Merge pull request #37423 from windsonsea/exaend

[zh] sync endpoints-aggregated.yaml

Author: k8s-ci-robot

content/zh-cn/examples/access/endpoints-aggregated.yaml

@@ -3,12 +3,13 @@ kind: ClusterRole
 metadata:
   annotations:
     kubernetes.io/description: |-
-      Add endpoints write permissions to the edit and admin roles. This was
-      removed by default in 1.22 because of CVE-2021-25740. See
-      https://issue.k8s.io/103675. This can allow writers to direct LoadBalancer
-      or Ingress implementations to expose backend IPs that would not otherwise
-      be accessible, and can circumvent network policies or security controls
-      intended to prevent/isolate access to those backends.
+      将端点写入权限添加到 edit 和 admin 角色。此特性因 CVE-2021-25740 在 1.22
+      中默认被移除。请参阅 https://issue.k8s.io/103675
+      这一设置将允许写者要求 LoadBalancer 或 Ingress 的实现向外暴露后端 IP 地址，
+      所暴露的 IP 地址无法通过其他方式访问，
+      并且可以规避对这些后端访问进行预防/隔离的网络策略或安全控制机制。
+      EndpointSlice 从未包含在 edit 和 admin 角色中，
+      因此 EndpointSlice API 没有什么可恢复的。
   labels:
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
   name: custom:aggregate-to-edit:endpoints # 你可以随意愿更改这个 name