[zh-cn] sync content-guide content-organization kubeadm-certs

Signed-off-by: xin.li <[email protected]>

Author: my-git9

content/zh-cn/docs/contribute/style/content-guide.md

@@ -71,17 +71,21 @@ Kubernetes 网站（包括其文档）源代码位于
 <!--
 ### Third party content
 
-Kubernetes documentation includes applied examples of projects in the Kubernetes project&mdash;projects that live in the [kubernetes](https://github.com/kubernetes) and
+Kubernetes documentation includes applied examples of projects in the Kubernetes
+project&mdash;projects that live in the [kubernetes](https://github.com/kubernetes) and
 [kubernetes-sigs](https://github.com/kubernetes-sigs) GitHub organizations.
 
 Links to active content in the Kubernetes project are always allowed.
 
 Kubernetes requires some third party content to function. Examples include container runtimes (containerd, CRI-O, Docker),
-[networking policy](/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/) (CNI plugins), [Ingress controllers](/docs/concepts/services-networking/ingress-controllers/), and [logging](/docs/concepts/cluster-administration/logging/).
+[networking policy](/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/) (CNI plugins),
+[Ingress controllers](/docs/concepts/services-networking/ingress-controllers/),
+and [logging](/docs/concepts/cluster-administration/logging/).
 
-Docs can link to third-party open source software (OSS) outside the Kubernetes project only if it's necessary for Kubernetes to function.
+Docs can link to third-party open source software (OSS) outside the Kubernetes
+project only if it's necessary for Kubernetes to function.
 -->
-### 第三方内容 {#third-party-content}
+### 第三方内容    {#third-party-content}
 
 Kubernetes 文档包含 Kubernetes 项目下的多个项目的应用示例。
 这里的 Kubernetes 项目指的是 [Kubernetes](https://github.com/kubernetes) 和

content/zh-cn/docs/contribute/style/content-organization.md

@@ -32,7 +32,9 @@ concept.
 
 ### Page Order
 
-The documentation side menu, the documentation page browser etc. are listed using Hugo's default sort order, which sorts by weight (from 1), date (newest first), and finally by the link title.
+The documentation side menu, the documentation page browser etc. are listed using
+Hugo's default sort order, which sorts by weight (from 1), date (newest first),
+and finally by the link title.
 
 Given that, if you want to move a page or a section up, set a weight in the page's front matter:
 -->
@@ -51,8 +53,11 @@ weight: 10
 ```
 
 <!--
-For page weights, it can be smart not to use 1, 2, 3 ..., but some other interval, say 10, 20, 30... This allows you to insert pages where you want later.
-Additionally, each weight within the same directory (section) should not be overlapped with the other weights. This makes sure that content is always organized correctly, especially in localized content.
+For page weights, it can be smart not to use 1, 2, 3 ..., but some other interval,
+say 10, 20, 30... This allows you to insert pages where you want later.
+Additionally, each weight within the same directory (section) should not be
+overlapped with the other weights. This makes sure that content is always
+organized correctly, especially in localized content.
 -->
 {{< note >}}
 对于页面的权重，不建议使用连续的数值，比如 1、2、3...，而应采用其他间隔的数值，比如 10、20、30...
@@ -64,7 +69,8 @@ Additionally, each weight within the same directory (section) should not be over
 <!--
 ### Documentation Main Menu
 
-The `Documentation` main menu is built from the sections below `docs/` with the `main_menu` flag set in front matter of the `_index.md` section content file:
+The `Documentation` main menu is built from the sections below `docs/` with
+the `main_menu` flag set in front matter of the `_index.md` section content file:
 -->
 ### 文档主菜单
 
@@ -76,7 +82,8 @@ main_menu: true
 ```
 
 <!--
-Note that the link title is fetched from the page's `linkTitle`, so if you want it to be something different than the title, change it in the content file:
+Note that the link title is fetched from the page's `linkTitle`, so if you want
+it to be something different than the title, change it in the content file:
 -->
 注意，链接标题来自页面的 `linkTitle` 字段，因此如果希望它与页面标题不同，请在内容文件中更改它：
 
@@ -87,7 +94,9 @@ linkTitle: Title used in links
 ```
 
 <!--
-The above needs to be done per language. If you don't see your section in the menu, it is probably because it is not identified as a section by Hugo. Create a `_index.md` content file in the section folder.
+The above needs to be done per language. If you don't see your section in the menu,
+it is probably because it is not identified as a section by Hugo. Create a
+`_index.md` content file in the section folder.
 -->
 {{< note >}}
 你需要分别针对每种语言完成上述操作。如果在菜单中没有看到你的章节，这可能是因为它没有被 Hugo 识别为一个章节。
@@ -103,11 +112,12 @@ It will show all sections and their pages.
 
 If you don't want to list a section or page, set the `toc_hide` flag to `true` in front matter:
 
-When you navigate to a section that has content, the specific section or page (e.g. `_index.md`) is shown. Else, the first page inside that section is shown.
+When you navigate to a section that has content, the specific section or page
+(e.g. `_index.md`) is shown. Else, the first page inside that section is shown.
 -->
 ### 文档侧方菜单
 
-文档侧方菜单是基于 `docs/` 下面的 **当前章节的内容树** 构建的。
+文档侧方菜单是基于 `docs/` 下面的**当前章节的内容树**构建的。
 
 菜单默认显示所有的章节和它们的页面。
 
@@ -123,11 +133,12 @@ toc_hide: true
 <!--
 ### Documentation Browser
 
-The page browser on the documentation home page is built using all the sections and pages that are directly below the `docs section`.
+The page browser on the documentation home page is built using all the sections
+and pages that are directly below the `docs section`.
 
 If you don't want to list a section or page, set the `toc_hide` flag to `true` in front matter:
 -->
-### 文档浏览器 {#documentation-browser}
+### 文档浏览器    {#documentation-browser}
 
 文档主页上的页面浏览器是基于 `docs section` 下一层的所有章节和页面构建的。
 
@@ -140,7 +151,9 @@ toc_hide: true
 <!--
 ### The Main Menu
 
-The site links in the top-right menu -- and also in the footer -- are built by page-lookups. This is to make sure that the page actually exists. So, if the `case-studies` section does not exist in a site (language), it will not be linked to.
+The site links in the top-right menu -- and also in the footer -- are built by
+page-lookups. This is to make sure that the page actually exists. So, if the
+`case-studies` section does not exist in a site (language), it will not be linked to.
 -->
 ### 主菜单
 
@@ -151,9 +164,12 @@ The site links in the top-right menu -- and also in the footer -- are built by p
 <!--
 ## Page Bundles
 
-In addition to standalone content pages (Markdown files), Hugo supports [Page Bundles](https://gohugo.io/content-management/page-bundles/).
+In addition to standalone content pages (Markdown files), Hugo supports
+[Page Bundles](https://gohugo.io/content-management/page-bundles/).
 
-One example is [Custom Hugo Shortcodes](/docs/contribute/style/hugo-shortcodes/). It is considered a `leaf bundle`. Everything below the directory, including the `index.md`, will be part of the bundle. This also includes page-relative links, images that can be processed etc.:
+One example is [Custom Hugo Shortcodes](/docs/contribute/style/hugo-shortcodes/).
+It is considered a `leaf bundle`. Everything below the directory, including the `index.md`,
+will be part of the bundle. This also includes page-relative links, images that can be processed etc.:
 -->
 ## 页面包
 
@@ -173,7 +189,8 @@ zh-cn/docs/home/contribute/includes
 ```
 
 <!--
-Another widely used example is the `includes` bundle. It sets `headless: true` in front matter, which means that it does not get its own URL. It is only used in other pages.
+Another widely used example is the `includes` bundle. It sets `headless: true` in
+front matter, which means that it does not get its own URL. It is only used in other pages.
 -->
 另一个广泛使用的例子是 `includes` 包。
 这类包在页面头部设置 `headless: true`，意味着它没有得到自己的 URL。它只用于其他页面。
@@ -192,9 +209,13 @@ zh-cn/includes
 <!--
 Some important notes to the files in the bundles:
 
-* For translated bundles, any missing non-content files will be inherited from languages above. This avoids duplication.
-* All the files in a bundle are what Hugo calls `Resources` and you can provide metadata per language, such as parameters and title, even if it does not supports front matter (YAML files etc.). See [Page Resources Metadata](https://gohugo.io/content-management/page-resources/#page-resources-metadata).
-* The value you get from `.RelPermalink` of a `Resource` is page-relative. See [Permalinks](https://gohugo.io/content-management/urls/#permalinks).
+* For translated bundles, any missing non-content files will be inherited from
+  languages above. This avoids duplication.
+* All the files in a bundle are what Hugo calls `Resources` and you can provide
+  metadata per language, such as parameters and title, even if it does not supports front
+  matter (YAML files etc.). See [Page Resources Metadata](https://gohugo.io/content-management/page-resources/#page-resources-metadata).
+* The value you get from `.RelPermalink` of a `Resource` is page-relative.
+  See [Permalinks](https://gohugo.io/content-management/urls/#permalinks).
 -->
 有关包中文件的一些重要说明：
 
@@ -208,11 +229,13 @@ Some important notes to the files in the bundles:
 <!--
 ## Styles
 
-The [SASS](https://sass-lang.com/) source of the stylesheets for this site is stored in `assets/sass` and is automatically built by Hugo.
+The [SASS](https://sass-lang.com/) source of the stylesheets for this site is
+stored in `assets/sass` and is automatically built by Hugo.
 -->
-## 样式 {#styles}
+## 样式   {#styles}
 
-本网站的样式表的 [SASS](https://sass-lang.com/) 源文件存放在 `src/sass` 下面，并通过 Hugo 自动构建。
+本网站的样式表的 [SASS](https://sass-lang.com/) 源文件存放在 `src/sass` 下面，
+并通过 Hugo 自动构建。
 
 ## {{% heading "whatsnext" %}}
 

content/zh-cn/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md

@@ -39,7 +39,7 @@ By default, kubeadm generates all the certificates needed for a cluster to run.
 You can override this behavior by providing your own certificates.
 -->
 
-## 使用自定义的证书 {#custom-certificates}
+## 使用自定义的证书   {#custom-certificates}
 
 默认情况下，kubeadm 会生成运行一个集群所需的全部证书。
 你可以通过提供你自己的证书来改变这个行为策略。
@@ -72,7 +72,7 @@ this condition and activates the "External CA" mode. kubeadm will proceed withou
 CA key on disk.
 -->
 
-## 外部 CA 模式 {#external-ca-mode}
+## 外部 CA 模式   {#external-ca-mode}
 
 只提供了 `ca.crt` 文件但是不提供 `ca.key` 文件也是可以的
 （这只对 CA 根证书可用，其它证书不可用）。
@@ -90,14 +90,15 @@ point to the CA certificate and key.
 [PKI certificates and requirements](/docs/setup/best-practices/certificates/) includes guidance on
 setting up a cluster to use an external CA.
 -->
-[PKI 证书和要求](/zh-cn/docs/setup/best-practices/certificates/)包括集群使用外部 CA 的设置指南。
+[PKI 证书和要求](/zh-cn/docs/setup/best-practices/certificates/)包括集群使用外部
+CA 的设置指南。
 
 <!--
 ## Check certificate expiration
 
 You can use the `check-expiration` subcommand to check when certificates expire:
 -->
-## 检查证书是否过期 {#check-certificate-expiration}
+## 检查证书是否过期  {#check-certificate-expiration}
 
 你可以使用 `check-expiration` 子命令来检查证书何时过期
 
@@ -110,7 +111,7 @@ The output is similar to this:
 -->
 输出类似于以下内容：
 
-```
+```console
 CERTIFICATE                EXPIRES                  RESIDUAL TIME   CERTIFICATE AUTHORITY   EXTERNALLY MANAGED
 admin.conf                 Dec 30, 2020 23:36 UTC   364d                                    no
 apiserver                  Dec 30, 2020 23:36 UTC   364d            ca                      no
@@ -258,13 +259,14 @@ the Pod and the certificate renewal for the component can complete.
 -->
 此命令用 CA（或者 front-proxy-CA ）证书和存储在 `/etc/kubernetes/pki` 中的密钥执行更新。
 
-执行完此命令之后你需要重启控制面 Pods。因为动态证书重载目前还不被所有组件和证书支持，所有这项操作是必须的。
-[静态 Pods](/zh-cn/docs/tasks/configure-pod-container/static-pod/) 是被本地 kubelet 而不是 API Server 管理，
-所以 kubectl 不能用来删除或重启他们。
+执行完此命令之后你需要重启控制面 Pod。因为动态证书重载目前还不被所有组件和证书支持，所有这项操作是必须的。
+[静态 Pod](/zh-cn/docs/tasks/configure-pod-container/static-pod/) 是被本地 kubelet
+而不是 API 服务器管理，所以 kubectl 不能用来删除或重启他们。
 要重启静态 Pod 你可以临时将清单文件从 `/etc/kubernetes/manifests/` 移除并等待 20 秒
-（参考 [KubeletConfiguration 结构](/zh-cn/docs/reference/config-api/kubelet-config.v1beta1/) 中的`fileCheckFrequency` 值）。
-如果 Pod 不在清单目录里，kubelet 将会终止它。
-在另一个 `fileCheckFrequency` 周期之后你可以将文件移回去，为了组件可以完成 kubelet 将重新创建 Pod 和证书更新。
+（参考 [KubeletConfiguration 结构](/zh-cn/docs/reference/config-api/kubelet-config.v1beta1/)中的
+`fileCheckFrequency` 值）。如果 Pod 不在清单目录里，kubelet 将会终止它。
+在另一个 `fileCheckFrequency` 周期之后你可以将文件移回去，kubelet 可以完成 Pod
+的重建，而组件的证书更新操作也得以完成。
 
 {{< warning >}}
 <!--
@@ -494,7 +496,7 @@ serverTLSBootstrap: true
 If you have already created the cluster you must adapt it by doing the following:
  - Find and edit the `kubelet-config-{{< skew currentVersion >}}` ConfigMap in the `kube-system` namespace.
 In that ConfigMap, the `kubelet` key has a
-[KubeletConfiguration](/docs/reference/config-api/kubelet-config.v1beta1/#kubelet-config-k8s-io-v1beta1-KubeletConfiguration)
+[KubeletConfiguration](/docs/reference/config-api/kubelet-config.v1beta1/)
 document as its value. Edit the KubeletConfiguration document to set `serverTLSBootstrap: true`.
 - On each node, add the `serverTLSBootstrap: true` field in `/var/lib/kubelet/config.yaml`
 and restart the kubelet with `systemctl restart kubelet`
@@ -504,7 +506,7 @@ and restart the kubelet with `systemctl restart kubelet`
 - 找到 `kube-system` 名字空间中名为 `kubelet-config-{{< skew currentVersion >}}`
   的 ConfigMap 并编辑之。
   在该 ConfigMap 中，`kubelet` 键下面有一个
-  [KubeletConfiguration](/zh-cn/docs/reference/config-api/kubelet-config.v1beta1/#kubelet-config-k8s-io-v1beta1-KubeletConfiguration)
+  [KubeletConfiguration](/zh-cn/docs/reference/config-api/kubelet-config.v1beta1/)
   文档作为其取值。编辑该 KubeletConfiguration 文档以设置
   `serverTLSBootstrap: true`。
 - 在每个节点上，在 `/var/lib/kubelet/config.yaml` 文件中添加
@@ -533,7 +535,7 @@ CSR（证书签名请求）不能被 kube-controller-manager 中默认的签名
 kubectl get csr
 ```
 
-```none
+```console
 NAME        AGE     SIGNERNAME                        REQUESTOR                      CONDITION
 csr-9wvgt   112s    kubernetes.io/kubelet-serving     system:node:worker-1           Pending
 csr-lz97v   1m58s   kubernetes.io/kubelet-serving     system:node:control-plane-1    Pending