add blank between Chinese and English

Vickey-Wu · web-flow · commit 237850da6b3b · 2020-09-18T10:03:02.000+08:00
diff --git a/content/zh/docs/reference/access-authn-authz/admission-controllers.md b/content/zh/docs/reference/access-authn-authz/admission-controllers.md
@@ -211,7 +211,7 @@ Rejects all requests. AlwaysDeny is DEPRECATED as no real meaning.
 This admission controller observes requests to 'approve' CertificateSigningRequest resources and performs additional authorization checks to ensure the approving user has permission to approve certificate requests with the spec.signerName requested on the CertificateSigningRequest resource.
 -->
 
-此准入控制器获取“审批”CertificateSigningRequest资源的请求并执行额外的授权检查，以确保审批请求的用户有权限审批`spec.signerName`请求CertificateSigningRequest资源的证书请求。
+此准入控制器获取“审批” CertificateSigningRequest 资源的请求并执行额外的授权检查，以确保审批请求的用户有权限审批 `spec.signerName` 请求 CertificateSigningRequest 资源的证书请求。
 
 <!--
 See Certificate Signing Requests for more information on the permissions required to perform different actions on CertificateSigningRequest resources.
@@ -225,7 +225,7 @@ See Certificate Signing Requests for more information on the permissions require
 This admission controller observes updates to the status.certificate field of CertificateSigningRequest resources and performs an additional authorization checks to ensure the signing user has permission to sign certificate requests with the spec.signerName requested on the CertificateSigningRequest resource.
 -->
 
-此准入控制器获取CertificateSigningRequest资源的`status.certificate`字段更新请求并执行额外的授权检查，以确保签发证书的用户有权限为`spec.signerName`请求CertificateSigningRequest资源的证书请求`签发`证书。
+此准入控制器获取 CertificateSigningRequest 资源的 `status.certificate` 字段更新请求并执行额外的授权检查，以确保签发证书的用户有权限为 `spec.signerName` 请求 CertificateSigningRequest 资源的证书请求`签发`证书。
 
 <!--
 See Certificate Signing Requests for more information on the permissions required to perform different actions on CertificateSigningRequest resources.
@@ -239,7 +239,7 @@ See Certificate Signing Requests for more information on the permissions require
 This admission controller observes creation of CertificateSigningRequest resources that have a spec.signerName of kubernetes.io/kube-apiserver-client. It rejects any request that specifies a 'group' (or 'organization attribute') of system:masters.
 -->
 
-此准入控制器获取具有`kubernetes.io/kube-apiserver-client`的`spec.signerName`的CertificateSigningRequest资源创建请求，它拒绝任何包含了`system:masters`一个“组”（或者“组织”）的请求。
+此准入控制器获取具有 `kubernetes.io/kube-apiserver-client` 的 `spec.signerName` 的 CertificateSigningRequest 资源创建请求，它拒绝任何包含了 `system:masters` 一个“组”（或者“组织”）的请求。
 
 ### DefaultStorageClass {#defaultstorageclass}
 
