Merge pull request #48702 from my-git9/pp-23991

[zh-cn]add 6 feature-gates

Author: k8s-ci-robot

content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/allow-dns-only-node-csr.md

@@ -0,0 +1,17 @@
+---
+title: AllowDNSOnlyNodeCSR
+content_type: feature_gate
+_build:
+  list: never
+  render: false
+
+stages:
+  - stage: deprecated
+    defaultValue: false
+    fromVersion: "1.31"
+---
+  
+<!--
+Allow kubelet to request a certificate without any Node IP available, only with DNS names.
+-->
+允许 kubelet 在不提供节点 IP、仅提供 DNS 名称的情况下请求证书。

content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/allow-insecure-kubelet-certificate-signing-requests.md

@@ -0,0 +1,23 @@
+---
+title: AllowInsecureKubeletCertificateSigningRequests
+content_type: feature_gate
+
+_build:
+  list: never
+  render: false
+
+stages:
+  - stage: deprecated
+    defaultValue: false
+    fromVersion: "1.31"
+---
+  
+<!--
+Disable node admission validation of
+[CertificateSigningRequests](/docs/reference/access-authn-authz/certificate-signing-requests/#certificate-signing-requests)
+for kubelet signers. Unless you disable this feature gate, Kubernetes enforces that new
+kubelet certificates have a `commonName` matching `system:node:$nodeName`.
+-->
+针对签名者为 kubelet 的 [CertificateSigningRequest）](/zh-cn/docs/reference/access-authn-authz/certificate-signing-requests/#certificate-signing-requests)，
+禁用节点准入检查。除非禁用此特性门控，
+否则 Kubernetes 会强制要求新的 kubelet 证书的 `commonName` 为 `system:node:$nodeName`。

content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/app-armor-fields.md

@@ -0,0 +1,31 @@
+---
+title: AppArmorFields
+content_type: feature_gate
+_build:
+  list: never
+  render: false
+
+stages:
+  - stage: beta
+    defaultValue: true
+    fromVersion: "1.30"
+    toVersion: "1.30"
+  - stage: stable
+    defaultValue: true
+    fromVersion: "1.31"
+---
+  
+<!--
+Enable AppArmor related security context settings.
+
+For more information about AppArmor and Kubernetes, read the
+[AppArmor](/docs/concepts/security/linux-kernel-security-constraints/#apparmor) section
+within
+[security features in the Linux kernel](/docs/concepts/security/linux-kernel-security-constraints/#linux-security-features).
+-->
+启用与 AppArmor 相关的安全上下文设置。
+
+有关 AppArmor 和 Kubernetes 的更多信息，请阅读
+[Linux 内核中的安全特性](/zh-cn/docs/concepts/security/linux-kernel-security-constraints/#linux-security-features)
+部分中的 [AppArmor](/zh-cn/docs/concepts/security/linux-kernel-security-constraints/#apparmor)
+小节。

content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/concurrent-watch-object-decode.md

@@ -0,0 +1,20 @@
+---
+title: ConcurrentWatchObjectDecode
+content_type: feature_gate
+
+_build:
+  list: never
+  render: false
+
+stages:
+  - stage: beta
+    defaultValue: false
+    fromVersion: "1.31"
+
+---
+
+<!--
+Enable concurrent watch object decoding. This is to avoid starving the API server's
+watch cache when a conversion webhook is installed.
+-->
+启用并发监视对象解码。目的是避免在安装了转换 Webhook 时造成 API 服务器的监视缓存内容不足。

content/zh-cn/docs/reference/command-line-tools-reference/feature-gates/disable-allocator-dual-write.md

@@ -0,0 +1,26 @@
+---
+title: DisableAllocatorDualWrite
+content_type: feature_gate
+_build:
+  list: never
+  render: false
+
+stages:
+  - stage: alpha
+    defaultValue: false
+    fromVersion: "1.31"
+---
+
+<!--
+You can enable the `MultiCIDRServiceAllocator` feature gate. The API server supports migration
+from the old bitmap ClusterIP allocators to the new IPAddress allocators.
+
+The API server performs a dual-write on both allocators. This feature gate disables the dual write
+on the new Cluster IP allocators; you can enable this feature gate if you have completed the
+relevant stage of the migration.
+-->
+你可以启用 `MultiCIDRServiceAllocator` 特性门控。API 服务器支持从旧的位图
+ClusterIP 分配器迁移到新的 IPAddress 分配器。
+
+API 服务器会在两个分配器上执行双重写入。此特性门控用于禁用对 ClusterIP
+分配器的多余写入；如果你已经完成了机制迁移的重要阶段，可以启用此特性门控。