-version {{< param "fullversion" >}}
 ```
 <!--
 #### Specifying the VM driver
--->
-#### 指定 VM 驱动程序
 
-<!--
 You can change the VM driver by adding the `--vm-driver=<enter_driver_name>` flag to `minikube start`.
 -->
+#### 指定 VM 驱动程序 {#specifying-the-vm-driver}
 
 您可以通过将 `--vm-driver=<enter_driver_name>` 参数添加到 `minikube start` 来更改 VM 驱动程序。
 <!--
 
@@ -268,7 +268,7 @@ is associated with a service account, and a credential (token) for that
 service account is placed into the filesystem tree of each container in that pod,
 at `/var/run/secrets/kubernetes.io/serviceaccount/token`.
 -->
-### 从 Pod 中访问 API
+### 从 Pod 中访问 API   {#accessing-the-api-from-a-pod}
 
 当你从 Pod 中访问 API 时，定位和验证 apiserver 会有些许不同。
 
 
@@ -1,21 +1,16 @@
 ---
-reviewers:
-- jpeeler
-- pmorie
 title: 配置 Pod 使用投射卷作存储
 content_type: task
 weight: 70
 ---
 
 <!--
----
 reviewers:
 - jpeeler
 - pmorie
 title: Configure a Pod to Use a Projected Volume for Storage
 content_type: task
 weight: 70
----
 -->
 
 <!-- overview -->
@@ -25,22 +20,20 @@ several existing volume sources into the same directory. Currently, `secret`, `c
 and `serviceAccountToken` volumes can be projected.
 -->
 
-本文介绍怎样通过[`投射`](/docs/concepts/storage/volumes/#projected) 卷将现有的多个卷资源挂载到相同的目录。
+本文介绍怎样通过[`projected`](/zh/docs/concepts/storage/volumes/#projected) 卷将现有的多个卷资源挂载到相同的目录。
 当前，`secret`、`configMap`、`downwardAPI` 和 `serviceAccountToken` 卷可以被投射。
 
-{{< note >}}
 <!--
 `serviceAccountToken` is not a volume type.
 -->
+{{< note >}}
 `serviceAccountToken` 不是一种卷类型
 {{< /note >}}
 
-
 ## {{% heading "prerequisites" %}}
 
 {{< include "task-tutorial-prereqs.md" >}} {{< version-check >}}
 
-
 <!-- steps -->
 
 <!--
@@ -51,62 +44,74 @@ In this exercise, you create username and password Secrets from local files. You
 Here is the configuration file for the Pod:
 -->
 
-## 为 Pod 配置投射卷
+## 为 Pod 配置 projected 卷
 
-本练习中，您将从本地文件来创建包含有用户名和密码的 Secret。然后创建运行一个容器的 Pod，该 Pod 使用[`投射`](/docs/concepts/storage/volumes/#projected) 卷将 Secret 挂载到相同的路径下。
+本练习中，您将从本地文件来创建包含有用户名和密码的 Secret。然后创建运行一个容器的 Pod，
+该 Pod 使用[`projected`](/zh/docs/concepts/storage/volumes/#projected) 卷将 Secret 挂载到相同的路径下。
 
 下面是 Pod 的配置文件：
 
 {{< codenew file="pods/storage/projected.yaml" >}}
 
-1. <!--Create the Secrets:-->创建 Secrets:
-```shell
-    <!--# Create files containing the username and password:--># 创建包含用户名和密码的文件:
-       echo -n "admin" > ./username.txt
-       echo -n "1f2d1e2e67df" > ./password.txt-->
+1. <!--Create the Secrets:-->
+   创建 Secrets:
 
-    <!--# Package these files into secrets:--># 将上述文件引用到 Secret：
-       kubectl create secret generic user --from-file=./username.txt
-       kubectl create secret generic pass --from-file=./password.txt
-```
+   ```shell
+   # 创建包含用户名和密码的文件:
+   echo -n "admin" > ./username.txt
+   echo -n "1f2d1e2e67df" > ./password.txt-->
 
-1. <!--Create the Pod:-->创建 Pod：
+   # 将上述文件引用到 Secret：
+   kubectl create secret generic user --from-file=./username.txt
+   kubectl create secret generic pass --from-file=./password.txt
+   ```
 
-```shell
-       kubectl create -f https://k8s.io/examples/pods/storage/projected.yaml
-```
+2. <!--Create the Pod:-->
+   创建 Pod：
 
-<!--Verify that the Pod's Container is running, and then watch for changes to
-the Pod:-->确认 Pod 中的容器运行正常，然后监视 Pod 的变化：
+   ```shell
+   kubectl create -f https://k8s.io/examples/pods/storage/projected.yaml
+   ```
 
-```shell
-       kubectl get --watch pod test-projected-volume
-```
+   <!--
+   Verify that the Pod's Container is running, and then watch for changes to
+   the Pod:
+   -->
+   确认 Pod 中的容器运行正常，然后监视 Pod 的变化：
 
-    <!--The output looks like this:-->输出结果和下面类似：
-       NAME                    READY     STATUS    RESTARTS   AGE
-       test-projected-volume   1/1       Running   0          14s
+   ```shell
+   kubectl get --watch pod test-projected-volume
+   ```
 
-1. <!--In another terminal, get a shell to the running Container:-->在另外一个终端中，打开容器的 shell：
-```shell
-       kubectl exec -it test-projected-volume -- /bin/sh
-```
+   <!--The output looks like this:-->
+   输出结果和下面类似：
 
-1. <!--In your shell, verify that the `projected-volume` directory contains your projected sources:-->在 shell 中，确认 `projected-volume` 目录包含你的投射源：
-```shell
-       ls /projected-volume/
-```
+   ```
+   NAME                    READY     STATUS    RESTARTS   AGE
+   test-projected-volume   1/1       Running   0          14s
+   ```
 
+3. <!--In another terminal, get a shell to the running Container:-->
+   在另外一个终端中，打开容器的 shell：
 
-## {{% heading "whatsnext" %}}
+   ```shell
+   kubectl exec -it test-projected-volume -- /bin/sh
+   ```
+
+4. <!--In your shell, verify that the `projected-volume` directory contains your projected sources:-->
+   在 shell 中，确认 `projected-volume` 目录包含你的投射源：
 
+   ```shell
+   ls /projected-volume/
+   ```
+
+## {{% heading "whatsnext" %}}
 
 <!--
 * Learn more about [`projected`](/docs/concepts/storage/volumes/#projected) volumes.
 * Read the [all-in-one volume](https://github.com/kubernetes/community/blob/{{< param "githubbranch" >}}/contributors/design-proposals/node/all-in-one-volume.md) design document.
 -->
 
-* 进一步了解[`投射`](/docs/concepts/storage/volumes/#projected) 卷。
+* 进一步了解[`projected`](/zh/docs/concepts/storage/volumes/#projected) 卷。
 * 阅读[一体卷](https://github.com/kubernetes/community/blob/{{< param "githubbranch" >}}/contributors/design-proposals/node/all-in-one-volume.md)设计文档。
 
-