[zh] Update content/zh-cn/docs/reference/access-authn-authz/admission-controllers.md

Yanping-io · windsonsea · Yanping-io · commit cbc8415ef026 · 2023-11-24T18:21:06.000+08:00
Signed-off-by: wuyanping &lt;wuyanping@uniontech.com&gt;

Update content/zh-cn/docs/reference/access-authn-authz/admission-controllers.md

Co-authored-by: Michael &lt;haifeng.yao@daocloud.io&gt;

Update content/zh-cn/docs/reference/access-authn-authz/admission-controllers.md

Co-authored-by: Michael &lt;haifeng.yao@daocloud.io&gt;

Update content/zh-cn/docs/reference/access-authn-authz/admission-controllers.md

Co-authored-by: Michael &lt;haifeng.yao@daocloud.io&gt;
diff --git a/content/zh-cn/docs/reference/access-authn-authz/admission-controllers.md b/content/zh-cn/docs/reference/access-authn-authz/admission-controllers.md
@@ -1494,6 +1494,16 @@ You should enable this admission controller if you intend to make any use of Kub
 &#30340;&#33258;&#21160;&#21270;&#12290;&#24378;&#28872;&#25512;&#33616;&#20026; Kubernetes &#39033;&#30446;&#21551;&#29992;&#27492;&#20934;&#20837;&#25511;&#21046;&#22120;&#12290;
 &#22914;&#26524;&#20320;&#25171;&#31639;&#20351;&#29992; Kubernetes &#30340; `ServiceAccount` &#23545;&#35937;&#65292;&#20320;&#24212;&#21551;&#29992;&#36825;&#20010;&#20934;&#20837;&#25511;&#21046;&#22120;&#12290;
 
+<!--
+Regarding the annotation `kubernetes.io/enforce-mountable-secrets`: While the annotation's name suggests it only concerns the mounting of Secrets,
+its enforcement also extends to other ways Secrets are used in the context of a Pod.
+Therefore, it is crucial to ensure that all the referenced secrets are correctly specified in the ServiceAccount.
+-->
+&#20851;&#20110; `kubernetes.io/enforce-mountable-secrets` &#27880;&#35299;&#65306;&#23613;&#31649;&#27880;&#35299;&#30340;&#21517;&#31216;&#34920;&#26126;&#23427;&#21482;&#28041;&#21450; Secret &#30340;&#25346;&#36733;&#65292;
+&#20294;&#20854;&#25191;&#34892;&#33539;&#22260;&#20063;&#25193;&#23637;&#21040; Pod &#19978;&#19979;&#25991;&#20013; Secret &#30340;&#20854;&#20182;&#20351;&#29992;&#26041;&#24335;&#12290;
+&#22240;&#27492;&#65292;&#30830;&#20445;&#25152;&#26377;&#24341;&#29992;&#30340; Secret &#22312; ServiceAccount &#20013;&#34987;&#27491;&#30830;&#25351;&#23450;&#26159;&#33267;&#20851;&#37325;&#35201;&#30340;&#12290;
+
+
 ### StorageObjectInUseProtection   {#storageobjectinuseprotection}
 
 <!--

-Original file line number
+Diff line change
 的自动化。强烈推荐为 Kubernetes 项目启用此准入控制器。
 如果你打算使用 Kubernetes 的 `ServiceAccount` 对象，你应启用这个准入控制器。
 +<!--
 +Regarding the annotation `kubernetes.io/enforce-mountable-secrets`: While the annotation's name suggests it only concerns the mounting of Secrets,
 +its enforcement also extends to other ways Secrets are used in the context of a Pod.
 +Therefore, it is crucial to ensure that all the referenced secrets are correctly specified in the ServiceAccount.
 +-->
 +关于 `kubernetes.io/enforce-mountable-secrets` 注解：尽管注解的名称表明它只涉及 Secret 的挂载，
 +但其执行范围也扩展到 Pod 上下文中 Secret 的其他使用方式。
 +因此，确保所有引用的 Secret 在 ServiceAccount 中被正确指定是至关重要的。
++
++
 ### StorageObjectInUseProtection   {#storageobjectinuseprotection}
 <!--