Merge pull request #45497 from asa3311/sync-zh-104

k8s-ci-robot · web-flow · commit a562ab189695 · 2024-03-12T02:33:25.000-07:00
[zh] sync node-pressure-eviction scheduling-framework multi-tenancy
diff --git a/content/zh-cn/docs/concepts/scheduling-eviction/node-pressure-eviction.md b/content/zh-cn/docs/concepts/scheduling-eviction/node-pressure-eviction.md
@@ -334,7 +334,7 @@ kubelet 具有以下默认硬驱逐条件：
 
 <!--
 These default values of hard eviction thresholds will only be set if none
-of the parameters is changed. If you changed the value of any parameter,
+of the parameters is changed. If you change the value of any parameter,
 then the values of other parameters will not be inherited as the default
 values and will be set to zero. In order to provide custom values, you
 should provide all the thresholds respectively.
diff --git a/content/zh-cn/docs/concepts/scheduling-eviction/scheduling-framework.md b/content/zh-cn/docs/concepts/scheduling-eviction/scheduling-framework.md
@@ -222,7 +222,7 @@ called for that node. Nodes may be evaluated concurrently.
 ### PostFilter  {#post-filter}
 
 <!--
-These plugins are called after Filter phase, but only when no feasible nodes
+These plugins are called after the Filter phase, but only when no feasible nodes
 were found for the pod. Plugins are called in their configured order. If
 any postFilter plugin marks the node as `Schedulable`, the remaining plugins
 will not be called. A typical PostFilter implementation is preemption, which
diff --git a/content/zh-cn/docs/concepts/security/multi-tenancy.md b/content/zh-cn/docs/concepts/security/multi-tenancy.md
@@ -608,7 +608,7 @@ sandboxing implementations are available:
 
 * [gVisor](https://gvisor.dev/) intercepts syscalls from containers and runs them through a
   userspace kernel, written in Go, with limited access to the underlying host.
-* [Kata Containers](https://katacontainers.io/) is an OCI compliant runtime that allows you to run
+* [Kata Containers](https://katacontainers.io/) provide a secure container runtime that allows you to run
   containers in a VM. The hardware virtualization available in Kata offers an added layer of
   security for containers running untrusted code.
 -->
@@ -617,8 +617,8 @@ sandboxing implementations are available:
 
 * [gVisor](https://gvisor.dev/) 拦截来自容器的系统调用，并通过用户空间内核运行它们，
   用户空间内核采用 Go 编写，对底层主机的访问是受限的
-* [Kata Containers](https://katacontainers.io/) 是符合 OCI 的运行时，允许你在 VM 中运行容器。
-  Kata 中提供的硬件虚拟化为运行不受信任代码的容器提供了额外的安全层。
+* [Kata Containers](https://katacontainers.io/) 提供了一个安全的容器运行时，
+  允许你在 VM 中运行容器。Kata 中提供的硬件虚拟化为运行不受信任代码的容器提供了额外的安全层。
 
 <!--
 ### Node Isolation
