[zh] sync Misc Batch 1

content/zh/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions.md

@@ -519,21 +519,34 @@ CRDs converted from `apiextensions.k8s.io/v1beta1` to
 `apiextensions.k8s.io/v1` might lack structural schemas, and
 `spec.preserveUnknownFields` might be `true`.
 
-For migrated CustomResourceDefinitions where `spec.preserveUnknownFields` is
-set, pruning is _not_ enabled and you can store arbitrary data. For best
-compatibility, you should update your custom resources to meet an OpenAPI schema,
-and you should set `spec.preserveUnknownFields` true for the
-CustomResourceDefinition itself.
+For legacy CustomResourceDefinition objects created as
+`apiextensions.k8s.io/v1beta1` with `spec.preserveUnknownFields` set to
+`true`, the following is also true:
+
+* Pruning is not enabled.
+* You can store arbitrary data.
+
+For compatibility with `apiextensions.k8s.io/v1`, update your custom
+resource definitions to:
+
+1. Use a structural OpenAPI schema.
+2. Set `spec.preserveUnknownFields` to `false`.
 -->
 {{< note >}}
 从 `apiextensions.k8s.io/v1beta1` 转换到 `apiextensions.k8s.io/v1` 的 CRD
 可能没有结构化的模式定义，因此其 `spec.preserveUnknownFields` 可能为 `true`。
 
-对于迁移而来的 CustomResourceDefinition，如果其 `spec.preserveUnknownFields`
-被设置为 `true`，则 Kubernetes _不会_ 执行剪裁操作，你可以存储任意数据。
-要实现最佳的兼容性，你应该更新定制资源以满足某 OpenAPI 模式定义，并且你
-应该将 CustomResourceDefinition 自身的 `spec.preserveUnknownFields` 设置为
-`true`。
+对于使用 `apiextensions.k8s.io/v1beta1` 且将 `spec.preserveUnknownFields` 设置为 `true`
+创建的旧 CustomResourceDefinition 对象，有以下表现：
+
+* 裁剪未启用。
+* 可以存储任意数据。
+
+为了与 `apiextensions.k8s.io/v1` 兼容，将你的自定义资源定义更新为：
+
+1. 使用结构化的 OpenAPI 模式。
+2. `spec.preserveUnknownFields` 设置为 `false`。
+
 {{< /note >}}
 
 <!--

content/zh/docs/tasks/extend-kubernetes/setup-konnectivity.md

@@ -41,6 +41,23 @@ by providing the following flags to the kube-apiserver:
    --service-account-signing-key-file=/etc/kubernetes/pki/sa.key
    --api-audiences=system:konnectivity-server
    ```
+1. Create an egress configuration file such as `admin/konnectivity/egress-selector-configuration.yaml`.
+1. Set the `--egress-selector-config-file` flag of the API Server to the path of
+your API Server egress configuration file.
+1. If you use UDS connection, add volumes config to the kube-apiserver:
+   ```yaml
+   spec:
+     containers:
+       volumeMounts:
+       - name: konnectivity-uds
+         mountPath: /etc/kubernetes/konnectivity-server
+         readOnly: false
+     volumes:
+     - name: konnectivity-uds
+       hostPath:
+         path: /etc/kubernetes/konnectivity-server
+         type: DirectoryOrCreate
+   ```
 -->
 你需要配置 API 服务器来使用 Konnectivity 服务，并将网络流量定向到集群节点：
 
@@ -55,18 +72,26 @@ by providing the following flags to the kube-apiserver:
    --api-audiences=system:konnectivity-server
    ```
 
-<!--
-1. Create an egress configuration file such as `admin/konnectivity/egress-selector-configuration.yaml`.
-1. Set the `--egress-selector-config-file` flag of the API Server to the path of
-your API Server egress configuration file.
--->
-{{< codenew file="admin/konnectivity/egress-selector-configuration.yaml" >}}
-2. 创建一个出口配置文件比如 `admin/konnectivity/egress-selector-configuration.yaml`。
-3. 将 API 服务器的 `--egress-selector-config-file` 参数设置为你的 API 服务器的
+1. 创建一个出站流量配置文件，比如 `admin/konnectivity/egress-selector-configuration.yaml`。
+1. 将 API 服务器的 `--egress-selector-config-file` 参数设置为你的 API 服务器的
    离站流量配置文件路径。
+1. 如果你在使用 UDS 连接，须将卷配置添加到 kube-apiserver：
+   ```yaml
+   spec:
+     containers:
+       volumeMounts:
+       - name: konnectivity-uds
+         mountPath: /etc/kubernetes/konnectivity-server
+         readOnly: false
+     volumes:
+     - name: konnectivity-uds
+       hostPath:
+         path: /etc/kubernetes/konnectivity-server
+         type: DirectoryOrCreate
+   ```
 
 <!--
-Generate or obtain a certificate and kubeconfig for konnectivity-server.  
+Generate or obtain a certificate and kubeconfig for konnectivity-server.
 For example, you can use the OpenSSL command line tool to issue a X.509 certificate,
 using the cluster CA certificate `/etc/kubernetes/pki/ca.crt` from a control-plane host.
 -->